Defense Business Systems:

DOD Needs to Continue Improving Guidance and Plans for Effectively Managing Investments

GAO-18-130: Published: Apr 16, 2018. Publicly Released: Apr 16, 2018.

Additional Materials:

Contact:

Carol Harris
(202) 512-4456
harriscc@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Defense (DOD) has made progress in complying with most legislative provisions for managing its defense business systems, but additional actions are needed. For example, the National Defense Authorization Act (NDAA) for Fiscal Year 2016 required DOD and the military departments to issue guidance to address five requirements for reviewing and certifying the department's business systems. While DOD has issued guidance addressing all of these requirements, as of February 2018, the military departments had shown mixed progress.

DOD's and Military Departments' Progress in Issuing Guidance that Addressed Fiscal Year 2016 NDAA Business System Management Requirements

Certification Requirement

DOD

Air Force

Navy

Army

Sufficient business process reengineering

Business enterprise architecture compliance

Valid requirements and a viable plan to implement them

Acquisition strategy to eliminate or reduce the need to tailor commercial off-the-shelf systems

Compliance with the department's auditability requirements

● Fully addressed: The department provided evidence that it fully addressed this requirement.

◐ Partially addressed: The department provided evidence that it addressed some, but not all, portions of this requirement.

◌ Not addressed: The department did not provide any evidence that it addressed this requirement.

Source: GAO analysis of Department of Defense documentation. | GAO-18-130

The military departments' officials described plans to address the gaps in their guidance; however, none had defined when planned actions are to be completed. Without guidance that addresses all five requirements, the military departments risk developing systems that, among other things, are overly complex and costly to maintain.

DOD has efforts underway to improve its business enterprise architecture, but its information technology (IT) architecture is not complete. Specifically, DOD's business architecture includes content called for by the act. However, efforts to improve this architecture to enable the department to better achieve outcomes described by the act, such as routinely producing reliable business and financial information for management, continue to be in progress. In addition, DOD is updating its IT enterprise architecture, which describes, among other things, the department's computing infrastructure. However, the architecture lacks a road map for improving the department's IT and computing infrastructure for each of the major business processes. Moreover, the business and IT enterprise architectures have yet to be integrated, and DOD has not established a time frame for when it intends to do so. As a result, DOD lacks assurance that its IT infrastructure will support the department's business priorities and related business strategies.

Why GAO Did This Study

DOD spends billions of dollars each year on systems that support its key business areas, such as personnel and logistics. For fiscal year 2018, DOD reported that these business system investments are expected to cost about $8.7 billion. The NDAA for Fiscal Year 2016 requires DOD to perform activities aimed at ensuring that business system investments are managed efficiently and effectively, to include taking steps to limit their complexity and cost.

The NDAA also includes a provision for GAO to report every 2 years on the extent to which DOD is complying with the act's provisions on business systems. For this report, GAO assessed, among other things, the department's guidance for managing defense business system investments and its business and IT enterprise architectures (i.e., descriptions of DOD's current and future business and IT environments and plans for transitioning to future environments). To do so, GAO compared the department's system certification guidance and architectures to the act's requirements. GAO also interviewed cognizant DOD officials.

What GAO Recommends

GAO is making six recommendations, including that DOD and the military departments establish time frames for, and issue, required guidance; and that DOD develop a complete IT architecture and integrate its business and IT architectures. DOD concurred with three and partially concurred with three recommendations. GAO continues to believe all of the recommendations are warranted as discussed in this report.

For more information, contact Carol Harris at (202) 512-4456 or harriscc@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: We will provide updated information when we confirm what actions the department has taken in response to this recommendation.

    Recommendation: The Secretary of Defense should define a specific time frame for finalizing, and ensure the issuance of (1) policy requiring full consideration of sustainability and technological refreshment requirements for its defense business system investments; and (2) policy requiring that best systems engineering practices are used in the procurement and deployment of commercial systems, modified commercial systems, and defense-unique systems to meet DOD missions. (Recommendation 1)

    Agency Affected: Department of Defense: Office of the Secretary of Defense

  2. Status: Open

    Comments: We will provide updated information when we confirm what actions the department has taken in response to this recommendation.

    Recommendation: The Secretary of the Air Force should define a specific time frame for finalizing, and ensure the issuance of guidance for certifying the department's business systems on the basis of (1) having an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements, incorporate unique requirements, or incorporate unique interfaces to the maximum extent practicable; and (2) being in compliance with DOD's auditability requirements. (Recommendation 2)

    Agency Affected: Department of Defense: Department of the Air Force: Office of the Secretary of the Air Force

  3. Status: Closed - Implemented

    Comments: In March 2018, the Department of the Navy issued updated guidance for certifying business systems that addressed this recommendation. Specifically, this guidance addressed certifying business systems on the basis of having a viable plan to implement the system's requirements; having an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements, incorporate unique requirements, or incorporate unique interfaces to the maximum extent practicable; and being in compliance with DOD's auditability requirements. As a result, the Department of the Navy is better positioned to help ensure that its systems have valid requirements and a viable plan to implement them; limit unnecessary systems complexity; and support the Department of Defense's efforts to meet its auditability requirements.

    Recommendation: The Secretary of the Navy should define a specific time frame for finalizing, and ensure the issuance of guidance for certifying the department's business systems on the basis of (1) having a viable plan to implement the system's requirements; (2) having an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements, incorporate unique requirements, or incorporate unique interfaces to the maximum extent practicable; and (3) being in compliance with DOD's auditability requirements. (Recommendation 3)

    Agency Affected: Department of Defense: Department of the Navy

  4. Status: Open

    Comments: In March 2018, the Department of the Army issued updated guidance for certifying the department's business systems. We are currently assessing the extent to which this guidance addresses this recommendation, and we will update this recommendation status when our assessment is complete.

    Recommendation: The Secretary of the Army should define a specific time frame for finalizing, and ensure the issuance of guidance for certifying the department's business systems on the basis of (1) being reengineered to be as streamlined and efficient as practicable, and determining that implementation of the system will maximize the elimination of unique software requirements and unique interfaces; (2) being in compliance with the business enterprise architecture; (3) having valid, achievable requirements and a viable plan to implement the requirements; (4) having an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements, incorporate unique requirements, or incorporate unique interfaces to the maximum extent practicable; and (5) being in compliance with DOD's auditability requirements. (Recommendation 4)

    Agency Affected: Department of Defense: Department of the Army

  5. Status: Open

    Comments: We will provide updated information when we confirm what actions the department has taken in response to this recommendation.

    Recommendation: The Secretary of Defense should ensure that the DOD Chief Information Officer (CIO) develops an IT enterprise architecture which includes a transition plan that provides a road map for improving the department's IT and computing infrastructure, including for each of its business processes. (Recommendation 5)

    Agency Affected: Department of Defense: Office of the Secretary of Defense

  6. Status: Open

    Comments: We will provide updated information when we confirm what actions the department has taken in response to this recommendation.

    Recommendation: The Secretary of Defense should ensure that the DOD CIO and Chief Management Officer work together to define a specific time frame for when the department plans to integrate its business and IT architectures and ensure that the architectures are integrated. (Recommendation 6)

    Agency Affected: Department of Defense: Office of the Secretary of Defense

 

Explore the full database of GAO's Open Recommendations »

Jun 21, 2018

Jun 20, 2018

Jun 18, 2018

Jun 13, 2018

Jun 6, 2018

May 31, 2018

May 30, 2018

May 24, 2018

Looking for more? Browse all our products here