defense icon, source: [West Covina, California] Progressive Management, 2008

Defense: DOD's Business Systems

Opportunities exist for the Department of Defense to optimize business operations and systems.

Action:

The Department of Defense (DOD) needs to develop supporting component architectures and align them with its corporate architecture to complete the federated business enterprise architecture.

Progress:

DOD has taken steps to federate its business enterprise architecture, as GAO has recommended since 2007. Specifically, DOD defined a federated approach to its architecture and initiated an effort to improve it. DOD’s federated approach is intended to provide overarching governance across all business systems, functions, and activities within the department through a coherent family of distinct parent and subsidiary architectures that use a common structure and vocabulary to provide visibility across DOD’s efforts. In August 2013, DOD formally chartered its Business Enterprise Architecture Configuration Control Board, which is made up of senior officials representing corporate and component architecture efforts and is responsible for reviewing proposals and providing recommendations to support component architecture federation and alignment with DOD’s corporate business enterprise architecture. In addition, in January 2017, the department issued a business enterprise architecture improvement plan, which included providing, among other capabilities, the ability to conduct process and system reviews within and across domains. The plan also included delivering a federated ontology for business enterprise architecture data structures. However the department’s effort to complete its federated business architecture remains a work in progress. For example, the Office of the Deputy Chief Management Officer stated in November 2017 that work to develop the federated ontology was ongoing. Further, the delivery date of the capability for conducting process and system reviews within and across domains had changed from January 2017 to June 2018.

In addition, as of January 2018, the department had not established policy that clarified the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the business enterprise architecture and its federation or provided details of an overarching taxonomy to be used across the enterprise, as GAO recommended in June 2012.

As a result of the department’s mixed progress, as of January 2018, the architecture had not yet been federated through development of aligned subordinate architectures for each of the military departments. Until DOD completes the actions discussed, the department risks not being able to develop an architecture that covers the entire department, thus making the architecture less useful for informing investment decisions.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) should leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities.

Progress:

DOD has taken steps to better enable the department to leverage its federated architecture to identify duplicative investments, as GAO suggested in March 2011. For example, GAO reported in July 2015 that DOD had developed guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify duplication and overlap. In November 2016, the department provided examples of systems that had been assessed for potential duplication and overlap based on their associated business activities.  In addition, in January 2017, the department issued a plan to improve the usefulness of the architecture by delivering three major capabilities, including the ability to conduct process and system reviews within and across domains.

Nevertheless, while the department has taken steps to improve its ability to leverage its federated architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities, more remains to be accomplished. For example, in July 2015, GAO pointed out that 71 percent of business system portfolio managers surveyed reported that the business enterprise architecture had limited or no success in helping to reduce the number of business system applications. Further, as of November 2017, the department had not demonstrated that it had delivered planned capabilities to improve the usefulness of the architecture or was actively using its federated business enterprise architecture to eliminate duplicative systems.

Until DOD further leverages or improves its existing processes for identifying investments that provide similar but duplicative functionality in support of common DOD activities, it will continue to risk making unnecessary investments in potentially duplicative business systems.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) should work to institutionalize its business systems investment process at all levels of the organization.

Progress:

As of December 2017, DOD had made mixed progress in defining and institutionalizing its business systems investment process at all levels of the organization, as outlined in GAO’s information technology investment management framework (GAO-04-394G) and consistent with requirements set out in 10 U.S.C. § 2222, the Clinger-Cohen Act (40 U.S.C. §  11313), and relevant guidance. As of December 2017, DOD had issued updates to its certification and approval guidance to allow the department to make better informed decisions about system certifications. For example, in July 2015, GAO reported that DOD had updated its certification and approval guidance to better inform recommendations on the resources provided to defense business systems as part of the Planning, Programming, Budgeting, and Execution process. Further, in February 2017 and April 2017, the department issued policy and guidance that defined tiered business system categories and associated certification decision authorities and certification requirements. However, although the department included key investment management and legislative requirements in its 2017 guidance and policy, these updates did not fully meet GAO’s previous recommendations. For example, the guidance and policy did not specify a process for conducting an assessment or call for the use of actual versus expected performance data and predetermined thresholds. In addition, the guidance and policy did not call for documents provided to the Defense Business Council to include critical information for conducting assessments, such as information about system scalability to support additional users or new features in the future and cost in relationship to return on investment.

In August 2017, the department issued a report to Congress on implementing, among other things, a new Chief Management Officer organization. For example, this report described a phased implementation plan to establish a Chief Management Officer organization and a Program Executive Officer that is to perform business systems portfolio management. The impact of these organizational changes on the management of defense business systems has yet to be determined, as the implementation of these changes remains a work in progress.  

Until the department takes additional steps to implement GAO’s portfolio of recommendations aimed at improving its business system investment management efforts, it will continue to be at an increased risk of failing to identify and address important issues associated with its large-scale, costly systems.

Implementing Entity:

Department of Defense

Action:

The Department of Defense (DOD) must ensure that effective system acquisition management controls are implemented on each business system investment.

Progress:

As of December 2017, DOD had taken steps to help ensure effective system acquisition management controls were implemented for its business system investments, as GAO suggested in March 2011. However, the department continues to face challenges ensuring that effective system acquisition and management controls are implemented and reported on for each business system investment, and that systems consistently deliver benefits and capabilities on time and within budget. For example, in GAO’s series of reports on DOD major automated information systems, GAO pointed out that the department has had mixed success in addressing key acquisition practices, such as risk and requirements management. In February 2017, the department issued an instruction on business system requirements and acquisition, which defines roles and responsibilities for developing and validating requirements and for risk management.

However, GAO has continued to identify examples of business systems that do not meet expectations and experience significant cost overruns, schedule slippages, and performance issues. For example, as of December 2017, the projected cost of the Air Force system that provides financial capabilities, such as cost accounting and collections, had increased about 60 percent from the program’s first February 2012 estimate (from approximately $1.43 billion to $2.29 billion). Program officials attributed the cost increase, to a lengthened timetable needed to develop the system. Officials for this system reported that it experienced a 5-year delay due to a slip in the full deployment decision milestone. In addition, the system met three of its four key performance indicators. Officials reported that the program did not meet the remaining target because it is waiting for an evaluation on cyber results.

In August 2017, the department issued a report to Congress on implementing, among other things, a new Chief Management Officer organization. Specifically, this report described a phased implementation plan to establish a Chief Management Officer organization and a Program Executive Officer that is to perform business systems portfolio management. The impact of these organizational changes on the management of defense business systems has yet to be determined, as the implementation of these changes remains a work in progress.

Until DOD ensures that effective system acquisition management controls are implemented for each business system investment, it continues to risk that billions of dollars will not be invested effectively to deliver intended benefits.

Implementing Entity:

Department of Defense
  • portrait of
    • Carol C. Harris
    • Director, Information Technology
    • harriscc@gao.gov
    • (202) 512-4456