DOD Business Systems Modernization:
Progress in Establishing Corporate Management Controls Needs to Be Replicated Within Military Departments
GAO-08-705, May 15, 2008
In 1995, GAO first designated the Department of Defense's (DOD) business systems modernization program as "high risk," and GAO continues to do so today. To assist in addressing this high-risk area, the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 contains provisions that are consistent with prior GAO investment management and enterprise architecture-related recommendations, and requires the department to submit annual reports to its congressional committees on its compliance with these provisions. The act also directs GAO to review each annual report. In response, GAO assessed the actions taken by DOD to comply with requirements of the act. To do so, GAO leveraged its recent reports on various aspects of the department's modernization management controls, and it reviewed, for example, the latest version of its business enterprise architecture and the associated transition plan and architecture federation strategy. GAO also interviewed key officials.
As part of DOD's continuing efforts to strengthen management of its business systems modernization program, it has taken steps over the last year to build on past efforts and further comply with the National Defense Authorization Act's requirements and related federal guidance. Notwithstanding this progress, aspects of these requirements and relevant guidance have yet to be fully satisfied. In particular, the military departments, under DOD's "federated" and "tiered" approach to establishing institutional modernization management controls, have lagged well behind DOD's corporate efforts, and the corporate efforts are still not yet where they need to be. For example, the latest version of DOD's corporate business enterprise architecture continues to add content needed to improve its completeness, consistency, understandability, and usability. Moreover, its latest architecture federation strategy is more detailed and explicit than the prior version. However, the corporate architecture is still missing important content, such as business rules for, and information flows among, certain business activities. Moreover, the architecture has yet to be federated. Specifically, the military departments, which are the largest members of the federation, do not yet have mature enterprise architecture programs, and the federation strategy aimed at accomplishing this is still evolving. GAO has existing recommendations to address these and other architecture issues. The updated enterprise transition plan, which provides a temporal investment roadmap for transitioning from the current architectural environment to the target environment, continues to identify systems and initiatives that are to fill business capability gaps and address the DOD-wide and component business priorities that are contained in the business enterprise architecture. However, the plan still does not include investments for all components and does not reflect key factors associated with properly sequencing planned investments, such as dependencies among investments and the capability to execute the plan. Furthermore, the military departments, which are the largest members of the business federation, have yet to fully develop their own architecturally-based transition plans. GAO has existing recommendations to address these and other transition plan issues. DOD and the military departments have yet to fully establish key investment review structures and have yet to define related policies and procedures for effectively performing both project-level and portfolio-based investment management. GAO has existing recommendations to address these and other investment issues. Until DOD fully implements GAO's existing recommendations relative to the act and related guidance, its business systems modernization will likely remain a high-risk program.