DOD Business Systems Modernization: Recent Slowdown in Institutionalizing Key Management Controls Needs to Be Addressed

GAO-09-586 Published: May 18, 2009. Publicly Released: May 18, 2009.
Jump To:
Skip to Highlights

Since 1995, GAO has designated the Department of Defense's (DOD) business systems modernization program as high risk, and it continues to do so today. To assist in addressing DOD's business system modernization challenges, the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 (the Act) contains provisions that require the department to take certain actions and to annually report to its congressional committees on these actions. The Act also directs GAO to review each annual report. In response, GAO performed its fifth annual review of DOD's actions to comply with key aspects in the Act and related federal guidance. To do so, GAO reviewed, for example, the latest version of DOD's business enterprise architecture (BEA) and transition plan, investment management policies and procedures, and information in the department's business system data repositories.

Skip to Recommendations


Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should direct the Deputy Secretary of Defense, as chair of the DBSMC and as DOD's CMO, to resolve the issues surrounding the roles, responsibilities, authorities, and relationships of the Deputy CMO and the military department CMOs relative to the BEA and ETP federation and business system investment management.
Closed - Not Implemented
The Department of Defense (DOD) stated that it has a number of policy and guidance documents currently under development to help clarify the roles and responsibilities associated with development of the business enterprise architecture (BEA) and investment management. For example, the department's most recent investment management guidance specifies roles and responsibilities associated with managing portfolios of business systems. In addition, DOD has established a BEA Configuration Control Board, which is to, among other things, review, assess, and provide recommendations on the priorities of proposed BEA changes and help ensure that the BEA meets the needs of BEA content owners. However, the department has not clarified in policy or guidance the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department Chief Management Officers relative to the BEA and enterprise transition plan federation.
Department of Defense To ensure that business system investment reviews and related certification and approval decisions, as well as annual budget submissions, are based on complete and accurate information, the Secretary of Defense should direct the appropriate DOD organizations to develop and implement plans for reconciling and validating the completeness and reliability of information in its DITPR and SNAP-IT system data repositories, and to include information on the status of these efforts in the department's fiscal year 2010 report in response to the Act.
Closed - Implemented
The Department of Defense (DOD) has taken sufficient steps to address the intent of the recommendation. For example, the department has been working to integrate information contained in its system data repositories by developing and implementing the DOD Information Technology Investment Portal (DITIP), which DOD began to use in May 2013. According to DOD documentation, the system is now the authoritative source for DOD header (i.e., basic) information about information technology (IT) systems and is to serve as a one stop source for all information technology investment portfolio information. More specifically, the system will maintain a core database composed of common DOD IT Portfolio Repository (DITPR) and Select and Native Programming Data Input System- Information Technology (SNAP-IT) data elements as well as essential data elements required for initial registration of DOD IT systems (e.g., investment title, mission area, etc.). According to DOD, efforts to establish the portal include addressing common data errors and integrating data between the portal and the DITPR and SNAP-IT system data repositories. In addition, DOD's Portfolio Certification Request Memorandum template includes language indicating that the component Pre-Certification Authority is to assert that information contained in DITPR, DITIP, and SNAP-IT has been verified to be complete and accurate prior to any system's certification to spend appropriated funds.

Full Report

GAO Contacts