This is the accessible text file for GAO report number GAO-10-215 
entitled 'Military Personnel: Additional Actions Are Needed to 
Strengthen DOD's and the Coast Guard's Sexual Assault Prevention and 
Response Programs' which was released on February 24, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to the Chairman, Subcommittee on National Security and Foreign 
Affairs, Committee on Oversight and Government Reform, House of 
Representatives: 

United States Government Accountability Office: 
GAO: 

February 2010: 

Military Personnel: 

Additional Actions Are Needed to Strengthen DOD's and the Coast 
Guard's Sexual Assault Prevention and Response Programs: 

GAO-10-215: 

GAO Highlights: 

Highlights of GAO-10-215, a report to the Chairman, Subcommittee on 
National Security and Foreign Affairs, Committee on Oversight and 
Government Reform, House of Representatives. 

Why GAO Did This Study: 

Sexual assault is a crime with negative implications to military 
readiness and esprit de corps. In response to a congressional request, 
GAO, in 2008, reviewed Department of Defense (DOD) and U.S. Coast 
Guard sexual assault prevention and response programs and recommended 
a number of improvements. GAO was subsequently asked to evaluate the 
extent to which (1) DOD has addressed GAO’s 2008 recommendations and 
further developed its programs, (2) DOD has established a sexual 
assault database, and (3) the Coast Guard has addressed GAO’s 2008 
recommendations and further developed its programs. To do so, GAO 
analyzed legislative requirements and program guidance, interviewed 
officials, and compared database implementation efforts to key 
information technology best practices. 

What GAO Found: 

DOD has addressed four of GAO’s nine recommendations from 2008 
regarding the oversight and implementation of its sexual assault 
prevention and response programs. For example, the Office of the 
Secretary of Defense (OSD) evaluated department program guidance for 
joint and deployed environments, and it evaluated factors that may 
hinder access to health care following a sexual assault. But DOD’s 
efforts to address the other recommendations reflect less progress. 
For example, GAO recommended that DOD develop an oversight framework, 
to include long-term goals and milestones, performance goals and 
strategies, and criteria for measuring progress. However, GAO found 
that the draft framework lacks key elements needed for comprehensive 
oversight of DOD’s programs, such as criteria for measuring progress 
and an indication of how it will use the information derived from such 
measurement to improve its programs. Until OSD incorporates all key 
elements into its draft oversight framework, it will remain limited in 
its ability to effectively manage program development to help prevent 
and respond to sexual assault incidents. DOD acknowledges that more 
work remains in order to fully develop its oversight framework. 

DOD has taken steps to begin acquiring a centralized sexual assault 
database. However, it did not meet a legislative requirement to 
establish the database by January 2010, and it is unclear when the 
database will be established because DOD does not yet have a reliable 
schedule to guide its efforts. Also, key system acquisition best 
practices associated with successfully acquiring and deploying 
information technology systems, such as economically justifying the 
proposed system solution and effectively developing and managing 
requirements, have largely not been performed. OSD officials said they 
intend to employ these acquisition best practices. Until this is 
accomplished the program will be at increased risk of not delivering 
promised mission capabilities and benefits on time and within budget. 

While the Coast Guard has partially implemented one of GAO’s two 
recommendations for further developing its sexual assault prevention 
and response program, it has not implemented the other. In June 2009, 
the Coast Guard began assessing its program staff’s workload, which 
represents progress in addressing GAO’s recommendation to evaluate its 
processes for staffing key installation-level positions in its 
program. However, it has not addressed GAO’s recommendation to develop 
an oversight framework. Further, the Coast Guard lacks a systematic 
process for assembling, documenting, and maintaining sexual assault 
incident data, and lacks quality control procedures to ensure that the 
program data being collected are reliable. In fiscal year 2008, for 
example, different Coast Guard offices documented conflicting numbers 
of sexual assault reports: the Coast Guard Program Office documented 
30, while the Investigative Office documented 78. The Coast Guard had 
to resolve this significant discrepancy before it could provide its 
data to DOD. Without a systematic process for tracking its data, the 
Coast Guard lacks reliable knowledge on the occurrence of sexual 
assaults. 

What GAO Recommends: 

To strengthen program implementation, GAO recommends that DOD take 
steps, including incorporating all key elements into its draft 
oversight framework and adhering to key system acquisition best 
practices, as it develops its database. GAO also recommends that the 
Coast Guard take steps, including establishing a systematic process to 
track program data and establishing quality control procedures. DOD 
and the Coast Guard concurred with the recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-10-215] or key 
components. For more information, contact Brenda S. Farrell at (202) 
512-3604 or farrellb@gao.gov or Randolph C. Hite at (202) 512-3439 or 
hiter@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

DOD's Efforts to Address GAO's Recommendations from 2008 Reflect 
Varying Levels of Progress: 

DOD Has Yet to Establish a Centralized Sexual Assault Database: 

Coast Guard Has Partially Implemented One of Our Two Recommendations 
from 2008: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Scope and Methodology: 

Appendix II: Comments from the Department of Defense: 

Appendix III: Comments from the U.S. Coast Guard: 

Appendix IV: GAO Contacts and Staff Acknowledgments: 

Tables: 

Table 1: Nine Improvement Opportunities and Selected Corresponding 
Target Improvement Initiatives Contained in OSD's Draft Oversight 
Framework: 

Table 2: Summary of Increments and Phases for Acquiring DOD's Defense 
Sexual Assault Incident Database: 

Abbreviations: 

DOD: Department of Defense: 

MDA: Milestone Decision Authority: 

OMB: Office of Management and Budget: 

OSD: Office of the Secretary of Defense: 

[End of section] 

United States Government Accountability Office:
Washington, DC 20548: 

February 3, 2010: 

The Honorable John F. Tierney: 
Chairman: 
Subcommittee on National Security and Foreign Affairs: 
Committee on Oversight and Government Reform: 
House of Representatives: 

Dear Mr. Chairman: 

Sexual assault is a crime that has a far-reaching negative impact on 
communities, families, and individuals and has additional implications 
for the military services because it undermines their core values, 
degrades mission readiness and esprit de corps, subverts strategic 
goodwill, and raises financial costs. Since we reported on these 
implications in 2008, incidents of sexual assault have continued to 
occur; in fiscal year 2008, the Department of Defense (DOD) reported 
nearly 3,000 alleged sexual assault cases, and the U.S. Coast Guard 
reported about 80.[Footnote 1] However, it is impossible to accurately 
analyze trends or to draw conclusions from these data about the 
incidence of sexual assault in the military services because, as we 
have previously reported, DOD and the Coast Guard have not been using 
standardized reporting requirements.[Footnote 2] 

Since 2004, Congress has repeatedly taken steps to address sexual 
assault in the military, including passing legislation that directs 
the Secretary of Defense to develop a comprehensive policy for DOD on 
the prevention of and response to sexual assaults involving members of 
the Armed Forces. The comprehensive policy is to include procedures 
for confidentially reporting sexual assault incidents. Further, the 
Secretary of Defense is required to submit an annual report to 
Congress on reported sexual assault incidents involving 
servicemembers.[Footnote 3] In 2008, we issued two reports that have 
helped inform congressional deliberations on sexual assault in the 
military; the first, in January 2008,[Footnote 4] addressed sexual 
assault at the DOD and Coast Guard academies, while the second, in 
August 2008,[Footnote 5] addressed sexual assault in the military and 
Coast Guard services. Our August 2008 report found that while DOD and 
the Coast Guard have taken positive steps to prevent and respond to 
sexual assault, program implementation was hindered by several issues, 
such as the lack of an oversight framework--that is, a plan to improve 
the Office of the Secretary of Defense's (OSD) oversight of the 
programs; limited support from some commanders; and training that was 
not consistently effective.[Footnote 6] Accordingly, we made a number 
of recommendations to improve DOD and Coast Guard programs, including 
recommending the development of an oversight framework to assess 
program effectiveness and the evaluation of program guidance, 
training, and installation-level staffing processes to enhance program 
implementation. We also raised as a matter for congressional 
consideration that the Coast Guard be required to annually submit to 
Congress sexual assault incident and program data that are 
methodologically comparable to those required of DOD. DOD and the 
Coast Guard concurred with all of the recommendations in our August 
2008 report, which are reprinted in the Background section of this 
report. In addition, we testified twice before your Subcommittee: in 
July 2008,[Footnote 7] to discuss our preliminary observations on 
DOD's and the Coast Guard's sexual assault prevention and response 
programs, and in September 2008, to discuss the findings and 
recommendations included in our August 2008 report.[Footnote 8] 

In November 2008, you requested that we continue to monitor DOD and 
Coast Guard efforts to strengthen the implementation and oversight of 
their respective sexual assault prevention and response programs. This 
report builds upon our previous work related to sexual assault in the 
military services, and assesses the extent to which (1) DOD has taken 
steps to implement our recommendations from 2008 and has further 
developed its programs to prevent and respond to sexual assault; (2) 
DOD has taken steps to address a congressional requirement to 
establish a centralized, case-level sexual assault incident database; 
and (3) the Coast Guard has taken steps to implement our 
recommendations from 2008 and has further developed its programs to 
prevent and respond to sexual assault. 

To assess the extent to which DOD has implemented our previous 
recommendations, we reviewed current DOD policies and programs and 
compared them with our prior findings and recommendations. We also 
interviewed DOD officials to supplement our analyses of program 
modifications. To assess the extent to which DOD has addressed the 
congressional requirement to establish a centralized, case-level 
sexual assault database, we reviewed applicable legislation[Footnote 
9] to identify statutory provisions that direct DOD to make changes to 
its processes for collecting and maintaining sexual assault data. We 
also reviewed applicable DOD documentation, compared it to DOD, 
federal, and industry guidance and to key system acquisition best 
practices; and interviewed DOD officials to obtain information on the 
status of the department's efforts to establish the database. To 
assess the extent to which the Coast Guard has implemented our 
previous recommendations, we reviewed current Coast Guard policies and 
programs and compared them with our prior findings and 
recommendations. We also interviewed Coast Guard officials to 
supplement our analyses of program modifications. Further details 
about our scope and methodology can be found in appendix I. 

We conducted this performance audit from February 2009 to February 
2010 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

Results in Brief: 

DOD has taken steps to implement our August 2008 recommendations to 
improve its sexual assault prevention and response program; however, 
its efforts reflect various levels of progress, and opportunities 
exist for further program improvements. In August 2008, we made nine 
recommendations to address the program issues we identified, and DOD 
has taken a number of steps to implement four of these 
recommendations.[Footnote 10] For example, OSD suggested policy 
revisions that have led to interim guidance for implementing sexual 
assault prevention and response programs in joint and deployed 
environments. Also, OSD chartered the Health Affairs Sexual Assault 
Task Force, which evaluated and subsequently issued recommendations to 
address factors that may hinder access to health care following a 
sexual assault. However, DOD's steps toward implementing the five 
other recommendations from 2008 reflect less progress, which is likely 
to hinder the effectiveness of DOD's efforts to oversee its programs. 
For example, although OSD has drafted an oversight framework, as we 
recommended, to guide the implementation and assessment of the 
department's sexual assault prevention and response programs, the 
framework does not contain all the key elements needed for 
comprehensive oversight. Specifically, it lacks criteria for measuring 
progress, although OSD does plan to develop these within the next 2 
years. The framework also lacks an indication of how it will use the 
information derived from such measurement to improve its programs. Our 
2008 recommendation called for the oversight framework to include long-
term goals, objectives, and milestones; performance goals and 
strategies; and criteria for measuring progress. Our prior work has 
also shown that results-oriented organizations use the resulting 
information to guide the development of future initiatives and 
identify how to budget available resources to achieve program 
goals.[Footnote 11] But OSD's draft oversight framework does not 
identify how it will use or report the results of its performance 
assessments, does not identify how OSD's budgeting of resources 
relates to its achievement of strategic program objectives, and does 
not correlate with the program's two strategic plans. Until OSD 
incorporates these key elements into its draft oversight framework, it 
will be limited in its ability to effectively manage program 
development and determine the extent to which its programs help 
prevent the occurrence of sexual assaults. We are recommending that 
OSD strengthen its oversight of sexual assault prevention and response 
programs by incorporating all key elements into its oversight 
framework. 

DOD has taken preliminary steps to establish the Defense Sexual 
Assault Incident Database---a centralized, case-level sexual assault 
incident system--but given what has been accomplished to date and what 
remains to be accomplished, DOD officials did not develop this 
database in time to meet the statutorily mandated January 2010 
implementation deadline.[Footnote 12] Moreover, DOD lacks a reliable 
schedule to guide acquisition and implementation tasks and activities. 
In addition, other key information technology management practices 
that are essential to successfully acquiring and implementing the 
database also remain to be accomplished. These include assessing the 
program's potential overlap with and duplication of related programs, 
justifying investment in the program on the basis of reliable 
estimates of life cycle costs and benefits, effectively developing and 
managing system requirements, adequately testing system capabilities, 
and effectively managing program risks. DOD officials agree that these 
key practices need to be implemented; however, they have yet to 
develop plans or timeframes for doing so. Therefore, until these 
practices are implemented effectively, DOD could face challenges in 
successfully delivering a database that meets mission needs and does 
not exceed cost and schedule commitments. As DOD moves forward with 
its development of the Defense Sexual Assault Incident Database, we 
are recommending that it adhere to key system development and 
acquisition management processes and controls. 

While the Coast Guard has partially implemented one of our 
recommendations to further develop its sexual assault prevention and 
response program, it has not implemented the other. In August 2008, we 
reported that the Coast Guard's sexual assault prevention and response 
program was hindered by several issues, and we made two 
recommendations to strengthen its program's implementation.[Footnote 
13] To its credit, in June 2009, the Coast Guard began assessing its 
program staff's workload to address our recommendation to evaluate its 
processes for staffing key installation-level positions in its sexual 
assault prevention and response program. However, while the Coast 
Guard has broadly identified program objectives, it has not addressed 
our recommendation to develop an oversight framework that provides 
comprehensive and specific guidance for operating its program. As a 
result, the Coast Guard is unable to measure program progress, 
accurately identify program needs, and optimize the use of available 
resources. Moreover, the Coast Guard lacks a systematic process for 
assembling, documenting, and maintaining sexual assault incident data, 
and lacks quality control procedures to ensure that the program data 
being collected are reliable. In fiscal year 2008, for example, 
different Coast Guard offices documented conflicting numbers of sexual 
assault reports: the Coast Guard Program Office documented 30, while 
the Investigative Office documented 78. Without a systematic process 
for tracking its data, the Coast Guard lacks reliable knowledge on the 
occurrence of sexual assaults. We are recommending that the Coast 
Guard develop a systematic process for tracking its data to ensure 
that program information collected is valid and reliable. 

In written comments on a draft of this report, both DOD and the Coast 
Guard concurred with all of our recommendations. DOD further noted in 
its comments that while it concurred with our recommendations, our 
report contains technical inaccuracies and misstatements that diminish 
the department's efforts. We believe that our report accurately 
represents DOD's progress to address our recommendations from 2008 and 
we incorporated technical corrections from DOD, where appropriate. 
DOD's comments are reprinted in appendix II, and the Coast Guard's 
comments are reprinted in appendix III. 

Background: 

Department of Defense: 

In October 2004, Congress included a provision in the Ronald W. Reagan 
National Defense Authorization Act for Fiscal Year 2005 that required 
the Secretary of Defense to develop a comprehensive policy for DOD on 
the prevention of and response to sexual assaults involving members of 
the Armed Forces.[Footnote 14] The legislation required that the 
policy be based on the recommendations of the Defense Task Force on 
Care for Victims of Sexual Assaults and on other matters as the 
Secretary deemed appropriate.[Footnote 15] Among other things, the 
legislation requires the Secretary to establish a standardized 
departmentwide definition of sexual assault, and to develop a policy, 
using the standardized definition, to address a number of issues, 
including the confidential reporting of sexual assault incidents and 
the uniform collection of data on the incidence of sexual assault. The 
law also requires DOD to submit an annual report to Congress on 
reported sexual assault incidents involving members of the Armed 
Forces. 

In October 2005, DOD issued DOD Directive 6495.01, which contains its 
policy for the prevention of and response to sexual assault.[Footnote 
16] In June 2006, DOD issued DOD Instruction 6495.02, which provides 
guidance for implementing this policy.[Footnote 17] DOD's directive 
defines sexual assault as follows: 

"intentional sexual contact, characterized by use of force, threats, 
intimidation, abuse of authority, or when the victim does not or 
cannot consent. Sexual assault includes rape, forcible sodomy (oral or 
anal sex), and other unwanted sexual contact that is aggravated, 
abusive or wrongful (to include unwanted and inappropriate sexual 
contact), or attempts to commit these acts. "Consent" means words or 
overt acts indicating a freely given agreement to the sexual conduct 
at issue by a competent person. An expression of lack of consent 
through words or conduct means there is no consent. Lack of verbal or 
physical resistance or submission resulting from the accused's use of 
force, threat of force, or placing another person in fear does not 
constitute consent. A current or previous dating relationship by 
itself or the manner of dress of the person involved with the accused 
in the sexual conduct at issue shall not constitute consent." 

In October 2008, Congress passed the Duncan Hunter National Defense 
Authorization Act for Fiscal Year 2009, which includes a provision 
requiring the Secretary of Defense to implement a centralized, case- 
level database for the collection and maintenance of information 
regarding sexual assaults involving members of the Armed Forces. 
[Footnote 18] The law specifies that the database include information, 
if available, about the nature of the assault, the victim, the 
offender, and the outcome of any legal proceedings associated with the 
assault, and requires DOD to implement the database by January 2010--
which is 15 months from the day of its enactment. 

In OSD, the Under Secretary of Defense for Personnel and Readiness has 
the responsibility for developing the overall policy and guidance for 
the department's sexual assault prevention and response program. Under 
the Office of the Under Secretary of Defense for Personnel and 
Readiness, OSD's Sexual Assault Prevention and Response Office (within 
the Office of the Deputy Under Secretary of Defense for Plans) serves 
as the department's single point of responsibility for sexual assault 
policy matters.[Footnote 19] These responsibilities include providing 
the military services with guidance and technical support and 
facilitating the identification and resolution of issues; developing 
programs, policies, and training standards for the prevention of, 
reporting of, and response to sexual assault; developing strategic 
program guidance and joint planning objectives; overseeing the 
department's collection and maintenance of data on reported alleged 
sexual assaults involving servicemembers; establishing mechanisms to 
measure the effectiveness of the department's sexual assault 
prevention and response program; and preparing the department's annual 
report to Congress. The Deputy Under Secretary of Defense for Plans 
has the responsibility for programming, budgeting, and allocating 
funds and other resources for the Sexual Assault Prevention and 
Response Office. 

Each military service has established a sexual assault prevention and 
response office with responsibility for overseeing and managing its 
sexual assault matters. Further, DOD's instruction requires the 
military services to establish Sexual Assault Response Coordinator 
positions and states that at the services discretion, these positions 
may be staffed by members of the military, civilian employees, or DOD 
contractors.[Footnote 20] Sexual Assault Response Coordinators are 
generally responsible for implementing their respective services' 
sexual assault prevention and response programs, including 
coordinating the response to and reporting of sexual assault 
incidents. Other responders include victim advocates, judge advocates, 
medical and mental health providers, criminal investigative personnel, 
law enforcement personnel, and chaplains. 

Coast Guard: 

The Coast Guard has had a sexual assault prevention and response 
program in place since 1997, and in December 2007, the Coast Guard 
updated its instruction to generally mirror DOD's policy. According to 
Coast Guard officials, in January 2009, they revised their instruction 
to incorporate what officials have stated is a more comprehensive 
definition of the term "sexual assault," modify titles of certain 
program personnel to better reflect their responsibility, and clarify 
processes for reporting a sexual assault.[Footnote 21] 

The Coast Guard's Office of Work-Life (within the Health, Safety, and 
Work-Life Directorate, which is under the Office of the Assistant 
Commandant for Human Resources) is responsible for overseeing and 
managing sexual assault matters. At the installation level, the Coast 
Guard has established Employee Assistance Program Coordinators to 
manage the response to and reporting of sexual assault incidents. Like 
DOD's, the Coast Guard's sexual assault prevention and response 
program utilizes other responders to manage sexual assault incidents, 
including victim advocates, judge advocates, medical and mental health 
providers, criminal investigative personnel, law enforcement 
personnel, and chaplains. 

Recommendations from 2008 GAO Report[Footnote 22] 

In August 2008, we issued a report containing nine recommendations to 
DOD and two recommendations to the Coast Guard to improve program 
implementation.[Footnote 23] With respect to DOD, we recommended that 
the Secretary of Defense take the following actions: 

* Review and evaluate the department's policies for the prevention of 
and response to sexual assault to ensure that adequate guidance is 
provided to effectively implement the program in deployed environments 
and joint environments. 

* Direct the military service secretaries to emphasize to all levels 
of command their responsibility for supporting the program, and review 
the extent to which commanders support the program and resources are 
available to raise servicemembers' awareness of sexual assault matters. 

* Systematically evaluate and develop an action plan to address any 
factors that may prevent or discourage servicemembers from accessing 
health services following a sexual assault. 

* Direct the Defense Task Force on Sexual Assault in the Military 
Services to begin its examination immediately, now that all members of 
the task force have been appointed, and to develop a detailed plan 
with milestones to guide its work. 

* Require the Sexual Assault Prevention and Response Office to develop 
an oversight framework to guide continued program implementation and 
to evaluate program effectiveness. At a minimum, such a framework 
should contain long-term goals, objectives, and milestones; 
performance goals; strategies to be used to accomplish goals; and 
criteria for measuring progress. 

* Review and evaluate sexual assault prevention and response training 
to ensure that the military services are meeting training requirements 
and to enhance the effectiveness of the training. 

* Evaluate the military services' processes for staffing and 
designating key installation-level program positions--such as 
coordinators--at installations in the United States and overseas, to 
ensure that these individuals have the ability and resources to fully 
carry out their responsibilities. 

* Direct the military service secretaries to provide installation-
level incident data to the Sexual Assault Prevention and Response 
Office annually or as requested to facilitate the analysis of sexual 
assault-related data and to better target resources over time. 

* Improve the usefulness of the department's annual report as an 
oversight tool both internally and for congressional decision makers 
by establishing baseline data to permit the analysis of data over time 
and to distinguish cases in which (1) evidence was insufficient to 
substantiate an alleged assault, (2) a victim recanted, or (3) the 
allegations of sexual assault were unfounded. 

With respect to the Coast Guard, we recommended that the Commandant of 
the Coast Guard take the following actions: 

* Evaluate the Coast Guard's processes for staffing key installation- 
level program positions--such as coordinators--to ensure that these 
individuals have the ability and resources to fully carry out their 
responsibilities. 

* Develop an oversight framework to guide continued program 
implementation and to evaluate program effectiveness. At a minimum, 
such a framework should contain long-term goals, objectives, and 
milestones; performance goals; strategies to be used to accomplish 
goals; and criteria for measuring progress. 

We also suggested as a matter for congressional consideration that the 
Coast Guard be required to annually submit to Congress sexual assault 
incident and program data that are methodologically comparable to 
those required of DOD. In commenting on a draft of that report, both 
DOD and the Coast Guard concurred with all of our recommendations. 
[Footnote 24] 

DOD's Efforts to Address GAO's Recommendations from 2008 Reflect 
Varying Levels of Progress: 

DOD has made varying levels of progress in implementing our 
recommendations from 2008 to improve its sexual assault prevention and 
response programs. To its credit, DOD has implemented four of the nine 
recommendations in our August 2008 report. However, DOD's efforts 
toward implementing the other five recommendations reflect less 
progress, which is likely to hinder the effectiveness of DOD's efforts 
to oversee its programs. 

DOD Has Implemented Four of Our Recommendations from 2008: 

During fiscal years 2008 and 2009, DOD implemented four of the 
recommendations in our August 2008 report on DOD and Coast Guard 
sexual assault prevention and response programs. First, OSD 
established a working group to address our recommendation to review 
and evaluate the adequacy of DOD policies for implementing its sexual 
assault prevention and response program in joint and deployed 
environments. Based on the working group's findings, OSD submitted a 
memorandum to the Joint Staff in April 2009 detailing its suggested 
revisions to joint policy, which a Joint Staff official told us they 
are using to modify related publications. Additionally, according to a 
Joint Staff official, the Joint Staff has issued interim guidance to 
support the implementation of sexual assault prevention and response 
programs in joint and deployed environments until the new joint 
publications are approved.[Footnote 25] 

Second, the military service secretaries have taken a variety of steps 
to address our recommendation to emphasize responsibility for program 
support to all levels of command. For example, the military services' 
top leadership spoke at their respective services' sexual assault 
prevention summits, during which they emphasized the need for 
"ownership" of the programs and commitment to the prevention of and 
response to sexual assault. Specifically, in the spring of 2009, the 
Secretary of the Army spoke to noncommissioned officers--the personnel 
responsible for program implementation--on the importance of modifying 
the Army's culture to actively reject sexual assault and other 
inappropriate behavior. In the fall of 2009, the Secretaries of the 
Air Force and Navy and the Commandant of the Marine Corps gave similar 
presentations to their personnel, during which they stressed their 
commitment to eradicating sexual assault in the military services. The 
military services have taken even more far-reaching steps to relay 
their support for and to commit resources to sexual assault prevention 
and response programs. For example, the Secretary of the Navy recently 
established the Navy's Sexual Assault Prevention and Response Office 
that reports directly to the Secretary, which Navy officials assert 
will foster additional support and accountability for its sexual 
assault program initiatives. The Marine Corps, following a review of 
its program staffing, established full-time Sexual Assault Response 
Coordinator positions at four installations with the highest troop 
concentrations and is in the process of establishing full-time 
coordinator positions at installations with at least 1,000 troops as a 
way to better manage its sexual assault prevention and response 
programs. Additionally, the Army has incorporated an assessment of 
sexual assault program awareness into promotional boards for 
noncommissioned officers to promote accountability for the 
implementation of prevention and response initiatives. 

DOD has also taken a variety of steps to emphasize support for and to 
further develop its sexual assault prevention and response programs. 
For example, in fiscal year 2008, representatives from OSD and the 
military services visited selected military installations to assess, 
among other things, the extent to which commanders--company and field 
grade officers--support sexual assault prevention and response 
programs. OSD found that while most program personnel had demonstrable 
support from their command, command support of sexual assault 
prevention and response programs varied from installation to 
installation, and stronger command support of the program was 
required. OSD further reported that it is working with its 
stakeholders to address its findings. Additionally, each of the 
military services has incorporated interactive, scenario-based 
training programs to promote increased involvement by participants and 
to enhance the retention of the material being presented. For example, 
the Army contracts with a company that offers a nationally recognized 
presentation called "Sex Signals"--a 90-minute program that uses 
interactive skits to address the topics of dating, rape, consent, and 
intervention. The Air Force has implemented bystander intervention 
training that incorporates techniques such as role-playing to motivate 
servicemembers to take actions if they see, hear, or otherwise 
recognize signs of an inappropriate or unsafe situation. The Marine 
Corps has implemented and the Navy is in the process of adopting a 
program called Mentors in Violence Prevention training. Like the Air 
Force's program, this consists of role-playing exercises that allow 
students to construct and practice ways to respond or intervene in 
incidents of harassment, abuse, or violence. 

Third, OSD chartered the Health Affairs Sexual Assault Task Force to 
address our recommendation to evaluate and develop an action plan to 
address factors that may prevent or discourage servicemembers from 
seeking health services. In March 2009, the task force made a number 
of recommendations intended to improve the availability of health 
care, such as (1) chartering a military health system Sexual Assault 
Health Care Integrated Policy Team to review department-level policies 
regarding clinical practice guidelines, standards of care, research 
gaps and opportunities, personnel and staffing, training requirements 
and responsibilities, continuity of care, and in-theater equipment and 
supplies; (2) drafting model memorandums of understanding for use by 
all service military treatment facilities as they establish continuity 
of care relationships with local community providers; and (3) 
reviewing DOD policy, including performing peer reviews of sexual 
assault cases to ensure that they are aligned with civilian practices. 

Fourth, in August 2008, the Defense Task Force on Sexual Assault in 
the Military Services began its examination of matters relating to 
sexual assault, as we recommended. According to task force staff, the 
task force has conducted interviews and focus groups with sexual 
assault prevention and response program personnel at approximately 60 
locations throughout the world. However, the task force did not meet 
its August 11, 2009, reporting deadline. It was granted an extension, 
which it met by releasing its report on December 1, 2009.[Footnote 26] 

DOD's Efforts toward Implementing the Five Other Recommendations from 
2008 Reflect Less Progress: 

DOD's efforts to implement the five other recommendations we made in 
our report issued in August 2008 reflect less progress. Further, 
remaining issues with OSD's strategic planning efforts and DOD's 
annual report to Congress on alleged sexual assault incidents are 
likely to hinder the effectiveness of DOD's efforts to oversee its 
programs. 

OSD's Oversight Framework Has Been Drafted, but It Lacks Key Elements 
Necessary for Comprehensive Oversight: 

OSD recently drafted an oversight framework, but the framework only 
partially satisfies our recommendation in that the framework does not 
contain all the elements that we previously recommended as necessary 
for effective strategic planning and program implementation. Further, 
the draft oversight framework cannot be implemented until it is 
approved--a step that OSD officials stated will occur once they have 
incorporated revisions from and obtained the endorsements of the 
military service secretaries. Based on our prior work on the 
importance of strategic program planning guidance and our finding that 
OSD had not established an oversight framework to guide the 
implementation of its programs, we recommended in August 2008 that OSD 
develop an oversight framework that includes, at a minimum, (1) long-
term goals, objectives, and milestones; (2) performance goals and 
strategies to be used to accomplish goals; and (3) criteria for 
measuring progress.[Footnote 27] 

To its credit, OSD, in October 2009, completed drafting and is 
preparing to begin a 3-year implementation of its oversight framework 
to improve the oversight and integration of the department's sexual 
assault prevention and response programs. This draft oversight 
framework contains long-term goals, objectives, and milestones for 
implementation. For example, it identifies nine objective-like 
elements--called "improvement opportunities"--to facilitate program 
oversight. Examples of the improvement opportunities include defining 
core oversight roles and responsibilities, standardizing performance 
measures and reports, and improving communication with stakeholders. 
The draft framework also identifies action-oriented steps that 
correspond with and are designed to facilitate the achievement of 
these opportunities. For example, the draft framework specifies that 
OSD will "define and document the policy development, coordination, 
and approval process" and "define and document the process to review 
alignment between policy and program development" as specific steps 
toward the achievement of its objective of defining core oversight 
roles and responsibilities. Table 1 details the nine opportunities and 
selected steps for achieving them that are contained in the draft 
framework. 

Table 1: Nine Improvement Opportunities and Selected Corresponding 
Target Improvement Initiatives Contained in OSD's Draft Oversight 
Framework: 

Improvement opportunity: Standardize core oversight processes; 
Target improvement initiatives: 
* Define policy development, coordination, and approval process; 
* Define process to review alignment between policy and program 
guidance. 

Improvement opportunity: Develop and standardize performance measures; 
Target improvement initiatives: 
* Develop baseline measures for program performance data; 
* Develop standard data collection and management plan to be tracked 
across DOD. 

Improvement opportunity: Promote command support of programs; 
Target improvement initiatives: 
* Develop and execute survey to gauge combatant command planning 
status for program implementation in contingency operations; 
* Assess education/training for commanders and establish required 
training. 

Improvement opportunity: Leverage inspectors general in evaluation of 
compliance with policy; 
Target improvement initiatives: 
* Identify success factors of program policy to be communicated to DOD 
and service inspectors general; 
* Provide training to DOD and service inspectors general on emerging 
sexual assault prevention and response topics. 

Improvement opportunity: Improve working group/subcommittee structure; 
Target improvement initiatives: 
* Evaluate whether the Sexual Assault Advisory Council operating 
structure could be improved to better meet DOD community needs; 
* Develop subcommittee and working group charters to better define 
roles and responsibilities. 

Improvement opportunity: Capture victim experience data; 
Target improvement initiatives: 
* Develop and implement a mechanism to capture victim experience data; 
* Integrate victim quality assurance mechanism into existing victim 
inquiry process. 

Improvement opportunity: Implement DOD quarterly review meetings; 
Target improvement initiatives: 
* Conduct DOD-specific oversight meetings outside of the Sexual 
Assault Advisory Council operating structure; 
* Review budget programming by services and commands to support 
adequate staffing levels. 

Improvement opportunity: Collaborate with external partners; 
Target improvement initiatives: 
* Establish common understanding of data definitions within DOD sexual 
assault prevention and response community; 
* Improve sharing of research and effective practices. 

Improvement opportunity: Improve proactive communication of 
information to stakeholders; 
Target improvement initiatives: 
* Develop and execute a comprehensive communications plan that 
incorporates proactive communication strategies and key messaging for 
core stakeholders; 
* Develop capability for OSD staff to regularly provide military 
services with relevant legislative affairs data. 

Source: DOD. 

[End of table] 

OSD's draft oversight framework is a positive step toward stronger 
management of the department's sexual assault prevention and response 
programs. Further, OSD recently restructured its Sexual Assault 
Advisory Council and established the Oversight Steering Committee to 
more actively involve DOD's top leadership in the development and 
implementation of the department's sexual assault prevention and 
response initiatives. For example, DOD's instruction specifies that 
the Sexual Assault Advisory Council shall be chaired by the Under 
Secretary of Defense for Personnel and Readiness and shall comprise 
top DOD leadership, including the Deputy Under Secretary of Defense 
for Plans, the military departments' assistant secretaries for 
manpower and reserve affairs, and the Vice Chairman of the Joint 
Chiefs of Staff. While the establishment of such committees is an 
important step toward successful implementation of the oversight 
framework, implementation will require the personal involvement of top 
DOD leadership to maintain the long-term focus on and accountability 
for program objectives. 

Further, OSD's draft oversight framework is missing key elements that 
are needed to provide comprehensive oversight of DOD's sexual assault 
prevention and response programs. Specifically, OSD's framework lacks 
performance measures, does not identify how it will use or report the 
results of its performance assessments, does not identify how OSD's 
budgeting of resources relates to its achievement of strategic program 
objectives, and does not correlate with the program's two strategic 
plans. 

Draft Oversight Framework Lacks Performance Measures and Details on 
How Measures Will Be Used to Guide Program Improvements: 

OSD's draft oversight framework does not satisfy our recommendation 
from 2008 in that it does not yet contain performance measures, which 
are needed to facilitate the evaluation of program performance and the 
identification of areas needing improvement. Our prior work has shown 
that managers can use performance information to identify problems and 
develop solutions that will improve program results.[Footnote 28] 
Currently, OSD has plans to develop a standardized set of performance 
measures and targets by the second year of its 3-year plan for 
implementing its oversight framework. We note that our prior work has 
highlighted the importance of performance measures and that they 
should include quantifiable, numerical targets or other measurable 
values for determining (1) whether the desired performance results are 
being achieved and (2) overall program progress.[Footnote 29] Until 
performance measures are established, OSD cannot accurately assess the 
progress of the department's initiatives or correctly identify and 
implement actions to improve program performance. 

OSD's Draft Oversight Framework Does Not Identify How Its Budgeting of 
Resources Relates to the Achievement of Strategic Objectives: 

In addition to its lack of performance measures, OSD's framework does 
not identify how OSD's budgeting of resources relates to its 
achievement of strategic program objectives, which limits the 
department's ability to inform budget formulation and execution 
decisions according to performance considerations. Our prior work has 
demonstrated that by linking program plans with budgets, organizations 
can more explicitly guide budget discussions and can assist management 
by correlating total resources consumed with actual results achieved. 
[Footnote 30] While these correlations have not been made in the draft 
framework, OSD officials told us that the process of developing the 
framework helped to identify the need and gain approval for 21 full-
time employees, which is three times the number of staff originally 
approved for that office. However, until OSD explicitly correlates its 
budgeting of resources to the achievement of strategic program 
objectives, it will be challenged in its justification of future 
budget requests. 

Draft Oversight Framework Does Not Correlate with the Program's 
Strategic Plans: 

OSD's strategic planning documents do not correlate with the program's 
two strategic plans. Our prior work has shown that clear linkages 
among long-term strategic goals, objectives, strategies, and day-to-
day activities are critical for enabling a strategic plan to drive an 
organization's operations. In addition to its draft oversight 
framework, OSD drafted an internal strategic plan to guide the 
initiatives of DOD's Sexual Assault Prevention and Response Office, 
and a DOD-wide strategic plan to guide initiatives across the larger 
DOD community. According to OSD officials, the oversight framework, 
when approved, will support OSD's ability to meet the goals of its 
strategic plans, which were designed to serve as the overarching 
program planning guidance. 

However, the intended correlation among these three documents is not 
clear because they do not use similar terminology to clearly link 
their purposes. For example, OSD's internal strategic plan is based on 
five "strategic objectives" that are identical to the five "strategic 
sexual assault prevention and response priorities" contained in the 
DOD-wide strategic plan. In contrast, the draft oversight framework 
contains terminology that is different from both strategic plans, and 
it refers to its nine objective-like elements as "future state 
improvement opportunities." As a result, the correlation between these 
three documents is not clear. Further, the two strategic plans and the 
draft oversight framework do not clearly illustrate how each supports 
the achievement of the objectives and strategies contained in the 
other two documents. In commenting on a draft of this report, DOD 
further defined the relationship between the draft oversight framework 
and its two strategic plans for sexual assault prevention and response 
programs. DOD also noted that the objective-like elements in its draft 
oversight framework were purposely not tied to the program objectives 
in the two strategic plans. However, without consistent terminology 
and clearly correlated objectives and strategies among these three 
documents, the prioritization of and responsibility for these 
initiatives will remain unclear. (See appendix II for DOD's comments) 

Training Effectiveness Cannot Be Fully Determined without Performance 
Measures: 

While OSD has taken steps to evaluate the effectiveness of the sexual 
assault prevention and response training provided to DOD 
servicemembers, training programs cannot be assessed because OSD's 
strategic plans and draft oversight framework do not contain measures 
against which to benchmark performance. As we reported in August 2008, 
DOD's sexual assault prevention and response training was not 
consistently administered or evaluated for effectiveness. Accordingly, 
we recommended that DOD undertake an evaluation of the department's 
training programs.[Footnote 31] To its credit, OSD's training 
subcommittee reviewed the military services' training policies and 
found that they continue to provide initial and refresher training for 
all personnel. However, it also found that a greater level of detail 
was needed in policy to guide the execution of training requirements. 
OSD's training subcommittee developed an action plan for fiscal year 
2009 that included visits to selected military installations to review 
sexual assault prevention and response training programs. 

Nevertheless, OSD's draft oversight framework does not include 
performance measures, thus limiting OSD's ability to assess the 
effectiveness of training programs and other initiatives. OSD 
officials, as part of their recent strategic planning efforts, have 
acknowledged the need for and are planning to develop a standard set 
of DOD-wide performance measures over the next few years for DOD 
sexual assault prevention and response programs. However, they have 
stated that these performance measures will not be established until 
at least the second year of DOD's 3-year implementation plan for the 
oversight framework. Until these measures are established, we continue 
to assert that OSD cannot ensure that the department's sexual assault 
prevention and response training effectively imparts an awareness of 
the subject matter to servicemembers. 

Staffing of Key Installation-Level Program Positions Has Not Been 
Evaluated: 

DOD has not implemented our recommendation to evaluate the military 
services' processes for staffing key installation-level program 
positions to ensure that they have the ability and resources to fully 
carry out their responsibilities. In fiscal year 2008, OSD and the 
military services examined program staffing processes during OSD's 
assessments of selected military installations, and similarly 
concluded that DOD's policy on selection criteria and scope of duty 
for key program personnel should be further evaluated. However, OSD 
officials stated that they had not taken action to address their 
findings because personnel from the congressionally mandated Defense 
Task Force on Sexual Assault in the Military Services advised OSD that 
they would be making related recommendations in their December 2009 
report to Congress. Until DOD implements our 2008 recommendation, it 
cannot ensure that it is able to adequately staff and resource its 
sexual assault prevention and response programs. 

Installation-Level Data Are Not Being Collected While Centralized 
Database Is under Development: 

While the military services have agreed to provide installation-level 
data on sexual assault incidents, OSD officials told us that they will 
not collect them until they have implemented the statutorily mandated 
centralized database to maintain these data. (For a discussion of this 
database, see a later section of this report.) As we reported in our 
August 2008 report, OSD could not conduct a comprehensive cross-
service trend analysis because it did not have access to installation-
level data on sexual assault incidents from the military services. 
[Footnote 32] As such, we recommended that the military services 
provide these data to OSD to facilitate the analysis of sexual assault-
related data and to better target resources over time. However, OSD is 
not currently collecting these data, despite their availability, 
because it has not yet completely standardized its data definitions 
and data elements. OSD and its stakeholders have started to create a 
standardized set of sexual assault data elements, thus delineating the 
types of data to be provided by each of the services. However, OSD 
officials told us that the process of developing and training the 
numerous program personnel worldwide to collect and report 
standardized data elements will be a very complex and time-consuming 
undertaking. Further, OSD officials stated that they plan to finalize 
the data definitions in the coming months, but added that similar to 
the data elements, they will not require that the definitions be used 
by the military services until the implementation of DOD's sexual 
assault incident database, the date of which is not yet known. 
Therefore, it is unknown when OSD will establish baseline data, which 
are needed to conduct trend analyses of the military services' sexual 
assault data. 

DOD's Annual Report to Congress Is Not Comprehensive: 

While OSD introduced some changes in DOD's annual report to Congress, 
these changes have not sufficiently improved the report to ensure that 
congressional stakeholders are better informed on DOD's prevention of 
and response to incidents of sexual assault. As we previously 
reported, DOD's annual report may not have been effectively 
characterizing incidents of sexual assault in the military services, 
and thus we recommended that the department improve the usefulness of 
its annual report as an oversight tool.[Footnote 33] To its credit, 
OSD incorporated new charts and graphics into DOD's fiscal year 2008 
annual report that more specifically illustrated the demographics of 
individuals involved and the locations in which sexual assaults in the 
military have been occurring. Further, OSD and its stakeholders have 
started to create a standardized set of sexual assault data elements 
and definitions. However, the standardization is not yet complete, and 
as noted previously, OSD officials told us that developing definitions 
and data elements for and training the numerous program personnel 
worldwide on how to consistently report on the data elements 
collected, is very complex and time-consuming. OSD officials added 
that the standardization of data definitions is something that they 
expect to accomplish in the near term, while standardizing data 
elements will take longer since it is a task that will be completed in 
conjunction with their development of a centralized sexual assault 
database. Further, OSD has not provided its own analysis of the 
military services' reports and programs, and we do not believe that it 
will be able to do so until it establishes performance measures with 
which it can assess program effectiveness. 

We believe that the format of the information provided in DOD's annual 
report to Congress continues to complicate the reader's ability to 
establish a comprehensive understanding of the department's sexual 
assault prevention and response programs. Our prior work shows that 
the usefulness of data ultimately depends on the degree of confidence 
that users have in the data being presented. Higher confidence can be 
achieved by providing key information about the data being reported, 
including efforts to validate data and the implications of the data 
limitations that have been identified.[Footnote 34] However, we 
believe the sexual assault incident data are not qualified at the 
outset of DOD's annual report to disclose that incident data may 
include an alleged sexual assault that occurred prior to the victim's 
or perpetrator's military service or outside of the year in which it 
was reported. Our prior work shows that standardized data with common 
definitions are critical to ensuring that comparable information from 
multiple sources is accurately represented.[Footnote 35] However, the 
military services' sections in the annual report contain similar but 
not comparable types of information. For example, the Army and Air 
Force structure their respective reports according to the category of 
program information, and the Navy and Marine Corps structure their 
report according to the responses received from program personnel 
involved in their sexual assault prevention and response initiatives. 
While we do not advocate for one military service's approach over 
another's, the dissimilar report formats make it difficult, if not 
impossible, to compare program efforts. 

OSD officials told us that they have taken initial steps to address 
some data inconsistencies by providing the military services with a 
data collection template to begin the process of standardizing the 
collection and reporting of sexual assault program information in 
DOD's fiscal year 2009 annual report to Congress. This is an important 
first step; however, it does not fully address our concerns in that 
the military services may still be reporting data that are based on 
different criteria. Further, while we recognize that the complete 
standardization of the type, amount, and format of the military 
services' data will be a significant undertaking, OSD will not be able 
to report consistent data on the status and condition of DOD's sexual 
assault prevention and response programs until these issues are 
resolved. Until OSD and the military services reach consensus on the 
data elements and begin disseminating the new data collection and 
reporting requirements to program personnel, DOD will continue to lack 
key information needed for oversight. 

DOD Has Yet to Establish a Centralized Sexual Assault Database: 

DOD has taken preliminary steps to implement a centralized, case-level 
sexual assault incident database. However, the database was not 
implemented by the statutorily mandated deadline of January 2010. 
Moreover, when the database will be implemented is uncertain because a 
reliable schedule to guide acquisition and implementation tasks and 
activities has yet to be developed. In addition, other key information 
technology management practices that are essential to successfully 
acquiring and implementing the database also remain to be 
accomplished. DOD officials agreed that these key practices need to be 
implemented; however, they have yet to develop plans or time frames 
for doing so. 

The National Defense Authorization Act for Fiscal Year 2009 required 
DOD to implement a centralized, case-level database for collecting and 
maintaining information on sexual assaults involving members of the 
Armed Forces, including information, if available, about the nature of 
the assault, the victim, the offender, and the outcome of any legal 
proceedings in connection with the assault.[Footnote 36] The law also 
required the Secretary of Defense to submit a concept plan for this 
database to Congress by January 2009 and to implement the database by 
January 2010. In response to these statutory requirements, the Under 
Secretary of Defense for Personnel and Readiness instructed the Sexual 
Assault Prevention and Response Office to develop the Defense Sexual 
Assault Incident Database. According to OSD officials, this database 
is to generate congressionally mandated annual reports, run ad hoc 
queries, track sexual assault victim support services, support program 
administration, meet program reporting requirements, and perform data 
analysis. Among other things, the database is also to ensure the 
privacy and restricted reporting options of victims. 

DOD Did Not Meet the Statutory Deadline for Implementing the Database, 
and It Does Not Have a Schedule with Reliable Time Frames for Doing So: 

DOD has established conceptual plans for acquiring and deploying a 
centralized sexual assault incident database. According to these 
plans, the database will be delivered in two increments, with the 
first increment consisting of four phases. (See table 2 for a 
description of the increments and phases.) However, these phases have 
not yet been decomposed into meaningful work tasks, activities, and 
events, including timeframes and resources needed to execute them. 
Moreover, other important practices associated with creating a 
reliable schedule of when and how these phases will be accomplished 
have yet to be satisfied. Specifically, our research has identified 
nine practices associated with developing and maintaining a reliable 
schedule.[Footnote 37] These practices are (1) capturing all key 
activities, (2) sequencing all key activities, (3) assigning resources 
to all key activities, (4) integrating all key activities horizontally 
and vertically, (5) establishing the duration of all key activities, 
(6) establishing the critical path for all key activities, (7) 
identifying float between key activities, (8) conducting a schedule 
risk analysis, and (9) updating the schedule using logic and durations 
to determine the dates for all key activities. According to program 
officials, the steps and associated time frames for the increments and 
phases identified in table 2 cannot be reliably determined until the 
development and implementation contractor is hired, which will not 
occur until sometime after March 31, 2010. This means that the program 
office currently lacks the necessary means by which to execute a 
system acquisition, gauge progress, identify and address potential 
problems, and promote accountability. 

Table 2: Summary of Increments and Phases for Acquiring DOD's Defense 
Sexual Assault Incident Database: 

Increment: 1; 
Phase: 1; 
Description: 
* Configure the database, and establish roles and permission lists, 
initial reporting, data entry/case management and interface 
development; 
* Present proof-of-concept to Congress to demonstrate that the 
database addresses initial reporting concerns. 

Increment: 1; 
Phase: 2; 
Description: 
* Develop reporting and data entry/case management requirements and 
successful interfaces between the database and the Air Force's 
Investigative Information Management System and Automated Military 
Justice Analysis and Management System; 
* Evolve proof-of-concept to include reporting, data entry/case 
management and interface development. 

Increment: 1; 
Phase: 3; 
Description: 
* Develop interfaces between the database and the Army's Sexual 
Assault Data Management System and the Marine Corps Sexual Assault 
Incident Reporting Database; 
* Provide proof-of-concept presentations for Congress regarding 
business management. 

Increment: 1; 
Phase: 4; 
Description: 
* Develop business management requirements and interfaces between the 
database and the Navy's Sexual Assault Victim Intervention, the 
Department of Navy's Criminal Justice Information System, and the 
Consolidated Law Enforcement Operations Center. 

Increment: 2; 
Description: 
* Expand data entry/case management functionality to address National 
Guard requirements; 
* Expand interfaces to capture any updates to military service-
specific systems based on new data requirements; 
* Expand reporting functionality. 

Source: DOD. 

[End of table] 

In addition, DOD's current plans include a few general milestones. For 
example, OSD officials told us that the first phase of the initial 
increment was to have been achieved when they provided a "proof-of- 
concept" document to Congress in January 2010. However, this document 
has yet to be approved. Further, they stated that they intend to 
release a Request for Proposals for a database developer in the second 
quarter of fiscal year 2010. Based on these milestones and the absence 
of a reliable program schedule, DOD did not meet its legislative 
mandate to implement the database by January 2010, and when it will 
implement the database is uncertain. 

DOD's Success in Acquiring and Implementing the Database Depends on 
Its Use of Key Management Practices: 

OSD program officials stated that they received milestone approval in 
July 2009 from the milestone decision authority,[Footnote 38] the 
Acting Deputy Under Secretary of Defense for Program Integration, to 
conclude the Materiel Solution Analysis (previously Concept 
Refinement) phase and begin the Technology Development phase of DOD's 
acquisition system.[Footnote 39] Associated with this progression, DOD 
has taken steps to begin employing a number of key information 
technology acquisition management disciplines that are provided for in 
DOD and related guidance.[Footnote 40] Our research and evaluations of 
information technology programs across the federal government have 
shown that adhering to such disciplines is essential to delivering 
promised system capabilities and benefits on time and within budget. 
Among other things, these disciplines include assessing a program's 
overlap with and duplication of related programs through architecture 
compliance, justifying investment in the proposed system solution on 
the basis of reliable estimates of life cycle costs and benefits, 
effectively developing and managing system requirements, adequately 
testing system capabilities, and effectively managing program risks. 
However, DOD has yet to progress to the point that it can demonstrate 
that these disciplines have been fully implemented, as discussed 
below. Until it does, the chances of it successfully delivering the 
database are reduced. 

* Architectural alignment: DOD's guidance and other guidance[Footnote 
41] recognize the importance of investing in business systems within 
the context of an enterprise architecture.[Footnote 42] Additionally, 
our experience in reviewing federal agencies has shown that making 
investments without the context of a well-defined enterprise 
architecture often results in systems that are, among other things, 
duplicative of other systems.[Footnote 43] Within DOD, the means for 
avoiding business system duplication and overlap is the department's 
process for assessing compliance with DOD's business enterprise 
architecture and its associated investment review and decision-making 
processes. DOD officials told us that the database was assessed for 
compliance with the business enterprise architecture and received 
investment review board approval as compliant in July 2009. However, a 
complete set of system-level architecture products needed to perform a 
thorough and meaningful compliance assessment are not yet available. 
As we have previously reported,[Footnote 44] architecture compliance 
is not a onetime event but rather a determination that needs to be 
made at key junctures in a system's acquisition life cycle. If it is 
not, unnecessary overlap and duplication with other systems, as well 
as system interoperability shortfalls, can occur. 

* Economic justification: Our prior work has shown that a reliable 
cost estimate is critical to informed investment decision making, 
realistic budget formulation and justification, program resourcing, 
meaningful progress measurement, proactive course correction, and 
accountability for results. Further, according to Office of Management 
and Budget (OMB) guidance,[Footnote 45] justifications for an 
investment should include an analysis of the investment's total life 
cycle cost.[Footnote 46] DOD developed a business case for the 
database in June 2009 that provides the department's proposal and 
justification for its database (i.e., system solution), and this 
business case includes a program cost estimate of $12.6 million. While 
the cost estimate was derived in accordance with some best practices 
identified in relevant cost estimating guidance, such as estimating 
software costs with a parametric tool that incorporates GAO cost 
estimating best practices and relying on the costs of analogous 
existing systems, it was not done in accordance with others.[Footnote 
47] For example, it does not include all costs over the system's life 
cycle, and it has not been adjusted to account for program risks. More 
specifically, program officials stated that the $12.6 million does not 
include program office and management costs, relevant development 
costs (e.g., testing), or sustainment costs (i.e., operations and 
maintenance). OSD officials told us that they intend to develop a 
reliable cost estimate once the development contract is awarded. 
Without reliable estimates, a proposed system solution cannot be 
adequately justified on the basis of costs and benefits, and DOD may 
be at increased risk of experiencing cost overruns, schedule 
slippages, and performance shortfalls. 

Beyond not having a reliable cost estimate, DOD's business case does 
not comply with other OMB guidance.[Footnote 48] According to OMB, the 
economic analysis used to justify an investment should meet certain 
criteria to be considered reasonable, including comparing alternatives 
on the basis of net present value and conducting an uncertainty 
analysis of benefits. While the business case includes an explanation 
of why the database is needed, it does not address the costs and 
benefits associated with each of the four database alternatives that 
were considered (i.e., commercial-off-the-shelf case management system 
software product, custom-built system, enhancement of an existing 
military service system, or maintenance of the status quo). Moreover, 
the four alternatives were not assessed on the basis of net present 
value, including using the proper discount rate to account for 
inflation. Instead, only the selected alternative was evaluated 
quantitatively. Without a meaningful analysis of alternatives, DOD 
lacks sufficient assurance that it has selected the most cost-
effective system solution. 

* Requirements development and management: Well-defined and well- 
managed requirements are the cornerstone of effective system 
development and acquisition.[Footnote 49] Effective requirements 
development and management includes, among other things, (1) 
effectively eliciting user needs early and continuously in the system 
life cycle process, (2) establishing a stable baseline set of 
requirements and placing the baseline under configuration management, 
(3) ensuring that system-level requirements can be traced back to 
higher-level business or operational requirements (e.g., concept of 
operations) and forward to system design documents (e.g., software 
requirements specification) and test plans, and (4) controlling 
changes to baseline requirements. DOD has begun to take steps to 
engage users in the development of requirements. For example, it 
formed a working group composed of representatives from each of the 
military services and the National Guard to develop high-level system 
requirements. Further, program officials stated that additional 
actions are planned or under way to reach agreement on system 
interfaces, which is important given that the database is to draw data 
from multiple systems to satisfy statutory requirements. They also 
said that users will be further involved in developing requirements. 
For example, DOD is working with the Air Force and National Guard to 
define more specific functional, performance, and data requirements, 
and has initiated discussions with the Army, Navy, and Marine Corps to 
do the same. In addition, program officials stated that once the high-
level system requirements are baselined, the Change Control Board, 
comprising representatives from DOD and the user community, will be 
established to control changes to the baseline requirements. While 
these ongoing and planned actions are positive, they represent only 
the beginning of a series of actions that are associated with 
effectively defining and managing requirements over a system's 
acquisition life cycle. To the extent that this series of actions is 
not well detailed and implemented, the risk of the database not 
performing as intended, and costing more and taking longer to 
implement than necessary, is increased. 

* Test management: According to DOD and other relevant guidance, 
system testing should be progressive, meaning that it should consist 
of a series of test events that first focus on the performance of 
individual system components, then on the performance of integrated 
system components, followed by system-level tests that focus on 
whether the system (or major system increments) are acceptable, 
interoperable with related systems, and operationally suitable to 
users.[Footnote 50] Among other things, effective testing should 
ensure that (1) all test events are governed by a well-defined test 
management structure, (2) each test event is executed in accordance 
with well-defined plans, and (3) the results of each test event are 
captured and used to ensure that problems discovered are disclosed and 
corrected. Program officials stated that they plan to work with the 
development contractor to establish an effective test management 
structure, develop test plans, and capture and resolve problems found 
during testing. In addition, they plan to engage an independent test 
organization. However, DOD has not yet developed milestones for its 
testing plans or activities. Unless adequate testing is performed and 
key test management structures and controls are established, it is 
unlikely that the database will meet user expectations and mission 
needs, and the risk of it costing more and taking longer than planned 
is increased. 

* Risk management: Proactively managing program risks is a key 
acquisition management control that if done properly, can increase the 
chances of programs delivering promised capabilities and benefits on 
time and within budget. Relevant guidance, including DOD's Risk 
Management Guide for DOD Acquisition, recognizes the importance of 
conducting effective risk management.[Footnote 51] Among other things, 
effective risk management includes (1) establishing and implementing a 
written plan and defined process for risk identification, analysis, 
and mitigation; (2) assigning responsibility for managing risks to key 
stakeholders; (3) encouraging programwide participation in risk 
management; and (4) examining the status of identified risks during 
program milestone reviews. Program officials stated that they intend 
to document and implement a risk management strategy that is 
consistent with DOD's Risk Management Guide. To its credit, the 
program office has begun to identify key risks. For example, it cited 
identified risks related to (1) what officials believed to be an 
unattainable congressionally mandated database implementation date of 
January 2010; (2) staffing shortages that complicate the office's 
ability to develop and gain approval of a large number of key 
documents (e.g., privacy impact assessments, documentation required 
for investment reviews, and updates of relevant DOD instructions, 
etc.); (3) potential shortfalls in system development and maintenance 
funding issues; (4) limitations of the military services' systems, 
which are expected to provide data to DOD's database; and (5) the 
military services' competing priorities, which may jeopardize their 
support and involvement.[Footnote 52] However, they have yet to begin 
proactively managing these risks. Unless this is done, the risks could 
evolve into actual cost, schedule, and performance shortfalls. 

Coast Guard Has Partially Implemented One of Our Two Recommendations 
from 2008: 

The Coast Guard has partially implemented one of our recommendations 
from 2008 to further develop its sexual assault prevention and 
response program, but it has not addressed the other. To its credit, 
the Coast Guard conducted an assessment of its processes for staffing 
key program positions and has continued to develop, through a variety 
of initiatives, other components of its sexual assault prevention and 
response program. However, the Coast Guard has not addressed our 
recommendation to develop an oversight framework, and its program is 
challenged by the lack of a systematic process for collecting, 
documenting, and maintaining sexual assault data and by the lack of 
training for program coordinators. 

The Coast Guard Has Taken Steps to Implement One of Our 
Recommendations from 2008 and Has Continued Developing Its Programs: 

The Coast Guard has taken steps to implement our previous 
recommendation to evaluate its processes for staffing key program 
positions. As we previously reported, Coast Guard officials told us 
that its Sexual Assault Response Coordinators do not have the time to 
effectively implement a sexual assault prevention and response 
program. Thus we recommended that the Coast Guard evaluate its 
processes for staffing key program positions to ensure that they have 
the ability and resources to fully carry out their responsibilities. 
[Footnote 53] Coast Guard officials told us that current levels of 
full-time staffing continue to hinder their ability to appropriately 
implement various components of their sexual assault prevention and 
response program, adding that the continuity of care for victims is 
negatively affected since its coordinators do not possess the time or 
the training to provide consistent case management services. To 
address this, the Coast Guard, in June 2009 initiated an assessment of 
the current workload requirements and resource allocations for its 
Sexual Assault Response Coordinators. Officials told us that they plan 
to use the results of this assessment to determine whether the 
responsibilities of the position or associated resource levels need to 
be revised. Coast Guard officials also noted that the assessment is to 
be completed by December 2009, and that they hope to address any 
program recommendations within 2 years of the assessment's completion. 
While these are positive first steps, they do not fully address our 
findings and recommendation from 2008 because the Coast Guard has yet 
to complete its assessment and decide what, if any, program 
modifications it will make. The Coast Guard also established two new 
program positions in response to findings in our previous report. 
Specifically, in September 2008, the Coast Guard established a 
headquarters-level program manager position to oversee the management 
of, training for, and evaluation of its sexual assault prevention and 
response program. The Coast Guard also established a Sexual Assault 
Response Coordinator position at its academy to manage its sexual 
assault prevention and response program. 

While the Coast Guard is not generally subject to the departmental 
direction or statutory requirements that apply to DOD, it has 
developed an instruction that charges responsible personnel with 
establishing policies and procedures for its program.[Footnote 54] To 
the Coast Guard's credit, Coast Guard officials stated that they 
frequently leverage program information and materials obtained through 
their regular participation in OSD's Sexual Assault Advisory Council 
subcommittees and working groups and the military services' 
conferences and summits. For example, the Coast Guard recently modeled 
its victim advocate training after the Navy's curriculum, and it is 
revising its data collection requirements to mirror those of DOD. The 
Coast Guard is also modifying its sexual assault prevention and 
response program instruction to clarify its definition of sexual 
assault and revise its description of selected program positions to 
better reflect program responsibilities. Coast Guard officials stated 
that they plan to issue the revised instruction in spring 2010. 

The Coast Guard Has Not Implemented Our Second Recommendation from 
2008, and Its Program Is Hindered by Accountability Issues: 

With respect to our second recommendation, the Coast Guard's efforts 
to establish a program oversight framework have been limited. Although 
the Coast Guard has identified broad program objectives, it has not 
addressed our recommendation to develop an oversight framework that 
provides comprehensive and specific guidance for operating its 
programs. Further, the Coast Guard's program lacks a systematic 
process for assembling, documenting, and maintaining sexual assault 
incident data, lacks quality control procedures to ensure that the 
program data being collected are reliable, and the Coast Guard has yet 
to complete the development and implementation of training for key 
program personnel. As a result, the Coast Guard's program development 
efforts continue to be hindered by its inability to evaluate program 
effectiveness, to accurately account for sexual assault incidents, to 
prioritize program initiatives, and to help ensure that program 
personnel are trained to properly execute their responsibilities. 

Coast Guard Has Not Developed an Oversight Framework: 

The Coast Guard has not developed an oversight framework to guide its 
program development and implementation, despite its concurrence with 
our August 2008 recommendation that it do so. Our prior work has 
demonstrated the importance of results-oriented performance measures 
to successful program oversight, and has shown that having an 
effective plan for implementing initiatives and measuring progress can 
help decision makers determine whether initiatives are achieving their 
desired result.[Footnote 55] As we previously reported, the Coast 
Guard was not able to fully evaluate the results achieved by its 
efforts, and thus we recommended that it develop an oversight 
framework that at a minimum includes long-term goals, objectives, and 
milestones; performance goals; strategies to be used to accomplish 
goals; and criteria for measuring progress.[Footnote 56] The Coast 
Guard revised its program instruction to clarify departmental 
oversight roles, and it has developed an action plan that broadly 
defines program goals, objectives, strategies, milestones, and 
criteria. However, based on our prior work on developing and enhancing 
program oversight, the Coast Guard's efforts do not sufficiently 
encompass the key components of an oversight framework. For example, 
the Coast Guard's action plan does not contain performance measures, 
nor does it identify how it plans to use the results of its program 
evaluations to revise its future program objectives. Furthermore, the 
strategies identified in its action plan are too vague to enable an 
assessment of whether they would help achieve program goals and 
objectives. For example, the Coast Guard's action plan includes as one 
of the long-term program objectives, "provide updated, consistent 
information on program reporting options and resources," and the 
corresponding strategy is simply, "purchase and distribute marketing 
materials to the field," without specifying how or when it plans to 
achieve this objective. 

Further, the Coast Guard has not correlated program objectives and 
strategies with its internal budget requests, which limits its ability 
to effectively allocate and account for program resources. As we noted 
previously, our prior work shows that having program plans clearly 
linked with budgets allows an organization to more explicitly guide 
budget discussions and can assist program management by connecting 
total resources consumed with actual results achieved.[Footnote 57] 
Thus, we continue to believe that our recommendation has merit, and 
that the Coast Guard will remain limited in its ability to manage and 
evaluate its sexual assault prevention and response program until it 
develops and implements an oversight framework. 

Coast Guard Does Not Have a Systematic Process to Collect, Document, 
and Maintain Sexual Assault Incident Information: 

The Coast Guard does not have a systematic process to collect, 
document, and maintain its sexual assault data and related program 
information. The Coast Guard's instruction charges responsible program 
personnel with establishing a reporting system to evaluate statistical 
data related to sexual assault incidents, maintaining records to 
identify victims and track services provided, and providing oversight 
of quality assurance review processes to ensure the provision of 
quality services.[Footnote 58] Additionally, our prior work has shown 
that organizations striving to meet program goals must have 
information systems in place to meet the modern need for fast, 
reliable, and accurate information.[Footnote 59] However, the Coast 
Guard's sexual assault program does not currently have a systematic 
process to collect, document, and maintain its sexual assault incident 
data. One individual maintains a hard copy log, informed by reports 
from coordinators in the field, and if necessary, may call these 
coordinators to get additional information. At the conclusion of our 
review, Coast Guard officials told us that they are in the process of 
developing a prototype to enable personnel to electronically manage 
sexual assault cases, and that they expect to conduct an assessment of 
prototype capabilities in early 2010. However, until the Coast Guard 
establishes a systematic process for the collection, documentation, 
and maintenance of these data, it will be challenged in its ability to 
efficiently retrieve data and its visibility over sexual assault 
incidents will remain limited. 

Additionally, the Coast Guard has not instituted quality control 
processes to ensure the reliability of the sexual assault incident and 
program data being collected. Our prior work has highlighted the 
importance of organizations assessing the quality of their program 
data and ensuring that these data are complete and reliable.[Footnote 
60] However, the Coast Guard has not established a process to 
periodically assess the sufficiency of the program information it 
collects. For example, Coast Guard officials noted that in fiscal year 
2008, the Coast Guard Investigative Service, in the course of its 
investigations, documented 78 reports of sexual assault, while Coast 
Guard Headquarters, using the hard copy log of reports from its 
coordinators, had documented only 30. Further, the Coast Guard's 
sexual assault prevention and response instruction requires that 
commanding officers "ensure completion of mandatory annual training on 
sexual assault prevention by all unit personnel." However, officials 
told us that the current system used to track training is designed to 
report training compliance at the unit level, and while individual 
training compliance can be discerned, the process to do so is overly 
cumbersome. As a result, this practice complicates the Coast Guard's 
ability to oversee whether personnel are completing their required 
training. Officials added that unit compliance with training is 
assessed during inspections that occur every 2 to 3 years, and the 
responsible command is notified if any problems are identified. 
Further, Coast Guard officials told us that while there is no 
systematic process for following up on the findings from these 
inspections, they are confident that the issues are taken seriously 
and appropriately addressed. However, we believe that until the Coast 
Guard establishes a systematic process to assess the quality and 
reliability of its data, it cannot be sure that the information it 
collects is relevant to and sufficient for the achievement of its 
program goals. 

The Coast Guard Has Not Trained Its Program Coordinators: 

The Coast Guard recently developed and is starting to conduct training 
for its victim advocates however, it has not provided training for its 
Sexual Assault Response Coordinators--the personnel who manage the 
victim advocates. The Coast Guard's instruction requires that all 
Coast Guard Sexual Assault Response Coordinators be trained to perform 
relevant duties, and prohibits them from accepting a restricted sexual 
assault report until the training has been completed. However, Coast 
Guard officials stated that they have not developed a curriculum or 
implemented training for the Coast Guard's 16 Sexual Assault Response 
Coordinators, because, alternatively, they were developing and 
implementing a training curriculum for victim advocates. Coast Guard 
officials initially told us that it would likely take up to 2 years to 
develop a formalized curriculum for Coast Guard Sexual Assault 
Response Coordinators, but that in the meantime, they have scheduled a 
training session for coordinators in January 2010 to review policy 
revisions and reporting processes. At the conclusion of our review, 
Coast Guard officials stated that they have since updated their plans 
to train Sexual Assault Response Coordinators, noting that they plan 
to complete a formalized curriculum by May 2010 and have scheduled 
training for the Coordinators during the week of May 4, 2010. However, 
until such training is administered, Sexual Assault Response 
Coordinators will lack formalized Coast Guard sexual assault 
prevention and response training, and according to Coast Guard 
officials, they will rely instead only on the general mandated 
training provided to all personnel, their own professional experience, 
and their interpretation of the Coast Guard's sexual assault 
prevention and response policy. 

Additionally, the Coast Guard's Sexual Assault Program Manager plans 
to travel to Coast Guard installations throughout the country to 
administer annual victim advocate training, which will eventually be 
administered by coordinators. However, this may not be the most 
effective use of resources, as the training could be administered by 
trained Sexual Assault Response Coordinators. Until a formal 
curriculum is developed and implemented, the Coast Guard cannot be 
sure that it has effectively imparted program responsibilities and 
requirements to its Sexual Assault Response Coordinators. 

Conclusions: 

Since the release of our August 2008 report, DOD has taken a number of 
positive steps toward addressing our recommendations to further 
strengthen its sexual assault prevention and response programs and to 
develop the statutorily mandated sexual assault incident database. 
Additionally, each service has proactively developed and implemented a 
variety of initiatives--beyond what we recommended--to increase 
program awareness and to improve prevention of and response to 
occurrences of sexual assault. While such progress is noteworthy, 
DOD's efforts have not fully established a sound management framework, 
which must build upon the foundation of a comprehensive strategic 
framework that guides program development and implementation. Without 
such a foundation, DOD's programs lack the institutional support, long-
term perspective, and clear lines of accountability that are needed to 
withstand the administrative, fiscal, and political pressures that 
confront federal programs on a daily basis. Until OSD finalizes and 
fully implements its oversight framework and strategic plans, it will 
continue to lack the ability to synergize its prevention and response 
initiatives, and it may not be able to effect the change in military 
culture that is needed to ensure that programs are institutionalized. 
Additionally, successful implementation of the oversight framework 
will require the personal involvement of top DOD leadership to 
maintain the long-term focus on and accountability for program 
objectives. 

While the Coast Guard is not generally subject to the departmental 
program direction or statutory requirements that apply to DOD, it 
continues to proactively develop its sexual assault prevention and 
response program. The Coast Guard has, however, experienced challenges 
similar to those of DOD because it lacks the long-term strategic 
perspective needed to structure its program development and 
implementation. Until the Coast Guard develops an oversight framework 
that includes specific management improvement steps, key milestones, 
and performance measures, it will be unable to accurately demonstrate 
that its programs are achieving its goals of establishing a culture of 
prevention, sensitive response, and accountability. Further, the Coast 
Guard may not be able to demonstrate that program elements, such as 
its sexual assault prevention and response training, are being 
implemented in a manner that most effectively ensures its achievement 
of program goals. 

Recommendations for Executive Action: 

We recommend that the Secretary of Defense take the following 10 
actions: 

* To improve the management, strategic planning, and comprehensiveness 
of OSD's oversight of the department's sexual assault prevention and 
response programs, direct the Under Secretary of Defense for Personnel 
and Readiness to strengthen OSD's oversight framework by: 

- identifying how the results of performance assessments will be used 
to guide the development of future program initiatives, 

- identifying how OSD's program resources correlate to its achievement 
of strategic program objectives, and: 

- correlating its oversight framework to the program's two strategic 
plans so that program objectives, timelines, and strategies for 
achieving objectives are synchronized. 

* To enhance visibility over the incidence of sexual assaults 
involving DOD servicemembers, the department's sexual assault 
prevention and response programs, and the pending implementation of 
the Defense Sexual Assault Incident Database, direct the Under 
Secretary of Defense for Personnel and Readiness to standardize the 
type, amount, and format of the data in the military services' annual 
report submissions. 

* To enhance the oversight of the sexual assault prevention and 
response program in DOD, direct the Under Secretary of Defense for 
Personnel and Readiness to ensure that the development and 
implementation of the Defense Sexual Assault Incident Database 
includes adherence to the following key system development and 
acquisition management processes and controls: 

- developing a reliable integrated master schedule that addresses the 
nine key practices discussed in this report, 

- adequately assessing the program's overlap with and duplication of 
related programs through architecture compliance, 

- adequately justifying investment in the proposed approach on the 
basis of reliable estimates of life cycle costs and benefits, 

- effectively developing and managing system requirements, 

- adequately testing system capabilities, and: 

- effectively managing program risks. 

We are recommending that the Commandant of the Coast Guard take the 
following three actions: 

* To improve the oversight and accountability of the Coast Guard's 
sexual assault prevention and response program: 

- establish a systematic process for collecting, documenting, and 
maintaining sexual assault incidence data, and: 

- establish quality control processes to ensure that program 
information collected is valid and reliable. 

* To improve execution of sexual assault prevention and response 
programs, we recommend that the Commandant of the Coast Guard 
establish and administer a curriculum for all key program personnel to 
ensure that they can provide proper advice to Coast Guard personnel. 

Agency Comments and Our Evaluation: 

In written comments on a draft of this report, both DOD and the Coast 
Guard concurred with all of our recommendations. DOD noted in its 
comments that our report contained technical inaccuracies, which we 
addressed where appropriate, based on the technical comments received 
from both DOD and the Coast Guard. Further, DOD asserted that the 
report also contained misstatements that improperly diminished the 
department's efforts to address our recommendations. We believe that 
our report accurately represents DOD's progress to address our 
recommendations from 2008. DOD's comments are reprinted in appendix 
II, and the Coast Guard's comments are reprinted in appendix III. 

In concurring with our recommendations aimed at improving the 
management, strategic planning, and comprehensiveness of OSD's 
oversight of the department's sexual assault prevention and response 
programs--including that OSD should strengthen its oversight framework 
by (1) identifying how the results of performance assessments will be 
used to guide the development of future program initiatives, (2) 
identifying how OSD's program resources correlate with its achievement 
of strategic program objectives, and (3) correlating its oversight 
framework with the program's two strategic plans--DOD commented that 
several efforts are underway or are planned to address these issues. 
For example, DOD stated that in the early part of 2010, it will have a 
plan in place that details how it will track its progress toward the 
performance objectives laid out in the DOD-wide strategic plan, and it 
will develop a procedure to report back on progress toward objectives 
and any needed corrective steps. DOD also stated that starting with 
the 2012 budget cycle, OSD plans to align its budget categories with 
specific performance objectives laid out in its strategic plan. 
Further, DOD noted that the process it plans to use to track its 
progress toward performance objectives will also allow the department 
to synchronize the objectives, timelines, and strategies of its two 
strategic plans. We commend DOD for taking immediate steps in response 
to our recommendations, and encourage the department to continue 
taking positive actions toward fully implementing them. 

In its concurrence with our recommendation that the department 
standardize the type, amount, and format of the data in the military 
services' annual report submissions, DOD acknowledged that achieving 
uniformity among the military services for all required data elements 
will greatly enhance its oversight capabilities. DOD added that it 
recently established definitions for case disposition data and 
developed a standardized program report template, and that both are 
being used by the military services to compile their respective data 
for the department's fiscal year 2009 report on sexual assault in the 
military services. DOD stated that the comprehensive process of 
linking all of its data elements will ultimately be accomplished 
through its development of the Defense Sexual Assault Incident 
Database. Our report credits DOD with taking initial steps toward 
developing standardized data elements and definitions, and 
acknowledges the data template it developed and is using to collect a 
more standardized set of data from the military services for the 
department's fiscal year 2009 annual report to Congress. However, as 
we noted in our report, OSD officials stated that full standardization 
of data elements and definitions will not be achieved until it 
implements the Defense Sexual Assault Incident Database--for which DOD 
does not currently have a reliable implementation schedule. While we 
recognize that this will be a complex and time-consuming task, we 
continue to assert that the full establishment and implementation of 
standardized data elements and definitions will facilitate a more 
comprehensive understanding of DOD's sexual assault prevention and 
response programs. 

In concurring with our recommendation to develop a reliable integrated 
master schedule for the Defense Sexual Assault Incident Database, DOD 
stated that it will give priority to doing so, and will follow GAO 
schedule estimating guidance. However, it added that while the 
department has thus far developed schedules that it characterized as 
capturing broader scope key activities, it would not be able to 
capture key schedule activities or estimate a timeframe for 
identifying key activities that are fundamental to developing a 
reliable schedule until it acquired the assistance of the system 
development contractor. DOD noted that this is because only the 
contractor will know the steps and time required to adopt proprietary 
materials to DOD's requirements for the database. We understand the 
role that the development contractor plays in developing a reliable 
integrated master schedule, which is why our recommendation does not 
specify a timeframe for developing the schedule, and thus allows DOD 
to first acquire a contractor's services. Further, while we agree with 
the department's comment that our report does not include an 
assessment of the viability of a 15-month deadline contained in 
statute[Footnote 61] for the database's design, acquisition, and 
implementation, we note that we told program officials during the 
course of our review that such an assessment was not part of the scope 
of our work because the 15-month deadline was a statutory requirement 
rather than a DOD schedule-driven milestone. 

In concurring with our recommendation to adequately assess the 
program's overlap with related programs through architecture 
compliance, the department stated that it acknowledges the benefits 
derived from doing so. It added, however, that our report inaccurately 
asserts that DOD has not complied with DOD guidance governing 
architecture compliance by stating that a complete set of system-level 
architecture products are not yet available to perform a thorough 
architecture compliance assessment. In this regard, it stated that DOD 
guidance does not call for the development of system-level 
architecture products until the Technology Development Phase in the 
Defense Acquisition System. We agree with the department's comment as 
to the timing of system-level architecture products, which is why we 
do not conclude that DOD has not assessed architecture compliance. As 
stated in this report, architecture compliance is not a onetime event 
but rather a determination that needs to be made at key junctures in a 
system's acquisition life cycle. Thus, the intent of our statement and 
our recommendation is to emphasize the importance of conducting 
compliance activities once a complete set of system-level architecture 
products is available. 

In concurring with our recommendation to adequately justify investment 
in the proposed database approach on the basis of reliable estimates 
of life cycle costs and benefits, the department stated that it agreed 
that the cost estimate in the existing business case does not account 
for all life cycle costs and risks. However, it added that DOD 
guidance does not require comprehensive cost estimates in the business 
case and that the cost estimate in the business case was derived using 
cost estimating best practices. While we agree that DOD guidance does 
not explicitly state that business case cost estimates must be 
comprehensive, both DOD guidance and OMB guidance state that these 
cost estimates should include all costs over the system's life cycle, 
which is a recognized best practice. Further, while the cost estimate 
was derived in accordance with some cost estimating best practices, 
such as estimating software costs with a parametric tool and relying 
on the costs of analogous existing systems, it was not done in 
accordance with others. For example, it was not risk adjusted. Further 
the business case did not include a comparison of alternatives on the 
basis of net present value. 

In concurring with our recommendation to effectively develop and 
manage system requirements, DOD noted that it has continued to work 
with the military services in developing system requirements and that 
its progress in doing so is much greater than our report states. It 
also noted that since the database was legislated, Congress expanded 
its annual sexual assault reporting requirements, which in turn 
necessitated additional requirements development work with 
stakeholders. Further, it stated that it will institute a Change 
Control Board, which is a key requirements management control 
mechanism, and is using a range of system life cycle management tools 
that support requirements development and management. We support DOD's 
continued efforts to work with stakeholders to further develop 
requirements and capture them in a range of requirements documents, as 
such efforts are consistent with our recommendation. Also consistent 
with our recommendation are its plans to institute a Change Control 
Board and use relevant requirements-related tools. 

In concurring with our recommendation to adequately test system 
capabilities, DOD stated that our report does not sufficiently 
describe its efforts to develop a detailed test plan defining the 
program's testing approach and strategy, including the entrance and 
exit criteria for each testing phase. We agree that our report does 
not cite the development of this plan because no such plan was 
provided to us as part of the documentation set submitted for the 
database's milestone acquisition approval, nor were we made aware of 
the existence of such a plan. Moreover, program officials told us that 
a test plan would be developed after the contractor was hired, and 
DOD's comments on our draft report acknowledge that a final test plan 
has yet to be created. 

In concurring with our recommendation to effectively manage program 
risks, DOD noted that our statement that risk management has yet to 
begin is incorrect because key risks have been identified. We agree 
that risk identification, which is the first step in risk management, 
has begun, as our report recognizes. We also agree that the statement 
in our draft report that risk management has yet to begin is not 
consistent with its recognition of these risk identification efforts. 
As a result, we have modified the report to note that many aspects of 
risk management have yet to begin, which DOD also states in its 
comments on our draft report. 

The Coast Guard also concurred with our recommendations aimed at 
improving the oversight, accountability, and execution of its sexual 
assault prevention and response programs, including (1) establishing a 
systematic process for collecting, documenting, and maintaining sexual 
assault incidence data; (2) establishing quality control processes to 
ensure that program information collected is valid and reliable; and 
(3) establishing and administering a curriculum for all key program 
personnel to ensure that they can provide proper advice to Coast Guard 
personnel. In commenting on our draft report, the Coast Guard noted 
that it has several initiatives underway to continue developing its 
sexual assault prevention and response program. For example, the Coast 
Guard stated that an electronic database to track sexual assault 
reports is in the prototype development phase, and based on current 
progress, it expects to complete the database in 2010. Further, the 
Coast Guard noted that it has completed an assessment of workload 
requirements and resource allocations for its Sexual Assault Response 
Coordinators, and upon release of the final report, the Coast Guard 
plans to review and analyze the recommendations and, as appropriate, 
incorporate additional resource requirements into its annual budget 
process. We commend the Coast Guard for the steps it has taken and its 
plans for further developing its sexual assault prevention and 
response program, and we encourage the service to continue taking 
positive actions toward fully implementing our recommendations. 

As agreed with your office, unless you publicly announce the contents 
of this report earlier, we plan no further distribution until thirty 
days from the report date. At that time, we will send copies to 
interested members of Congress; the Secretaries of Defense, Homeland 
Security, the Army, the Navy, and the Air Force; the Commandant of the 
Marine Corps; and the Commandant of the Coast Guard. The report also 
will be available at no charge on the GAO Web site at [hyperlink, 
http://www.gao.gov]. 

If you or your staff have any questions concerning this report, please 
contact Brenda Farrell at (202) 512-3604 or farrellb@gao.gov or 
Randolph Hite at (202) 512-3439 or hiter@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. Key contributors to this report are 
listed in appendix IV. 

Sincerely yours, 

Signed by: 

Brenda S. Farrell: 
Director, Defense Capabilities and Management: 

Signed by: 

Randolph C. Hite: 
Director, Information Technology Architecture and Systems: 

[End of section] 

Appendix I: Scope and Methodology: 

To determine the extent to which the Department of Defense (DOD) has 
taken steps to address our previous recommendations in GAO-08-924 
regarding programs to prevent and respond to sexual assault, we 
reviewed relevant statutory requirements and obtained and analyzed 
DOD's policies, guidance, and procedures for the prevention of and 
response to sexual assault incidents. We also interviewed officials in 
DOD, the Army, the Air Force, the Navy, the Marine Corps, and the 
Defense Task Force on Sexual Assault in the Military Services to gain 
a comprehensive understanding of their efforts to address our previous 
recommendations. We also obtained and analyzed the Office of the 
Secretary of Defense's (OSD) strategic plans and draft oversight 
framework for the department's sexual assault prevention and response 
efforts to determine whether they contained the elements necessary for 
effective program implementation. In addition, we obtained and 
analyzed DOD's annual reports to Congress on sexual assault in the 
military services for fiscal years 2007 and 2008 to assess the extent 
to which OSD addressed our recommendation to improve the usefulness of 
DOD's annual report. 

To determine the extent to which DOD has taken steps to address a 
statutory requirement to establish a centralized, case-level sexual 
assault incident database, we reviewed statutory provisions related to 
DOD's process for collecting and maintaining sexual assault data. We 
also interviewed DOD officials to obtain information on the 
department's efforts to establish the database; reviewed documentation 
related to database development; and compared this documentation to 
relevant DOD, federal, GAO, and industry guidance. 

To determine the extent to which the U.S. Coast Guard has taken steps 
to address our previous recommendations regarding policies and 
programs to prevent and respond to sexual assault, we identified 
relevant legislative requirements and obtained and analyzed the Coast 
Guard's policies, guidance, and procedures for the prevention of and 
response to sexual assault incidents. We also interviewed Coast Guard 
officials to gain a comprehensive understanding of their efforts to 
address our previous recommendations. We also obtained and analyzed 
the Coast Guard's action plan for sexual assault prevention and 
response to determine the extent to which it consisted of the elements 
that we recommended be included in an oversight framework. 

We visited or contacted the following organizations during our review: 

Department of Defense: 

* Defense Task Force on Sexual Assault in the Military Services, 
Alexandria, Virginia: 

* Sexual Assault Prevention and Response Office, Arlington, Virginia: 

* Office of the Assistant Secretary of Defense for Health Affairs, 
Falls Church, Virginia:
- Defense Center of Excellence for Psychological Health and Traumatic 
Brain Injury, Rosslyn, Virginia: 

Office of the Chairman, Joint Chiefs of Staff: 

* J-1, Manpower and Personnel, Washington, D.C. 

Department of the Army: 

* Sexual Harassment/Assault Response and Prevention Program Office, 
Washington, D.C. 

Department of the Air Force: 

* Office of the Assistant Secretary (Manpower and Reserve Affairs), 
Washington, D.C.
- Office of the Deputy Assistant Secretary (Force Management 
Integration), Washington, D.C. 

* Deputy Chief of Staff for Manpower, Personnel and Services, 
Washington, D.C.
- Sexual Assault Prevention and Response Program Office, Washington, 
D.C. 

Department of the Navy: 

* Sexual Assault Prevention and Response Office, Washington, D.C. 

United States Marine Corps: 

* Manpower and Reserve Affairs: 

- Sexual Assault Prevention and Response Office, Quantico, Virginia: 

U.S. Coast Guard: 

* Health, Safety and Work-Life Directorate, Office of Work-Life, 
Washington, D.C. 

We conducted this performance audit from February 2009 through 
February 2010 in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. 

[End of section] 

Appendix II: Comments from the Department of Defense: 

Office Of The Under Secretary Of Defense: 
Personnel And Readiness: 
4000 Defense Pentagon: 
Washington, D.C. 20301-4000: 

January 8, 2010: 

Ms. Brenda S. Farrell: 
Director, Defense Capabilities and Management: 
U.S. Government Accountability Office: 
441 G Street, N.W. 
Washington, DC 20548: 

Dear Ms. Farrell: 

I appreciate the opportunity to respond to the General Accountability 
Office's proposed report, Military Personnel: Additional Actions are 
Needed to Strengthen DoD's and the Coast Guard's Sexual Assault 
Prevention and Response Programs (GAO-10215). The attached comments 
will pertain only to the sections identified for DoD action. 

The report recognized the progress the Department has made in the few 
months since the GAO published its prior report on the Sexual Assault 
Prevention and Response (SAPR) Program in August 2008. As the GAO 
noted in both this and the prior report, the Department has invested 
considerable time, attention, and resources to assist victims, prevent 
sexual assault, and implement this very important program. 

The Department concurs with all GAO recommendations. We acknowledge that
this report comes only 16 months after the 2008 report on the same 
topic was issued. Despite the very short time between reports, the 
Department was able to fully implement four of the nine original 
recommendations. Given sufficient time, the Department will 
demonstrate further progress by implementing the remaining 
recommendations. 

Notwithstanding the Department's agreement with all recommendations, 
the present report contains technical inaccuracies and misstatements 
that improperly diminish the Department's considerable efforts to 
implement the five remaining GAO recommendations. The attached 
comments more comprehensively summarize the Department's work in these 
areas. 

There were 13 technical corrections noted by DoD, including the Air 
Force and Navy, that were forwarded separately to the GAO staff.
Again, the opportunity to clarify the Department's progress is 
appreciated. As you know, my point of contact is Kaye Whitley, 
Director, SAPRO. She may be reached at 703-696-9422. 

Sincerely, 

Signed by: 

Gail H. McGinn: 
Deputy Under Secretary of Defense (Plans): 
Performing the Duties of the Under Secretary of Defense (Personnel and 
Readiness): 

Enclosure: As stated: 

[End of letter] 

GAO Draft Report Dated December 8, 2009 GAO-10-215 (GAO Code 351324): 

"Military Personnel: Additional Actions Are Needed To Strengthen DOD's 
And The Coast Guard's Sexual Assault Prevention And Response Programs" 

Department Of Defense Comments To The GAO Recommendations: 

Introduction And Clarification: 

The Department concurs with all GAO recommendations. Despite the 
Department's agreement with all recommendations, the present report 
contains technical inaccuracies and misstatements. The Department's 
corrections are included in Tab B. However, the GAO Report text 
indicates some confusion about the relationship between the three 
documents mentioned here: Oversight Framework, DoD-Wide Strategic 
Plan, and SAPRO Strategic Plan. As an initial clarification, the 
unique role played by each document is laid out below: 

Oversight Framework for Sexual Assault Prevention and Response: 
Purpose: Lay out roadmap to institutionalize the oversight activity.
This document lays out the oversight process for the entire Department 
to implement over a three-year timeframe, with SAPRO taking the lead 
responsibility. 

Department of Defense-Wide Sexual Assault Prevention and Response 
Strategic Plan: 
Purpose: Relate SAPRO and Service activities to the five DoD-wide 
strategic SAPR priorities. 

This document provides an overview of the connection between SAPRO and 
Service goals and objectives and each of the five strategic SAPR 
priorities. 

OSD-SAPRO Strategic Plan: 
Purpose: Connect detailed SAPRO-specific activities to DoD-wide SAPR 
priorities. 

Building off of the contents of the DoD-wide strategic plan, the SAPRO 
strategic plan goes to the next level of detail needed for the office 
to develop and track performance objectives. 

The two strategic plans are considered "living documents" in that they 
will be reviewed annually to consider modification. The Oversight 
Framework will be implemented during the coming three years, with 
progress toward the implementation tracked as part of the SAPRO 
strategic plan. 

Response To Recommendations: 

Recommendation 1: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
strengthen OSD's oversight framework by identifying how the results of 
performance assessments will be used to guide the development of 
future program initiatives. 

DOD Response: 

Concur: As noted in the GAO Report, OSD and the Services have efforts 
underway to measure the activities outlined in the DoD-wide strategic 
plan as well as the SAPRO strategic plan. Once those measures and 
performance objectives are clarified, SAPRO is reviewing several 
different options for tracking progress against objectives. For 
example, the Executive Secretariat uses an online tracking system to 
follow performance objectives listed in the Personnel and Readiness 
strategic plan as well as to track progress on mandates and 
recommendations related to the Wounded, Ill and Injured. SAPRO is 
considering the adoption of a similar system. Early in 2010, SAPRO 
will have a plan in place for how SAPRO will track progress toward 
performance objectives laid out in the DoD-wide strategic plan. The 
system will allow for revisions to the tracked objectives as they may 
need to be revised following an annual review. In addition, SAPRO will 
develop a procedure to report back on progress toward objectives, and 
any needed corrective steps. 

Recommendation 2: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
strengthen OSD's oversight framework by identifying how OSD's program 
resources correlate to its achievement of strategic program objectives. 

DOD Response: 

Concur: In the past, SAPRO has aligned its budget categories with the 
broad categories of activities pursued by the Office. (The Services 
separately budget for their implementation efforts.) With upcoming 
budget cycles (starting with 2012), building off the new strategic 
plan, SAPRO will align its budget categories with specific performance 
objectives laid out in the plan. Spending plans for the year will 
connect activities and resources, and periodic reviews will take place 
to ensure these spending plans are tracking with the activities needed 
to ensure achievement of performance objectives. 

Recommendation 3: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
strengthen OSD's oversight framework by correlating its oversight 
framework to the program's two strategic plans so that program 
objectives, timelines, and strategies for achieving objectives are 
synchronized. 

DOD Response: 

Concur: See response to Recommendation 1. The online tracking 
procedure will allow SAPRO to coordinate the synchronization of 
objectives, timelines, and strategies laid out in the DoD-wide 
strategic plan and the SAPRO strategic plan. 

As clarification, in referring to the Framework document, the GAO 
report mentions "nine objective-like elements as 'future state 
improvement opportunities.'" These framework elements are 
intentionally not directly tied to the program objectives laid out in 
the DoD-wide and SAPRO strategic plans. The elements are what will be 
used as guides in forming and instituting the framework process. They 
will not be tied to a timeframe laid out in the strategic plans; that 
is, once in place, the elements will be enduring guidelines for how 
oversight will be done. In contrast, the two strategic plans have 
objectives-—tied to specific program needs--which will by definition 
evolve over time as needed. 

Recommendation 4: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
standardize the type, amount, and format of the data in military 
services' existing report submissions. (p. 43/GAO Draft Report) 

DOD Response: 

Concur: DoD believes that comprehensive data collection and analysis 
is vital to policy analysis and program implementation. DoD also 
agrees that achieving uniformity among the Services for all required 
data elements will greatly enhance its oversight capabilities, and is 
poised to continue the cross-Service data standardization process. DoD 
currently requires the Services to use the newly-established case 
disposition data definitions in their collection and reporting of SAPR 
data, and is providing technical assistance as needed to increase the 
reliability of the provided data. The FY09 Annual Report Data Call 
also required these additional data points to be provided to DoD in 
support of its Annual Report to Congress on Sexual Assault in the 
Military. DoD revised its FY09 Data Call to include standardized 
program report templates, which will enable SAPRO to more effectively 
analyze the Services' reports and increase the amount of comparable 
information they contain. The FY09 Data Call also provided revised and 
standardized quantitative data collection templates that include the 
new disposition data definitions agreed to by SAPRO and the Services, 
as well as a refined reporting matrix for case synopses that more 
clearly defines the data that they must provide and the format they
must use. SAPRO is also officially requiring that Service data and 
information should only be reported to SAPRO after the Services 
coordinate with their respective Judge Advocate General for 
verification, completeness and explanations, as appropriate.
Achieving complete data uniformity among the Services for all reported 
information will greatly enhance DoD's oversight capabilities, and 
this comprehensive data element linkage process will ultimately be 
accomplished through the development of the Defense Sexual Assault 
Incident Database. In support of this Department-wide initiative, 
SAPRO has conferred with DoD IG on the need to define remaining 
investigative process terms to ensure data uniformity across the 
Services as currently provided in existing report submissions and as 
reported through DSAID in the future. 

Recommendation 5: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including developing 
a reliable integrated master schedule that addresses the nine key 
practices discussed in the report. (p. 44/GAO Draft Report) 

DOD Response: 

Concur: The Department is committed to the timely and lawful 
development of the Defense Sexual Assault Incident Database (DSAID). 
The Department will follow the proffered GAO guidance and prioritize 
the development of a reliable, integrated master schedule for the 
Defense Sexual Assault Incident Database (DSAID) deployment. The first 
practice the GAO associates with developing and maintaining a reliable 
schedule is "capturing all key activities." As noted in the report, 
the Department has made efforts to develop schedules to capture 
broader scope key activities that support individual policy, 
requirements, and acquisition tasks with available information. 
Unfortunately, the Department cannot capture key activities or even 
estimate a timeframe for identifying key activities associated with 
development and implementation without the assistance of the system 
developer. While GAO guidance identifies estimation methods, only the 
developer will know the steps and time required to adapt their 
proprietary materials to meet DSAID system requirements and 
functionality. At this time, the goal of schedule reliability cannot 
be attained without the developer's assistance. The Request for 
Proposal for a DSAID developer is scheduled for release early in the 
second quarter of FY10. This process is constrained by Federal 
contracting law[Footnote 62] and cannot be further expedited. Through 
the acquisition process, the Department has been able to validate the 
system deployment steps cited in the GAO report (p 28). However, 
contracting specialists have advised that, again, only the developer 
can ascribe a time and order to those steps. Notably missing from the 
GAO report was an assessment of the viability of a fifteen-month 
deadline for data system design, acquisition and implementation that 
takes into account the GAO's thorough planning guidance, Departmental 
policy requirements, and Federal contracting law. A complete DSAID 
integrated master schedule will be created once a contract for 
development is awarded and a technical solution is identified. This 
schedule will not only integrate GAO guidance but also leverage the 
technical expertise of the developer. 

Recommendation 6: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including adequately 
assessing the program's overlap with and duplication of related 
programs through architecture compliance. 

DOD Response: 

Concur: The Department acknowledges the benefits derived from 
assessing DSAID's integration with extant DoD systems. As noted by the 
GAO, "...architecture compliance is not a "one time" event but rather 
a determination that needs to be made at key junctures in a system's 
acquisition life cycle." In the Department, these "key junctures" are 
known as Milestone A (entry into the Technology Development Phase) 
Milestone B (entry into the Engineering and Manufacturing Development 
Phase also known as "Program Initiation",), and Milestone C (entry 
into the Production and Deployment Phase). As documented by the GAO, 
DSAID obtained Milestone A approval in July 2009. The OV-1, High Level 
Operational Concept Graphic, OV-5a, Operational Activity Model, and SV-
4, Systems Functionality Description, constitute the three enterprise 
architecture documents required for Milestone A approval. These three 
documents were included in the approved package. 

The GAO further notes, "...a complete set of system-level architecture 
products needed to perform a thorough and meaningful compliance 
assessment are not yet available." As written, this statement 
inaccurately asserts that the Department has somehow failed to comply 
with enterprise architecture requirements. This is not the case. 
According to DoD Instruction 5000.02, Operation of Defense Acquisition 
System, the "system-level" enterprise architecture products desired by 
GAO are developed during the Technology Development Phase and are 
required for a favorable Milestone B approval. The Department is 
currently evaluating DSAID's placement in its architecture and is 
producing the documentation required for Milestone B approval. The GAO 
is welcome to review all future architecture documents once the 
Milestone Decision Authority approves them. 

Recommendation 7: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including adequately 
justifying investment in the proposed approach on the basis of 
reliable estimates of life-cycle costs and benefits. 

DOD Response: 

Concur: The Department agrees and must justify its investment in the 
proposed approach for DSAID as part of the acquisition process. 

In the report, GAO notes, "DOD developed a business case for the 
database in June 2009...and this business case includes a program cost 
estimate of $12.6 million. However, the cost estimate is not reliable 
because it was not derived in accordance with the best practices 
identified in relevant cost estimating guidance. For example, it does 
not include all costs over the system's life-cycle, and it has not 
been adjusted to account for program risks." The Department agrees 
that the cost estimate in the business case did not account for all 
life-cycle costs and risks. However, DoD Instruction 5000.02, 
Operation of Defense Acquisition System, does not require 
comprehensive cost estimates in the business case. 

The Department contends that best practices in cost estimation were 
indeed used to produce the cost estimate in the business case 
submitted for Milestone A. The cost estimate relied on vendor input, 
the costs of analogous existing systems, and SEER for Software (SEER-
SEMTm) by Galorath Incorporated. It was through the SEER-SEMTm 
software that the GAO Cost Estimating and Assessment Guidelines were 
applied in the development of the cost estimate. Moreover, Dan 
Galorath, of Galorath Incorporated was an expert used in developing 
the GAO Cost Estimate and Assessment Guide.[Footnote 63] The 
Department of Defense Manual on Cost Analysis Guidance and Procedures 
and the Society of Cost Estimating and Analysis' principles were also 
used in the development of the cost estimate. 

The GAO Report further states, "OSD officials told us that they intend 
to develop a reliable cost estimate once the development contract is 
awarded." While this is an accurate statement, it does not capture the 
work accomplished to date to satisfy the requirements of the 
acquisition process. Since the cost estimate was developed for 
Milestone A, the cost estimate was updated to facilitate assessment of 
proposals from prospective developers. Cost estimates have been 
refined to include risk, additional Congressional requirements, 
Operations and Maintenance (O&M), and testing. However, full O&M costs 
cannot be estimated until a technical solution is selected. 

Recommendation 8: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including 
effectively developing and managing system requirements. 

DOD Response: 

Concur: The Department agrees that a Requirements Management Plan is a 
best practice[Footnote 64] that has been employed in DSAID 
development. As acknowledged in the report, the Department has "begun 
to take steps to engage users in the development of requirements for 
DSAID." However, Department progress in this area is much greater than 
what is inferred in the report. GAO's summary did not capture that the 
Department has continued work with the Army, Marine Corps, Navy, Air 
Force, and National Guard to develop system requirements. 
Specifically, the Department has completed development of data element 
requirements/attributes, usage, and definitions for a comprehensive 
DSAID baseline covering Victim Case Management; Incident information; 
Subject Demographics; Subject Disposition; and SAPR Program 
Administration data. This information is captured in the following 
documents: 

Requirements Package Overview and Supplemental Requirements;
* Use Case Models and Use Case documents; 
* Report and Ad-Hoc Queries Specification; 
* Air Force Systems Interface Mapping Data; 
* Army Systems Interface Mapping Data; and; 
* Department of Navy Systems Interface Mapping Data. 

Additionally, interface mapping activities have been completed for the 
Air Force and National Guard and considerable progress has been made 
with the Army, Marine Corps and the Navy. 

It should be noted that since the database was legislated, Congress 
expanded its annual reporting requirements, necessitating additional 
work with stakeholders. Once these high-level system requirements are 
baselined, the Department will institute a Change Control Board (CCB) 
to manage emerging DSAID requirements to ensure they are appropriately 
addressed. In addition, the requirements and development efforts are 
being managed within a suite of tools that provide consistency in 
products and allow for better control of requested changes to baseline 
requirements and/or system development. Specifically, the tools 
provide: 

* life cycle management and control of software development assets; 
* tracking of defects and changes;
* centralized control of test activity management, execution, and 
reporting; and; 
* management of the requirements and documentation of the software 
development process from start to finish. 

Recommendation 9: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including adequately 
testing system capabilities. 

DOD Response: 

Concur: However, the GAO's synopsis does not sufficiently describe the 
Department's progress in this area and omitted mention of the detailed 
test plan developed as a part of the documentation for Milestone A. 
This test plan identifies how the incremental functional requirements 
are to be tested, prior to and post release. The plan also defines the 
testing approach and strategy, including the entrance and exit 
criteria for each testing phase. Additionally, the plan outlines 
additional testing cycles to address changes required by the 
identified DSAID technical solution. 

Throughout the development and implementation of DSAID, many types of 
testing will be conducted, to include Systems Interface Testing (SIT), 
Unit Testing, Integration Testing, System Testing, Regression Testing, 
User Acceptance Testing (UAT), and Performance Testing. All testing 
will ensure baseline requirements are met, intended business functions 
are captured, and that data is properly interfaced with existing 
Service systems. 

In addition to the DSAID Test Plan created for Milestone A, a final 
testing plan with an independent tester will be created for Milestone 
B in accordance with DoD Directive 5000.02, Operation of Defense 
Acquisition System. The Department will work with the developer once 
selected to define how it will document and provide results. 
Throughout the process, all testing documents will be refined at key 
junctures to ensure all issues are addressed. The DSAID Test Plan will 
provide the framework through which SAPRO and the developer will 
evaluate whether the functionality delivered meets the requirements as 
described in the requirements documentation. The developer will also 
be required to conduct regression testing of the system to validate 
that new requirements do not pose any adverse impact to current 
functionality. 

RECOMMENDATION 10: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Personnel and Readiness to 
ensure that the development and implementation of the Defense Sexual 
Assault Incident Database includes adherence to key system development 
and acquisition management processes and controls including 
effectively managing program risks. (p. 44/GAO Draft Report) 

DOD Response: 

Concur: However, the GAO report comment that DSAID "...risk management 
has yet to begin..." is incorrect. According to the GAO recommended 
resource,[Footnote 65] the first step in risk management is "Risk 
Identification." The Department has identified a number of risks 
associated with DSAID, has incorporated them in to its Risk 
Communications Strategy, and has conveyed those risks to targeted 
stakeholders. The Department's DSAID briefing to GAO and other 
stakeholders included these risks. The GAO's ability to accurately 
incorporate five of these risks into its report on pages 34 and 35 is 
evidence itself that the initial step in risk management has begun. 

However, the Department acknowledges that there are many steps 
remaining in Risk Management that must be addressed. The Department 
will apply the approach recommended in the Risk Management Guide for 
DOD Acquisition,[Footnote 66] which identifies that management is a 
continuous process that is accomplished throughout DSAID's life cycle. 
The risk management strategy will make certain that task requirements 
are executed with proper mitigation of technical, operational, and 
management risks. It will employ a consistent, five step approach to 
identify, analyze, plan, act, and monitor and learn about real and 
potential risks to ensure improved and sustained product delivery. 

[End of section] 

Appendix III: Comments from the U.S. Coast Guard: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 

January 6, 2010: 

Ms. Brenda S. Farrell: 
Director, Defense Capabilities and Management: 
U.S. Government Accountability Office: 
441 G St., N.W. 
Washington, D.C. 20548: 

Dear Ms. Farrell: 

Thank you for the opportunity to review and provide comments on the 
Government Accountability Office's (GAO) draft report titled, Military 
Personnel: Additional Actions Are Needed to Strengthen DOD's and the 
Coast Guard's Sexual Assault Prevention and Response Programs (GA0-10-
215). 

The Department of Homeland Security (DHS) has reviewed the referenced 
report and concurs with the recommendations. We would like to note 
that the United States Coast Guard (USCG) continues to make progress 
in the development of its Sexual Assault Prevention and Response 
Program. USCG-specific Sexual Assault Response Coordinator (SARC) 
training for all personnel performing SARC duties, including Employee 
Assistance Program Coordinators (EAPC) and Family Advocacy 
Specialists, is scheduled for May 2010. 

Victim Advocate Training also continues throughout the USCG, with 
several more sessions scheduled for 2010. A Work-Life Information 
System (an electronic database designed to help track sexual assault 
reports) is in the prototype development phase and current progress 
suggests that it should be completed within 2010. A Manpower 
Requirements Analysis on the EAPCs has been completed, and the final 
report is expected to be released in early 2010. Initial review of the 
data suggests that additional EAPCs may be needed. Upon release of a 
final report, the USCG will carefully review and analyze all 
recommendations. Requests for additional resource requirements will be 
submitted, as appropriate, for review as part of the USCG's annual 
budget build process. 

Thank you for the opportunity to review and provide comments to the 
draft report and we look forward to working with you on future 
homeland security issues. 

Sincerely, 

Signed by: 

Jerald E. Levine: 
Director: 
Audit Liaison: 

[End of section] 

Appendix IV: GAO Contacts and Staff Acknowledgments: 

GAO Contacts: 

Brenda S. Farrell, (202) 512-3604 or farrellb@gao.gov: 

Randolph C. Hite, (202) 512-3439 or hiter@gao.gov: 

Acknowledgments: 

In addition to the contacts named above, key contributors to this 
report include Marilyn K. Wasleski, Assistant Director; Neelaxi 
Lakhmani, Assistant Director; Divya Bali; Stacy Bennett; Steve 
Caldwell; Elizabeth Curda; Matt Dove; K. Nicole Harms; Jim Houtz; Ron 
La Due Lake; Kim Mayo; Geoffrey Peck; Adam Vodraska; and Cheryl A. 
Weissman. 

[End of section] 

Footnotes: 

[1] In fiscal year 2008, DOD reported 2,908 alleged incidents of 
sexual assault involving military servicemembers, and the Coast Guard 
reported 84. However, data on the reported alleged sexual assault 
incidents in DOD and the Coast Guard are imprecise representations of 
the extent to which sexual assault is occurring in the military 
services because they may include incidents that occurred before a 
victim's military service began or before fiscal year 2008. 
Furthermore, these data are reported regardless of the final outcome 
and therefore some of these reports may turn out to be 
unsubstantiated. The military services' fiscal year 2009 sexual 
assault incident data were not included in our report because they 
will not be published by DOD until March 15, 2010. 

[2] GAO, Military Personnel: DOD's and the Coast Guard's Sexual 
Assault Prevention and Response Programs Face Implementation and 
Oversight Challenges, [hyperlink, 
http://www.gao.gov/products/GAO-08-924] (Washington, D.C.: Aug. 29, 
2008). 

[3] Pub. L. No. 108-375, § 577 (2004). 

[4] GAO, Military Personnel: The DOD and Coast Guard Academies Have 
Taken Steps to Address Incidents of Sexual Harassment and Assault, but 
Greater Federal Oversight Is Needed, [hyperlink, 
http://www.gao.gov/products/GAO-08-296] (Washington, D.C.: Jan.17, 
2008). 

[5] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[6] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[7] GAO, Military Personnel: Preliminary Observations on DOD's and the 
Coast Guard's Sexual Assault Prevention and Response Programs, 
[hyperlink, http://www.gao.gov/products/GAO-08-1013T] (Washington, 
D.C.: July 31, 2008). 

[8] GAO, Military Personnel: Actions Needed to Strengthen 
Implementation and Oversight of DOD's and the Coast Guard's Sexual 
Assault Prevention and Response Programs, [hyperlink, 
http://www.gao.gov/products/GAO-08-1146T] (Washington, D.C.: Sept. 10, 
2008). 

[9] Pub. L. No. 110-417, § 563 (2008). 

[10] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[11] GAO, Managing for Results: Agency Progress in Linking Performance 
Plans With Budgets and Financial Statements, [hyperlink, 
http://www.gao.gov/products/GAO-02-236] (Washington, D.C.: Jan. 4, 
2002). 

[12] Pub. L. No. 110-417, § 563 (2008). 

[13] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[14] Pub. L. No. 108-375, § 577 (2004). 

[15] In February 2004, the Secretary of Defense directed the Under 
Secretary of Defense for Personnel and Readiness to undertake a 90-day 
review to assess sexual assault policies and programs in DOD and the 
services and recommend changes to increase prevention, promote 
reporting, enhance the quality of support provided to victims 
especially within combat theaters, and improve accountability for 
offender actions. Among the recommendations of the task force was that 
DOD establish a single point of accountability for all sexual assault 
policy matters within the department. 

[16] Department of Defense Directive 6495.01, Sexual Assault 
Prevention and Response (SAPR) Program (Oct. 6, 2005), as updated by 
subsequent changes. 

[17] Department of Defense Instruction 6495.02, Sexual Assault 
Prevention and Response Program Procedures (June 23, 2006), as updated 
by subsequent changes. 

[18] Pub. L. No. 110-417, § 563 (2008). 

[19] This responsibility does not include responsibility for legal 
processes provided under the Uniform Code of Military Justice and 
Manual for Courts-Martial and criminal investigative policy matters 
that are assigned to the judge advocates general of the military 
services and DOD's Inspector General, respectively. 

[20] Department of Defense Instruction 6495.02, Sexual Assault 
Prevention and Response Program Procedures (Jun. 23, 2006). 

[21] U.S. Coast Guard Commandant Instruction 1754.10D, Sexual Assault 
Prevention and Response (SAPR) Program (Jan. 16, 2009). 

[22] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[23] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[24] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[25] Memorandum for the Director, Joint Staff (J-1), Sexual Assault 
Prevention and Response Guidance for Joint Publications (Apr. 7, 2009). 

[26] Section 576 of the Ronald W. Reagan National Defense 
Authorization Act for Fiscal Year 2005 directed the task force to 
conduct an examination of matters relating to sexual assault in cases 
involving members of the Armed Forces, and required the task force to 
submit a report not later than 1 year after initiation of its 
examination. Section 566 of the National Defense Authorization Act for 
Fiscal Year 2010, Pub. L. No. 111-84 (2009), amended the previous 
statute and provided a deadline of no later than December 1, 2009. The 
Report of the Defense Task Force on Sexual Assault in the Military 
Services was released on December 1, 2009. 

[27] GAO, The Results Act: An Evaluator's Guide to Assessing Agency 
Annual Performance Plans, [hyperlink, 
http://www.gao.gov/products/GAO/GGD-10.1.20] (Washington, D.C.: April 
1998); Managing for Results: Critical Issues for Improving Federal 
Agencies' Strategic Plans, [hyperlink, 
http://www.gao.gov/products/GAO/GGD-97-180] (Washington, D.C.: Sept. 
16, 1997); and [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[28] GAO, Managing for Results: Enhancing Agency Use of Performance 
Information for Management Decision Making, [hyperlink, 
http://www.gao.gov/products/GAO-05-927] (Washington, D.C.: Sept. 9, 
2005). 

[29] [hyperlink, http://www.gao.gov/products/GAO/GGD-10.1.20]. 

[30] [hyperlink, http://www.gao.gov/products/GAO-02-236]. 

[31] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[32] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[33] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[34] GAO, Agency Performance Plans: Examples of Practices That Can 
Improve Usefulness to Decisionmakers, [hyperlink, 
http://www.gao.gov/products/GAO/GGD/AIMD-99-69] (Washington, D.C.: 
Feb. 26, 1999). 

[35] GAO, Managing for Results: Barriers to Interagency Coordination, 
[hyperlink, http://www.gao.gov/products/GAO/GGD-00-106] (Washington, 
D.C.: Mar. 29, 2000). 

[36] Pub. L. No. 110-417, § 563 (2008). 

[37] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for 
Developing and Managing Capital Program Costs, [hyperlink, 
http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009). 

[38] According to Department of Defense Directive 5000.01, The Defense 
Acquisition System (May 12, 2003), a milestone decision authority 
(MDA) is the designated individual with overall responsibility for the 
program. The MDA has the authority to approve entry of an acquisition 
program into the next phase of the acquisition, including approving 
the program to proceed through its acquisition cycle on the basis of, 
for example, the acquisition plan, an economic analysis, and the 
Acquisition Program Baseline. 

[39] Department of Defense Instruction 5000.02, Operation of the 
Defense Acquisition System (Dec. 8, 2008), establishes a simplified 
and flexible management framework for translating capability needs and 
technology opportunities into stable, affordable, and well-managed 
acquisition programs. The system consists of five key program life 
cycle phases and three related milestone decision points--(1) Materiel 
Solution Analysis (previously Concept Refinement), followed by 
Milestone A; (2) Technology Development, followed by Milestone B; (3) 
Engineering and Manufacturing Development (previously System 
Development and Demonstration), followed by Milestone C; (4) 
Production and Deployment; and (5) Operations and Support. 

[40] See, for example, Department of Defense Instruction 5000.02, 
Operation of the Defense Acquisition System; Institute of Electrical 
and Electronics Engineers, Standard 1012-2004 for Software 
Verification and Validation (New York: June 8, 2005); and [hyperlink, 
http://www.gao.gov/products/GAO-09-3SP]. 

[41] Department of Defense Architecture Framework, Version 1.5, Volume 
1 (April 2007); GAO, Information Technology: A Framework for Assessing 
and Improving Enterprise Architecture Management (Version 1.1), 
[hyperlink, http://www.gao.gov/products/GAO-03-584G] (Washington, 
D.C.: April 2003); Chief Information Officers Council, A Practical 
Guide to Federal Enterprise Architecture, Version 1.0 (February 2001); 
and Institute of Electrical and Electronics Engineers (IEEE), Standard 
for Recommended Practice for Architectural Description of Software-
Intensive Systems 1471-2000 (Sept. 21, 2000). 

[42] A well-defined enterprise architecture provides a clear and 
comprehensive picture of an entity, whether it is an organization 
(e.g., a federal department) or a functional or mission area that cuts 
across more than one organization (e.g., personnel management). This 
picture consists of snapshots of both the enterprise's current, or "as 
is," environment and its target or "to be" environment, as well as a 
capital investment road map for transitioning from the current to the 
target environment. These snapshots consist of integrated "views," 
which are one or more architecture products that describe, for 
example, the enterprise's business processes and rules; information 
needs and flows among functions, supporting systems, services, and 
applications; and data and technical standards and structures. 

[43] See, for example, GAO, Information Technology: FBI Is Taking 
Steps to Develop an Enterprise Architecture, but Much Remains to Be 
Accomplished, [hyperlink, http://www.gao.gov/products/GAO-05-363] 
(Washington, D.C.: Sept. 9, 2005); Homeland Security: Efforts Under 
Way to Develop Enterprise Architecture, but Much Work Remains, 
[hyperlink, http://www.gao.gov/products/GAO-04-777] (Washington, D.C.: 
Aug. 6, 2004); Information Technology: Architecture Needed to Guide 
NASA's Financial Management Modernization, [hyperlink, 
http://www.gao.gov/products/GAO-04-43] (Washington, D.C.: Nov.21, 
2003); and DOD Business Systems Modernization: Important Progress Made 
to Develop Business Enterprise Architecture, but Much Work Remains, 
[hyperlink, http://www.gao.gov/products/GAO-03-1018] (Washington, 
D.C.: Sept. 19, 2003). 

[44] GAO, DOD Business System Modernization: Key Navy Programs' 
Compliance with DOD's Federated Business Enterprise Architecture Needs 
to Be Adequately Demonstrated, [hyperlink, 
http://www.gao.gov/products/GAO-08-972] (Washington, D.C.: Aug. 7, 
2008). 

[45] Office of Management and Budget, Circular A-11, Preparation, 
Submission, and Execution of the Budget (Washington, D.C., Executive 
Office of the President, August 2009), and Capital Programming Guide: 
Supplement to Office of Management and Budget, Circular A-11, Part 7, 
Preparation, Submission, and Execution of the Budget (Washington, 
D.C., Executive Office of the President, June 2006). 

[46] Office of Management and Budget, Circular A-94, Guidelines and 
Discount Rates for Benefit-Cost Analysis of Federal Programs 
(Washington, D.C., Executive Office of the President, Oct. 29, 1992), 
defines "life cycle cost" as "the overall estimated cost for a 
particular program alternative over the time period corresponding to 
the life of the program, including direct and indirect initial costs 
plus any periodic or continuing costs of operation and maintenance." 

[47] [hyperlink, http://www.gao.gov/products/GAO-09-3SP]. 

[48] Office of Management and Budget, Circular A-94, Guidelines and 
Discount Rates for Benefits-Cost Analysis of Federal Programs, and 
Circular A-11, Part 7, Planning, Budgeting, Acquisition and Management 
of Capital Assets (Washington, D.C., November 2009). 

[49] The Capability Maturity Model® Integration for Development, 
developed by the Software Engineering Institute of Carnegie Mellon 
University, defines key practices that are recognized hallmarks for 
successful organizations that if effectively implemented, can greatly 
increase the chances of successfully developing and acquiring software 
and systems. Carnegie Mellon University, Software Engineering 
Institute, Capability Maturity Model® Integration for Development, 
Version 1.2 (Pittsburgh, August 2006). 

[50] See, for example, Department of Defense Instruction 5000.02, 
Operation of the Defense Acquisition System; Defense Acquisition 
University, Test and Evaluation Management Guide; Institute of 
Electrical and Electronics Engineers, Standard 1012-2004 for Software 
Verification and Validation; and Carnegie Mellon University, Software 
Engineering Institute, Capability Maturity Model Integration for 
Acquisition, Version 1.2, CMU/SEI-2007-TR-017(Pittsburgh, November 
2007). 

[51] Department of Defense, Risk Management Guide for DOD Acquisition, 
6th Edition, Version 1.0, [hyperlink, 
http://www.acq.osd.mil/sse/ed/docs/2006-RM-Guide-4Aug06-final-
version.pdf] (accessed Nov. 27, 2009), and Carnegie Mellon University, 
Software Engineering Institute, CMMI for Acquisition, Version 1.2. 

[52] The Department of the Air Force stated that to date, it has not 
identified any expected limitations for providing data from other 
systems or expressed any concerns about competing priorities. 

[53] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[54] U.S. Coast Guard Commandant Instruction 1754.10D, Sexual Assault 
Prevention and Response (SAPR) Program (Jan. 16, 2009). 

[55] GAO, Results-Oriented Cultures: Implementation Steps to Assist 
Mergers and Organizational Transformations, [hyperlink, 
http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2, 
2003). 

[56] [hyperlink, http://www.gao.gov/products/GAO-08-924]. 

[57] [hyperlink, http://www.gao.gov/products/GAO-02-236]. 

[58] The Coast Guard's instruction specifically charges the Sexual 
Assault Prevention and Response Program Manager with establishing the 
reporting system, and specifically charges the Employee Assistance 
Program Coordinator/Sexual Assault Response Coordinator with 
maintaining records to identify victims and track services provided. 

[59] GAO, Executive Guide: Effectively Implementing the Government 
Performance and Results Act, [hyperlink, 
http://www.gao.gov/products/GAO/GGD-96-118] (Washington, D.C.: June 
1996). 

[60] [hyperlink, http://www.gao.gov/products/GAO/GGD-96-118]. 

[61] Pub. L. No. 110-417, § 563 (2008). 

[62] Federal Acquisition Regulation (FAR) and The Competition in 
Contracting Act of 1984 (CICA), 41 U.S.C. 253. 

[63] p. 324, GAO Cost Estimate and Assessment Guide. 

[64] Office of Management and Budget Circular A-94, Guidelines and 
Discount Rates for Benefits-Cost Analysis of Federal Programs 
Washington, D.C.: Oct 29, 1992; Office of Management and Budget 
Circular A-11, part 7, Planning, Budgeting, Acquisition and Management 
of Capital Assets (Washington, D.C.: Nov 2009). 

[65] Department of Defense, Risk Management Guide for DOD Acquisition, 
6th Edition, Version 1.0, pg 7. 

[66] Ibid. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: