Cooperative Threat Reduction:
DOD Has Improved Its Management and Internal Controls, but Challenges Remain
GAO-05-329, Jun 30, 2005
Section 3611 of the National Defense Authorization Act for Fiscal Year 2004 mandates that GAO assess the Department of Defense's (DOD) internal controls for the Cooperative Threat Reduction (CTR) program and their effect on the program's execution. In addressing the mandate, we assessed DOD's management and internal controls over implementing CTR projects since 2003 by using the control standards for the federal government as criteria. In response to the mandate, we focused on those management and internal control areas considered most relevant to CTR project implementation: (1) building a management structure, (2) risk assessments, (3) performance measures, (4) program reviews, (5) communications, and (6) project monitoring. The Congress also mandated that GAO describe the status of DOD's implementation of legislative mandates covering the CTR program.
Through the CTR program, DOD provides assistance to help the former states of the Soviet Union secure and eliminate their weapons of mass destruction. Since 2003, DOD has improved its management and internal controls over the CTR program. Prior to 2003, DOD had problems managing the program and ensuring that the program was meeting its objectives. These inadequacies became apparent in 2003 following two project failures in Russia that cost the CTR program almost $200 million, including the never used liquid rocket fuel disposition facility. Following these incidents, DOD implemented a more structured approach to managing the CTR program. In July 2003, DOD filled vacancies in the office responsible for managing the program, providing a level of leadership and oversight that did not previously exist. Once in place the new leadership made important improvements to the program's internal controls in the areas of organizational structure, risk assessments, performance measures, program reviews, and communication. For example, DOD now assesses and balances risks with project requirements and measures project performance at each phase. DOD also conducts semi-annual meetings to review commitments and responsibilities of CTR-recipient governments and to minimize risk. Although enhancing its internal controls helps mitigate the risks that stem from having to rely on the cooperation of CTR-recipient governments, DOD can never fully eliminate the project risks associated with recipient governments' cooperation. Furthermore, while DOD's enhancements are an improvement over previous internal controls, current mechanisms do not include a separate review of CTR projects upon their completion. As such, DOD lacks a system for evaluating projects upon their completion and applying lessons learned to future projects.
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: The Secretary of Defense should conduct performance reviews upon the completion of CTR projects. Such reviews would provide a mechanism for documenting lessons learned and applying them to future project planning and implementation.
Agency Affected: Department of Defense
Status: Closed - Implemented
Comments: GAO recommended in June 2005 that the Secretary of Defense conduct performance reviews upon the completion of Defense Threat Reduction Agency (DTRA) Cooperative Threat Reduction (CTR) projects in order to document lessons learned and apply them to future project planning and implementation. At that time, DOD concurred with the recommendation. In meeting with CTR program officials in February 2009, they explained that the "lessons learned" process and evaluation system that the program office implemented to address GAO's recommendation has become a key component of its own Continuous Improvement Process. CTR program efforts to address GAO's recommendation culminated in February 2008 with the roll out of its Lessons Learned database. The database provides specific, relevant, and actionable information and advice to users' needs. Lessons learned input to the database is provided from across the CTR program and is compiled from "after action" reviews, facilitated sessions, or personal observations. All CTR program personnel can access the database to provide their input or access data on lessons learned from other projects. CTR officials provided a demonstration of the Lessons Learned database and provided hard copies of various database screens as well as sample write-ups of actual lessons learned recorded in the system. The officials also provided a copy of a lessons learned conference conducted in April 2008. The CTR officials stressed that the process is ongoing to ensure day-to-day continuous improvement and that the program's workforce is being trained to integrate lessons learned into all projects through use of the database.