Skip to Highlights
Highlights

For decades, the Department of Defense (DOD) has been challenged in modernizing its thousands of business systems. Since 1995, GAO has designated the department's business systems modernization efforts as high risk. One key to effectively modernizing DOD's systems environment and satisfying relevant legislative requirements is ensuring that business system investments comply with an enterprisewide strategic blueprint, commonly called an enterprise architecture. For DOD's business systems modernization, it is developing and using a federated Business Enterprise Architecture (BEA), which is a coherent family of parent and subsidiary architectures. GAO was requested to determine whether key Department of the Navy business systems modernization programs comply with DOD's federated BEA. To determine this, GAO examined the BEA compliance assessments, certifications, and approvals for selected Navy programs against relevant guidance.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense To adequately ensure that DOD business system investments are defined and implemented within the context of its federated BEA, the Secretary of Defense should direct the responsible authorities in the department to revise the DOD BEA compliance assessment guidance to (1) include assessment of all relevant operational, technical, and system architecture products and (2) provide for the development and use of key program architecture products in conducting the assessment early enough in the program's life cycle to permit the results of the assessments to have a timely impact on the program's definition, design, and implementation.
Closed - Implemented
The Department of Defense (DOD) has taken steps that addressed the recommendation. Specifically, the department issued an updated version of its Business Enterprise Architecture (BEA) compliance guidance (version 8.0) on March 11, 2011 that improves upon prior guidance by discussing when key program architecture products should be developed and used to support BEA compliance assessments. For example, while the guidance does not require programs to use BEA system or technical products as part of the compliance assessments, it does require an operational activity model to support compliance assertions made at or before a program enters the technology development phase. According to officials in the Office of the DOD Deputy Chief Management Officer, an approved target systems environment has not yet been defined and approved, and the system view products that have been developed for the BEA cannot be used for compliance until an approved target systems environment exists. According to these officials, DOD expects to issue new BEA compliance guidance for the next version of the BEA (version 10.0), which is planned for release in March 2013.
Department of Defense To adequately ensure that DOD business system investments are defined and implemented within the context of its federated BEA, the Secretary of Defense should direct the responsible authorities in the department to use the program-specific data in the compliance assessment tool for identifying and analyzing potential overlap and duplication, and thus opportunities for reuse and consolidation among programs and provide programs access rights to use this functionality.
Closed - Not Implemented
DOD has described actions it plans to take to address the recommendation, but these actions have yet to be implemented. Specifically, DOD has described an approach for automating BEA compliance assessments that is to allow for, among other things, identifying individual systems associated with specific BEA business processes. As envisioned, this would assist in identifying potential overlap and duplication. However, the automated approach has not yet been implemented and related guidance does not address how potentially duplicative systems will be identified. In addition, the tools associated with implementing DOD's proposed approach for automating BEA compliance assessments are still being piloted and the current BEA compliance guidance does not require programs to identify and analyze potential overlap and duplication as part of the BEA compliance process. According to officials within the Office of the DOD Deputy Chief Management Officer, DOD expects to issue new BEA compliance guidance for the next version of the BEA (version 10.0), which is planned for release in March 2013.
Department of Defense To adequately ensure that DOD business system investments are defined and implemented within the context of its federated BEA, the Secretary of Defense should direct the responsible authorities in the department to amend relevant DOD policy to explicitly require business system program compliance with the federated BEA, to include both the corporate BEA and the component enterprise architectures as a condition for program certification and approval.
Closed - Not Implemented
Relevant DOD policies and guidance have yet to be amended to explicitly require business system program compliance with the component architectures as a condition for program certification and approval. According the Office of the DOD Deputy Chief Management Officer, DOD is working to implement its proposed vision for the future BEA, which is to include the ability for programs to automatically assert compliance with all relevant BEA products, including BEA products developed by DOD components (e.g., military departments). However, this vision has yet to be implemented and a timeframe has yet to be established.
Department of Defense To adequately ensure that DOD business system investments are defined and implemented within the context of its federated BEA, the Secretary of Defense should direct the responsible authorities in the department to amend relevant DOD policy to explicitly assign responsibility for validating program BEA compliance assertions to military departments and defense agencies and issue guidance that describes the nature, scope, and methodology for doing so.
Closed - Not Implemented
DOD has not amended relevant policies requiring BEA compliance assertions to be validated. The department issued the latest version of its BEA compliance guidance (version 8.0) on March 11, 2011, which calls for pre-certification authorities (for non-military department agencies) and chief management officers (for military departments) to be accountable for BEA compliance. However, the guidance does not call for these authorities to validate BEA compliance assertions. Further, the guidance does not include a description of the nature, scope, or methodology to be used in validating program compliance assertions. According to officials in the Office of the DOD Deputy Chief Management Officer, DOD expects to issue new BEA compliance guidance for the next version of the BEA (version 10.0), which is planned for release in March 2013.

Full Report

GAO Contacts