Business Systems Modernization:
Summary of GAO's Assessment of the Department of Defense's Initial Business Enterprise Architecture
GAO-03-877R: Published: Jul 7, 2003. Publicly Released: Jul 7, 2003.
The Department of Defense (DOD) faces financial and related management problems that are pervasive, complex, long-standing, and deeply rooted in virtually all business operations throughout the department. These problems have impeded the department's ability to provide complete, reliable, and timely business information to the Congress, DOD managers, and other decision makers. Of the 25 areas on our governmentwide "high-risk" list, 6 are DOD program areas, and the department shares responsibility for 3 other high-risk areas that are governmentwide in scope. DOD's problems in each of these areas hinder the efficiency of operations, and leave the department vulnerable to fraud, waste, and abuse. For fiscal year 2003, DOD's information technology (IT) budget request was over $26 billion. More specifically, to support its business operations, DOD reports that it currently relies on about 2,300 systems, including accounting, acquisition, logistics, and personnel systems that will cost about $18 billion--nearly $5.2 billion for business systems and $12.8 billion primarily for business systems infrastructure--in fiscal year 2003 to operate, maintain, and modernize. As we have previously reported, this environment was not designed to be, but rather has evolved into, an overly complex and error-prone environment, including (1) little standardization across DOD, (2) multiple systems performing the same tasks, (3) the same data stored in multiple systems, and (4) manual data entry into multiple systems.
As GAO reported in February 2003, DOD undertook a challenging and ambitious task--to develop within 1 year a departmentwide architecture for modernizing its current financial and business operations and systems. Thus far, DOD has expended tremendous effort and resources and made important progress in complying with the legislative requirements aimed at developing and effectively implementing a well-defined enterprise architecture. Further, DOD's initial version of its business enterprise architecture provides a foundation from which to build and ultimately produce a well-defined business enterprise architecture. However, the initial version does not adequately address the act's requirements and other relevant architectural requirements. For example, the architecture does not adequately describe the accounting and financial management requirements and the logical database model, which includes data standards and is used to guide the creation of the physical databases where information will be stored. Moreover, DOD has yet to implement an effective investment management process for controlling ongoing and planned business system improvements, including one that meets the act's requirements for ensuring that obligations in excess of $1 million are consistent with the architecture and the transition plan. Collectively, this means that DOD has taken a positive first step, but much remains to be accomplished before DOD will have the kind of blueprint and associated investment controls to successfully modernize its business operations and supporting systems. DOD's position is that, to varying degrees, the initial version of its architecture fully satisfies the act's requirements, but it also recognizes that the architecture needs to be expanded and extended to provide a sufficient basis for guiding and constraining investment decisions. DOD's position is also that it has taken steps to implement the act's requirements regarding approving system investments but that it needs to do more to effectively select and control system investments. DOD attributes the current state of its architecture and investment management processes to the limited time it has had to define and implement each, in part because it was overly optimistic in estimating what it could deliver by May 1, 2003. Until DOD develops and provides for effective implementation of a well-defined enterprise architecture, its ability to modernize its business and systems environments in a way that minimizes risk and maximizes return on investment will be severely hindered.