DOD Business Systems Modernization - High Risk Issue
The Department of Defense (DOD) spends billions of dollars each year to acquire modern systems to achieve its business transformation goals, but has not fully defined and established a family of business system modernization management controls. These controls are vital to ensuring that DOD can effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization, and minimize the associated risks.
For decades, DOD has been attempting to modernize about 2,200 business systems, which are supported by billions of dollars in annual expenditures that are intended to support business functions and operations. DOD Business Systems Modernization is on our High Risk List. Recommendations aimed at strengthening DOD’s institutional approach to modernization and reducing the risks associated with key investments include
- developing and using a business enterprise architecture (BEA) modernization blueprint,
- establishing effective investment management controls to guide and constrain DOD’s multi-billion dollar business systems environment, and
- ensuring that DOD follows best practices when acquiring information technology systems and services.
DOD has made progress implementing key institutional modernization management controls; however, more needs to be done. For example, at the institutional level, DOD needs to
- extend (federate) its corporate business enterprise architecture to its component organizations and
- evolve its corporate and component business system investment management processes and institutionalize these processes at all levels of the organization.
For specific programs, DOD needs to
ensure that the thousands of DOD business system modernization and information technology (IT) programs and projects employ program management rigor and discipline, including practices such as:
- economically justifying investments on the basis of reliable estimates of future costs and benefits, and
- effectively conducting key acquisition functions, including requirements and risk management.
GAO-15-627: Published: Jul 16, 2015. Publicly Released: Jul 16, 2015.
GAO-15-282: Published: Feb 26, 2015. Publicly Released: Feb 26, 2015.
GAO-14-486: Published: May 12, 2014. Publicly Released: May 12, 2014.
GAO-12-685: Published: Jun 1, 2012. Publicly Released: Jun 1, 2012.
GAO-12-134: Published: Feb 28, 2012. Publicly Released: Mar 29, 2012.
GAO-14-470: Published: Sep 30, 2014. Publicly Released: Oct 30, 2014.
GAO-14-547R: Published: May 29, 2014. Publicly Released: May 29, 2014.
GAO-14-522R: Published: Apr 22, 2014. Publicly Released: Apr 22, 2014.
GAO-14-266: Published: Feb 28, 2014. Publicly Released: Feb 28, 2014.
GAO-14-152: Published: Feb 7, 2014. Publicly Released: Mar 10, 2014.
GAO-14-51: Published: Nov 13, 2013. Publicly Released: Nov 13, 2013.
GAO-13-557: Published: May 17, 2013. Publicly Released: May 17, 2013.
GAO-12-791: Published: Sep 26, 2012. Publicly Released: Sep 26, 2012.
GAO-12-524: Published: Apr 26, 2012. Publicly Released: Apr 26, 2012.
GAO-11-902: Published: Sep 26, 2011. Publicly Released: Sep 26, 2011.