Defense Business Systems:

Further Refinements Needed to Guide the Investment Management Process

GAO-14-486: Published: May 12, 2014. Publicly Released: May 12, 2014.

Additional Materials:

Contact:

Carol R. Cha
(202) 512-4456
chac@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Defense (DOD) has developed a portfolio-based investment management process for its defense business systems, certified and approved a majority of its defense business systems, made key improvements to the data used to manage its business investments, and updated its transition plan to assist its efforts in complying with key provisions of section 332 of the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 (NDAA or “the act”), as amended (10 U.S.C. § 2222). However, the department continues to face challenges in fully complying with the act's requirements, modernizing its business systems environment, and addressing GAO's prior recommendations (see table).

Table: Status of DOD's Actions Related to the Act's Requirements

Act's requirements

Status of related DOD actions

Establish an investment approval and accountability structure, along with an investment review process

DOD has developed a defense business system investment management framework that reflects key aspects of capital planning and investment control best practices. However, this process is not currently aligned with DOD's budget process and does not call for the department-wide investment review board to focus its attention on more costly, complex, or risky systems, while delegating detailed reviews of other systems to lower organizational levels.

Certify that any business system program costing more than $1 million complies with the business enterprise architecture and has undertaken appropriate business process reengineering

DOD certified about $6.4 billion in fiscal year 2014 expenditures for 1,173 defense business systems and has improved the information it collects about business system certifications. However, while most systems were certified as complying with the act's requirements, reviews supporting these certifications need to be improved, as GAO has previously recommended. In addition, reviewing systems at differing organizational levels based on cost, complexity, risk, or other specified criteria may help address these issues.

Develop a business enterprise architecture

DOD has efforts under way to improve the content of its business enterprise architecture. However, the department's guidance does not require components to proactively use the information collected as part of this process to reduce duplication and overlap of business systems.

Develop an enterprise transition plan

DOD's enterprise transition plan and related documentation include most of information required by the act, such as milestone information, fiscal year 2014 resource needs, and termination dates for legacy systems. Continued effort to address GAO's prior recommendations in this area will help to better inform oversight of the department's business systems investments.

Source: GAO analysis of DOD data.

Department officials cited various reasons for the shortfalls noted above. For example, they stated that aligning the investment review process with the budgeting process takes time to coordinate. They also noted that different systems are reviewed with different levels of scrutiny based on various factors, but those factors are not documented in existing guidance. Continued progress in improving its investment management approach will allow DOD to more effectively manage the billions of dollars the department invests annually in modernizing its business systems.

Why GAO Did This Study

GAO designated DOD's multibillion-dollar business systems modernization program as high risk in 1995, and since then has provided a series of recommendations aimed at strengthening DOD's institutional approach to modernizing its business systems investments. Section 332 of the Fiscal Year 2005 NDAA requires the department to take specific actions relative to its modernization efforts and GAO to assess actions taken by DOD to comply with section 332 of the act. In evaluating DOD's compliance, GAO analyzed, among other things, investment management policies and procedures, certification actions for business system investments, and the latest versions of the department's business enterprise architecture and enterprise transition plan.

What GAO Recommends

GAO is making three recommendations to help improve the department's business system investment management process and business enterprise architecture. DOD concurred with two recommendations and partially concurred with the third—to define criteria for reviewing business systems at appropriate levels in the department. In particular, DOD noted that systems are reviewed within components before being reviewed by the executive-level investment review board. However, until DOD ensures that investments are reviewed at an appropriate level based on defined criteria such as cost, scope, complexity, and risk, the department is at an increased risk of failing to identify and address important issues associated with large-scale and costly systems.

For more information, contact Carol R. Cha at (202) 512-4456 or chac@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: As we reported in July 2015, the department has taken appropriate steps to align its business system certification and approval process with its Planning, Programming, Budgeting, and Execution process. For example, according to the department's February 2015 certification and approval guidance, Organizational Execution Plans are to include information about certification requests for the upcoming fiscal year as well as over the course of the Future Years Defense Program. All of this information is to be considered when making certification and approval decisions. In addition, the guidance states that the chair of the Defense Business Council will make programming and budgeting recommendations to the Office of Cost Assessment and Program Evaluation and the DOD Comptroller

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to define by when and how the department plans to align its business system certification and approval process with its Planning, Programming, Budgeting, and Execution process.

    Agency Affected: Department of Defense

  2. Status: Open

    Comments: As we reported in July 2015, according to officials from the Office of the Deputy Chief Management Officer, the Defense Business Council primarily focused its attention on the non-military department business systems during the fiscal year 2015 certification and approval process. Accordingly, the council relied on military department precertification authority reviews of their respective system portfolios to support council decisions. However, the department has not defined criteria for reviewing defense business systems at an appropriate level in the department based on factors such as complexity, scope, cost, and risk, in support of the certification and approval process.

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to define criteria for reviewing defense business systems at an appropriate level in the department based on factors such as complexity, scope, cost, and risk, in support of the certification and approval process.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: As we reported in July 2015, the department has developed guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify duplication and overlap. In particular, the department's April 2015 business enterprise architecture compliance guidance states that examining programs for potential duplication and overlap should occur during the problem statement requirements analysis process, which is to occur early in a program's life cycle. In addition, the department's December 2014 problem statement requirements validation guidance calls for an enterprise architecture analysis to be conducted that is to determine if a capability already exists within the organization or elsewhere across the DOD. If a solution already exists, the problem statement sponsor is to direct that the existing solution be reused. In addition, officials from the Office of the Deputy Chief Management Officer demonstrated that its new Integrated Business Framework-Data Alignment Portal tool can be leveraged to identify potentially duplicative systems based on business enterprise architecture compliance information that has been entered into the system.

    Recommendation: To help ensure that the department's business systems modernization program is fully compliant with the act and is more effectively implemented, the Secretary of Defense should direct the appropriate DOD management entity to develop guidance requiring military departments and other defense organizations to use existing business enterprise architecture content to more proactively identify potential duplication and overlap.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Jun 24, 2015

Jun 17, 2015

Jun 10, 2015

Apr 16, 2015

Mar 31, 2015

Feb 26, 2015

Feb 25, 2015

Dec 10, 2014

Sep 25, 2014

Looking for more? Browse all our products here