Defense IRM: Poor Implementation of Management Controls Has Put Migration Strategy at Risk
AIMD-98-5
Published: Oct 20, 1997. Publicly Released: Oct 20, 1997.
Skip to Highlights
Highlights
Pursuant to a congressional request, GAO provided information on the Department of Defense's (DOD) Corporate Information Management (CIM) initiative, focusing on: (1) the number and cost of systems designated for migration, the number of legacy systems already terminated or scheduled for termination, and savings resulting from terminations of legacy systems; and (2) whether DOD's management control and oversight processes for migration systems are ensuring that the investment in CIM-related technology is economically sound and in compliance with its technical and data standards.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Defense | To ensure that DOD's continued investment in migration systems provides measurable improvements in mission-related and administrative processes, the Secretary of Defense should require the Defense components to rank development/modernization migration systems justifications and complete them on an expedited basis. |
The Department no longer has a migration system strategy, therefore, there is no longer a need to rank migration system justifications.
|
| Department of Defense | The Secretary of Defense should require the Chief Information Officer (CIO) to review these justifications and certify that they include a business case of operational alternatives for each functional area that clearly demonstrates that continued development and deployment of the migration system is the best solution for improving performance and reducing costs in the functional area it serves, when compared to other available alternatives. The alternatives analyzed should include reengineering the functional area's processes before making investments in information systems and using, when appropriate, the private sector to perform major functions now performed by government personnel and information systems. |
The Department no longer has a migration system strategy, therefore, there is no longer a need for review and certification of migration system justifications.
|
| Department of Defense | The Secretary of Defense should require the CIO to review these justifications and certify that they include an economic analysis showing a return on investment or other results-based benefits to the Department that justify further investment in the migration system. |
The Department no longer has a migration system strategy, therefore, there is no longer a need for review and certification of migration system justifications.
|
| Department of Defense | The Secretary of Defense should require the CIO to review these justifications and certify that they include current compliance with applicable Defense technical standards and use standard data, or a schedule and plan for bringing the system into compliance with these standards. |
The Department no longer has a migration systems strategy, therefore, there is no longer a need for review and certification of migration system justifications.
|
| Department of Defense | The Secretary of Defense should require the CIO to establish routine procedures for reporting on the status of reviews of migration system justifications to the Deputy Secretary of Defense so the information can be used in the Department's planning, programming, and budgeting system. Any exception to the accomplishment of these reviews should be approved by the Deputy Secretary of Defense. |
The Department no longer has a migration systems strategy, therefore, there is no longer a need to establish routine procedures for reporting on the status of reviews of migration system justifications.
|
| Office of the Assistant Secretary for Command, Control, Communications, and Intelligence | The CIO should revise Defense's policies, practices, and procedures to institutionalize the management of information systems and technology expenditures as investments and ensure that these investments provide measurable improvements in mission performance. |
On February 27, 2002, DOD issued Directive 8000.1, Management of DOD Information Resources and Information Technology, which provides direction on establishing Chief Information Officers at various levels, consistent with the Clinger-Cohen Act of 1996. Also, the Assistant Secretary of Defense issued a July 13, 2000 memorandum, providing guidance on certification of major automated information systems' compliance with the Clinger-Cohen Act of 1996, and a December 23, 1999 memorandum, requiring that the Assistant Secretary certify and report to Congress that DOD's major automated information systems are developed in accordance with the Clinger-Cohen Act of 1996.
|
| Department of Defense | The Secretary of Defense should direct the CIO in coordination with the Chief Financial Officer (CFO), and other appropriate Defense officials, to ensure that Defense's strategic information technology planning and investment control policies, practices, and procedures include requirements that Principal Staff Assistants document that they and the key stakeholders for their functional areas (including the services, agencies, and major commands) have: (1) conducted thorough economic and risk analyses of alternative operational approaches (business case analyses) for accomplishing the mission of the functional area; (2) examined tradeoffs among the competing proposals; and (3) prioritized the alternative proposals based on mission impact, risk, and return. |
DOD issued Directive 8000.1, which requires that OSD Principal Staff Assistants improve DOD operations and procedures by ensuring the application of sound business practices, exercising oversight of the evaluation and improvement of functional processes, ensuring that economic analyses are prepared and validated as required, and ensuring functional leadership throughout the systems life-cycle phases.
|
| Department of Defense | The Secretary of Defense should direct the CIO in coordination with the CFO, and other appropriate Defense officials, to finalize and issue guidance for developing and issuing analyses of alternatives and economic analyses for information system decisionmaking. Once this guidance is issued, the CIO should require that all Defense program managers and Defense managers, as appropriate, be trained in using the guidance. Also, the CIO should ensure that the guidance defines a standard return on investment definition for Defense information systems and require that this definition be used to calculate all returns on investment for information systems efforts. Additionally, the CIO should require that all major migration and other information systems under direct review by the Major Automated Information System Review Council (MAISRC), and those delegated by MAISRC to other oversight organizations for review, have their alternatives analyses and economic analyses independently verified by Defense's Program Analysis and Evaluation (PA&E) office, or another qualified independent review organization, in accordance with this guidance before major investments are authorized for system development/modernization. |
The Department has not yet finalized and issued guidance for developing and using analyses of alternatives and economic analyses for information system decision-making.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to require post-implementation reviews of migration and other information systems and ensure that these reviews are designed to compare actual systems' costs, benefits, risks, and returns against the original baseline estimates/projections and determine the causes of any differences between planned and actual results. |
On May 12, 2003, DOD issued Department of Defense Instruction 5000.2, which specifies that DOD's major automated information systems will comply with the requirements of the Clinger-Cohen Act of 1996. The Clinger-Cohen Act of 1996 requires that post-implementation reviews be performed. As such, DOD has issued an instruction requiring that post-implementation reviews be performed for major automated information systems.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to expedite the definition, coordination, testing, and implementation of information management performance measures in the Department and establish milestones for evaluating progress in implementing these performance measures. |
On July 13, 2000, the Assistant Secretary of Defense issued a memorandum on developing major automated information systems that included guidance for developing measurable performance indicators for systematically tracking progress in achieving predetermined goals.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the Defense Integration Support Tools (DIST) system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate schedule data necessary to track the progress of each migration system's development/deployment and each legacy system's termination. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include schedule data necessary to track the progress of major automated information systems development/deployment. DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate budgeted and actual cost data on each system for which the Department maintains such data (an alternative to putting budget and cost data in DIST is to establish the capability to directly interface with other systems in the Under Secretary of Defense (Comptroller's) Office or other Defense organizations containing system's budget and/or cost data). |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include budgeted and actual cost data for each system for which the Department maintains such data; nor an interface with other DOD systems that contain systems' budget and/or cost data. As such, DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate data necessary to track the progress of each migration system in complying with applicable Defense technical and data standards, including whether each system has been independently certified to be in compliance with applicable technical and data standards. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include data necessary to track the progress of major automated information systems in complying with applicable Defense technical and data standards. DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate data for tracking progress in accomplishing the mission-based performance goals and information management performance goals for the functional areas supported by each system once these data have been identified. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include data for tracking progress in accomplishing mission-based performance goals and information management performance goals. DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate information determined to be needed for oversight by the Defense Acquisition Board, MAISRC, and PA&E. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include information determined to be needed by the Defense Acquisition Board and PA&E. DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to modify the DIST system or acquire/develop a new Defense-wide management information system or systems for tracking and reporting key schedule, progress, and performance information on migration systems and other Defense information systems and ensure the system or systems contain complete, current, and accurate information determined to be needed for management and oversight by the Defense CIO, the CIO Council, other Defense senior managers, and the Congress. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. It does not include information determined to be needed for management and oversight by the Defense CIO, the CIO Council, other Defense senior managers, and Congress. DOD has not implemented this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the CIO, in coordination with the CFO, and other appropriate Defense officials, to develop and implement management controls and a quality assurance program to ensure the DIST data's accuracy and completeness since these data are used to track and report to senior Defense managers and the Congress on the overall status of the migration initiatives and on other Defense information management initiatives. |
DOD abolished the DIST, and on February 21, 2001, established the DOD Information Technology Registry to serve as DOD's system of record for complying with congressional requirements and as a repository to support CIO assessments. The registry is an inventory of DOD major automated information systems, rather than a system development tracking and reporting system. Because DOD has not established a system development tracking and reporting system, DOD has not implemented management controls and a quality assurance program to ensure that the data in the system are accurate and complete. DOD has not implemented this recommendation.
|
Full Report
Public Inquiries
Topics
Cost effectiveness analysisDefense cost controlDefense procurementInformation resources managementInformation systemsIT acquisitionsLegacy systemsPrivatizationStrategic information systems planningSystems conversionsSystems designInformation management