Business Systems Modernization
Summary of GAO's Assessment of the Department of Defense's Initial Business Enterprise Architecture
Gao ID: GAO-03-877R July 7, 2003
The Department of Defense (DOD) faces financial and related management problems that are pervasive, complex, long-standing, and deeply rooted in virtually all business operations throughout the department. These problems have impeded the department's ability to provide complete, reliable, and timely business information to the Congress, DOD managers, and other decision makers. Of the 25 areas on our governmentwide "high-risk" list, 6 are DOD program areas, and the department shares responsibility for 3 other high-risk areas that are governmentwide in scope. DOD's problems in each of these areas hinder the efficiency of operations, and leave the department vulnerable to fraud, waste, and abuse. For fiscal year 2003, DOD's information technology (IT) budget request was over $26 billion. More specifically, to support its business operations, DOD reports that it currently relies on about 2,300 systems, including accounting, acquisition, logistics, and personnel systems that will cost about $18 billion--nearly $5.2 billion for business systems and $12.8 billion primarily for business systems infrastructure--in fiscal year 2003 to operate, maintain, and modernize. As we have previously reported, this environment was not designed to be, but rather has evolved into, an overly complex and error-prone environment, including (1) little standardization across DOD, (2) multiple systems performing the same tasks, (3) the same data stored in multiple systems, and (4) manual data entry into multiple systems.
As GAO reported in February 2003, DOD undertook a challenging and ambitious task--to develop within 1 year a departmentwide architecture for modernizing its current financial and business operations and systems. Thus far, DOD has expended tremendous effort and resources and made important progress in complying with the legislative requirements aimed at developing and effectively implementing a well-defined enterprise architecture. Further, DOD's initial version of its business enterprise architecture provides a foundation from which to build and ultimately produce a well-defined business enterprise architecture. However, the initial version does not adequately address the act's requirements and other relevant architectural requirements. For example, the architecture does not adequately describe the accounting and financial management requirements and the logical database model, which includes data standards and is used to guide the creation of the physical databases where information will be stored. Moreover, DOD has yet to implement an effective investment management process for controlling ongoing and planned business system improvements, including one that meets the act's requirements for ensuring that obligations in excess of $1 million are consistent with the architecture and the transition plan. Collectively, this means that DOD has taken a positive first step, but much remains to be accomplished before DOD will have the kind of blueprint and associated investment controls to successfully modernize its business operations and supporting systems. DOD's position is that, to varying degrees, the initial version of its architecture fully satisfies the act's requirements, but it also recognizes that the architecture needs to be expanded and extended to provide a sufficient basis for guiding and constraining investment decisions. DOD's position is also that it has taken steps to implement the act's requirements regarding approving system investments but that it needs to do more to effectively select and control system investments. DOD attributes the current state of its architecture and investment management processes to the limited time it has had to define and implement each, in part because it was overly optimistic in estimating what it could deliver by May 1, 2003. Until DOD develops and provides for effective implementation of a well-defined enterprise architecture, its ability to modernize its business and systems environments in a way that minimizes risk and maximizes return on investment will be severely hindered.
GAO-03-877R, Business Systems Modernization: Summary of GAO's Assessment of the Department of Defense's Initial Business Enterprise Architecture
This is the accessible text file for GAO report number GAO-03-877R
entitled 'Business Systems Modernization: Summary of GAO's Assessment
of the Department of Defense's Initial Business Enterprise
Architecture' which was released on July 07, 2003.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
July 7, 2003:
Congressional Committees:
Subject: Business Systems Modernization: Summary of GAO's Assessment of
the Department of Defense's Initial Business Enterprise Architecture
(GAO-03-877R):
The Department of Defense (DOD) faces financial and related management
problems that are pervasive, complex, long-standing, and deeply rooted
in virtually all business operations throughout the department. These
problems have impeded the department's ability to provide complete,
reliable, and timely business information to the Congress, DOD
managers, and other decision makers. Of the 25 areas on our
governmentwide "high-risk" list, 6 are DOD program areas, and the
department shares responsibility for 3 other high-risk areas that are
governmentwide in scope.[Footnote 1] DOD's problems in each of these
areas hinder the efficiency of operations, and leave the department
vulnerable to fraud, waste, and abuse.
For fiscal year 2003, DOD's information technology (IT) budget request
was over $26 billion. More specifically, to support its business
operations, DOD reports that it currently relies on about 2,300
systems, including accounting, acquisition, logistics, and personnel
systems that will cost about $18 billion--nearly $5.2 billion for
business systems[Footnote 2] and $12.8 billion primarily for business
systems infrastructure--in fiscal year 2003 to operate, maintain, and
modernize. As we have previously reported,[Footnote 3] this environment
was not designed to be, but rather has evolved into, an overly complex
and error-prone environment, including (1) little standardization
across DOD, (2) multiple systems performing the same tasks, (3) the
same data stored in multiple systems, and (4) manual data entry into
multiple systems.
One of the seven key elements we have reported[Footnote 4] as necessary
to successfully reform DOD's financial and related management
challenges is establishing and implementing an enterprise architecture,
or modernization blueprint. In May 2001,[Footnote 5] we recommended
that DOD develop, maintain, and implement an enterprise architecture to
modernize its financial management operations and systems across the
department. Subsequently, in its fiscal year 2002 Performance and
Accountability Report, DOD acknowledged that deficiencies in its
business systems hindered the department's ability to collect and
report financial and performance information that is accurate,
reliable, and timely. The report noted that to address its systemic
problems and assist in the transformation of the department's business
operations, the department had undertaken the development and
implementation of a business enterprise architecture.
An enterprise architecture provides a clear and comprehensive picture
of an entity, whether it is an organization (e.g., federal department
or agency) or a functional or mission area that cuts across more than
one organization (e.g., financial management). This picture consists of
snapshots of both the enterprise's current or "As Is" operational and
technological environment and its target or "To Be" environment, as
well as a capital investment road map for transitioning from the
current to the target environment. These snapshots further consist of
"views," which are basically one or more architecture products that
provide conceptual or logical representations of the enterprise.
The National Defense Authorization Act for Fiscal Year 2003[Footnote 6]
required DOD to develop, by May 1, 2003, a financial management
enterprise architecture[Footnote 7] and a transition plan for
implementing the architecture to meet certain requirements. The act
also requires DOD to control expenditures for financial system
improvements while the architecture and transition plan are being
developed and after they are completed. The act states that the
enterprise architecture shall describe an information infrastructure
that, at a minimum, would enable DOD to achieve certain capabilities,
such as complying with all federal accounting, financial management,
and reporting requirements. The act also requires development of a
transition plan for implementing the enterprise architecture that
includes, among other things, a schedule for phasing out existing
financial management systems that will not become part of the "To Be"
environment. Finally, before the architecture and transition plan are
approved, the act requires DOD to review proposed obligations of funds
in amounts exceeding $1 million for financial system improvements to
determine if they meet specific conditions called for in the act. Once
the architecture and transition plan are approved, the act requires DOD
to ensure that financial system investments are consistent with the
architecture and the transition plan.
The act directs us to submit to congressional defense committees,
within 60 days of DOD's approval of its enterprise architecture and its
transition plan, an assessment of DOD's actions taken to comply with
these requirements. (See enc. I for a copy of section 1004 of the act.)
As agreed with your offices, our objectives were to determine (1) the
extent to which DOD's actions complied with the requirements of the act
and (2) DOD's plans for further development and implementation of its
enterprise architecture. This report transmits a summary of the results
of our assessment as well as a brief discussion of our key
observations. (See enc. II for a summary of our assessment approach.)
We plan to issue a more detailed report of our assessment results,
including conclusions and specific recommendations. We performed our
work from March 2003 through June 2003 in accordance with U.S.
generally accepted government auditing standards. On June 30, 2003, DOD
provided us with written comments on a draft of this report, which are
addressed in the "Agency Comments and our Evaluation" section and are
reprinted in enclosure III.
Summary of Observations:
As we reported in February 2003,[Footnote 8] DOD undertook a
challenging and ambitious task--to develop within 1 year a
departmentwide architecture for modernizing its current financial and
business operations and systems. Thus far, DOD has expended tremendous
effort and resources and made important progress in complying with the
legislative requirements aimed at developing and effectively
implementing a well-defined enterprise architecture. Further, DOD's
initial version of its business enterprise architecture provides a
foundation from which to build and ultimately produce a well-defined
business enterprise architecture. However, the initial version does not
adequately address the act's requirements
and other relevant architectural requirements.[Footnote 9] For example,
the architecture does not adequately describe the accounting and
financial management requirements and the logical database model, which
includes data standards and is used to guide the creation of the
physical databases where information will be stored. Moreover, DOD has
yet to implement an effective investment management process for
controlling ongoing and planned business system improvements, including
one that meets the act's requirements for ensuring that obligations in
excess of $1 million are consistent with the architecture and the
transition plan. Collectively, this means that DOD has taken a positive
first step, but much remains to be accomplished before DOD will have
the kind of blueprint and associated investment controls to
successfully modernize its business operations and supporting systems.
DOD's position is that, to varying degrees, the initial version of its
architecture fully satisfies the act's requirements, but it also
recognizes that the architecture needs to be expanded and extended to
provide a sufficient basis for guiding and constraining investment
decisions. DOD's position is also that it has taken steps to implement
the act's requirements regarding approving system investments but that
it needs to do more to effectively select and control system
investments. DOD attributes the current state of its architecture and
investment management processes to the limited time it has had to
define and implement each, in part because it was overly optimistic in
estimating what it could deliver by May 1, 2003. Until DOD develops and
provides for effective implementation of a well-defined enterprise
architecture, its ability to modernize its business and systems
environments in a way that minimizes risk and maximizes return on
investment will be severely hindered.
Key Observations on Compliance with Enterprise Architecture
Requirements:
The department has established some of the architecture management
capabilities advocated by best practices and federal guidance.[Footnote
10] Among these are having a program office staffed with
representatives from across the DOD components, designating a chief
architect, and using an architecture development methodology and
automated tool. Further, it has adopted an incremental approach to
developing its architecture and, according to DOD, has approved an
initial version of its architecture that it intends to use as a
foundation upon which to build. The initial version includes a suite of
diagrams, tables, and other representations that describe, to varying
degrees, its "As Is" and "To Be" architectural environments. For
example, the "As Is" descriptions include an inventory of about 2,300
systems in operation or under development, and their characteristics,
that support DOD's current business operations. The "To Be"
descriptions address, to at least some degree, how DOD intends to
operate in the future, what information will be needed to support these
future operations, and what technology standards should govern the
design of future systems.
DOD has also incorporated many relevant federal accounting, financial
management, and reporting requirements from 152 federal sources in its
"To Be" architecture products. Of the total 4,000 external requirements
included in the initial architecture, our review of 1,767 Joint
Financial Management Improvement Program (JFMIP)[Footnote 11]
requirements, identified 340 (about 19 percent) that are not included
or adequately addressed. For example, federal accounting requirements
for recording revenue are not included. According to program officials,
critical external requirements are not included or adequately addressed
primarily because a fully functioning quality assurance process to
validate the requirements was not in place when the requirements were
elicited. As a result, the architecture's descriptions of certain
business processes, such as those associated with revenue accounting
and reporting, which include over $70 billion earned annually by DOD
working capital fund activities, are not yet sufficiently complete for
making informed decisions on systems. Department and contractor
officials agreed that these system requirements were either excluded or
not adequately addressed and stated that a subsequent version of the
architecture would include or modify the requirements.
Additionally, the "As Is" and "To Be" architecture products and the
transition plan do not include a number of items recommended by
relevant architectural guidance.[Footnote 12] Program officials agreed
that the initial version of the architecture does not contain the scope
and detail needed to acquire business system solutions for its "To Be"
environment. Program officials attribute this to DOD's being overly
optimistic in determining what it could develop by May 1, 2003. In an
effort to manage this expectation gap, DOD officials are using an
incremental approach for developing and implementing the architecture.
Specifically, the "As Is" view of the current architecture does not
include the following items:
descriptions of current business operations in terms of the entities/
people that perform the functions, processes, and activities, and the
locations where the functions, processes, and activities are performed;
data/information being used by the functions, processes, and
activities;
technology standards being employed;
security standards and tools being used; and:
performance metrics being used.
As a result, DOD does not have a sufficiently described picture of its
"As Is" environment to permit development of a meaningful and useful
transition plan that either identifies the proper sequence of changes
needed to move from its current operating environment to its future
target environment, or effectively provides for guiding and
constraining investments in modernized systems.
Additionally, the "To Be" view of the current architecture version does
not include the following items:
specific organization and location information, which defines the
entities/people that will perform the functions, processes, and
activities, and specifies where the functions, processes, and
activities will be performed;
physical descriptions of systems or applications to be developed or
acquired;
the physical infrastructure (e.g., hardware and systems software) that
will be needed to support the business systems; and:
the organizations that will be accountable for security and their roles
and responsibilities.
Further, we found that the logical database model, which includes data
standards and is used to guide the creation of the physical databases
where information will be stored, is not linked to a conceptual data
model. This raises concern regarding the utility of the logical model
in supporting information flows for business operations and systems.
As a result, the "To Be" environment lacks the details needed to
identify and plan for system solutions and operational change, and
enable DOD to routinely provide timely, accurate, and reliable
information for management decision making. In addition, the "To Be"
environment precludes the department from making informed system
investment decisions.
Aside from the "To Be" architecture's lack of detail, its structure is
difficult to navigate, thus constraining its ease of use and
understandability. For example, the architecture does not include user
instructions or guidance, and certain artifacts (e.g., diagrams) could
not be read on-line because there was no "zoom" capability enabling
enlargement. Further, specific content, such as the applicability of
security standards to specific security services, were difficult to
locate. While we were able to read certain artifacts and locate
specific content after extraordinary effort, it is reasonable to expect
that other users would also encounter difficulty navigating through the
architecture products. As a result, users may not have a good
understanding of the architecture's content for use in making informed
decisions.
The transition plan is also missing important items, such as:
a gap analysis identifying the needed changes to current business
processes and systems;
an identification of which of the 2,300 current business systems will
not become part of the "To Be" architecture as well as the time frames
for phasing out these systems;
a time-based strategy for replacing legacy systems, including
identification of intermediate (i.e., migration) systems that may be
temporarily needed; and:
a statement of resources (e.g., funding and staff) needed to transition
to the target environment.
As a result, DOD does not yet have a meaningful and reliable basis for
managing the disposition of its existing inventory of about 2,300
systems or for sequencing the introduction of modernized business
operations and supporting systems.
In June 2003,[Footnote 13] DOD's verification and validation contractor
also assessed the initial architecture against relevant best practices
to determine its quality. Consistent with our assessment, this
contractor reported that while DOD's architecture contained significant
content, it lacked the depth and detail needed to begin building and
implementing modernized systems and making operational changes.
Further, the contractor reported that the architecture was not easily
understandable and that its utility to stakeholders in system
acquisition planning was limited.
With regard to DOD's actions to control ongoing and planned business
systems investments, DOD has not yet defined and implemented an
effective approach to select and control business system investments
exceeding $1 million while the architecture is being developed and
after it is completed. Program officials stated that the department's
current approach to selecting and controlling business system
investments depends on the system owners coming forward with the
request for approval, and that it has not established the means to
determine which systems should be submitted for review. Program
officials acknowledge that the department, at a minimum, could use
DOD's IT budget documentation to proactively fulfill the act's
requirements and strengthen the investment management process. Since
enactment of the National Defense Authorization Act for Fiscal Year
2003, DOD has approved one business system improvement that met this $1
million threshold and is currently reviewing four others. Our analysis
of DOD's fiscal years 2003 and 2004 IT budget requests shows that over
200 systems in each year's budget, totaling about $4 billion per year,
could have resulted in obligations of funds that meet the $1 million
threshold. As a result, the vast majority of the billions of dollars
that DOD invests in business system improvements annually have not been
subject to the specific investment control process called for in the
act.
Key Observations on DOD's Plans for Evolving and Extending Its
Enterprise Architecture and for Improving Business System:
Investment Decision Making:
According to program officials and the initial version of the
transition plan, DOD intends to extend and evolve the architecture to
include missing scope and detail. However, it has not defined specific
plans outlining how this will be accomplished. Rather, DOD's current
plan is to develop a strategy for producing the next version of its
architecture and managing ongoing and planned investments. Among other
things, this strategy is to provide for:
* determining the resources needed to further develop the architecture;
* developing a methodology for integrating the architecture with other
internal and external architectures;
* establishing an approach for maintaining its existing systems
inventory; and:
* evaluating the architecture for completeness, accuracy, and
integration of end-to-end business processes and system functions.
In addition, DOD program documentation provides for initiating pilot
projects in the near term that are to demonstrate and implement a
portion of the architecture and be usable across the department.
However, DOD officials stated that the pilot projects are intended to
validate departmentwide business processes and not to implement
production systems. Because of these differing views of what the pilot
projects are intended to achieve, the purpose and scope of these
projects remain unclear and specific projects have yet to be selected.
If DOD intends for these projects to demonstrate or validate an
enterprisewide business process to address a current deficiency in
DOD's business operations and systems, such as the lack of common data
standards, these projects could help DOD improve its architecture and
thus may represent reasonable investments. However, if the pilot
projects are to be used to acquire and implement system solutions and
place them into production to achieve an operational capability, it is
unclear how DOD will ensure architecture alignment and manage the risk
associated with investing in even more systems before it has a well-
defined blueprint and an effective investment management process to
guide and control them.
With regard to DOD's plans for improving investment management
controls, DOD has a proposed governance concept that describes how and
by whom business transformation requirements identified by the
architecture will be implemented in the department. This proposal vests
domain owners (DOD business line representatives, such as those in
logistics, human resource management, and acquisition/procurement)
with the authority, responsibility, and accountability for business
transformation, extension and implementation of the architecture,
development and execution of the transition plan, and investment
portfolio management for their domains. However, it is not clear how
the proposed approach, including the act's requirements, will be
implemented. Further, it is not clear, given the incomplete state of
version 1.0 of the architecture (1) how the domain owners will ensure
consistency across domains for architecture extensions and changes and
(2) how the proposed approach will address our prior recommendations
for establishing a hierarchy of investment review boards that use an
explicit and common set of criteria for selecting, controlling, and
evaluating IT projects as a portfolio of competing investment options.
One criterion we recommended was to ensure consistency and compliance
with ongoing architecture development efforts.[Footnote 14] As a
result, the department does not have a critical structure in place to
effectively select and control its IT investments, and runs the risk of
continuing to invest in systems that perpetuate its existing
incompatible, duplicative, overly costly environment of about 2,300
business systems that do not optimally support mission performance.
Agency Comments and Our Evaluation:
In commenting on a draft of this report (reprinted in enc. III), DOD
generally agreed with our assessment of the department's initial
business enterprise architecture and recognized that "much work remains
to be done." It then described this work as beginning the transition
from its "As Is" environment to the "To Be" as defined in the
architecture. DOD stated that its approach for transitioning focuses on
reengineering its business processes incrementally and then selecting
business system solutions to implement the new methods and practices.
However, as we reported, the initial version of the architecture lacks
the scope and content needed to provide a sufficient frame of reference
for moving the department from its current operating environment to its
future target environment. Moreover, we stated in the report that DOD's
plans for extending and evolving the architecture have yet to be
adequately defined. While reengineering business processes is a logical
component of what needs to be done to evolve the architecture, our
report identifies many other aspects of the architecture, and the
transition, that need to be further defined before DOD will have a
sufficient basis for evaluating and selecting business system
solutions.
DOD's comments also recognized the need to manage and control its
ongoing and planned business system investments, and stated that it has
defined an approach for doing so in draft guidance and would use its
transformation governance structure to implement the investment
management process. This guidance is still in draft and DOD has not
provided it to us. Therefore, we could not determine whether it
addresses the limitations in the department's existing approach to
select and control its business system investments or the uncertainties
associated with its proposed investment governance approach, both of
which are discussed in this report.
Last, DOD's comments noted that the cost to operate, maintain, and
modernize its approximately 2,300 systems is about $5 billion and that
$13 billion provides infrastructure for all DOD systems and includes
spending on nonbusiness (e.g., command and control or intelligence)
systems. We do not agree. Specifically, our analysis of DOD's total IT
budget request for fiscal year 2003 shows approximately $26 billion, of
which $5 billion relates to the operation, maintenance, and
modernization of DOD's business systems; about $13 billion relates
primarily to the infrastructure to support these business systems; and
the remaining $8 billion relates primarily to command and control
systems, including the infrastructure to support these systems.
- - - - -:
We will be sending copies of this report to interested congressional
committees; the Director, Office of Management and Budget; the
Secretary of Defense; the Under Secretary of Defense (Comptroller); the
Assistant Secretary of Defense (Networks and Information Integration)/
Chief Information Officer; the Under Secretary of Defense (Acquisition,
Technology, and Logistics); the Under Secretary of Defense (Personnel
and Readiness); and the Director, Defense Finance and Accounting
Service. This report will also be available at no charge on our Web
site at http://www.gao.gov.
If you have any questions concerning this information, please contact
Gregory Kutz at (202) 512-9095 or kutzg@gao.gov or Randolph Hite at
(202) 512-3439 or hiter@gao.gov. GAO contacts and key contributors to
this report are listed in enclosure IV.
Gregory D. Kutz:
Director, Financial Management and Assurance:
Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
Signed by Gregory D. Kutz and Randolph C. Hite
Enclosures:
List of Committees:
The Honorable Ted Stevens:
Chairman:
The Honorable Robert C. Byrd:
Ranking Minority Member:
Committee on Appropriations:
United States Senate:
The Honorable John W. Warner:
Chairman:
The Honorable Carl Levin:
Ranking Minority Member:
Committee on Armed Services:
United States Senate:
The Honorable C.W. Bill Young:
Chairman:
The Honorable David R. Obey:
Ranking Minority Member:
Committee on Appropriations:
House of Representatives:
The Honorable Duncan Hunter:
Chairman:
The Honorable Ike Skelton:
Ranking Minority Member:
Committee on Armed Services:
House of Representatives:
The Honorable Jim Saxton:
Chairman:
The Honorable Martin T. Meehan:
Ranking Minority Member:
Subcommittee on Terrorism, Unconventional Threats and Capabilities:
Committee on Armed Services:
House of Representatives:
Enclosure I:
SEC. 1004. [of Public Law 107-314] DEVELOPMENT AND IMPLEMENTATION OF
FINANCIAL MANAGEMENT ENTERPRISE ARCHITECTURE:
(a) REQUIREMENT FOR ENTERPRISE ARCHITECTURE AND FOR TRANSITION PLAN--:
Not later than May 1, 2003, the Secretary of Defense shall develop--:
(1) a financial management enterprise architecture for all budgetary,
accounting,
finance, enterprise resource planning, and mixed information systems of
the:
Department of Defense; and:
(2) a transition plan for implementing that financial management
enterprise architecture.
(b) COMPOSITION OF ENTERPRISE ARCHITECTURE--:
(1) The financial management enterprise architecture developed under
subsection (a)(1) shall describe an information infrastructure that, at
a minimum, would enable the Department of Defense to--:
(A) comply with all Federal accounting, financial management, and
reporting requirements;
(B) routinely produce timely, accurate, and reliable financial
information for management purposes;
(C) integrate budget, accounting, and program information and systems;
and:
(D) provide for the systematic measurement of performance, including
the ability to produce timely, relevant, and reliable cost information.
(2) That enterprise architecture shall also include policies,
procedures, data standards, and system interface requirements that are
to apply uniformly throughout the Department of Defense.
(c) COMPOSITION OF TRANSITION PLAN--The transition plan developed under
subsection (a)(2) shall include the following:
(1) The acquisition strategy for the enterprise architecture, including
specific time-phased milestones, performance metrics, and financial and
nonfinancial resource needs.
(2) A listing of the mission critical or mission essential operational
and developmental financial and nonfinancial management systems of the
Department of Defense, as defined by the Under Secretary of Defense
(Comptroller), consistent with budget justification documentation,
together with:
(A) the costs to operate and maintain each of those systems during
fiscal year:
2002; and:
(B) the estimated cost to operate and maintain each of those systems
during fiscal year 2003.
(3) A listing of the operational and developmental financial management
systems of the Department of Defense as of the date of the enactment of
this Act (known as 'legacy systems') that will not be part of the
objective financial and nonfinancial management system, together with
the schedule for terminating those legacy systems that provides for
reducing the use of those legacy systems in phases.
(d) CONDITIONS FOR OBLIGATION OF SIGNIFICANT AMOUNTS FOR FINANCIAL
SYSTEM IMPROVEMENTS--An amount in excess of $1,000,000 may be obligated
for a defense financial system improvement only if the Under Secretary
of Defense (Comptroller) makes a determination regarding that
improvement as follows:
(1) Before the date of an approval specified in paragraph (2), a
determination that
the defense financial system improvement is necessary for either of the
following reasons:
(A) To achieve a critical national security capability or address a
critical requirement in an area such as safety or security.
(B) To prevent a significant adverse effect (in terms of a technical
matter, cost, or schedule) on a project that is needed to achieve an
essential capability, taking into consideration in the determination
the alternative solutions for preventing the adverse effect.
(2) On and after the date of any approval by the Secretary of Defense
of a financial management enterprise architecture and a transition plan
that satisfy the requirements of this section, a determination that the
defense financial system improvement is consistent with both the
enterprise architecture and the transition plan.
(e) CONGRESSIONAL REPORTS--Not later than March 15 of each year from
2004 through 2007, the Secretary of Defense shall submit to the
congressional defense committees a report on the progress of the
Department of Defense in implementing the enterprise architecture and
transition plan required by this section. Each report shall include, at
a minimum--:
(1) a description of the actions taken during the preceding fiscal year
to implement the enterprise architecture and transition plan (together
with the estimated costs of such actions);
(2) an explanation of any action planned in the enterprise architecture
and transition plan to be taken during the preceding fiscal year that
was not taken during that fiscal year;
(3) a description of the actions taken and planned to be taken during
the current fiscal year to implement the enterprise architecture and
transition plan (together with the estimated costs of such actions);
and:
(4) a description of the actions taken and planned to be taken during
the next fiscal year to implement the enterprise architecture and
transition plan (together with the estimated costs of such actions).
(f) COMPTROLLER GENERAL REVIEW--Not later than 60 days after the
approval of an enterprise architecture and transition plan in
accordance with the requirements of subsection (a), and not later than
60 days after the submission of an annual report required by subsection
(e), the Comptroller General shall submit to the congressional defense
committees an assessment of the extent to which the actions taken by
the Department comply with the requirements of this section.
(g) DEFINITIONS--In this section:
(1) The term 'defense financial system improvement' means the
acquisition of a new budgetary, accounting, finance, enterprise
resource planning, or mixed information system for the Department of
Defense or a modification of an existing budgetary, accounting,
finance, enterprise resource planning, or mixed information system of
the Department of Defense. Such term does not include routine
maintenance and operation of any such system.
(2) The term 'mixed information system' means an information system
that supports financial and non-financial functions of the Federal
Government as defined in Office of Management and Budget Circular A-127
(Financial management Systems).
(h) REPEAL--(1) Section 2222 of title 10, United States Code, is
repealed. The table of sections at the beginning of chapter 131 of such
title is amended by striking the item relating to such section.
(2) Section 185(d) of such title is amended by striking 'has the
meaning given that term in section 2222(c)(2) of this title' and
inserting 'means an automated or manual system from which information
is derived for a financial management system or an accounting system'.
Enclosure II:
Summary of Assessment Approach:
To accomplish our objectives for determining (1) the extent to which
DOD's actions complied with the requirements of section 1004 of Public
Law 107-314 and (2) DOD's plans for further development and
implementation of the architecture, we assessed DOD's initial
architecture, which the DOD Comptroller transmitted to the Comptroller
General on May 8, 2003. Consistent with the act and as agreed with
congressional defense committees' staffs, this assessment focused on
compliance with all federal accounting, financial management, and
reporting requirements; the content of the "As Is" and "To Be"
environments; the content of the transition plan to include time-phased
milestones for phasing out existing systems, resource needs for
implementing the "To Be" environment, and information on the systems
inventory; and the extent to which DOD is controlling its business
system investments.
We also used our Enterprise Architecture Management Maturity
Framework[Footnote 15] that describes the five stages of management
maturity to determine the extent to which DOD has adopted key elements
of architecture management best practices. To make this determination,
we reviewed program documentation, such as program policies and
procedures and architecture products, and compared them to the elements
in the framework.
Specific to our review of federal requirements, we could not determine
whether the architecture contained all federal accounting, financial
management and reporting requirements because a central repository of
all such requirements does not exist. Nevertheless, to assess the
completeness of the federal requirements, we compared the about 4,000
external[Footnote 16] requirements contained in the architecture to
those listed in selected JFMIP[Footnote 17] federal systems
requirements publications. The JFMIP requirements consisted of about 45
percent of the total external requirements. We performed a detailed
review of 1,767 of the JFMIP requirements.
To review the "As Is" and "To Be" environments and the transition plan,
we decomposed version 1.0 of the architecture into various parts and
components and made a comparison against relevant benchmarks. More
specifically, we first divided the architecture into the three primary
component parts specified in the act and recognized in best practices
and federal guidance: the "As Is" architecture, the "To Be"
architecture, and the transition plan. We then divided the "As Is" and
the "To Be" architectures into the six architectural components. We
then compared version 1.0 to (1) relevant criteria[Footnote 18]
governing the content of key architectural elements for the transition
plan and (2) the six components of the "As Is" and "To Be"
architectures. In addition, we reviewed comments from DOD's
verification and validation contractor (MITRE).
To review DOD's actions to comply with the $1 million obligation
threshold for financial system improvements, we obtained and reviewed
memorandums and other documentation regarding the approval of
expenditures for system investments in excess of $1 million. We also
reviewed and analyzed the DOD IT budget requests for fiscal years 2003
and 2004 to identify systems that met the $1 million threshold and
compared this to the total number of systems DOD reviewed and approved
to measure the extent of systems that potentially should be reviewed.
To determine DOD's plans for further development and implementation of
the architecture, we reviewed the performance work statement; DOD's
proposed governance concept, including domain owner roles and
responsibilities; and program documentation pertaining to plans for
implementing pilot projects. We also reviewed the status of DOD's
response to our prior recommendations pertaining to controlling ongoing
and planned IT systems investments.
To augment our document reviews and analyses, we interviewed officials
from various DOD organizations and contractors, including the Office of
the Under Secretary of Defense (Comptroller); Office of the Under
Secretary of Defense (Acquisition, Technology, and Logistics); Office
of the Under Secretary of Defense (Personnel and Readiness); IBM; and
MITRE Corporation.
We conducted our work primarily at DOD headquarters offices in
Washington, D.C., and Arlington, Virginia, from March 2003 through June
2003 in accordance with U.S. generally accepted government auditing
standards. On June 30, 2003, DOD provided us with written comments on a
draft of this report, which are addressed in the "Agency Comments and
Our Evaluation" section and are reprinted in enclosure III.
Enclosure III:
Comments from the Department of Defense:
UNDER SECRETARY OF DEFENSE 1100 DEFENSE PENTAGON WASHINGTON DC 20301-
1100:
COMPTROLLER:
JUN 30 2003:
Mr. Gregory Kutz Director:
Financial Management and Assurance
United States General Accounting Office Washington, DC 20548:
Dear Mr. Kutz:
This is in response to the General Accounting Office (GAO) Draft
Report, GAO-03-877R, "Business Systems Modernization: Summary of GAO's
Assessment of Department of Defense's Initial Business Enterprise
Architecture," dated June 23, 2003.
As recognized in the report, "the Department of Defense (DoD) undertook
a challenging and ambitious task-to develop within 1 year a Department-
wide architecture for modernizing its current financial and business
operations and systems. The DoD has expended tremendous effort and made
important progress.... and the DoD's initial version of the Business
Enterprise Architecture (BEA) provides a foundation from which to
build... and ultimately produce a well-defined business enterprise
architecture.":
The Department is proud of the initial version of the BEA and
Transition Plan, which were delivered on time and under budget.
However, we agree that much work remains to be done. The Department's
architecture is the largest, most complex, and most pervasive business
enterprise architecture developed to date, either in the public or
private sectors. The BEA applies not only to financial management, but
also to the enormous number and types of business transactions that
support the Department's budget formulation, acquisition, inventory
management, logistics, personnel, and property management businesses.
The BEA, therefore, is a blueprint for interconnecting the Department's
business processes, data, and systems in order to obtain enterprise-
wide performance efficiency and results.
We are now entering another challenging phase of the program---to begin
the transition from our current "as is" environment to the "to be" as
defined in the architecture. Our approach will focus on reengineering
our business processes and then selection of the business system
solutions to implement the new methods and practices. This
reengineering effort will be done incrementally. The first increment
will implement the foundation of the architecture and key business
processes. Examples are the use of the United States Standard General
Ledger, a standard accounting code structure, data standards, storage
and retrieval of data, and logistics business processes coupled with
the related acquisition and accounting processes.
As we move forward, we recognize the need to manage and control our
ongoing and planned business system investments. Our approach to do
this is defined in the draft DoD Directive, "Information Technology
(IT) Capital Planning and Investment Control (CPIC):
Portfolio Management," and draft DoD Instruction, "Operation of the IT
CPIC Portfolio Management System." We will use our transformation
governance structure to implement the investment review process.
In a related matter, the GAO draft report states, "To support business
operations, DoD reports that it currently relies on about 2,300 systems
including accounting, acquisition, logistics, and personnel systems
that will cost $18 billion in Fiscal Year (FY) 2003 to operate,
maintain and modernize." We believe approximately $5 billion is more
accurate-the remaining
$13 billion provides infrastructure for all DoD systems and includes
spending on nonbusiness (e.g., command and control or intelligence)
systems.
The Department will address specific comments to the detailed report
that the GAO plans to release in the near future. That report is
expected to include the GAO's assessment results, conclusions, and
specific recommendations.
My point of contact for this matter is Ms. Marilyn Fleming, Chief
Architect, Directorate for Business Modernization and Systems
Integration. She may be contacted by email: flemingm@osd.pentagon.mil
or by telephone at (703) 607-3367.
Sincerely,
Dov S. Zakheim:
Signed by Dov S. Zakheim:
Enclosure IV:
GAO Contacts and Staff Acknowledgments:
GAO Contacts: Jennifer Wilson, (202) 512-9192:
Cynthia Jackson, (202) 512-5086:
Acknowledgments In addition to the individuals named above, key
contributors to this report included Beatrice Alff, Nabajyoti
Barkakati, Justin Booth, Francine DelVecchio, Francis Dymond, Neelaxi
Lakhmani, Anh Le, Evelyn Logue, Mai Nguyen, Darby Smith, Stacey Smith,
Alan Steiner, Randolph Tekeley, and William Wadsworth.
(192086):
See for example, Office of Management and Budget, Federal Enterprise
Architecture Business Reference Model, Version 1.0 (2002); Chief
Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and
Budget Circular No. A-130, Management of Federal Information Resources
(Nov. 28, 2000); M.A.Cook, Building Enterprise Information
Architectures: Reengineering Information Systems (Upper Saddle River,
N.J.: Prentice Hall, 1996); and National Institute of Standards and
Technology, Information Management Directions: The Integration
Challenge, Special Publication 500-167 (September 1989).
FOOTNOTES
[1] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
03-119 (Washington, D.C.: January 2003). The nine interrelated high-
risk areas that represent the greatest challenge to DOD's development
of world-class business operations to support its forces are contract
management, financial management, support infrastructure management,
inventory management, systems modernization, weapon system
acquisition, human capital, information security, and real property.
The last three areas are governmentwide in scope.
[2] Business systems include financial and nonfinancial systems, such
as civilian personnel, finance, health, logistics, military personnel,
procurement, and transportation, with the common element being the
generation or use of financial data to support DOD's business
operations.
[3] U.S. General Accounting Office, DOD Financial Management: Important
Steps Underway But Reform Will Require a Long-term Commitment, GAO-02-
784T (Washington, D.C.: June 4, 2002).
[4] GAO-02-784T.
[5] U.S. General Accounting Office, Information Technology:
Architecture Needed to Guide Modernization of DOD's Financial
Operations, GAO-01-525 (Washington, D.C.: May 17, 2001).
[6] Bob Stump National Defense Authorization Act for Fiscal Year 2003,
Pub. L. No. 107-314, § 1004, 116 Stat. 2458, 2629, Dec. 2, 2002.
[7] In May 2003, the DOD Comptroller changed the architecture name from
the Financial Management Enterprise Architecture to the Business
Enterprise Architecture to reflect the transformation of departmentwide
business operations and supporting systems, including accounting and
finance, budget formulation, acquisition, inventory management,
logistics, personnel, and property management systems.
[8] U.S. General Accounting Office: DOD Business Systems Modernization:
Improvements to Enterprise Architecture Development and Implementation
Efforts Needed, GAO-03-458 (Washington, D.C.: Feb. 28, 2003).
[9] See for example, Office of Management and Budget, Federal
Enterprise Architecture Business Reference Model, Version 1.0 (2002);
Chief Information Officer Council, A Practical Guide to Federal
Enterprise Architecture, Version 1.0 (February 2001); Office of
Management and Budget Circular No. A-130, Management of Federal
Information Resources (Nov. 28, 2000); M.A.Cook, Building Enterprise
Information Architectures: Reengineering Information Systems (Upper
Saddle River, N.J.: Prentice Hall, 1996); and National Institute of
Standards and Technology, Information Management Directions: The
Integration Challenge, Special Publication 500-167 (September 1989).
[10] U.S. General Accounting Office, Information Technology: A
Framework for Assessing and Improving Enterprise Architecture
Management (Version 1.1), GAO-03-584G (Washington, D.C.: April 2003).
[11] JFMIP is a joint undertaking of the Department of the Treasury,
GAO, the Office of Management and Budget, and the Office of Personnel
Management, working with each other, other agencies, and the private
sector to improve financial management in the federal government. JFMIP
requirements arise from various public laws, regulations, bulletins,
circulars, federal accounting standards, and leading practices and are
applicable governmentwide. Agencies must use these requirements, in
addition to agency-unique mission requirements, in planning and
implementing their financial management improvement projects.
[12]
MITRE Technical Report: Review of Financial Management Enterprise
Architecture (FMEA), Version 1.0, June 2003.
[13] GAO-03-458.
[14] GAO-03-584G.
[15] External requirements are those that are obtained from
authoritative sources and constrain various aspects of the
architecture.
[16] We used nine JFMIP systems requirements documents: revenue,
acquisition, core financial, human resources and payroll, managerial
cost accounting, inventory, travel, property management, and benefits.
[17] See for example, Office of Management and Budget, Federal
Enterprise Architecture Business Reference Model, Version 1.0 (2002);
Chief Information Officer Council, A Practical Guide to Federal
Enterprise Architecture, Version 1.0 (February 2001); Office of
Management and Budget Circular No. A-130, Management of Federal
Information Resources (Nov. 28, 2000); M.A.Cook, Building Enterprise
Information Architectures: Reengineering Information Systems (Upper
Saddle River, N.J.: Prentice Hall, 1996); and National Institute of
Standards and Technology, Information Management Directions: The
Integration Challenge, Special Publication 500-167 (September 1989).
[18]