DOD Business Systems Modernization

The capacity criterion rating for this segment has improved since our 2019 High-Risk Report, while the other four criteria remain unchanged.

Leadership commitment: partially met. Since our 2019 High-Risk Report, DOD has developed updated policy and guidance for managing business system investments that reflect changes called for by the National Defense Authorization Act (NDAA) for Fiscal Year 2016 (10 U.S.C. § 2222).

According to officials, in March 2020, DOD established a Defense Business Systems and Enterprise Business Optimization Directorate within the Office of the CMO. This new office was intended to assist the Office of the CMO with implementation of statutory requirements for, among other things, managing defense business systems.

DOD needs to demonstrate consistent leadership over business system acquisitions. In particular, the department has not yet made additional planned updates to its business systems investment management guidance, or defined steps for addressing this high-risk area, as planned.

Further, the NDAA for Fiscal Year 2021 repealed the CMO position and DOD needs to implement new statutory requirements regarding the future of the roles and responsibilities for business systems acquisition management that were previously assigned to the CMO.

Capacity: partially met. Since our 2019 High-Risk Report, the Office of the CMO, which established policy and guidance for business system investments and oversaw a subset of business system investments, conducted a human capital analysis, as we recommended in May 2013. This analysis included a skills inventory, needs assessment, and planned actions to better support the office’s responsibilities.

However, planned actions have not yet been completed, including business capability reviews intended to, among other things, identify skills and other resource gaps.

Action plan: not met. According to officials, the department is developing a plan that includes specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. However, they have not indicated when this plan will be completed. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated time frames.

Monitoring: partially met. DOD provides information to the federal Information Technology (IT) Dashboard—a public website hosted by the Office of Management and Budget that allows federal agencies and the public the ability to view details of federal information technology investments online and to track their progress over time—that may allow the department to document progress in improving its business system acquisition outcomes.

However, without an approved action plan for addressing gaps described in this segment of the high-risk area, DOD lacks the means to monitor broader progress in improving to its business system acquisition management efforts.

Demonstrated progress: partially met. Since our 2019 High-Risk Report, DOD has had mixed success in delivering business systems investments that meet cost, schedule, and performance commitments. For example, we reported in June 2020 that the Integrated Personnel and Pay System—Army Increment 2, which is intended to deliver fully integrated personnel and pay services for all Army components, met all five of its technical performance targets, but experienced a 72 percent increase in its life-cycle cost estimate ($1.38 billion).

We also reported that the DOD Healthcare Management System Modernization, which is intended to provide modernized electronic health records, failed to meet any of its three technical performance targets and experienced a 15.7 percent increase in its life-cycle cost estimate ($1.27 billion).

In addition, since March 2019, DOD has made progress in addressing a recommendation made in March 2016 aimed at improving the management of major IT programs. This includes ensuring that the Defense Enterprise Accounting and Management System addressed weaknesses in its controls for ensuring that all software requirements are tested and validated prior to any new software releases.

However, the department still needs to address our recommendations aimed at making further improvements associated with, among other things, its use of incremental development, and updating policy or guidance for major IT programs.

Ratings for this segment remain unchanged since our 2019 High-Risk Report, with DOD partially meeting three criteria and not meeting the remaining two.

Leadership commitment: partially met. DOD has made progress complying with requirements for managing business system investments—which support key business areas such as personnel and financial management—in the NDAA for fiscal year 2016. Nevertheless, more remains to be done.

For example, in November 2019, consistent with a legislative provision and our recommendation, DOD issued a policy requiring full consideration of sustainability and technological refreshment requirements (i.e., periodic updates to systems to help ensure their continued supportability) for its business system investments. In addition, in October 2020, the department developed a draft management playbook intended to assist the former Office of the CMO with effectively delivering its mission. The draft playbook included information such as performance measures associated with streamlining the defense business systems environment.

DOD also needs to ensure that it exercises consistent leadership over the business systems investment management process. This includes ensuring that guidance for the process is updated to include key elements from our previous recommendations. For example, the guidance should include a process to ensure that portfolio assessments intended to evaluate the performance of groups of systems, including those systems within the financial management systems portfolio, address key areas identified in our Information Technology Investment Management framework, including schedule and risks. The department also needs to ensure a plan to address this high-risk area is developed, as planned.

Further, the department needs to implement new statutory requirements regarding the future of the roles and responsibilities for business systems investment management previously assigned to the CMO.

Capacity: partially met. DOD has established an investment review board and guidance for overseeing its largest business system investments. Further, the Office of the CMO demonstrated that it had conducted a human capital analysis, as we recommended in May 2013. This analysis included a skills inventory, needs assessment, and planned actions to better support the office’s responsibilities.

However, planned actions have not yet been completed, including one that calls for the department to complete business capability reviews intended to, among other things, identify skills and other resource gaps.

Action plan: not met. According to officials, the department is developing a plan that includes specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. However, they have not indicated when they expect to complete it. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated time frames.

Monitoring: not met. Without an approved action plan for addressing this segment of the high-risk area, DOD lacks a means to monitor progress towards improving to its business system investment management process.

Demonstrated progress: partially met. Since our 2019 High-Risk Report, DOD has taken steps to improve its business system investment management process by addressing some associated recommendations. For example, DOD developed a policy to require full consideration of sustainability and technological refreshment requirements for its defense business systems investments. Further, the Department of the Army demonstrated that it had improved its guidance for certifying defense business systems.

However, DOD needs to show continued progress in addressing our remaining recommendations associated with the investment management process, such as developing improved investment management guidance. For example, we have recommended that DOD should update its investment management guidance to ensure that functional strategies, which are intended to define business outcomes, priorities, measures, and standards for specific business areas (e.g., human resources management), include all of the critical elements required by the investment management guidance (e.g., performance measures that include baseline and target measures).

Since our 2019 High-Risk Report, the capacity criteria has regressed. The other four criteria remain unchanged.

Leadership commitment: partially met. Since our 2019 High-Risk Report, the department has revamped its efforts to develop the next generation of its federated business enterprise architecture. The business enterprise architecture is DOD’s blueprint for business transformation. It is to describe information such as business capabilities, processes, data, information exchanges, system functions, system data exchanges, and technical standards. According to the department, the new approach to the architecture will involve greater integration with other key department processes, such as the investment management process.

However, as of December 2020, a plan to guide the effort to improve the business enterprise architecture, with tasks and associated milestones, had yet to be finalized by department leadership.

DOD also needs to implement new statutory requirements regarding the future of the roles and responsibilities for defense business systems previously assigned to the CMO.

Capacity: partially met. In our 2019 High-Risk Report, we reported that the department had established the tools and processes intended to improve its efforts to identify potentially duplicative systems. We also reported that the department developed a plan with associated milestones to update its architecture. However, the department did not complete all tasks associated with this plan.

DOD officials stated that, as of March 2020, DOD had revisited its approach for updating its business enterprise architecture. Department officials have stated that they expect this new approach to assist department leadership in making better decisions with a more robust set of analytical tools. DOD also provided a draft strategy for updating and using its business enterprise architecture and a timeline describing when technical updates will be completed. This timeline showed that technical updates are to be completed by the end of fiscal year 2021. However, the department did not complete its previously planned effort to update the architecture, which raises concerns about its ability to follow through with current plans.

Nevertheless, as department officials work to implement their new approach to the business enterprise architecture, they can continue to leverage existing tools to help streamline business operations and identify potentially duplicative systems, including the department’s existing business enterprise architecture and associated data.

Action plan: partially met. DOD has developed a draft strategy for updating and using its business enterprise architecture and a timeline that describes high-level activities and time frames for the technical implementation and configuration of its updated business enterprise architecture. However, the timeline is incomplete. Specifically, the timeline and other associated documentation do not address tasks associated with improving the use of the architecture and do not include all activities needed to complete the technical implementation and configuration.

Monitoring: partially met. DOD provided a timeline that describes high-level activities and time frames for the technical implementation and configuration of its business enterprise architecture and DOD officials stated that the timeline is used internally to monitor progress. However, the timeline incomplete. Nevertheless, it can be used as an indicator to determine whether the department is making intended progress for part of its planned efforts.

Demonstrated progress: partially met. DOD has established the capacity to identify potentially duplicative investments and provided examples of benefits attributed, at least in part, to its business enterprise architecture. Nevertheless, the department is revamping its approach to its business enterprise architecture and has not yet demonstrated that it is actively and consistently assessing potential duplication and overlap to eliminate duplicative systems.

Further, DOD needs to demonstrate progress in addressing our remaining open recommendations, which we made between 2012 and 2018, such as integrating its business and IT architectures, and demonstrating that the three capabilities intended to improve the business enterprise architecture have been hosted in a government-approved cloud environment.