DOD Business Systems Modernization: Governance Mechanisms for Implementing Management Controls Need to Be Improved
GAO-12-685
Published: Jun 01, 2012. Publicly Released: Jun 01, 2012.
Skip to Highlights
Highlights
What GAO Found
The Department of Defense (DOD) continues to take steps to comply with the provisions of the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005, as amended, and to satisfy relevant system modernization management guidance. While the department has initiated numerous activities aimed at addressing the act, it has been limited in its ability to demonstrate results. Specifically, the department
- released its most recent business enterprise architecture version, which continues to address the act’s requirements and is consistent with the department’s future vision for developing its architecture. However, the architecture has not yet resulted in a streamlined and modernized business systems environment, in part, because DOD has not fully defined the roles, responsibilities, and relationships associated with developing and implementing the architecture.
- included a range of information for 1,657 business system investments in its fiscal year 2013 budget submission; however, it does not reflect about 500 business systems, due in part to the lack of a reliable, comprehensive inventory of all defense business systems.
- has not implemented key practices from GAO’s Information Technology Investment Management framework since GAO’s last review in 2011. In addition, while DOD has reported its intent to implement a new organizational structure and guidance to address statutory requirements, this structure and guidance have yet to be established. Further, DOD has begun to implement a business process reengineering review process but has not yet measured and reported results.
- continues to describe certification actions in its annual report for its business system investments as required by the act—DOD approved 198 actions to certify, decertify, or recertify defense business system modernizations, which represented a total of $2.2 billion in modernization spending. However, the basis for these actions and subsequent approvals is supported with limited information, such as unvalidated architectural compliance assertions.
- lacks the full complement of staff it identified as needed to perform business systems modernization responsibilities. Specifically, the office of the Deputy Chief Management Officer, which took over these responsibilities from another office in September 2011, reported that 41 percent of its positions were unfilled.
DOD’s progress in modernizing its business systems is limited, in part, by continued uncertainty surrounding the department’s governance mechanisms, such as roles and responsibilities of key organizations and senior leadership positions. Until DOD fully implements governance mechanisms to address these long-standing institutional modernization management controls provided for under the act, addressed in GAO recommendations, and otherwise embodied in relevant guidance; its business systems modernization will likely remain a high-risk program.
Why GAO Did This Study
For decades, DOD has been challenged in modernizing its business systems. Since 1995, GAO has designated DOD’s business systems modernization program as high risk, and it continues to do so today. To assist in addressing DOD’s business system modernization challenges, the National Defense Authorization Act for Fiscal Year 2005 requires the department to take certain actions prior to obligating funds for covered systems. It also requires DOD to annually report to the congressional defense committees on these actions and for GAO to review each annual report. In response, GAO performed its annual review of DOD’s actions to comply with the act and related federal guidance. To do so, GAO reviewed, for example, the latest version of DOD’s business enterprise architecture, fiscal year 2013 budget submission, investment management policies and procedures, and certification actions for its business system investments.
Recommendations
GAO recommends that the Secretary of Defense take steps to strengthen the departments mechanisms for governing its business systems modernization activities. DOD concurred with two of GAOs recommendations and partially concurred with one, but did not concur with the recommendation that it report progress on staffing the office responsible for business systems modernization to the congressional defense committees. GAO maintains that including staffing progress information in DODs annual report will facilitate congressional oversight and promote departmental accountability.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Defense | To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, establish a policy that clarifies the roles, responsibilities, and relationships among the Chief Management Officer, Deputy Chief Management Officer, DOD and military department Chief Information Officers, Principal Staff Assistants, military department Chief Management Officers, and the heads of the military departments and defense agencies, associated with the development of a federated business enterprise architecture (BEA). Among other things, the policy should address the development and implementation of an overarching taxonomy and associated ontologies to help ensure that each of the respective portions of the architecture will be properly linked and aligned. In addition, the policy should address alignment and coordination of business process areas, military department and defense agency activities associated with developing and implementing each of the various components of the BEA, and relationships among these entities. |
Open
As of September 2023, the Department of Defense (DOD) has not addressed this recommendation. Specifically, in September 2023, DOD stated that it no longer plans to establish a working group to codify the way forward for its business enterprise architecture (BEA) modernization. Instead, the department stated that it plans to use a formal coordination process to develop a DOD BEA framework and guidebook to describe its BEA modernization approach. DOD also stated that its framework and guidebook will describe DOD component roles and responsibilities for developing, maintaining, and using the BEA. DOD stated that it expects to complete these efforts by June 2024. We will continue to monitor the department's efforts to fully implement this recommendation.
|
| Department of Defense | To ensure that annual budget submissions are based on complete and accurate information, the Secretary of Defense should direct the appropriate DOD organizations to establish a deadline by which it intends to complete the integration of the repositories and validate the completeness and reliability of information. |
Closed – Implemented
As we reported in July 2015, the department has implemented this recommendation. In particular, in 2013, the Office of the Deputy Chief Management Officer established the DOD Information Technology Investment Portal to serve as the authoritative data source for Defense Business Systems certification funding and approval information. In addition, the department has established common elements in its three primary repositories used for tracking information about business systems that allow information about individual business systems to be integrated across the repositories. Moreover, the Office of the Chief Information Officer demonstrated that it conducts periodic data quality assessments. For example, the results of the most recent assessment provided by DOD demonstrate that the number of business systems is generally consistent across its repositories.
|
| Department of Defense | To facilitate congressional oversight and promote departmental accountability, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, direct the Deputy Chief Management Officer to include in DOD's annual report to Congress on compliance with 10 U.S.C. § 2222, the results of the department's business process reengineering (BPR) efforts. Among other things, the results should include the department's determination of the number of systems that have undergone material process changes, the number of interfaces eliminated as part of these efforts (i.e., by program, by name), and the status of its end-to-end business process reengineering efforts. |
Closed – Implemented
DOD has taken steps to address the key element of this recommendation, and legislative changes have overcome other aspects of the recommendation. In our June 2012 report, we emphasized the importance of measuring whether business process reengineering activities achieved their intended results. In the report, we also cited the mandated legislative requirement for an annual report on defense business operations. With respect to measuring business process reengineering results, the department has included examples of results that it achieved from business process reengineering in its annual reports to Congress. For example, as we reported in July 2015, the Office of the Deputy Chief Management Officer's 2015 Congressional Report on Defense Business Operations stated that the Army utilized business process reengineering as part of a personnel and pay program to reengineer 157 discrete personnel processes to fit the capabilities of a commercial enterprise resource planning system. In addition, its 2014 annual report cited an Army logistics system that avoided $20 million in development costs due to business process reengineering activities. Regarding legislative changes, the Fiscal Year 2016 National Defense Authorization Act removed the requirement for an annual report to Congress on defense business operations. While DOD has taken steps to address the key element of this specific recommendation, we will continue to monitor its actions to address legislative requirements associated with defense business system business process reengineering as part of our periodic reports on the implementation of legislative provisions associated with defense business systems modernization.
|
| Department of Defense | To facilitate congressional oversight and promote departmental accountability, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, direct the Deputy Chief Management Officer to include in DOD's annual report to Congress on compliance with 10 U.S.C. § 2222, an update on the office of the DCMO's progress toward filling staff positions and the impact of any unfilled positions on the ability of the office to conduct its work. |
Closed – Implemented
As of August 2016, DOD has taken sufficient steps to address the intent of our recommendation. Specifically, as we reported in July 2015, the Office of the Deputy Chief Management Officer provided an update to GAO on the number of positions filled and open. In addition, in August 2016, the Office of the Deputy Chief Management Officer reported that the office has undergone at least two reorganizations since this recommendation was initially issued, and there are no open positions in the office beyond those occurring due to normal attrition. Further, the Fiscal Year 2016 National Defense Authorization Act removed the requirement for an annual report to Congress on defense business operations. In addition, the National Defense Authorization Act for Fiscal Year 2015 includes provisions that impact the roles and responsibilities of the Deputy Chief Management Officer and the DOD Chief Information Officer. As the department works to implement these new legislative requirements, we will continue to monitor its actions, and associated challenges, as part of our periodic reports on the implementation of legislative provisions associated with defense business systems modernization.
|
Full Report
GAO Contacts
Office of Public Affairs
Topics
IT investment managementEnterprise architectureBusiness systems modernizationBudget submissionsMilitary departmentsHuman capital managementLiability (legal)Chief information officersInternal controlsOccupational health standards