Key Issues > High Risk > DOD Business Systems Modernization
High Risk Medallion

DOD Business Systems Modernization

This information appears as published in the 2013 High Risk Report.

View the 2013 Report

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

The Department of Defense (DOD) is spending billions of dollars each year to acquire modern systems that are fundamental to achieving its business transformation goals. While DOD’s capability and performance relative to business systems modernization has improved, significant challenges remain. The department has not fully defined and established business systems modernization management controls, which are vital to ensuring that it can effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization and minimize the associated risks.

DOD reports that its business systems environment includes about 2,200 investments, which are funded by billions of dollars in annual expenditures and are intended to support business functions and operations. Since GAO designated this area as high risk in 1995, it has made about 250 recommendations aimed at strengthening DOD’s institutional approach to modernization and reducing the risk associated with key investments. For example, since 2001, GAO has provided a series of recommendations relative to developing and using a business enterprise architecture and establishing effective investment management controls to guide and constrain DOD’s multibillion-dollar business systems and services. In addition, since 2002, Congress has included provisions consistent with GAO’s recommendations in National Defense Authorization Acts.

Between 2005 and 2008, GAO reported that DOD had made progress toward implementing key institutional modernization management controls in response to statutory provisions and GAO recommendations. For example, DOD had continued to develop updates to its architecture—a modernization blueprint that is intended to provide a clear and comprehensive picture of the department. These updates had addressed important elements related to the requirements of the National Defense Authorization Acts and practices that GAO has identified as missing. However, notwithstanding this progress, in May 2009, GAO reported that DOD’s efforts to modernize its management controls (both institutional and program specific) had slowed compared with previous years, leaving much to be accomplished. Since that time, DOD has continued to take steps to comply with statutory provisions and satisfy relevant system modernization management guidance. However, while DOD has initiated numerous management activities aimed at modernizing its business systems environment, it has been limited in its ability to demonstrate results.

In this regard, GAO’s work has highlighted challenges that DOD has continued to face in aligning its business enterprise architecture at all levels of the department, leveraging the architecture to avoid investments that provide similar but duplicative functionality in support of common DOD activities, and institutionalizing the business systems investment process. In addition, ensuring that effective system acquisition management controls are implemented for each business system investment also remains a formidable challenge. Examples of progress and challenges in these areas are described in the following paragraphs.

  • DOD has defined a federated approach to its architecture, where member architectures conform to an overarching corporate or parent architecture and utilize a common vocabulary. This approach is to provide governance across all business systems, functions, and activities within the department and improve visibility across DOD’s respective efforts. However, adopting this approach continues to be a challenge. While DOD is making improvements, its corporate architecture has yet to be federated through the development of aligned subordinate architectures for each of the military departments. In this regard, the military departments have made little or no progress. Moreover, DOD has yet to include common definitions of key terms and concepts to help ensure that these architectures will be properly linked and aligned.
  • DOD has recently initiated plans to address duplicative investments; however, these plans have yet to result in the consolidation or elimination of duplicative investments or functionality. In February 2012, GAO reported that while DOD had information technology (IT) investment management processes in place that are, in part, intended to prevent, identify, and eliminate unnecessary duplicative investments, GAO identified 31 potentially duplicative IT investments accounting for about $1.2 billion in DOD’s IT spending for fiscal years 2007 through 2012. DOD officials have stated that operational activities identified by programs in its systems repository can be compared by the investment review board to identify those investments that provide duplicative functionality in support of common DOD activities. However, this process depends on self-reported data from the programs and there continues to be little or no validation or verification of the information. GAO recommended that DOD utilize or correct existing mechanisms to identify and eliminate, where appropriate, potentially duplicative investments. While DOD officials stated that they are working on automating the compliance review process, the department has more work to do in this area. For example, DOD has identified 15 end-to-end business processes to be defined in the architecture. However, only two of these processes were to be fully defined by the end of fiscal year 2012, thus enabling only a fraction of activities to be available for comparison during compliance reviews.
  • In June 2011, GAO reported that DOD had made limited progress in defining and implementing investment management policies and procedures outlined in GAO’s Information Technology Investment Management framework and consistent with the investment management provisions of the Clinger-Cohen Act of 1996. More recently, in June 2012, GAO reported that DOD and the military departments had yet to address GAO’s related recommendations and implement many critical processes associated with selecting investments and providing investment oversight and had made little progress in addressing additional elements of GAO’s framework that it previously reported as unsatisfied. According to DOD, slow progress on its investment management policies and procedures across the department and its military components was due, in part, to the department’s activities to address new requirements in the National Defense Authorization Act for Fiscal Year 2012. Specifically, in June 2012, DOD issued investment review guidance that updated its investment review governance, structure, and certification procedures to address the new requirements. Following this guidance, DOD retired its four functional investment review boards in 2012 and replaced them with the Defense Business Council, a senior-level board that is to meet as the corporate investment review board to review and certify systems for fiscal year 2013 within a series of functional portfolios. These portfolios are to include all business systems budgeted to spend more than $1 million, including those in operations and maintenance. While this new approach may provide the Office of the Deputy Chief Management Officer the opportunity to improve transparency for a greater number of systems throughout DOD and manage systems using tradeoffs among its portfolios of investments, the new investment management approach is still in transition and details for how systems will be reviewed and the extent to which this new approach will provide measurement against planned outcomes has not yet been demonstrated.

    As part of its investment review and certification process, DOD also has performed various business process reengineering activities related to its business systems investments and underlying end-to-end business process. However, the department has not yet begun to measure associated results. Thus, the extent to which these efforts have streamlined and improved the efficiency of the underlying business processes remains uncertain. As a result, GAO has recommended that DOD begin to report on the status and results of its reengineering efforts to ensure oversight and promote department accountability.
  • In 2010, GAO reported that DOD's large-scale, software-intensive system acquisitions continued to fall short of cost, schedule, and performance expectations. Specifically, GAO reported that six of nine enterprise resource planning systems had experienced schedule delays ranging from 2 to 12 years, and five had incurred cost increases ranging from $530 million to $2.4 billion. Despite this, in October 2012, GAO reported that DOD rated no investments at high or moderately high risk levels on the federal IT Dashboard. Rather, it reported 85 percent at low and moderately low risk levels. GAO reported that DOD did not rate any of its investments as high risk due, in part, to departmental officials’ views that such ratings could lead to an Office of Management and Budget review. In addition, these ratings did not always reflect significant schedule delays, cost increases, and other weaknesses that GAO and the DOD Inspector General continued to identify. The following are examples of selected investments that continue to experience significant performance problems but were all rated as low or moderately low risk by DOD.
    • In 2012, GAO reported that Air Force’s Defense Enterprise Accounting and Management System (DEAMS), which is the Air Force’s target accounting system designed to provide accurate, reliable, and timely financial information, faced a 2-year deployment delay and an estimated cost increase of about $500 million for an original life-cycle cost estimate of $1.1 billion (an increase of approximately 45 percent). GAO also reported that assessments by DOD users had identified operational problems with the system, such as data accuracy issues, an inability to generate auditable financial reports, and the need for manual workarounds. In July 2012, the DOD Inspector General reported that the DEAMS’ schedule delays were likely to diminish the cost savings it was to provide, and would jeopardize the department’s goals for attaining an auditable financial statement. DOD’s Chief Information Officer rated DEAMS low risk or moderately low risk from July 2009 through March 2012.
    • Army’s General Fund Enterprise Business System (GFEBS) is an Army financial management system intended to improve the timeliness and reliability of financial information and to support the department’s auditability goals. In early 2012, GAO reported that while the GFEBS life cycle cost estimate of about $1.4 billion had not changed, the system faced a 10-month implementation delay, and DOD users reported operational problems, including deficiencies in data accuracy and an inability to generate auditable financial reports. These concerns were reiterated by the DOD Inspector General in July 2012. DOD’s Chief Information Officer rated GFEBS as moderately low risk from July 2009 through March 2012.
    • Army’s Global Combat Support System-Army (GCSS-Army) is intended to improve the Army’s supply chain management capabilities and provide accurate equipment readiness status reports, among other things. In March 2012, GAO reported that GCSS-Army was experiencing a cost overrun of approximately $300 million on an original life-cycle cost estimate of $3.9 billion (an increase of approximately 8 percent) and a deployment delay of approximately 2 years. DOD rated GCSS-Army as low or moderately low risk from July 2009 through March 2012.

To ensure that DOD’s evaluations of investment risk for its major IT Dashboard investments reflect all available performance assessments, GAO has made recommendations to the department to reassess its considerations for assigning risk levels for Dashboard investments, including assessments of investment performance and risk from outside the programs.

Until DOD fully defines and consistently implements the full range of business systems modernization management controls, it may not be able to adequately ensure that its business system investments are the right solutions for addressing its business needs, nor effectively demonstrate that its business system investments are being managed to streamline business processes, produce expected capabilities efficiently and cost effectively, and deliver planned benefits. GAO plans to continue to monitor DOD’s efforts to address these areas and, to this end, has ongoing work focusing on (1) the status of the updates to the federated business enterprise architecture and business system investment management process; (2) GAO’s prior recommendations pertaining to business systems modernization; (3) DOD’s ability to measure the impact of its modernization efforts and demonstrate results; and (4) the extent to which selected major automated information systems are meeting planned cost and schedule milestones and performance measures.

Establishing a well-defined, federated architecture along with well-defined investment management policies and procedures for modernizing DOD’s business systems and processes are critical to effectively improving the department’s business systems environment and essential to managing the thousands of business systems in a consistent, repeatable, and effective manner that, among other things, maximizes mission performance while minimizing or eliminating system overlap and duplication. In this regard, DOD must provide further governance and oversight in these areas and work to demonstrate actual progress made against planned outcomes. In addition, business system investments need to be defined and implemented within the context of DOD’s federated architecture, and both the corporate and component investment management process and architecture governance need to be better defined and institutionalized. Further, DOD needs to ensure that its business system investments are managed with the kind of acquisition management rigor and discipline that is embodied in relevant guidance and best practices, so that each investment will deliver expected benefits and capabilities on time and within budget. In addition, DOD’s considerations for assigning risk levels for major investments should include assessments of investment performance and risk from outside the programs.

Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.
  • portrait of Carol R. Cha
    • Carol R. Cha
    • Director, Information Technology
    • chac@gao.gov
    • (202) 512-4456
  • portrait of Valerie C. Melvin
    • Valerie C. Melvin
    • Director, Information Technology
    • melvinv@gao.gov
    • (202) 512-6304