DOD Business Systems Modernization:
Limited Progress in Development of Business Enterprise Architecture and Oversight of Information Technology Investments
GAO-04-731R: Published: May 17, 2004. Publicly Released: May 17, 2004.
The Department of Defense's (DOD) long-standing business systems problems adversely affect the economy, effectiveness, and efficiency of its business operations and have resulted in a lack of adequate transparency and appropriate accountability across all of its major business areas. In July 2001, DOD initiated a program to, among other things, develop a DOD business enterprise architecture (architecture). This effort is an essential part of the Secretary of Defense's broad initiative to "transform the way the department works and what it works on." Because DOD is one of the largest and most complex organizations in the world, overhauling its business operations and supporting systems represents a huge management challenge. In fiscal year 2003, DOD reported that its operations involved over $1 trillion in assets, nearly $1.6 trillion in liabilities, approximately 3.3 million military and civilian personnel, and disbursements of over $416 billion. To support its business operations, DOD reported that it relies on about 2,300 business systems, including accounting, acquisition, logistics, and personnel systems. The department requested about $19 billion--about $4.8 billion for business systems modernization and about $14 billion for operation and maintenance of these systems--in fiscal year 2004. Recognizing the importance of DOD's efforts to transform its business operations and systems through the use of an enterprise architecture, the Congress included provisions in the National Defense Authorization Act for Fiscal Year 2003 that were aimed at developing and effectively implementing a well-defined architecture. Specifically, section 1004 of this act required that DOD (1) develop, by May 1, 2003, a financial management enterprise architecture and a transition plan for implementing the architecture that meets certain requirements and (2) review financial system improvements with proposed obligations of funds in amounts exceeding $1 million to determine if those system improvements meet specific conditions that are called for in the act. The act also directed us to assess actions that DOD has taken to comply with these requirements. In July and September 2003, we reported on DOD's actions and made a number of recommendations to assist DOD in its efforts to effectively develop and implement an architecture and to guide and constrain its business systems investments. The act further requires that the Secretary of Defense submit an annual report not later than March 15 of each year from 2004 through 2007 to congressional defense committees on its progress in implementing the architecture, including the transition plan. Additionally, the act directs us to submit to congressional defense committees, within 60 days of DOD's report submission, an assessment of DOD's actions taken to comply with these requirements. DOD submitted its first annual report on March 15, 2004. This report is our assessment of DOD's March 15, 2004 report. We determined (1) the actions DOD has taken to address our previous recommendations regarding the development and implementation of the architecture and (2) the actions DOD is taking to ensure its ongoing and planned investments will be consistent with its evolving architecture.
Since our last review--and after 3 years of effort and over $203 million in obligations--we have not seen any significant change in the content of DOD's architecture or in DOD's approach to investing billions of dollars annually in existing and new systems. Few actions have been taken to address the recommendations we made in our September 2003 report, which were aimed at improving DOD's plans for developing the next version of the architecture and implementing the institutional means for selecting and controlling both planned and ongoing business systems investments. To DOD's credit, it has established, for example, a group under the Business Management Modernization Program (program) steering committee to facilitate communication and coordination across the domains for modernization program activities, including extending and evolving the architecture. However, DOD has not yet adopted key architecture management best practices and has not added the scope and detail to its architecture that we previously identified as missing. Additionally, the department does not have reasonable assurance that it is in compliance with the National Defense Authorization Act for Fiscal Year 2003, which requires DOD's Comptroller to review all system improvements with obligations exceeding $1 million. While DOD has recently issued a policy that assigns investment management responsibilities to the domains, the policy has not yet been implemented, and DOD has not clearly defined the roles and responsibilities of the domains, established common investment criteria, and conducted a comprehensive review of its existing business systems to ensure that they are consistent with the architecture. Further, each of the DOD components continues to receive its own funding and make its own parochial investment decisions. The department acknowledges that it still has much more to do, including developing the architecture to a necessary level of detail, defining specific performance metrics, and clarifying the roles and responsibilities associated with managing the domains' portfolios of business systems and ensuring that these systems comply with the architecture. The limited progress that DOD has made is due, in part, to the lack of clearly assigned, accountable, and sustained program leadership and to changes in the program direction and priorities. Our experience in reviewing other challenged architecture efforts shows that these efforts have suffered from limited senior management understanding of and commitment to an architecture and from cultural resistance to having and using one.