DOD Business Systems Modernization

Longstanding Management and Oversight Weaknesses Continue to Put Investments at Risk Gao ID: GAO-03-553T March 31, 2003

The Department of Defense's (DOD) management of its business systems modernization program has been an area of longstanding concern to Congress and one that GAO has designated as high risk since 1995. Because of this concern, GAO was requested to testify on (1) DOD's current inventory of existing and new business systems and the amount of funding devoted to this inventory; (2) DOD's modernization management capabilities, including weaknesses and DOD's efforts to address them; and (3) GAO's collective recommendations for correcting these weaknesses and minimizing DOD's exposure to risk until they are corrected. In developing this testimony, GAO drew from its previously issued reports on DOD's business systems modernization efforts, including one released today on four key Defense Finance and Accounting Service (DFAS) projects.

As of October 2002, DOD reported that its business systems environment consisted of 1,731 systems and system acquisition projects spanning about 18 functional areas. This environment is the product of unrelated, stovepiped initiatives supporting nonstandard, duplicative business operations across DOD components. For fiscal year 2003, about $18 billion of DOD's IT funding relates to operating, maintaining, and modernizing these nonintegrated systems. To DOD's credit, it recognizes the need to modernize, eliminating as many of these systems as possible. The future of DOD's business systems modernization is fraught with risk because of longstanding and pervasive modernization weaknesses, three of which are discussed below. GAO's report on four DFAS systems highlights some of these weaknesses, and GAO's prior reports have identified the others. DOD has stated its commitment to addressing each and has efforts under way that are intended to do so. Lack of departmentwide enterprise architecture: DOD does not yet have an architecture, or blueprint, to guide and constrain its business system investments across the department. Nevertheless, DOD continues to spend billions of dollars on new and modified systems based the parochial needs and strategic direction of its component organizations. This will continue to result in systems that are duplicative, are not integrated, are unnecessarily costly to maintain and interface, and will not adequately address longstanding financial management problems. Lack of effective investment management: DOD does not yet have an effective approach to consistently selecting and controlling its investments as a portfolio of competing department options and within the context of an enterprise architecture. DOD is also not ensuring that it invests in each system incrementally and on the basis of reliable economic justification. For example, for the four DFAS projects, DOD spent millions of dollars without knowing whether the projects would produce value commensurate with costs and risks. Thus far, this has resulted in the termination of one of the projects after about $126 million and 7 years of effort was spent. Lack of effective oversight: DOD has not consistently overseen its system projects to ensure that they are delivering promised system capabilities and benefits on time and within budget. For example, for the four DFAS projects, oversight responsibility is shared by the DOD Comptroller, DFAS, and the DOD chief information officer. However, these oversight authorities have largely allowed the four to proceed unabated, even though each was experiencing significant cost increases, schedule delays, and/or capability and scope reductions and none were supported by adequate economic justification. As a result, DOD invested approximately $316 million in four projects that may not resolve the very financial management weaknesses that they were initiated to address.

GAO-03-553T, DOD Business Systems Modernization: Longstanding Management and Oversight Weaknesses Continue to Put Investments at Risk This is the accessible text file for GAO report number GAO-03-553T entitled 'DOD Business Systems Modernization: Longstanding Management and Oversight Weaknesses Continue to Put Investments at Risk' which was released on March 31, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products‘ accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. Testimony: Before the House Subcommittee on National Security, Emerging Threats, and International Relations, and Subcommittee on Technology, Information Policy, Intergovernmental Relations and Census, Government Reform Committee: United States General Accounting Office: GAO: For Release on Delivery Expected at 1 p.m. Monday, March 31, 2003: DOD Business Systems Modernization: Longstanding Management and Oversight Weaknesses Continue to Put Investments at Risk: Statement of Randolph C. Hite, Director: Information Technology Architecture and Systems Issues: Gregory D. Kutz, Director: Financial Management and Assurance: GAO-03-553T: Business Systems Modernization: GAO Highlights: Highlights of GAO-03-553T, a testimony to House Subcommittee on National Security, Emerging Threats, and International Relations, and Subcommittee on Technology, Information Policy, Intergovernmental Relations and Census, Government Reform Committee Why GAO Did This Study: The Department of Defense‘s (DOD) management of its business systems modernization program has been an area of longstanding concern to Congress and one that GAO has designated as high risk since 1995. Because of this concern, GAO was requested to testify on (1) DOD‘s current inventory of existing and new business systems and the amount of funding devoted to this inventory; (2) DOD‘s modernization management capabilities, including weaknesses and DOD‘s efforts to address them; and (3) GAO‘s collective recommendations for correcting these weaknesses and minimizing DOD‘s exposure to risk until they are corrected. In developing this testimony, GAO drew from its previously issued reports on DOD‘s business systems modernization efforts, including one released today on four key Defense Finance and Accounting Service (DFAS) projects. What GAO Found: As of October 2002, DOD reported that its business systems environment consisted of 1,731 systems and system acquisition projects spanning about 18 functional areas. This environment is the product of unrelated, stovepiped initiatives supporting nonstandard, duplicative business operations across DOD components. For fiscal year 2003, about $18 billion of DOD‘s IT funding relates to operating, maintaining, and modernizing these nonintegrated systems. To DOD‘s credit, it recognizes the need to modernize, eliminating as many of these systems as possible. The future of DOD‘s business systems modernization is fraught with risk because of longstanding and pervasive modernization weaknesses, three of which are discussed below. GAO‘s report on four DFAS systems highlights some of these weaknesses, and GAO‘s prior reports have identified the others. DOD has stated its commitment to addressing each and has efforts under way that are intended to do so. Lack of departmentwide enterprise architecture: DOD does not yet have an architecture, or blueprint, to guide and constrain its business system investments across the department. Nevertheless, DOD continues to spend billions of dollars on new and modified systems based the parochial needs and strategic direction of its component organizations. This will continue to result in systems that are duplicative, are not integrated, are unnecessarily costly to maintain and interface, and will not adequately address longstanding financial management problems. Lack of effective investment management: DOD does not yet have an effective approach to consistently selecting and controlling its investments as a portfolio of competing department options and within the context of an enterprise architecture. DOD is also not ensuring that it invests in each system incrementally and on the basis of reliable economic justification. For example, for the four DFAS projects, DOD spent millions of dollars without knowing whether the projects would produce value commensurate with costs and risks. Thus far, this has resulted in the termination of one of the projects after about $126 million and 7 years of effort was spent. Lack of effective oversight: DOD has not consistently overseen its system projects to ensure that they are delivering promised system capabilities and benefits on time and within budget. For example, for the four DFAS projects, oversight responsibility is shared by the DOD Comptroller, DFAS, and the DOD chief information officer. However, these oversight authorities have largely allowed the four to proceed unabated, even though each was experiencing significant cost increases, schedule delays, and/or capability and scope reductions and none were supported by adequate economic justification. As a result, DOD invested approximately $316 million in four projects that may not resolve the very financial management weaknesses that they were initiated to address. What GAO Recommends GAO has previously made a series of recommendations related to putting in place (1) an enterprise architecture to guide and constrain system investments; (2) an investment management structure to ensure that systems are aligned with the architecture and economically justified and approved on an incremental basis; (3) effective oversight to ensure that project commitments are met; and (4) limited investment spending until these recommendations are implemented. www.gao.gov/cgi-bin/getrpt?GAO-03-553T. To view the full report, including the scope and methodology, click on the link above. For more information, contact Randolph C. Hite at (202) 512-5555 or hiter@gao.gov or Gregory D. Kutz at (202) 9505 or kutzg@gao.gov. [End of section] GAO-03-553T: Messrs. Chairmen and Ranking Members of the Subcommittees: We are pleased to be here today to discuss the Department of Defense‘s (DOD) management of its business systems[Footnote 1] modernization program, an area of longstanding concern to the Congress, and one that we first designated as a high risk program in 1995[Footnote 2] and continue to do so today.[Footnote 3] As we have said,[Footnote 4] DOD‘s existing systems cannot provide reliable financial data to support informed decisionmaking and promote accountability, thus leaving DOD at a high risk of fraud, waste, and abuse. In addition, we have said that DOD‘s business systems modernization will remain at risk until the department has implemented proven modernization management controls that are embodied in the Clinger-Cohen Act, federal guidance, and commercial best practices. These controls include investing in new and existing systems within the context of a departmentwide modernization blueprint, commonly called an enterprise architecture; investing in these systems in an incremental or modular fashion, and only when they can be economically justified on the basis of costs, benefits, and risks; and overseeing these system investments to ensure that they are delivering promised system capabilities and benefits on time and within budget. Last year, your hearing[Footnote 5] brought additional attention and focus to DOD‘s business systems modernization program. In our testimony at that hearing, we highlighted the department‘s modernization management weaknesses, and the department testified that it was committed to addressing each. Since then, DOD has begun a number of efforts to follow through on its stated commitment. For example, it plans to issue the first version of its enterprise architecture in May 2003, it is creating a new investment governance and oversight approach, and it is revising its system acquisition guidance. We view each of these as positive steps. However, the fact remains that today, with but isolated exceptions, DOD‘s management and oversight of its hundreds of new and existing system investments is largely unchanged from where it was last year. As a result, the $18 billion that DOD has designated for business systems in fiscal year 2003 continues to be at risk. In particular, our report that you are releasing today shows that for four key accounting system projects, DOD oversight has been limited and has allowed hundreds of millions of dollars to be spent without adequate economic justification.[Footnote 6] Thus far, this has resulted in one of these systems being terminated after about $126 million and 7 years of effort has been spent. As you requested, our testimony today discusses (1) DOD‘s current business systems environment, including a profile of (a) the number and types of systems that have proliferated over the years and (b) the enormous amounts of funding that are being spent to operate and maintain existing systems and to introduce new systems; (2) DOD‘s institutional modernization management weaknesses, including specific system investments that are at risk because of them, such as the above- mentioned accounting systems, and (3) a framework for overcoming these modernization management weaknesses and limiting DOD‘s exposure to investment risk until they are resolved, which is based on our open recommendations to the department. In developing this testimony, we drew from our previously issued reports on DOD‘s business systems modernization efforts, as well as the report being released today. DOD Is Investing Billions of Dollars Annually to Operate, Maintain, and Modernize Its Amalgamation of Business Systems: As part of its ongoing business systems modernization program, and consistent with our past recommendation,[Footnote 7] DOD has created an inventory of its existing and new business system investments. As of October 2002, DOD reported that this inventory consisted of 1,731[Footnote 8] systems and system acquisition projects across DOD‘s functional areas. In particular, DOD reported that it had 374 separate systems to support its civilian and military personnel function, 335 systems to perform finance and accounting functions, and 221 systems that support inventory management. Table 1 presents the composition of DOD business systems by functional area. Table 1: Reported DOD Business Systems by Functional Area: [See PDF for image] Source: DOD Business Modernization Systems Integration Office. [A] There are 29 reported duplications within the DOD inventory (e.g., systems shown in multiple functional areas). Taking this duplication into account provides the reported 1,731 business systems. Note: More recent DOD data indicate that the number of systems is 2,114. [End of table] As we have previously reported,[Footnote 9] this systems environment is not the result of a systematic and coordinated departmentwide strategy, but rather is the product of unrelated, stovepiped initiatives to support a set of business operations that are nonstandard and duplicative across DOD components. Consequently, DOD‘s amalgamation of systems is characterized by (1) multiple systems performing the same tasks; (2) the same data stored in multiple systems; (3) manual data entry and reentry into multiple systems; and (4) extensive data translations and interfaces, each of which increases costs and limits data integrity. Further, as we have reported, these systems do not produce reliable financial data to support managerial decisionmaking and ensure accountability. To the department‘s credit, it recognizes the need to eliminate as many systems as possible and integrate and standardize those that remain. In fact, three of the four Defense Finance and Accounting Service (DFAS) projects that are the subject of the report being released today were collectively intended to reduce or eliminate all or part of 17 different systems that perform similar functions. For example, * the Defense Procurement Payment System (DPPS) was intended to consolidate eight contract and vendor pay systems; * the Defense Departmental Reporting System (DDRS) is intended to reduce the number of departmental financial reporting systems from seven to one; and: * the Defense Standard Disbursing System (DSDS) is intended to eliminate four different disbursing systems. The fourth system, the DFAS Corporate Database/Corporate Warehouse (DCD/DCW),[Footnote 10] is intended to serve as the single DFAS data store, meaning it would contain all DOD financial information required by DFAS and be the central point for all shared data within DFAS. For fiscal year 2003, DOD has requested approximately $26 billion in IT funding to support a wide range of military operations and business functions. This $26 billion is spread across the military services and defense agencies--each receiving its own allocation of IT funding. The $26 billion supports three categories of IT--business systems, business systems infrastructure, and national security systems--the first two of which comprise the earlier cited 1,731 new and existing business systems projects. At last year‘s hearing, DOD was asked about the makeup of its $26 billion in IT funding, including what amounts relate to business systems and related infrastructure, at which time answers were unavailable. As we are providing in the report being released today and as shown in figure 1, approximately $18 billion--about $5.2 billion for business systems and $12.8 billion for business systems infrastructure- -relates to the operation, maintenance, and modernization of the 1,731 business systems that DOD reported having in October 2002. Figure 2 provides the allocation of DOD‘s business systems modernization budget for fiscal year 2003 budget by component. Figure 1: Allocation of DOD‘s Fiscal Year 2003 Information Technology (IT) Budget: [See PDF for image] [End of figure] Figure 2: Proposed Allocation of DOD‘s Fiscal Year 2003 Business Systems Modernization Budget by Component (dollars in billions): [See PDF for image] [End of figure] However, recognizing the need to modernize and making funds available are not sufficient for improving DOD‘s current systems environment. Our research of successful modernization programs in public and private- sector organizations, as well as our reviews of these programs in various federal agencies, has identified a number of IT disciplines that are necessary for successful modernization. These disciplines include having and implementing (1) an enterprise architecture to guide and constrain systems investments; (2) an investment management process to ensure that systems are invested in incrementally, are aligned with the enterprise architecture, and are justified on the basis of cost, benefits, and risks; and (3) a project oversight process to ensure that project commitments are being met and that needed corrective action is taken. These institutionalized disciplines have been long missing at DOD, and their absence is a primary reason for the system environment described above. Key Modernization Management Weaknesses Continue, But DOD Plans to Correct Them: The future of DOD‘s business systems modernization is fraught with risk, in part because of longstanding and pervasive modernization management weaknesses. As we have reported, these weaknesses include (1) lack of an enterprise architecture; (2) inadequate institutional and project-level investment management processes; and (3) limited oversight of projects‘ delivery of promised system capabilities and benefits on time and within budget. To DOD‘s credit, it recognizes the need to address each of these weaknesses and has committed to doing so. DOD Is Developing, But Still Is Without, a Departmentwide Enterprise Architecture: Effectively managing a large and complex endeavor requires, among other things, a well-defined and enforced blueprint for operational and technological change, commonly referred to as an enterprise architecture. Developing, maintaining, and using architectures is a leading practice in engineering both individual systems and entire enterprises. Government-wide requirements for having and using architectures to guide and constrain IT investment decisionmaking are also addressed in federal law and guidance.[Footnote 11] Our experience has shown that attempting a major systems modernization program without a complete and enforceable enterprise architecture results in systems that are duplicative, are not well integrated, are unnecessarily costly to maintain and interface, do not ensure basic financial accountability, and do not effectively optimize mission performance.[Footnote 12] In May 2001,[Footnote 13] we reported that DOD had neither an enterprise architecture for its financial and financial-related business operations nor the management structure, processes, and controls in place to effectively develop and implement one. Further, we stated that DOD‘s plans to continue spending billions of dollars on new and modified systems independently from one another, and outside the context of a departmental modernization blueprint, would result in more systems that are duplicative, noninteroperable, and unnecessarily costly to maintain and interface; moreover, they would not address longstanding financial management problems. To assist the department, we provided a set of recommendations on how DOD should approach developing its enterprise architecture. In September 2002, the Secretary of Defense designated improving financial management operations (including such business areas as logistics, acquisition, and personnel management) as one of the department‘s top 10 priorities. In addition, the Secretary established a program to develop an enterprise architecture, and DOD plans to have the architecture developed by May 2003. Subsequently, the National Defense Authorization Act for Fiscal Year 2003 directed DOD to develop, by May 1, 2003, an enterprise architecture, including a transition plan for its implementation.[Footnote 14] The act also defined the scope and content of the enterprise architecture and directed us to submit to congressional defense committees an assessment of DOD‘s actions to develop the architecture and transition plan no later than 60 days after their approval. Finally, the act prohibited DOD from obligating more than $1 million on any financial systems improvement until the DOD comptroller makes a determination regarding the necessity or suitability of such an investment. In our February 2003 report[Footnote 15] on DOD enterprise architecture efforts, we stated our support for the Secretary‘s decision to develop the architecture and recognized that DOD‘s architecture plans were challenging and ambitious. However, we also stated that despite taking a number of positive steps toward its architecture goals, such as establishing a program office responsible for managing the enterprise architecture, the department had yet to implement several key recommendations and certain leading practices for developing and implementing architectures. For example, DOD had yet to (1) establish the requisite architecture development governance structure needed to ensure that ownership of and accountability for the architecture is vested with senior leaders across the department; (2) develop and implement a strategy to effectively communicate the purpose and scope, approach to, and roles and responsibilities of stakeholders in developing the enterprise architecture; and (3) fully define and implement an independent quality assurance process. We concluded that not implementing these recommendations and practices increased DOD‘s risk of developing an architecture that would be limited in scope, would be resisted by those responsible for implementing it, and would not support effective systems modernization. To assist the department, we made additional recommendations with which DOD agreed. We plan to continue reviewing DOD‘s efforts to develop and implement this architecture pursuant to our mandate under the fiscal year 2003 defense authorization act. DOD Has Yet to Implement Effective Investment Management Processes: The Clinger-Cohen Act, federal guidance, and recognized best practices provide a framework for organizations to follow to effectively manage their IT investments. Collectively, this framework addresses IT investment management at the institutional or corporate level, as well as the individual project or system level. The former involves having a single, corporate approach governing how the organization‘s portfolio of IT investments is selected, controlled, and evaluated across its various components, including assuring that each investment is aligned with the organization‘s enterprise architecture. The latter involves having a system/project-specific investment approach that provides for making investment decisions incrementally and ensuring that these decisions are economically justified on the basis of current and credible analyses. Corporate investment management approach: DOD has yet to establish and implement an effective departmentwide approach to managing its business systems investment portfolio. In May 2001,[Footnote 16] we reported that DOD did not have a departmentwide IT investment management process through which to assure that its enterprise architecture, once developed, could be effectively implemented. We therefore recommended that DOD establish a system investment selection and control process that treats compliance with the architecture as an explicit condition to meet at key decision points in the system‘s life cycle and that can be waived only if justified by compelling written analysis.[Footnote 17] Subsequently, in February 2003, we reported that DOD had not yet established the necessary departmental investment management structure and process controls needed to adequately align ongoing investments with its architectural goals and direction.[Footnote 18] Instead, the department continued to allow its component organizations to make their own parochial investment decisions, following different approaches and criteria. In particular, DOD had not established and applied common investment criteria to its ongoing IT system projects using a hierarchy of investment review and funding decisionmaking bodies, each composed of representatives from across the department. DOD also had not yet conducted a comprehensive review of its ongoing IT investments to ensure that they were consistent with its architecture development efforts. We concluded that until it takes these steps, DOD will likely continue to lack effective control over the billions of dollars it is currently spending on IT projects. To address this, we recommended that DOD create a departmentwide investment review board with the responsibility and authority to (1) select and control all DOD financial management investments and (2) ensure that its investment decisions treat compliance with the financial management enterprise architecture as an explicit condition for investment approval that can be waived only if justified by a compelling written analysis. DOD concurred with our recommendations and is taking steps to address them. Project/system-specific investment management: DOD has yet to ensure that its investments in all individual systems or projects are economically justified and that it is investing in each incrementally. In particular, none of the four DFAS projects addressed in the report being issued today had current and reliable economic justifications to demonstrate that they would produce value commensurate with the costs and risks being incurred. For example, we found that although DCD was initiated to contain all DOD financial data required by DFAS systems, planned DCD capabilities had since been drastically reduced. Despite this, DFAS planned to continue investing in DCD/DCW without having an economic justification showing whether its revised plans were cost effective. Moreover, DOD planned to continue investing in the three other projects even though none had current economic analyses that reflected material changes to costs, schedules, and/or expected benefits since the projects‘ inception. For example, the economic analysis for DSDS had not been updated to reflect material changes in the project, such as changing the date for full operational capability from February 2003 to December 2005--a schedule change of almost 3 years that affected delivery of promised benefits. Similarly, the DPPS economic analysis had not been updated to recognize an estimated cost increase of $274 million and schedule slip of almost 4 years. After recently reviewing this project‘s change in circumstances, the DOD Comptroller terminated DPPS after 7 years of effort and an investment of over $126 million, citing poor program performance and increasing costs. Table 2 highlights the four projects‘ estimated cost increases and schedule delays. Table 2: Reported Cost Increases and Schedule Delays for the Four Pojects (Dollars in Millions): [See PDF for image] Source: GAO, based on information provided by DFAS. [A] Full operational capability means the system is deployed and operating at all intended locations. [B] When DFAS initiated DCW in July 2000, a full operational capability date was not established. The current full operational capability date applies to both DCD and DCW since they were combined into one program in November 2000. [C] DSDS began in 1997; however, a cost estimate was not developed until September 2000 and this estimate has not been updated. [End of table] Our work on other DOD projects has shown a similar absence of current and reliable economic justification for further system investment. For example, we reported that DOD‘s ongoing and planned investment in its Standard Procurement System (SPS)[Footnote 19] was based on an outdated and unreliable economic analysis, and even this flawed analysis did not show that the system was cost beneficial, as defined. As a result, we recommended that investment in future releases or major enhancements to the system be made conditional on the department‘s first demonstrating that the system was producing benefits that exceeded costs and that future investment decisions be made on the basis of complete and reliable economic justifications. DOD is currently in the process of addressing this recommendation. Beyond not having current and reliable economic analyses for its projects, DOD has yet to adopt an incremental approach to economically justifying and investing in all system projects. For example, we have reported that although DOD had divided its multiyear, billion-dollar SPS project into a series of incremental releases, it had not treated each of these increments as a separate investment decision.[Footnote 20] Such an incremental approach to system investment helps to prevent discovering too late that a given project is not cost beneficial. However, rather than adopt an incremental approach to SPS investment management, the department chose to treat investment in SPS as one, monolithic investment decision, justified by a single, all-or-nothing economic analysis. This approach to investing in large systems, like SPS, has proven ineffective in other federal agencies, resulting in huge sums being invested in systems that do not provide commensurate value, and thus has been abandoned by successful organizations. We also recently reported that while DOD‘s Composite Health Care System II had been structured into a series of seven increments (releases), the department had not treated the releases to date as separate investment decisions supported by incremental economic justification.[Footnote 21] In response to our recommendations, DOD committed to changing its strategy for future releases to include economically justifying each release before investing in and verifying each release‘s benefits and costs after deployment. Effective Oversight of IT Projects Remains an Unanswered Challenge: The Clinger-Cohen Act of 1996 and federal guidance[Footnote 22] emphasize the need to ensure that IT projects are being implemented at acceptable costs and within reasonable and expected timeframes and that they are contributing to tangible, observable improvements in mission performance (that is, that projects are meeting the cost, schedule, and performance commitments upon which their approval was justified). They also emphasize the need to regularly determine each project‘s progress toward expectations and commitments and to take appropriate action to address deviations. Our work on specific DOD projects has shown that such oversight does not always occur, a multi-example case in point being the four DFAS accounting system projects that are the subject of our report being released today.[Footnote 23] For these four projects, oversight responsibility was shared by the DOD comptroller, DFAS, and the DOD chief information officer (CIO). However, these oversight authorities have not ensured, in each case, that the requisite analytical basis for making informed investment decisions was prepared. Moreover, they have not regularly monitored system progress toward expectations so that timely action could have been taken to correct deviations, even though each case had experienced significant cost increases and schedule delays (see table 2). Their respective oversight activities are summarized below: DOD Comptroller--Oversight responsibility for DFAS activities, including system investments, rests with the DOD Comptroller. However, DOD Comptroller officials were not only unaware of cost increases and schedule delays on these four projects, they also told us that they do not review DFAS system investments to ensure that they are meeting cost, schedule, and performance commitments because this is DFAS‘s responsibility. DFAS--This DOD agency has established an investment committee to, among other things, oversee its system investments.[Footnote 24] However, the committee could not provide us with any evidence demonstrating meaningful oversight of these four projects, nor could it provide us with any guidance describing the committee‘s role, responsibilities, and authorities, and how it oversees projects. DOD CIO--Oversight of the department‘s ’major“ IT projects, of which two of the four DFAS projects (DCD/DCW and DPPS) qualify, is the responsibility of DOD‘s CIO. However, this organization did not adequately fulfill this responsibility on either project because, according to DOD CIO officials, they have little practical authority in influencing component agency-funded IT projects. Thus, the bad news is that these three oversight authorities have jointly permitted approximately $316 million to be spent on the four accounting system projects without knowing if material changes to the projects‘ scopes, costs, benefits, and risks warranted continued investment. The good news is that the DOD Comptroller recently terminated one of the four (DPPS), thereby avoiding throwing good money after bad, and DOD has agreed to implement the recommendations contained in our report released today, which calls for DOD to demonstrate that the remaining three projects will produce benefits that exceed costs before further investing in each. Our work on other DOD projects has shown similar voids in oversight. For example, we reported that SPS‘s full implementation date slipped by 3 � years, with further delays expected, and the system‘s life-cycle costs grew by 23 percent, from $3 billion to $3.7 billion.[Footnote 25] However, none of the oversight authorities responsible for this project, including the DOD CIO, had required that the economic analysis be updated to reflect these changes and thereby provide a basis for informed decisionmaking on the project‘s future. To address this issue, we recommended, among other things, that the lines of oversight responsibility and accountability of the project be clarified and that further investment in SPS be limited until such investment could be justified. DOD has taken steps to address some of our recommendations. For example, it has clarified organizational accountability and responsibility for the program. However, much remains to be done before the department will be able to make informed, data-driven decisions about whether further investment in the system is justified. Our Recommendations Provide a Roadmap for Improving Management of Business Systems Modernization: We have made numerous recommendations to DOD that collectively provide a valuable roadmap for improvement as the department attempts to create the management infrastructure needed to effectively undertake a massive business systems modernization program. This collection of recommendations is not without precedent, as we have provided similar ones to other federal agencies, such as the Federal Aviation Administration, the Internal Revenue Service, and the former U.S. Customs Service, to aid them in building their respective capacities for managing modernization programs. In cases where these recommendations have been implemented properly, we have observed improved modernization management and accountability. Our framework for DOD provides for developing a well-defined and enforceable DOD-wide enterprise architecture to guide and constrain the department‘s business system investments, including specific recommendations for successfully accomplishing this, such as creating an enterprise architecture executive committee whose members are singularly and collectively responsible and accountable for delivery and approval of the architecture and a proactive enterprise architecture marketing and communication program to facilitate stakeholder understanding, buy-in, and commitment to the architecture. Our recommendations also provide for establishing a DOD-wide investment decisionmaking structure that consists of a hierarchy of investment boards that are responsible for ensuring that projects meet defined threshold criteria and for reviewing and deciding on projects‘ futures on the basis of a standard set of investment criteria, two of which are alignment with the enterprise architecture and return on investment. In addition, our recommendations include ensuring that return on investment is analytically supported by current and reliable economic analyses showing that benefits are commensurate with costs and risks, and that these analyses and associated investment decisions cover incremental parts of each system investment, rather than treating the system as one, all-or-nothing, monolithic pursuit. Further, our recommendations provide clear and explicit lines of accountability for project oversight and continuous monitoring and reporting of progress against commitments to ensure that promised system capabilities and benefits are being delivered on time and within budget. Until these recommended system modernization management capabilities are in place and effectively functioning, our recommendations also provide for minimizing the department‘s exposure to investment risk by limiting its investment in new and existing systems to only projects that (1) have successfully completed testing and involve little additional investment; (2) are ’stay-in-business“ in nature, meaning that they involve maintenance actions needed to keep a system operational; (3) are congressionally directed; or (4) are relatively small, cost-effective, low-risk, and can be delivered within a short timeframe. In summary, the state of DOD‘s business systems environment, coupled with the billions of dollars that DOD spends each year on both existing and new systems, makes a compelling argument for modernizing, but only in a way that ensures that the department does the right thing, and that it does it the right way. Historically, the department‘s approach to its business systems modernization has not provided for either. Moreover, while the department‘s leadership has stated its commitment to improving, and it has begun efforts on a number of fronts to improve, DOD still is investing in systems in much the same manner that it has for years. This is demonstrated by our testimony today, along with our just-released report on four DFAS system investments and our recent reports on a number of modernization management topics and other DOD system investments. It is therefore imperative, in our view, that DOD move swiftly in implementing our collective set of recommendations aimed at improving its capacity to manage its business systems modernization program. While DOD has largely agreed with these recommendations and has efforts under way intended to implement them, until it does, it will be at high risk of spending billions of dollars on systems that do not support effective and efficient business operations and are unable to provide timely and reliable information for decisionmaking. Mr. Chairmen, this concludes our statement. We would be pleased to answer any questions you or Members of the subcommittees may have at this time. Contacts and Acknowledgement: If you or your staff have any questions on matters discussed in this testimony, please contact Randolph C. Hite at (202) 512-3439 or hiter@gao.gov or Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov. Individuals making key contributions to this testimony include Beatrice Alff, Sophia Harrison, Tonia L. Johnson, Darby Smith, and Jenniffer Wilson. FOOTNOTES [1] Business systems include those that are used to support civilian personnel, finance, health, logistics, military personnel, procurement, and transportation. [2] U.S. General Accounting Office, High-Risk Series: An Overview, GAO- HR-95-263 (Washington, D.C.: February 1995). [3] U.S. General Accounting Office, High-Risk Series: An Update, GAO- 03-119 (Washington, D.C.: January 2003). [4] U.S. General Accounting Office, DOD Business Systems Modernization: Improvements to Enterprise Architecture Development and Implementation Efforts Needed, GAO-03-458 (Washington, D.C.: Feb. 28, 2003) and Information Technology: Architecture Needed to Guide Modernization of DOD‘s Financial Operations, GAO-01-525 (Washington, D.C.: May 17, 2001). [5] U.S. General Accounting Office, DOD Financial Management: Important Steps Underway But Reform Will Require a Long-term Commitment, GAO-02- 784T (Washington, D. C.: June 4, 2002). [6] U.S. General Accounting Office, DOD Business Systems Modernization: Continued Investment in Key Accounting Systems Needs to be Justified, GAO-03-465 (Washington, D.C.: Mar. 28, 2003). [7] U.S. General Accounting Office, Financial Management: DOD Improvement Plan Needs Strategic Focus, GAO-01-764 (Washington, D.C.: Aug. 17, 2001). [8] DOD continues to refine its inventory of systems. More recent data indicate that the total number of systems is 2,114. [9] GAO-02-784T. [10] Originally, these were two separate projects, the DFAS Corporate Database and Corporate Warehouse. [11] Clinger-Cohen Act of 1996, P.L. 104-106; Office of Management and Budget Circular A-130, Management of Federal Information Resources (Nov. 30, 2000); A Practical Guide to Federal Enterprise Architectures, Version 1.0, Chief Information Officers Council (February 2001); and Federal Enterprise Architecture Framework, Version 1.1, Chief Information Officers Council (September 1999). [12] U.S. General Accounting Office, Air Traffic Control: Complete and Enforced Architecture Needed for FAA Systems Modernization, GAO/AIMD- 97-30 (Washington, D.C.: Feb. 3, 1997) and Customs Service Modernization: Architecture Must Be Complete and Enforced to Effectively Build and Maintain Systems, GAO/AIMD-98-70 (Washington, D.C.: May 5, 1998). [13] GAO-01-525. [14] Section 1004 of Public Law 107-314. [15] GAO-03-458. [16] GAO-01-525. [17] The Defense Appropriation Act for Fiscal Year 2003, P.L. 107-248, prohibits the use of funds appropriated by that act for a mission- critical or mission-essential financial management IT system that is not registered with the chief information officer of DOD. [18] GAO-03-458. [19] SPS is intended to replace 76 existing procurement systems with a single departmentwide system to more effectively support divergent contracting processes and procedures across its component organizations. [20] U.S. General Accounting Office, DOD Systems Modernization: Continued Investment in Standard Procurement System Has Not Been Justified, GAO-01-682 (Washington, D.C.: July 31, 2001) and DOD‘s Standard Procurement System: Continued Investment Has Yet to Be Justified, GAO-02-392T (Washington, D.C.: Feb. 7, 2002). [21] U.S. General Accounting Office, Information Technology: Greater Use of Best Practices Can Reduce Risks in Acquiring Defense Health Care System, GAO-02-345 (Washington, D.C.: Sept. 26, 2002). [22] Clinger-Cohen Act of 1996, Public Law 104-106; Office of Management and Budget (OMB) Circular A-130 (Nov. 30, 2000); U.S. General Accounting Office, Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity (Exposure Draft) GAO/AIMD-10.1.23 (Washington, D.C.: May 2000). [23] GAO-03-465. [24] Chief Information Officers/Business Integration Executive Council. [25] GAO-02-392T.