DOD Efforts to Buy and Maintain IT Systems Are Billions Over Budget and Delayed
The Department of Defense is spending billions modernizing the IT systems it uses for everything from health care and human capital needs to logistics and contracting. These efforts to modernize IT aim to improve how DOD does business, conducts day-to-day operations, and increase cybersecurity. But several of DOD’s efforts have seen large cost increases and are behind schedule by a year or more.
Today’s WatchBlog post looks at our latest annual assessment of DOD’s IT systems.
Image
Billions of dollars and growing…
In our new report, we looked at DOD’s progress and spending on 24 critical IT business programs. These systems are responsible for behind-the-scenes operations in key areas like personnel, financial management, health care, and logistics.
During FY 2023-2025, the department planned to spend $10.9 billion on these programs. Within these plans, four systems account for 43% of spending.
DOD Planned Costs for 24 IT Business Systems, FY 2023-2025
Image
When we looked closely at DOD’s IT efforts, we found schedule delays and cost increases. Since January 2023, more than half of the 24 systems had reported cost or scheduling changes. Specifically,
- 7 systems reported schedule delays
- 12 systems reported cost increases
- 10 systems were on time and budget
The most over budget system was the one DOD uses to track maintenance and repairs (the Maintenance Repair and Overhaul System). This system had seen a cost increase of $815.5 million since January 2023. DOD officials said the increased costs were due to increased capabilities.
The most delayed system was a financial management system meant to support improved accountability and decision-making of DOD components (meaning the Navy, Army, Air Force, Marines, and Space Force). It’s 4 years beyond DOD’s initial deployment schedule due to the department expanding its services to additional organizations and adding new capabilities.
For other systems, DOD gave various reasons for the cost and schedule delays. These included inflation in contractor prices, revised staffing estimates, and challenges associated with migrating to the cloud.
One significant impact of delays in modernizing DOD’s IT systems has been to its financial management. DOD’s business and financial systems are key to tracking spending across the department and its components. Lack of modernization of these systems has contributed to challenges in auditing DOD spending. As a result, DOD is the only major federal agency to not achieve a “clean” audit opinion from GAO.
Delays and cost increases are nothing new. DOD has been working to modernize its IT systems for more than 30 years with the goal of streamlining and improving its business and financial systems. And we regularly report on these efforts. Over time, we have seen the same or similar challenges that impede DOD’s efforts and cost taxpayers more money.
Delays and spending also have broader impacts than auditing DOD’s finances. They can jeopardize DOD’s national security and defense missions, as well as put service members and their families’ data at risk of being stolen. As a result, we added DOD's business systems modernization and financial management efforts to our High Risk List, where they have remained since 1995.
What can DOD do to improve its IT modernization efforts?
Our work on DOD’s modernization efforts includes a number of recommendations that would help the department meet deadlines and cost estimates.
For example, we think DOD should do more to track the performance of its efforts. Of the 19 business systems with active investments, we found that five didn’t collect or failed to report key performance metrics.
In one instance, a system DOD uses to track information for medical and deployed service members hadn’t reported required performance metrics. Not reporting on all performance areas makes it difficult to determine if these programs are achieving their intended goals. We recommended that DOD address these gaps in its reporting.
We also found that DOD hadn’t taken important steps to secure its systems against cyberattacks. Specifically, while most of the DOD’s business systems had undergone initial cybersecurity testing and assessment, some didn’t have a cybersecurity strategy in place.
Some systems also hadn’t taken action to meet federal requirements related to zero trust (a security framework) by DOD’s 2027 deadline. All of these issues put DOD’s business systems at risk from cybersecurity breaches. If this occurs, an attack could jeopardize sensitive information, including that about military service members and their families. We previously recommended that DOD address these gaps.
Learn more about DOD’s efforts to modernize its IT systems by reading our new report.
- GAO’s fact-based, nonpartisan information helps Congress and federal agencies improve government. The WatchBlog lets us contextualize GAO’s work a little more for the public. Check out more of our posts at GAO.gov/blog.
- Got a comment, question? Email us at blog@gao.gov.
GAO Contacts
Related Products
GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.
The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.
Please send any feedback on GAO's WatchBlog to blog@gao.gov.