Business Systems Modernization:
DOD Continues to Improve Institutional Approach, but Further Steps Needed
GAO-06-658, May 15, 2006
For decades, the Department of Defense (DOD) has not been successful in repeated attempts to modernize its timeworn business systems and operations. In 1995, we first designated DOD's business systems modernization as "high risk," and we continue to designate it as such today. As our research on successful public and private sector organizations has shown, attempting a large-scale systems modernization program in a large organization such as DOD without, among other things, a well-defined enterprise architecture and the associated investment management controls for implementing it often results in systems that are duplicative, stovepiped, non-integrated, and unnecessarily costly to manage, maintain, and operate. In May 2001, we made recommendations to the Secretary of Defense that provided the means for effectively developing and implementing an enterprise architecture and limiting systems investments until the department had a well-defined architecture and a corporate approach to investment control and decision making. In July 2001, the department initiated a business management modernization program to, among other things, develop a business enterprise architecture and establish the investment controls needed to effectively implement it. This effort was begun as part of the Secretary of Defense's broad initiative to "transform the way the department works and what it works on." Between 2001 and 2005, we reported that the department's business management modernization program was not being effectively managed, concluding in 2005 that hundreds of millions of dollars had been spent on an architecture and investment management structures that had limited use. To assist DOD in addressing these modernization management challenges, Congress included provisions in the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 (the Act) that were consistent with our recommendations for developing a business enterprise architecture and associated enterprise transition plan, and establishing and implementing effective information technology (IT) business system investment management structures and processes. More specifically, the Act required the department to, among other things, (1) develop a business enterprise architecture, (2) develop a transition plan to implement the architecture, (3) include systems information in its annual budget submission, (4) establish a system investment approval and accountability structure, (5) establish an investment review process, and (6) approve and certify system modernizations costing in excess of $1 million. The Act further requires that the Secretary of Defense submit an annual report to congressional defense committees on its compliance with certain requirements of the Act not later than March 15 of each year from 2005 through 2009. Additionally, the Act directs us to submit to congressional defense committees--within 60 days of DOD's report submission--an assessment of DOD's actions taken to comply with these requirements. The objectives of our review were to (1) assess the actions by DOD to comply with the requirements of Section 2222 of Title 10, U.S. Code and (2) determine the extent to which DOD has addressed our prior recommendations. To accomplish this, we used our November 2005 report as a baseline of comparison, focusing on the steps the department has taken to address the areas of noncompliance that we cited in that report.
As part of DOD's incremental strategy for developing and implementing its architecture, transition plan, and tiered accountability framework for managing business systems, the department has taken steps over the last 6 months to further comply with the Act and otherwise improve its overall approach to business systems modernization. On March 15, 2006, DOD released a minor update to its business enterprise architecture (version 3.1), developed an updated enterprise transition plan, and issued its annual report to Congress describing steps taken to address the Act's requirements, among other things. The updated architecture and transition plan, as well as the report and related documentation, reflect steps taken to address a number of the areas that we previously reported as falling short of the Act's requirements and related guidance. However, additional steps are needed to fully comply with the Act and relevant guidance.
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: To further assist the department in institutionalizing well-defined business systems modernization management controls, to facilitate congressional oversight, and promote departmental accountability, the Secretary of Defense should direct the Deputy Secretary of Defense, as the chair of the Defense Business Systems Management Committee, to submit an enterprise architecture program management plan to defense congressional committees. At a minimum, the plan should define what the department's incremental improvements to the architecture and transition plan will be, and how and when they will be accomplished, including what (and when) architecture and transition plan scope and content and architecture compliance criteria will be added into which versions. In addition, the plan should include an explicit purpose and scope for each version of the architecture, along with milestones, resource needs, and performance measures for each planned version, with particular focus and clarity on the near-term versions.
Agency Affected: Department of Defense
Status: Closed - Implemented
Comments: DOD has employed an incremental approach to add more scope and content to the Business Enterprise Architecture (BEA) on an annual basis. To accomplish this, the department has taken several actions that are consistent with the intent of our recommendation. For example, it has developed the Business Transformation Guidance, which describes the high-level process by which incremental improvements are identified and eventually incorporated into the BEA. Also, in March 2010, the department updated its BEA-related guidance to, among other things, provide criteria for determining systems' architectural compliance with the BEA. In addition, it issued a BEA development methodology, which provides for developing an integrated schedule with time frames and resource needs for each increment of the BEA. Furthermore, the department's annual report, which draws from and references the enterprise transition plan, is submitted annually to defense congressional committees and describes the business capability improvements that are planned for the development/modernization programs contained in the BEA. For example, the report addresses key program development milestones and performance metrics relative to each business enterprise priority segment of the architecture. As a result of these collective actions, we consider this recommendation to be largely implemented.