Recommendation: To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, establish a policy that clarifies the roles, responsibilities, and relationships among the Chief Management Officer, Deputy Chief Management Officer, DOD and military department Chief Information Officers, Principal Staff Assistants, military department Chief Management Officers, and the heads of the military departments and defense agencies, associated with the development of a federated business enterprise architecture (BEA). Among other things, the policy should address the development and implementation of an overarching taxonomy and associated ontologies to help ensure that each of the respective portions of the architecture will be properly linked and aligned. In addition, the policy should address alignment and coordination of business process areas, military department and defense agency activities associated with developing and implementing each of the various components of the BEA, and relationships among these entities.

Agency: Department of Defense
Status: Open

Comments: While the Department of Defense (DOD) had taken steps to improve its business enterprise architecture, it had not implemented the recommendation as of November 2019. In August 2013, the department established the Business Enterprise Architecture Configuration Control Board, which is chaired by the business enterprise architecture chief architect (Office of the DOD CMO) and includes representatives from the Defense Business Council member organizations. These organizations include, among others, DOD's CIO and the military department CMOs. According to its charter, the Business Enterprise Architecture Configuration Control Board is the principal body for managing the disposition of proposed architecture requirements and change requests. However, the charter does not discuss roles and responsibilities associated with the development of the business enterprise architecture. Specifically, it does not address alignment and coordination of business process areas or military department and defense agency activities associated with developing and implementing each of the various components of the business enterprise architecture, and the relationships among these entities. In addition, in September 2018, the department stated that it was drafting a business enterprise architecture concept of operations that was to outline roles and responsibilities associated with the development of the architecture. However, as of November 2019, the department had not completed the concept of operations or otherwise demonstrated that it had established roles and responsibilities for the development of the architecture. In October 2018, an official from the Office of the CMO described the department's new approach to developing its business enterprise architecture. In addition, the department demonstrated that it had developed a taxonomy for the architecture and was in the process of developing an ontology to help ensure that each of the respective portions of the architecture would be appropriately linked and aligned. In November 2019, the official stated that the ontology had been implemented in the department's new business enterprise architecture tool; however, the department did not demonstrate that it had finished developing the ontology. Specifically, the department's October 2019 ontology document identifies basic concepts, such as "Goal", "Objective", and "LOB" (i.e., line of business) as classes, and the properties and attributes of, and relationships among, classes. However, the document does not include annotations such as for the "description" attribute for an LOB, which would provide information needed to create a specific instance of a class applicability; and had not demonstrated that it had developed ontologies for its business domains, such as acquisition, human resource management, and financial management. Also, the document does not demonstrate if allowed values have been defined for some attributes, such as the options allowed in an "option list" for "status" attributes. Further, the department had not documented general information about the ontology, such as its scope and intended applicability; and had not demonstrated that it had developed ontologies for its business domains, such as acquisition, human resource management, and financial management.