Recommendation: The CBP Commissioner, in conjunction with the DHS Office of the Chief Readiness Support Officer, should develop and implement a plan to ensure that CBP executes its Facility Condition Assessments (FCA) program by conducting FCAs at each CBP-owned land border crossing consistent with DHS Directive 119-02-004. (Recommendation 1)

Agency: Department of Homeland Security: United States Customs and Border Protection
Status: Open

Comments: CBP concurred with the recommendation and, in March 2020, provided a plan for conducting FCAs at some, but not all, CBP-owned land border crossings. According to officials, CBP will update this plan to include all CBP-owned land border crossings and may coordinate with the DHS Office of the Chief Readiness Support Officer to ensure the plan is consistent with DHS Directive 119-02-004. To fully address this recommendation, CBP should complete the FCA plan to include all CBP-owned land border crossings.

Recommendation: The CBP Commissioner should share FCA reports with GSA and use facility condition information in GSA's Building Assessment Tool to inform FCAs. (Recommendation 2)

Agency: Department of Homeland Security: United States Customs and Border Protection
Status: Open

Comments: CBP concurred with the recommendation and, in February 2020, GSA confirmed that it received FCA reports from CBP for GSA-owned land border crossings. GSA also confirmed that it provided CBP with a spreadsheet containing data from GSA Building Assessment Tools. To fully address this recommendation, CBP should demonstrate that it is using GSA Building Assessment Tool information to inform its FCAs at GSA-owned land border crossings.

Recommendation: The GSA Administrator should share Building Assessment Tool reports with CBP and use facility condition information in CBP's FCAs to inform its assessments through the Building Assessment Tool. (Recommendation 3)

Agency: General Services Administration
Status: Open

Comments: GSA concurred with the recommendation and, in April 2020, provided documentation that it received CBP FCAs and provided Building Assessment Tool information to CBP. GSA further provided updated guidance describing how it will share this information with CBP going forward. To fully address this recommendation, GSA should demonstrate that it using CBP FCA reports to inform its Building Assessment Tool assessments.

Recommendation: The GSA Administrator, in conjunction with CBP, should share with CBP information on GSA maintenance and repair work at GSA-owned land border crossings at the level of detail necessary to inform CBP's data in TRIRIGA. (Recommendation 4)

Agency: General Services Administration
Status: Open

Comments: GSA concurred with the recommendation and, in December 2019, stated that it would share this information with CBP on a monthly basis until it is available to CBP for self-service on a shared data system. To fully address this recommendation, GSA should provide documentation that CBP has access to the shared data system.

Recommendation: The CBP Commissioner should use information on maintenance and repair work conducted by GSA at GSA-owned land border crossings to update facility condition information in TRIRIGA on an ongoing basis. (Recommendation 5)

Agency: Department of Homeland Security: United States Customs and Border Protection
Status: Open

Comments: CBP concurred with the recommendation and, in December 2019, reported that it began documenting processes for validating and correcting existing records in TRIRIGA using information on maintenance and repair work conducted by GSA. In addition, CBP reported that it is developing a standard operating procedure for TRIRIGA data entry. To fully address this recommendation, CBP should demonstrate that it is regularly receiving information on maintenance and repair work performed by GSA and that it is using this information to update data in TRIRIGA.

Recommendation: The CBP Commissioner should establish review time frames for stakeholders involved in its Five-year Capital Investment Plan review and approval process. (Recommendation 6)

Agency: Department of Homeland Security: United States Customs and Border Protection
Status: Open

Comments: CBP concurred with the recommendation and, in April 2020, provided a document establishing time frames for stakeholders involved in the five-year plan review and approval process. To fully address this recommendation, CBP should demonstrate that it has communicated these time frame expectations to stakeholders.

Recommendation: The CBP Commissioner should establish and document a methodology for its annual land border crossing capital prioritization process that includes procedures and time frames for each step. (Recommendation 7)

Agency: Department of Homeland Security: United States Customs and Border Protection
Status: Open

Comments: CBP concurred with the recommendation and, in April 2020, provided a document that formally establishes and documents a methodology for its land border crossing prioritization process, including procedures and time frames for each step. To fully address this recommendation, CBP should demonstrate that it is implementing this methodology during its annual five-year capital investment planning process.

Recommendation: To strengthen MDA's acquisition efforts and strengthen oversight, and to increase traceability and insight into MDA's test program, the Secretary of Defense should require MDA to (a) include a detailed crosswalk of changes to each test, such as names, planned execution dates, test types, targets, and other modifications, in each iteration of its Integrated Master Test Plan; (b) address deficiencies in its test scheduling policy by better aligning it with best practices for scheduling, including the use of a schedule work breakdown structure (WBS) that clearly traces each activity to the cost WBS, properly assigning resources to schedules, and clarifying guidance on when and how to conduct schedule risk analysis; (c) rectify deficiencies in its element and test level cost estimates by requiring the use of the common test WBS, documenting the traceability of source data, and codifying the processes and associated information for the software application Test Resource Mission Planning-Tool used to create the test level cost estimates in policy; and (d) break out funding requests by test in the BMDS Accountability Report and other budget documentation submitted during the annual budget submission.

Agency: Department of Defense
Status: Open

Comments: The department partially concurred with our recommendation, agreeing to include a detailed crosswalk of changes to each test in the Ballistic Missile Defense System (BMDS) Integrated Master Test Plan. However, DOD did not concur with the remaining three parts of our recommendation that include steps related to improving scheduling, cost, and reporting on MDA's test program. In August 2020, we observed that MDA had taken actions on our recommendation, such as including more detailed information on changes to the test schedule in its 2018 and 2019 versions of the BMDS Integrated Master Test Plan. We have an ongoing review to assess MDA's program and test cost estimates and plan to review the BMDS Integrated Master Test Plan to determine if the full intent of our recommendation is being met.

Recommendation: To strengthen MDA's acquisition efforts and strengthen oversight, and to improve MDA's requirement-setting process and ensure it includes an appropriate balance between MDA and warfighter priorities, the Secretary of Defense should require MDA to develop a plan to transition operational requirements analysis currently performed within MDA's Achievable Capabilities List to the U.S. Combatant Commanders, with U.S. Strategic Command as the lead entity and, in the interim, require MDA to obtain their concurrence of the Achievable Capabilities List prior to its release.

Agency: Department of Defense
Status: Open

Comments: DOD did not concur with our recommendation to allow the warfighter to determine operational-level requirements for the Ballistic Missile Defense System (BMDS). Although the department disagreed with our recommendation, the Director, MDA informed us in March 2018 that he supported the warfighter providing MDA with operational-level BMDS requirements, provided they are approved by the Combatant Commander for U.S. Strategic Command. The Director, MDA also agreed to obtain U.S. Strategic Command's concurrence on the Achievable Capabilities List prior to its release. Moreover, the January 2019 Missile Defense Review clarified that missile defense requirements are established through the Warfighter Involvement Process, which is governed by U.S. Strategic Command. The review also directed DOD components to evaluate the current missile defense requirements process to ensure that Service and Combatant Commanders' involvement occurs as early as possible in the capabilities development process. According to a U.S. Strategic Command official, in July 2019, the Missile Defense Executive Board agreed with a working group's finding that improvements to the process were needed. In August 2020, U.S. Strategic Command released an update to its instruction that articulates the BMDS Warfighter Involvement Process to address issues identified by the working group. The Director, MDA has also stated in a March 2020 congressional hearing that requirements for the Next Generation Interceptor were coordinated with combatant commanders and the Joint Requirements Oversight Council, which is a significant and positive development. We intend to evaluate these efforts, as they may potentially satisfy the actions we included in our recommendation.

Recommendation: In order to improve the accuracy of the information included in the O&M budget justification material submitted to Congress and provide complete information to review the military services' fuel consumption spending requests, the Secretary of Defense should direct the Under Secretary of Defense (Comptroller), in consultation with the military services and DLA, to report complete fuel consumption information to Congress, to include actual and estimated fuel volume and actual O&M base obligations for fuel consumption spending separate from O&M Overseas Contingency Operations obligations. This information could be provided as part of DOD's annual O&M budget justification materials, or through other reporting mechanisms.

Agency: Department of Defense
Status: Open

Comments: DOD non-concurred with this recommendation. As of July 2020, DOD had not taken any action to implement the recommendation. DOD stated that it agreed that including additional fuel consumption detail could be useful information, but that it would be difficult and labor intensive to implement a system to separate base from OCO data for several reasons, including its use of legacy financial management systems that cannot easily distinguish between base and OCO execution data.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to define by when and how the department plans to develop an architecture that would extend to all defense components and include, among other things, (a) information about the specific business systems that support business enterprise architecture (BEA) business activities and related system functions; (b) business capabilities for the Hire-to-Retire and Procure-to-Pay business processes; and (c) sufficient information about business activities to allow for more effective identification of potential overlap and duplication.

Agency: Department of Defense
Status: Open

Comments: DOD has made significant progress addressing the recommendation; however, as of November 2019, more remained to be done. In particular, in 2015, we reported that the department had taken steps to improve the integration of business enterprise architecture information with other existing information, which allows DOD to identify information such as mapping of existing business systems to system functions. More recently, in 2017, the department awarded a contract to improve its business enterprise architecture. According to the department, the objective of the contract was to improve business and system optimization by providing mechanisms to ingest and discover enterprise architecture content from all department components and allow for cross-domain portfolio reviews to include duplication analysis. More specifically, the contract called for developing three major capabilities, including the ability to conduct process and system reviews within and across domains. In October 2019, the Office of the Chief Management Officer (CMO) demonstrated that it had completed development of the three planned capabilities and the office said it was working to host the capabilities in a government-approved cloud environment. With regard to including business capabilities for the Hire-to-Retire and Procure-to-Pay business processes in the business enterprise architecture, the department stated that the new architecture is to identify the business capabilities and processes associated with Lines of Business, which will be defined as a decomposition of the products and services that the business enterprise delivers to the department's components. In September 2019, officials from the Office of the CMO stated that the department plans to review end-to-end processes that comprise the current business enterprise architecture for currency and relevancy. However, the officials did not indicate when they expect to complete this review.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to ensure that the functional strategies include all of the critical elements identified in DOD investment management guidance, including performance measures to determine progress toward achieving the goals that incorporate all of the attributes called for in the department's guidance.

Agency: Department of Defense
Status: Open

Comments: As of November 2019, the Department of Defense (DOD) had not addressed the recommendation. In May 2013, we reported that, for the fiscal year 2013 certification of business systems, functional strategies included many, but not all, of the critical elements required by DOD's guidance. Specifically, not all functional strategies demonstrated linkages to business goals in DOD's strategic management plan, and not all included expected outcomes for all functional area goals. In addition, some, but not all, had performance measures in place for assessing progress toward achieving stated goals. However, none of the functional strategies included performance measures that reflected all of the key attributes identified in DOD's guidance. We also reported that for the 2014 certification cycle, the functional strategies had been improved. However, not all of them had performance measures that included all key attributes called for in the guidance. Specifically, all performance measures did not include baseline and target measures, and provide a rationale for the identified targets. In June 2018, DOD revised the required functional strategy elements in its defense business system investment management guidance. However, as of November 2019, the department had not ensured that its functional strategies include all of the elements identified in the guidance. The guidance still requires that functional strategies include business outcomes that link to goals in DOD's strategic management plan. In addition, while the guidance no longer calls for the key performance measure attributes that we assessed in our 2013 report (i.e., baseline and target measures and a rationale for identified targets), the new guidance requires that business outcomes include measurable targets. However, none of the fiscal year 2019 functional strategies fully addressed most of the required elements. For example, none of the functional strategies demonstrated that business outcomes were clearly linked to the department's strategic management plan goals, as required by the 2018 investment management guidance. In addition, none of the strategies included measurable targets, An official from the office of the Chief Management Officer (CMO) demonstrated that the department's Integrated Business Framework-Data Alignment Portal, which is used to record functional strategies, includes business outcomes that are aligned to goals and objectives in the National Defense Business Operations Plan (i.e., the agency strategic plan). The official also demonstrated that most functional strategies link to at least one performance measure from the National Defense Business Operations Plan. However, the official agreed that the published functional strategies did not clearly link outcomes to the department's strategic management plan. Further, officials from the office of the CMO stated in September 2019 that the functional strategies for fiscal year 2019 were not revised for fiscal year 2020.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to select and control its mix of investments in a manner that best supports mission needs by (a) documenting a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds; (b) ensuring that portfolio assessments are conducted in key areas identified in our IT investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date; and (c) ensuring that the documents provided to the Defense Business Council as part of the investment management process include critical information for conducting all assessments.

Agency: Department of Defense
Status: Open

Comments: As of November 2019, DOD had not addressed the recommendation. In 2013, we reported that the department's investment management guidance did not specify a process for conducting an assessment or call for the use of actual versus expected performance data and predetermined thresholds for evaluating portfolio performance. In addition, the department did not call for assessments to be conducted in four key areas-benefits attained, current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated or accepted to date. We also reported in 2013, that the department's investment management guidance identified four criteria and specified the associated assessments that were to be conducted when reviewing and evaluating components' organization execution plans in order to make a portfolio-based investment decision. However, the guidance did not call for the department's organizational execution plans to include critical information for conducting assessments associated with three of the four criteria. Specifically, it did not include information for conducting assessments associated with strategic alignment (i.e., information on alignment with the capital planning and investment control practices and Better Buying Power guidance), utility (i.e., interoperability among systems and system scalability to support additional users) and total cost (i.e., cost in relationship to return on investment). In September 2019, the department stated that the Office of the Chief Management Officer's investment management guidance, investment management training materials, and organizational execution plan, addressed elements of the recommendation. However, the documents did not specify a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds. Regarding ensuring that portfolio assessments are conducted in key areas identified in our IT investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date, the June 2018 investment management guidance requires organization execution plans to include risks and risk mitigation strategies. In addition, the investment management guidance requires the plans to include information about benefits attained. Specifically, the plans are to include progress against targets for business goals documented in functional strategies. However, the guidance does not address the remaining key areas identified in our IT investment management framework: current schedule; accuracy of project reporting; and risks that have been eliminated or accepted to date. In addition, the guidance does not call for this information to be used as part of portfolio assessments. Regarding ensuring that the documents provided to the Defense Business Council as part of the investment management process include critical information for conducting assessments, in September 2019, the department stated in a written response that business system certification decisions are made in accordance with criteria established in 10 U.S. Code Section 2222. However, as of November 2109, the department had not demonstrated that it established guidance that calls for documents to include critical information on alignment with the capital planning and investment control practices and Better Buying Power guidance), utility (i.e., interoperability among systems and system scalability to support additional users) and total cost (i.e., cost in relationship to return on investment), which are criteria it established in its investment management guidance for making certification decisions.

Recommendation: To enhance NNSA's ability to better ensure the validity of its budget submissions, and to decide on resource trade-offs, the Secretary of Energy should direct the DOE Office of Budget to formally evaluate DOE Order 130.1 and revise as necessary, and communicate any revisions to the NNSA Administrator so that the agency will have updated provisions for assessing the quality of its budget estimates.

Agency: Department of Energy
Status: Open

Comments: According to DOE's audit tracking system report, for the period ending 1/28/16, DOE Office of Budget was evaluating and revising DOE Order 130.1 as necessary to include planning, programming, budgeting, and evaluation (PPBE). The report states that the Office of Budget will communicate revisions to NNSA as appropriate with an estimated completion date of 9/30/16. According to a previous tracking system report, Order 130.1 was updated and placed in the management review process some time between 6/30/13, and 9/30/13. According to DOE, the Office of the Chief Financial Officer implemented a new funding execution system on 10/1/16. The development and implementation of the new system has delayed revision of DOE Order 130.1. The new system will impact the budget practices, planning, policies and processes content that will be outlined in the revised DOE 130.1. As of 6/30/20, DOE's Directives Review Board established an Integrated Project Team to revise the Department's Budget Formulation and Budget Execution Directives. Final approval of the revised guidance is anticipated by 9/30/20.

Recommendation: To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, establish a policy that clarifies the roles, responsibilities, and relationships among the Chief Management Officer, Deputy Chief Management Officer, DOD and military department Chief Information Officers, Principal Staff Assistants, military department Chief Management Officers, and the heads of the military departments and defense agencies, associated with the development of a federated business enterprise architecture (BEA). Among other things, the policy should address the development and implementation of an overarching taxonomy and associated ontologies to help ensure that each of the respective portions of the architecture will be properly linked and aligned. In addition, the policy should address alignment and coordination of business process areas, military department and defense agency activities associated with developing and implementing each of the various components of the BEA, and relationships among these entities.

Agency: Department of Defense
Status: Open

Comments: While the Department of Defense (DOD) had taken steps to improve its business enterprise architecture, it had not implemented the recommendation as of November 2019. In August 2013, the department established the Business Enterprise Architecture Configuration Control Board, which is chaired by the business enterprise architecture chief architect (Office of the DOD CMO) and includes representatives from the Defense Business Council member organizations. These organizations include, among others, DOD's CIO and the military department CMOs. According to its charter, the Business Enterprise Architecture Configuration Control Board is the principal body for managing the disposition of proposed architecture requirements and change requests. However, the charter does not discuss roles and responsibilities associated with the development of the business enterprise architecture. Specifically, it does not address alignment and coordination of business process areas or military department and defense agency activities associated with developing and implementing each of the various components of the business enterprise architecture, and the relationships among these entities. In addition, in September 2018, the department stated that it was drafting a business enterprise architecture concept of operations that was to outline roles and responsibilities associated with the development of the architecture. However, as of November 2019, the department had not completed the concept of operations or otherwise demonstrated that it had established roles and responsibilities for the development of the architecture. In October 2018, an official from the Office of the CMO described the department's new approach to developing its business enterprise architecture. In addition, the department demonstrated that it had developed a taxonomy for the architecture and was in the process of developing an ontology to help ensure that each of the respective portions of the architecture would be appropriately linked and aligned. In November 2019, the official stated that the ontology had been implemented in the department's new business enterprise architecture tool; however, the department did not demonstrate that it had finished developing the ontology. Specifically, the department's October 2019 ontology document identifies basic concepts, such as "Goal", "Objective", and "LOB" (i.e., line of business) as classes, and the properties and attributes of, and relationships among, classes. However, the document does not include annotations such as for the "description" attribute for an LOB, which would provide information needed to create a specific instance of a class applicability; and had not demonstrated that it had developed ontologies for its business domains, such as acquisition, human resource management, and financial management. Also, the document does not demonstrate if allowed values have been defined for some attributes, such as the options allowed in an "option list" for "status" attributes. Further, the department had not documented general information about the ontology, such as its scope and intended applicability; and had not demonstrated that it had developed ontologies for its business domains, such as acquisition, human resource management, and financial management.