Defense Management
Foundational Steps Being Taken to Manage DOD Business Systems Modernization, but Much Remains to be Accomplished to Effect True Business Transformation Gao ID: GAO-06-234T November 9, 2005For years, the Department of Defense (DOD) has embarked on a series of efforts to transform its business operations, including modernizing underlying information technology (business) systems. GAO has reported on inefficiencies and inadequate accountability across DOD's major business areas, resulting in billions of dollars of wasted resources annually. Of the 25 areas on GAO's 2005 list of high-risk federal programs and operations that are vulnerable to fraud, waste, abuse or mismanagement and in need of reform, 8 are DOD programs or operations, and 6 are government-wide high risk areas for which DOD shares responsibility. The Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 required DOD to satisfy several conditions relative to its approach to managing its business system modernization program, including developing an enterprise transition plan, which GAO is currently assessing. DOD also recently established a Business Transformation Agency intended to advance defense-wide business transformation. GAO was asked to testify on DOD's business transformation, including its preliminary observations on 1) DOD's efforts to satisfy fiscal year 2005 defense authorization act requirements; 2) the Business Transformation Agency; and 3) DOD's efforts to provide the leadership, structures, and plans needed to effect transformation.
GAO's preliminary observation based on its ongoing work is that DOD has made progress in establishing needed business system modernization management capabilities and appears to have complied with some of the act's provisions, but more needs to be done. To comply with the act's requirement that it develop a business enterprise architecture and transition plan meeting certain requirements, DOD approved Version 3.0 of its architecture and associated transition plan on September 28, 2005. GAO's work so far suggests that this version of the architecture may satisfy the conditions of the act to some extent, but not entirely. For example, while Version 3.0 includes a target architecture, as required, it does not include a current architecture. Without this element, DOD could not analyze the gaps between the two architectures--critical input to a comprehensive transition plan. In addition, the transition plan appears to include certain required information (such as milestones for major projects), but it appears to be inconsistent with the architecture in various ways, such as including some systems that are not in the target architecture and vice versa, and it does not include system performance metrics aligned with the plan's strategic goals and objectives. Finally, GAO's preliminary work suggests that DOD may have satisfied some of the act's requirements regarding the review and approval of investments in business systems, but it either has not satisfied or is still in the process of satisfying others. For example, it has delegated authority and largely established review structures and processes as required. However, some of these structures do not yet appear to be in place, and some reviews and approvals to date may not have followed the criteria in the act. GAO expects to report on these issues shortly. DOD's Business Transformation Agency offers potential benefits relative to the department's business systems modernization efforts if the agency can be properly organized, resource, and empowered to effectively execute its roles and responsibilities and is held accountable for doing so. The agency faces several challenges, including standing up a functioning acquisition organization within a short period of time. As DOD moves forward with implementing this agency, it will be important for it to address these issues. DOD has taken several actions intended to advance transformation, such as establishing management structures like the Business Transformation Agency, and developing the enterprise transition plan. While these steps are positive, their primary focus appears to be on business system modernization. Business transformation is much broader and encompasses planning, management, structures, and processes related to all key business areas. As DOD continues to evolve its transformation efforts, critical to successful reform are sustained leadership, structures, and a clear strategic and integrated plan that encompass all major business areas. GAO believes a chief management official, responsible for business transformation, could provide the strong and sustained executive leadership needed in this area.
GAO-06-234T, Defense Management: Foundational Steps Being Taken to Manage DOD Business Systems Modernization, but Much Remains to be Accomplished to Effect True Business Transformation
This is the accessible text file for GAO report number GAO-06-234T
entitled 'Defense Management: Foundational Steps Being Taken to Manage
DOD Business Systems Modernization, but Much Remains to be Accomplished
to Effect True Business Transformation' which was released on November
9, 2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Testimony:
Before the Subcommittee on Readiness and Management Support, Committee
on Armed Services, U.S. Senate:
For Release on Delivery:
Expected at 2:00 p.m. EST Wednesday, November 9, 2005:
Defense Management:
Foundational Steps Being Taken to Manage DOD Business Systems
Modernization, but Much Remains to be Accomplished to Effect True
Business Transformation:
Statement of Randolph C. Hite:
Director:
Information Technology Architecture and Systems:
GAO-06-234T:
GAO Highlights:
Highlights of GAO-06-234T, a testimony before the Subcommittee on
Readiness and Management Support, Committee on Armed Services, U.S.
Senate:
Why GAO Did This Study:
For years, the Department of Defense (DOD) has embarked on a series of
efforts to transform its business operations, including modernizing
underlying information technology (business) systems. GAO has reported
on inefficiencies and inadequate accountability across DOD‘s major
business areas, resulting in billions of dollars of wasted resources
annually. Of the 25 areas on GAO‘s 2005 list of high-risk federal
programs and operations that are vulnerable to fraud, waste, abuse or
mismanagement and in need of reform, 8 are DOD programs or operations,
and 6 are government-wide high risk areas for which DOD shares
responsibility.
The Ronald W. Reagan National Defense Authorization Act for Fiscal Year
2005 required DOD to satisfy several conditions relative to its
approach to managing its business system modernization program,
including developing an enterprise transition plan, which GAO is
currently assessing. DOD also recently established a Business
Transformation Agency intended to advance defense-wide business
transformation.
GAO was asked to testify on DOD‘s business transformation, including
its preliminary observations on 1) DOD‘s efforts to satisfy fiscal year
2005 defense authorization act requirements; 2) the Business
Transformation Agency; and 3) DOD‘s efforts to provide the leadership,
structures, and plans needed to effect transformation.
What GAO Found:
GAO‘s preliminary observation based on its ongoing work is that DOD has
made progress in establishing needed business system modernization
management capabilities and appears to have complied with some of the
act‘s provisions, but more needs to be done. To comply with the act‘s
requirement that it develop a business enterprise architecture and
transition plan meeting certain requirements, DOD approved Version 3.0
of its architecture and associated transition plan on September 28,
2005. GAO‘s work so far suggests that this version of the architecture
may satisfy the conditions of the act to some extent, but not entirely.
For example, while Version 3.0 includes a target architecture, as
required, it does not include a current architecture. Without this
element, DOD could not analyze the gaps between the two
architectures”critical input to a comprehensive transition plan. In
addition, the transition plan appears to include certain required
information (such as milestones for major projects), but it appears to
be inconsistent with the architecture in various ways, such as
including some systems that are not in the target architecture and vice
versa, and it does not include system performance metrics aligned with
the plan‘s strategic goals and objectives. Finally, GAO‘s preliminary
work suggests that DOD may have satisfied some of the act‘s
requirements regarding the review and approval of investments in
business systems, but it either has not satisfied or is still in the
process of satisfying others. For example, it has delegated authority
and largely established review structures and processes as required.
However, some of these structures do not yet appear to be in place, and
some reviews and approvals to date may not have followed the criteria
in the act. GAO expects to report on these issues shortly.
DOD‘s Business Transformation Agency offers potential benefits relative
to the department‘s business systems modernization efforts if the
agency can be properly organized, resource, and empowered to
effectively execute its roles and responsibilities and is held
accountable for doing so. The agency faces several challenges,
including standing up a functioning acquisition organization within a
short period of time. As DOD moves forward with implementing this
agency, it will be important for it to address these issues.
DOD has taken several actions intended to advance transformation, such
as establishing management structures like the Business Transformation
Agency, and developing the enterprise transition plan. While these
steps are positive, their primary focus appears to be on business
system modernization. Business transformation is much broader and
encompasses planning, management, structures, and processes related to
all key business areas. As DOD continues to evolve its transformation
efforts, critical to successful reform are sustained leadership,
structures, and a clear strategic and integrated plan that encompass
all major business areas. GAO believes a chief management official,
responsible for business transformation, could provide the strong and
sustained executive leadership needed in this area.
www.gao.gov/cgi-bin/getrpt?GAO-06-234T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Randy Hite at (202) 512-
3429 or hiter@gao.gov.
[End of section]
Mr. Chairman and Members of the Subcommittee:
I appreciate the opportunity to be here today to discuss business
systems modernization and overall business transformation at the
Department of Defense (DOD)--two areas that are on our high-risk list
of federal programs and activities that are at risk of waste, fraud,
abuse, or mismanagement and in need of broad-based
transformation.[Footnote 1] At the onset, I would like to pass on
Comptroller General Walker's gratitude to this Subcommittee for your
continued oversight of key government operations and management issues,
including DOD's business transformation activities. The active role of
this Subcommittee is essential to ultimately assuring DOD's continued
progress in business transformation, while enhancing public confidence
in DOD's stewardship of the hundreds of billions of taxpayer funds it
receives each year.
Given its size and mission, DOD is one of the largest and most complex
organizations to effectively manage in the world. While DOD maintains
military forces with significant capabilities, it continues to confront
pervasive, decades-old management problems related to its business
operations, including outdated and ineffective systems and processes
that support these forces. At a time when DOD is challenged to maintain
a high level of military operations while competing for resources in an
increasingly fiscally constrained environment, DOD's business area
weaknesses continue to result in reduced efficiencies and effectiveness
that waste billions of dollars every year. Of the 25 areas on our 2005
high-risk list, 8 are DOD programs or operations and 6 are
governmentwide high-risk areas for which DOD shares some
responsibility. These areas touch on all of DOD's major business
operations. In some cases, such as DOD's financial management, weapons
acquisition, and business systems modernization areas, we have been
highlighting high-risk challenges for a decade or more.
This year we added DOD's overall approach to business transformation to
our list of high-risk areas because (1) DOD's business improvement
initiatives and control over resources are fragmented; (2) DOD lacks a
clear and integrated business transformation plan and investment
strategy; and (3) DOD has not designated an appropriate level senior
management official--such as a chief management official (CMO)--with
the authority to be responsible and accountable for overall business
transformation reform and related resources. In particular, GAO has
suggested the need for a chief management official[Footnote 2] to
provide the sustained top-level leadership and accountability needed by
DOD to better leverage plans, processes, systems, people and tools to
achieve the needed transformation.
Many past administrations have tried to address the deficiencies we
have identified at DOD, with the latest attempt being launched in 2001
when Secretary Rumsfeld outlined a vision for transforming the
department that called for dramatic changes in management, technology,
and business practices. At that time, the Secretary established the
Business Management Modernization Program, or BMMP, to effect this
change. Since then, we have reported a litany of program weaknesses and
made scores of recommendations. Our latest reports on this program,
which were issued about the same time as this Subcommittee's last
oversight hearing in April 2005 on DOD business transformation and
financial accountability, were quite critical of the program, observing
that after investing about 4 years and $318 million on the BMMP, the
department had made very little progress.
To its credit, the Congress, and this Subcommittee in particular, has
become increasingly focused on improving DOD's business operations by
holding several oversight hearings, such as this one, and enacting
legislation. The recent requirements in the Ronald W. Reagan National
Defense Authorization Act for Fiscal Year 2005 aimed at strengthening
DOD's management of its business systems modernization efforts--
developing a business enterprise architecture and transition plan, and
establishing system investment management structures and processes--
are particularly important ingredients to addressing DOD's business
systems modernization high-risk area. The act requires GAO to review
and report on this transition plan within 60 days of its approval by
the Secretary of Defense.
Senior administration leaders and advisors--including the Secretary of
Defense, the Acting Deputy Secretary of Defense, the Deputy Director of
the Office of Management and Budget (OMB), various senior level
officials, and members of the Defense Business Board--have demonstrated
a commitment to addressing DOD's business management weaknesses. OMB
and DOD are working together to develop a plan to improve supply chain
management that could place the department on the path toward removal
of this area from our high-risk list. For example, OMB and DOD are also
consulting GAO as they develop action plans for other high-risk areas
as well as a business architecture and related enterprise transition
plan. Further, DOD has taken actions intended to comply with the Act by
establishing system investment review structures and processes, and it
has also established a Business Transformation Agency to bring
increased management focus to its business systems modernization area.
Today, I would like to provide our preliminary perspectives on (1)
DOD's efforts to satisfy the business systems modernization
requirements in the fiscal year 2005 National Defense Authorization
Act; (2) the Business Transformation Agency's potential to help
strengthen business systems modernization; and (3) whether DOD efforts
to establish management structures and its business enterprise
transition plan provide the leadership and planning needed to effect
business transformation.
My statement is based upon our ongoing assessment of DOD's efforts to
comply with the 2005 defense authorization act, as required under the
act. As such, the statement provides our preliminary views on DOD's
efforts. It is also based on our analysis of DOD's enterprise
transition plan relative to our published work on successful
organizational transformation efforts and each of DOD's high risk
areas, as well as analysis of DOD's directives establishing the Defense
Business Transformation Agency, our previous reports and testimonies,
and discussions with DOD senior executives. Our work was performed in
accordance with U.S. generally accepted government auditing standards.
Summary:
In summary, let me reiterate what Comptroller General Walker has stated
on many occasions-transforming the department's business operations is
an absolute necessity given the long-term fiscal outlook, and
accomplishing this transformation will require sustained and persistent
leadership for at least 5 to 7 years. The department, under the
leadership of Acting Deputy Secretary England, recently began taking
some positive steps in this direction, particularly with respect to the
business systems modernization management changes called for in the
fiscal year 2005 National Defense Authorization Act, as well as with
certain other DOD high-risk areas. As of today, our preliminary work
suggests that progress has been made in complying with the provisions
in the act, but more needs to be done. DOD agrees, and it intends to do
more. With respect to DOD's compliance with the authorization act's
requirements, we will be issuing a full report to this and other
defense congressional committees by November 25, 2005.
In addition, DOD's Business Transformation Agency offers potential
benefits relative to the department's business systems modernization
efforts if the agency can be properly organized, resource, and
empowered to effectively execute its roles and responsibilities and is
held accountable for doing so. The agency faces several challenges,
including standing up a functioning acquisition organization within a
short period of time. As DOD moves forward with implementing this
agency, it will be important for it to address these issues.
Furthermore, DOD has taken several actions intended to advance
transformation, such as establishing management structures like the
Business Transformation Agency, and developing the enterprise
transition plan. While these steps are positive, their primary focus
appears to be on business system modernization. Business transformation
is much broader and encompasses planning, management, structures, and
processes related to all key business areas. As DOD continues to evolve
its transformation efforts, critical to successful reform are sustained
leadership, structures, and a clear strategic and integrated plan that
encompass all major business areas. We, therefore, continue to believe
that a CMO position along with an integrated strategic plan for the
overall business transformation effort, remain essential ingredients
for better ensuring that overall business transformation is
successfully implemented and sustained.
Background:
DOD is one of the largest and most complex organizations in the world
to manage effectively. While DOD maintains military forces with
unparalleled capabilities, it continues to confront pervasive, decades-
old management problems related to its business operations--which
include outdated systems and processes--that support these forces.
These management weaknesses cut across all of DOD's major business
areas, such as human capital management; the personnel security
clearance program; support infrastructure management; financial
management; weapon systems acquisition; contract management; supply
chain management; and last, but not least, business systems
modernization. All of these DOD areas are on our high-risk list.
For years, DOD has attempted to modernize its business systems, and we
have provided numerous recommendations to help guide its efforts,
including a set of recommendations to help DOD develop and implement an
enterprise architecture (or modernization blueprint) and establish
effective management controls. To achieve successful transformation, we
have also recommended the need for a CMO, and a strategic integrated
action plan for the overall business transformation effort.
Enterprise Architecture and Information Technology Investment
Management Are Critical to Achieving Successful Systems Modernization:
Effective use of an enterprise architecture, or modernization
blueprint, is a hallmark of successful public and private
organizations. For more than a decade, we have promoted the use of
architectures to guide and constrain systems modernization, recognizing
them as a crucial means to a challenging goal: agency operational
structures that are optimally defined in both the business and
technological environments. The Congress has also recognized the
importance of an architecture-centric approach to modernization: the E-
Government Act of 2002,[Footnote 3] for example, requires OMB to
oversee the development of enterprise architectures within and across
agencies.
In brief, an enterprise architecture provides a clear and comprehensive
picture of an entity, whether it is an organization (e.g., a federal
department) or a functional or mission area that cuts across more than
one organization (e.g., financial management). This picture consists of
snapshots of both the enterprise's current or "As Is" environment and
its target or "To Be" environment. These snapshots consist of "views,"
which are one or more architecture products (models, diagrams,
matrices, text, etc.) that provide logical or technical representations
of the enterprise. The architecture also includes a transition or
sequencing plan, based on an analysis of the gaps between the "As Is"
and "To Be" environments; this plan provides a temporal roadmap for
moving between the two that incorporates such considerations as
technology opportunities, marketplace trends, fiscal and budgetary
constraints, institutional system development and acquisition
capabilities, the dependencies and life expectancies of both new and
"legacy" (existing) systems, and the projected value of competing
investments. Our experience with federal agencies has shown that
investing in information technology (IT) without defining these
investments in the context of an architecture often results in systems
that are duplicative, not well integrated, and unnecessarily costly to
maintain and interface.[Footnote 4]
A corporate approach to IT investment management is also characteristic
of successful public and private organizations. Recognizing this, the
Congress developed and enacted the Clinger-Cohen Act in 1996,[Footnote
5] which requires OMB to establish processes to analyze, track, and
evaluate the risks and results of major capital investments in
information systems made by executive agencies.[Footnote 6] In response
to the Clinger-Cohen Act and other statutes, OMB developed policy for
planning, budgeting, acquisition, and management of federal capital
assets and issued guidance.[Footnote 7] We have also issued guidance in
this area,[Footnote 8] in the form of a framework that lays out a
coherent collection of key practices that, when implemented in a
coordinated manner, can lead an agency through a robust set of analyses
and decision points that support effective IT investment management.
This framework defines institutional structures, such as investment
review boards, and associated processes, such as common investment
criteria. Further, our investment management framework recognizes the
importance of an enterprise architecture as a critical frame of
reference for organizations making IT investment decisions:
specifically, it states that only investments that move the
organization toward its target architecture, as defined by its
sequencing plan, should be approved (unless a waiver is provided or a
decision is made to modify the architecture). Moreover, it states that
an organization's policies and procedures should describe the
relationship between its architecture and its investment decision-
making authority. Our experience has shown that mature and effective
management of IT investments can vastly improve government performance
and accountability, and can help to avoid wasteful IT spending and lost
opportunities for improvements.
Recent Reviews of DOD's Business System Modernization Efforts Have
Raised Concerns:
Since 2001, we have regularly reported[Footnote 9] on DOD's efforts to
(among other things) develop an architecture and to establish and
implement effective investment management structures and processes. Our
reports have continued to raise concerns about the department's
architecture program, the quality of the architecture and the
transition plan, and the lack of an investment management structure and
controls to implement the architecture. Our most recent reports, which
were issued in the third and fourth quarters of fiscal year
2005,[Footnote 10] made the following points:
* DOD had not established effective structures and processes for
managing the development of its architecture.
* DOD had not developed a well-defined architecture. The products that
it had produced did not provide sufficient content and utility to
effectively guide and constrain ongoing and planned system investments.
* DOD had not developed a plan for transitioning from the "As Is" to
the "To Be" architectures.
* DOD did not have an effective departmentwide management structure for
controlling its business investments.
* DOD had not established common investment criteria for system
reviews.
* DOD had not included all reported systems in its fiscal year 2005 IT
budget request.
* The Under Secretary of Defense (Comptroller) had not certified all
systems investments with reported obligations exceeding $1 million, as
required by the fiscal year 2003 National Defense Authorization
Act.[Footnote 11]
Our recommendations to DOD provide a comprehensive roadmap for
addressing these problems. DOD has largely agreed with the
recommendations and as we recently reported, has defined a framework
intended to do so.
Successful Business Transformation Requires Sound Strategic Planning
and Sustained Leadership:
In testimony before this Subcommittee earlier this year, Comptroller
General Walker emphasized that there are three key elements that DOD
must incorporate into its business transformation efforts to
successfully address its systemic business challenges.[Footnote 12]
First, these efforts must include an integrated strategic business
transformation plan, including an enterprise architecture to guide and
constrain implementation of such a plan. Second, control of system
investments is crucial for successful business transformation. Finally,
a CMO is essential for providing the sustained leadership needed to
achieve a successful and lasting transformation effort. The CMO would
not assume the day-to-day management responsibilities of other DOD
officials nor represent an additional hierarchical layer of management
but would lead DOD's overall business transformation efforts.
Additionally, a 7-year term would also enable the CMO to work with DOD
leadership across administrations to sustain the overall business
transformation effort.
DOD's Efforts to Comply with National Defense Authorization Act for
Fiscal Year 2005 Indicate Progress and a Foundation Upon Which to
Build:
As defined in Section 332 of the defense authorization act for fiscal
year 2005,[Footnote 13] DOD is required to satisfy several conditions
relative to its approach to managing its business systems modernization
program. Generally speaking, DOD is required to do the following:
1. By September 30, 2005, develop a business enterprise architecture
that meets certain requirements.
2. By September 30, 2005, develop a transition plan for implementing
the architecture that meets certain requirements.
3. Identify each defense business system proposed for funding in the
budget submissions for fiscal year 2006 and subsequent years, and for
each system, among other things, identify whether funding is for
current services or business systems modernization.
4. Take a number of actions regarding the review and approval of
investments, including delegating responsibility for business system
review and decision making to designated approval authorities,[Footnote
14] establishing investment review boards and supporting process that
employ common steps and criteria, and obligating funds for Defense
Business System Modernizations after October 1, 2005, only for systems
that have been certified and approved.
The act also requires us to assess DOD's efforts to comply with the act
within 60 days after approval of the business enterprise architecture
and transition plan. On September 28, 2005, the Acting Deputy Secretary
of Defense approved Version 3.0 of the business enterprise architecture
and approved the associated enterprise transition plan. Accordingly, we
are currently in the process of conducting our assessment, and we plan
by November 25, 2005, to issue a report containing the results of our
assessment to defense congressional committees, as specified in the
act. As agreed, this statement contains only preliminary observations
based on our ongoing work, meaning that these observations may change
as we conclude our ongoing assessment.
For purposes of this statement, we have grouped the act's requirements,
and our preliminary observations, into four categories: business
enterprise architecture, enterprise transition plan, fiscal year 2006
budget submission, and investment review and approval.
Business Enterprise Architecture Requirements:
The act requires that DOD develop, by September 30, 2005,[Footnote 15]
a business enterprise architecture. According to the act, this
architecture must satisfy three major requirements:
5. Include an information infrastructure that, at a minimum, would
enable DOD to:
* comply with all federal accounting, financial management, and
reporting requirements;
* routinely produce timely, accurate, and reliable financial
information for management purposes;
* integrate budget, accounting, and program information and systems;
and:
* provide for the systematic measurement of performance, including the
ability to produce timely, relevant, and reliable cost information.
6. Include policies, procedures, data standards, and system interface
requirements that are to be applied uniformly throughout the
department.
7. Be consistent with OMB policies and procedures.
According to DOD, this version is intended to provide a blueprint to
help ensure near-term delivery of needed capabilities, resources, and
materiel to the warfighter. To do so, this version focused on six
Business Enterprise Priorities (see table 1), which DOD states are
short-term objectives to achieve immediate results. According to the
department, these priorities will evolve and expand in future versions
of the architecture.
Table 1: Business Enterprise Priorities:
Business Enterprise Priority: Personnel Visibility;
Description: Providing access to reliable, timely, and accurate
personnel information for warfighter mission planning.
Business Enterprise Priority: Acquisition Visibility;
Description: Providing transparency and access to acquisition
information that is critical to supporting life-cycle management of the
department's processes for delivering weapon systems and automated
information systems.
Business Enterprise Priority: Common Supplier Engagement;
Description: Aligning and integrating policies, processes, data,
technology, and people to simplify and standardize the methods that DOD
uses to interact with commercial and government suppliers.
Business Enterprise Priority: Materiel Visibility;
Description: Improving supply chain performance.
Business Enterprise Priority: Real Property Accountability;
Description: Acquiring access to real-time information on DOD real
property assets.
Business Enterprise Priority: Financial Visibility;
Description: Providing immediate access to accurate and reliable
financial information that will enhance efficient and effective
decision making.
Source: DOD.
[End of table]
In addition to focusing version 3.0 on these priorities, according to
DOD, the department also limited the extent to which the architecture
was to address each priority, focusing on four questions:
* Who are our people, what are their skills, and where are they
located?
* Who are our industry partners, and what is the state of our
relationship with them?
* What assets are we providing to support the warfighter, and where are
these assets deployed?
* How are we investing our funds to best enable the warfighting
mission?
To produce a version of the architecture within the above scope, DOD
created 12 of the 23 recommended products included in the DOD
Architecture Framework--the structural guide that the department has
established for developing an architecture.[Footnote 16] These 12
products included all 7 products that the framework designates as
essential.[Footnote 17] For example, one essential product is the
Operational Node Connectivity Description, which is a graphic showing
"operational nodes" (organizations) and including a depiction of each
node's information exchange needs.
Our preliminary work suggests that Version 3.0 of DOD's business
enterprise architecture may partially satisfy the major conditions
specified in the act. For example, Version 3.0 could enable DOD's
compliance with many but not all federal accounting, financial
management, and reporting requirements. To this end, the architecture
includes the Standard Financial Information Structure (SFIS) and the
Standard Accounting Classification Structure (SACS), which together
could allow DOD to standardize financial data elements necessary to
support budgeting, accounting, cost/performance management, and
external reporting. Both SFIS and SACS are based upon mandated
requirements defined by external regulatory entities, such as the
Treasury, OMB, the Federal Accounting Standards Advisory Board, and the
Joint Financial Management Improvement Program.[Footnote 18] Moreover,
SFIS has in turn been used to develop and incorporate business rules in
the architecture for such areas as managerial cost accounting, general
ledger, and federally owned property. Business rules are important
because they explicitly translate important business policies and
procedures into specific and unambiguous rules that govern what can and
cannot be done.
However, it is not apparent that the architecture provides for
compliance with all federal accounting, financial, and reporting
requirements. For example, it may not contain the information needed to
achieve compliance with the Treasury's United States Standard General
Ledger[Footnote 19] or a strategy for achieving this compliance.
As another example, Version 3.0 may partially enable DOD to produce
timely, accurate, and reliable financial information for management
purposes. Specifically, according to the architecture, financial
information is to be produced through (1) SFIS, which can support data
accuracy, reliability, and integrity requirements for budgeting,
financial accounting, cost and performance management, and external
reporting across DOD, and (2) a "Manage Business Enterprise Reporting"
system function, which is intended to support the reporting of
financial management and program performance information, including
agency financial statements.
However, timely, accurate and reliable information depends, in part, on
using standard definitions of key terms, which the architecture does
not appear to include in all cases. For example, in Version 3.0 of the
architecture, terms such as "balance forwarded" and "receipt balances"
were not defined in the integrated dictionary although these terms were
used in process descriptions. In the absence of standardized
definitions, components (military services, defense agencies, and field
activities) may use terms and definitions that are locally meaningful
but which cannot be reliably and accurately aggregated to permit DOD-
wide visibility, which is critical to achieving DOD's stated business
enterprise priorities. This inability to aggregate has historically
required DOD to create information for management purposes using
inefficient methods, such as data calls and data conversions, that have
limited the information's reliability and timeliness.
Our preliminary work also suggests that Version 3.0 may partially
satisfy the act's requirement that it be consistent with OMB policies
and procedures. For example, Version 3.0 appears to include information
flows and relationships, as required by OMB guidance. OMB guidance also
requires the architecture to describe the "As Is" and "To Be"
environments and a transition plan; however, Version 3.0 does not
include an "As Is" environment. Without this element, DOD would not be
able to develop a gap analysis identifying performance shortfalls,
which as discussed in the next section, is a critical input to a
comprehensive transition plan. In addition, OMB guidance requires that
the architecture include, among other things, a description of the
technology infrastructure; such a description is not apparent in
Version 3.0, in that it does not identify such needed technology
components as wide-area networks, databases, and telecommunications.
Similarly, Version 3.0 does not appear to include a security
architecture, although OMB guidance requires agencies to incorporate
security into the architecture of their information and systems to
ensure the security of agency business operations.
Version 3.0 may also contain other limitations. For example, it may not
yet be fully integrated with the enterprise transition plan. In
particular, we are currently attempting to determine why 21 systems
identified in the architecture are not included in the "Master List of
Systems and Initiatives" in the transition plan (the master list serves
as the baseline of currently planned--"To Be"--systems that begin to
address the transformational objectives of the program). In addition,
DOD has itself disclosed certain limitations. For example, it reported
that the architecture is not adequately linked to the
component[Footnote 20] architectures and transition plans. This
omission is particularly important given the department's newly adopted
federated approach to developing and implementing the architecture. In
addition, according to DOD, the architecture must be improved to better
designate enterprise data sources, business services, and IT
infrastructure services, such as enterprise data storage. This is
important because each of these greatly affects the scope and design of
specific systems.
According to DOD officials, the department is taking an incremental
approach to developing the architecture and meeting the act's
requirements. Accordingly, they said that Version 3.0 was appropriately
scoped to provide for that content which could be produced in the time
available to both lay the foundation for fully meeting the act's
requirements and provide a blueprint for delivering near-term
capabilities and systems to meet near-term business enterprise
priorities. Based on these considerations, they asserted that Version
3.0 fully satisfies the intent of the act.
We support DOD's taking an incremental approach to developing the
business enterprise architecture, as we recognize that adopting such an
approach is both a best practice and a prior GAO recommendation. In
addition, our preliminary work suggests that Version 3.0 may provide a
foundation upon which to build a more complete architecture.
Nevertheless, the real question that remains is whether this version
contains sufficient scope, detail, integration, and consistency to
serve as a sufficient frame of reference for defining a common vision
and transition plan to guide and constrain system investments.
Enterprise Transition Plan:
The act requires that DOD develop, by September 30, 2005, a transition
plan for implementing its business enterprise architecture. According
to the act, this plan must meet three conditions:
8. Include an acquisition strategy for new systems that are expected to
be needed to complete the defense business enterprise architecture.
9. Include listings of the legacy systems that will and will not be
part of the target business systems environment, and a strategy for
making modifications to those systems that will be included.
10. Include specific time-phased milestones, performance metrics, and a
statement of the financial and nonfinancial resource needs.
On September 28, 2005, the Acting Deputy Secretary of Defense approved
the transition plan. Our preliminary work on this plan suggests that it
may partially satisfy each condition. For example, the plan appears to
include elements of an acquisition strategy for new systems and
describe a high-level approach for modernizing the department's
business operations and systems. Further, it includes detailed
information on about 60 business systems (ongoing programs) that are to
be part of the "To Be" architectural environment, as well as an
acquisition strategy for each system. However, the plan does not appear
to be based on a top-down capability gap analysis between the "As Is"
and "To Be" architectures that describes capability and performance
shortfalls and clearly identifies which system investments (such as the
60 identified programs) are to address these shortfalls. This is
important because a transition plan is to be an acquisition strategy
that recognizes timing and technological dependencies among planned
systems investments, as well as such other considerations as market
trends and return on investment.
Similarly, our preliminary work suggests that the plan identifies some
of the legacy systems that are to be replaced by ongoing programs (for
example, it identifies the Defense Cash Accountability System as a
target system and lists several legacy systems that it would replace),
and it provides a list of legacy systems that will be modified to
provide capabilities associated with the target architecture
environment. However, the plan's listings of legacy systems that will
and will not be part of the target architecture do not appear to be
complete. For example, the plan identified 145 legacy systems that
would be migrating to one target system (the Expeditionary Combat
Support System), but other DOD documentation[Footnote 21] shows that
this target system includes over 659 legacy systems, suggesting that
514 systems may not be accounted for.
Finally, the plan appears to include some of the required information
on milestones, performance metrics, and resource needs. The plan
includes key milestone dates for the 60 systems/programs identified
(such as the Defense Travel System), but it does not show specific
dates for terminating or migrating many legacy systems (such as the
Cash Reconciliation System), and it does not include milestone dates
for some ongoing programs (such as the Navy Tactical Command Support
System). Similarly, although the plan includes performance metrics for
some systems,[Footnote 22] it does not include for each system measures
and metrics, focused on benefits or mission outcomes that can be linked
to the plan's strategic goals. In addition, according to program
officials, the resource needs in the transition plan for some programs
are not current, as these needs are reflective of the fiscal year 2006
budget, which was developed before a recent reevaluation of how these
programs will fit into the "To Be" environment.
Our preliminary work also suggests that in addition to the limitations
just described, the plan may be missing relevant context and be
inconsistent with the architecture in various ways. For example, it
identifies 60 systems as target systems (for example, the Defense Cash
Accountability System), but the "To Be" architecture appears to include
only 23 of these. In addition, the plan includes a list of 66 systems
that are characterized as nonpriority enterprise or component programs
that will be part of the target architecture, but the target
architecture does not appear to identify all these systems.
According to DOD officials, the transition plan is evolving, and any
limitations will be addressed in future iterations of the plan. They
also stated that the department has taken an incremental approach to
developing a transition plan, and that the plan, as constrained by the
scope of Version 3.0 of the architecture, satisfies the intent of the
act's requirements.
As with the architecture, we support an incremental development
approach. Moreover, this plan represents DOD's first ever enterprise
transition plan, and thus constitutes progress. However, questions
remain as to whether it is of sufficient scope and content to
effectively and efficiently manage the disposition of the department's
existing inventory of systems or to sequence the introduction of
modernized business operations and supporting systems.
Fiscal Year 2006 IT Budget Submission:
The fiscal year 2005 defense authorization act specifies information
that the department is to incorporate in its IT budget request for
fiscal year 2006 and each fiscal year thereafter. Generally, the act
states that each budget request for business systems must:
11. Identify each defense business system for which funding is being
requested.
12. Provide information on all funds, by appropriation, for each
business system, including funds by appropriation specifically for
current services (Operation and Maintenance) and systems modernization
(Procurement; Research, Development, Test and Evaluation; and Defense
Working Capital Fund).
13. Identify the designated approval authority for each business
system.
On the basis of our preliminary work, it appears that DOD's fiscal year
2006 IT budget submission may partially satisfy these conditions. For
example, although the fiscal year 2006 budget may not identify each
business system for which funding is requested, DOD is taking steps to
ensure that subsequent fiscal year budget requests are more
comprehensive. This situation arose because DOD's fiscal year 2006
budget submission was submitted in February 2005, when the department
did not yet have a single inventory of all of its business systems. As
a result, DOD officials could not guarantee that all business systems
were included in the submission. Currently, the department is updating
its single database for its inventory of business systems, as we had
recommended,[Footnote 23] which is scheduled to be completed by
September 30, 2006. Finally, DOD officials stated that the fiscal year
2007 IT budget submission will be derived from a separate DOD
authoritative IT budget database.
There may be additional areas of uncertainty regarding the completeness
of DOD's IT budget submission. One source of uncertainty is
inconsistencies in the way that DOD classifies systems: as business
systems or as national security systems.[Footnote 24] For example, as
we previously reported,[Footnote 25] DOD reclassified 56 systems in its
fiscal year 2005 budget request from business systems to national
security systems, resulting in a decrease of approximately $6 billion
in the fiscal year 2005 budget request for business systems and related
infrastructure. Similarly, in the fiscal year 2006 submission, 13
systems previously classified as business systems were reclassified as
national security systems, and 10 systems previously classified as
national security systems were reclassified as business systems. We
understand that DOD is currently reviewing its reclassifications.
Our preliminary work also indicates that DOD may not have ensured that
budget requests for all business systems identify the type of funding-
-by appropriation--being requested and whether the funding was for
current services or modernization. In the fiscal year 2006 budget
submission, systems identified are categorized by the type of funding
(appropriation) being requested and whether the funding is for current
services or modernization; however, not all systems may be
identifiable. In particular, it is not clear what is covered by one
funding type or category referred to as "All Other." For fiscal year
2006, this category totaled about $1.2 billion and included, for
example, about $22.6 million specifically for financial management.
According to DOD officials,[Footnote 26] this category in the IT budget
includes system projects that do not have to be identified by name
because they fall below the $2 million reporting threshold for
budgetary purposes.
Finally, our preliminary work indicates that DOD's fiscal year 2006 IT
budget submission identifies the designated approval authority for most
systems, but not all. In particular, the approval authorities for 57
systems in the submission were not apparent. For example, the Navy's C2
On-the-Move Network Digital Over-the-Horizon Relay system and the
Defense Commissary Agency's Enterprise Business System have a
designated approval authority of "Other."
Full compliance with the act's conditions relative to budgetary
disclosure is an important enabler of informed budgetary decision
making and oversight. Without such disclosure, whether incorrect system
classification, or mere oversights, the department's efforts to improve
its control and accountability over its business systems investments
are hindered, and the department and the Congress are constrained in
their ability to effectively monitor and oversee the billions of
dollars spent annually to maintain, operate, and modernize DOD's
business systems.
Investment Review and Approval Requirements:
The fiscal year 2005 defense authorization act specifies actions that
the department is to take regarding the review and approval of
investments in business systems. Generally, the act sets up three
requirements for the department:
* Delegate the authority and accountability for defense business
systems to designated approval authorities within the Office of the
Secretary of Defense.
* By March 15, 2005, require each approval authority to establish an
investment review process to review the planning, design, acquisition,
development, deployment, operation, maintenance, modernization, and
project cost benefits and risks of all defense business systems for
which the approval authority is responsible.
* Effective October 1, 2005, obligate funds for a defense business
system modernization project with total cost exceeding $1 million after
the approval authority designated for that system certifies to the
Defense Business Systems Management Committee (DBMSC) that the system
project meets specific conditions that are called for in the act, and
the certification by the approval authority is approved by the DBSMC.
On the basis of our preliminary work, it appears that DOD has satisfied
some aspects of these conditions, and is potentially in the process of
satisfying other aspects. First, on March 19, 2005, the Acting Deputy
Secretary of Defense issued a memorandum that delegated the authority
for the review, approval, and oversight of planning, design,
acquisition, deployment, operation, maintenance, and modernization of
the department's business systems. Designation of these approval
authorities is consistent with the act. Further, our research and
evaluations, as reflected in the guidance that we have issued, shows
that clear assignment of senior executive investment management
responsibilities and accountabilities are key aspects of having an
effective institutional approach to IT investment management.
Second, DOD has established investment review structures and processes,
including a hierarchy of investment review boards with representation
from across the department, as well as a standard set of investment
review and decision-making criteria for these boards to use to ensure
compliance and consistency with the business enterprise architecture.
Further, the DBSMC was chartered in February 2005 as the highest
ranking system modernization governance body, as required by the
act.[Footnote 27] Further, DOD has designated the chair and membership
of the boards consistent with the act, and all but one of designated
approval authorities have established investment review boards for
their areas of responsibility, which the act requires each to do. The
one approval authority that does not appear to have established a
review process is the Assistant Secretary of Defense (Networks and
Information Integration)/Chief Information Officer.
To support its investment review structures, DOD has also established
investment review processes that include, among other things, the use
of business enterprise architecture compliance procedures, common
decision criteria, threshold criteria to ensure appropriate levels of
review and accountability. Notwithstanding these investment review
structures and processes, it remains uncertain to what extent DOD
components have established similar investment review bodies and will
adopt common investment review and decision-making processes. DOD
components are expected to establish their own structures and
processes. Under the department's concept of "tiered accountability,"
significant responsibility and accountability for business system
investments is to reside with the military services and defense
agencies. The extent to which the components establish and consistently
implement common investment management structures and processes is
important, because doing so is a best practice. Without such structures
and processes, investment decisions could potentially perpetuate the
existence of overly complex, error-prone, nonintegrated system
environments and limit introduction of corporate solutions to long-
standing business problems.
Finally, our preliminary work indicates that the department is in the
process of ensuring that defense business system
modernizations[Footnote 28] costing greater than $1 million are
certified and approved in accordance with the act. Specifically, the
department has identified 210 systems with costs greater than $1
million, thus requiring certification and approval. Of these 210, DOD
reports that 166 were certified and approved in accordance with the act
before September 30, 2005. This means that 44 were not, and according
to the act, the department cannot make further obligations for any of
these other than with funding left over from previous fiscal years,
until they are certified and approved.
One potential issue with regard to the department's system
certification and approval efforts to date is whether it has identified
all business system modernizations with costs greater than $1 million.
Doing this requires, among other things, proper classification of
systems as national security systems or as business systems. If a
business system is improperly classified, it may not be reviewed,
certified, and approved in accordance with the act. As stated earlier,
questions persist regarding whether the department has properly
classified all business systems as such.
Another potential issue is whether DOD has followed the act's criteria
for DBSMC review and approval in all of the aforementioned 166 systems.
Specifically, it appears that the DBSMC approved the certification of
at least six business systems in August 2005 that had been previously
reviewed in accordance with earlier criteria;[Footnote 29] however, the
current criteria under the act do not provide for the DBSMC to approve
a certification based upon such previous certification. According to
DOD officials, these six systems will go through the current review
process no later than February 2006. In addition to these six, DOD
officials told us that several other systems investments, which were
certified and approved on the grounds that they were mission
essential,[Footnote 30] will also be resubmitted for DBSMC approval.
DOD's Business Transformation Agency Could Help Strengthen Systems
Modernization Management and Oversight if it is Effectively
Implemented:
On October 7, 2005, DOD established the Business Transformation Agency
(BTA) to advance defense-wide business transformation efforts in
general but particularly with regard to business systems modernization.
BTA reports directly to the vice chair of the DBMSC.[Footnote 31] Among
other things, BTA includes an acquisition executive who is to be
responsible for 28 DOD-wide business projects, programs, systems, and
initiatives. In addition, the BTA is to be responsible for integrating
and supporting the work of the Office of the Secretary of Defense (OSD)
principal staff assistants, who include the approval authorities that
chair the business system investment review boards.
In our view, BTA offers potential benefits relative to the department's
business systems modernization efforts, if the agency can be properly
organized, resourced, and empowered to effectively execute its roles
and responsibilities, and if it is held accountable for doing so. In
this regard, the agency faces a number of challenges as described
below.
According to DOD, this agency is expected to have a functioning
acquisition organization by November 21, 2005. While such a timeline is
daunting in and of itself, it is particularly challenging given that
DOD is estimating up to 12 months to establish a permanent director.
Moreover, there are numerous key acquisition functions that would need
to established and made operational to effectively assume 28 DOD-wide
projects, programs, systems, and initiatives, and our experience across
the government shows that these functions can take considerable time to
establish.
Among other things, the agency is to be responsible for ensuring
consistency and continuity across the department's core business
missions with respect to, for example, business process re-engineering
and related business system matters. While the agency should be able to
accomplish this relative to the DOD-wide efforts that it can control,
it does not appear to have the requisite authority to carry out this
responsibility relative to DOD component system investments, which it
does not have investment control over. At best, the agency will be able
to support the DBMSC in its efforts to ensure such consistency and
continuity.
As currently structured, the agency does not include support to an OSD
principal staff assistant and approval authority--the Assistant
Secretary of Defense for Networks Integration and Infrastructure, who
is responsible for DOD information technology infrastructure, such as
wide-area networks, local-area networks, telecommunications, and
security services. In addition, the agency's relationship to the
Defense Information Systems Agency, which is also responsible for
certain DOD-wide system capabilities and services, is not specified. As
the department moves forward with implementing this new agency, it will
important for it to address these issues.
Effective DOD Business Transformation Will Require Broader Focus than
Recently Launched Business Systems Modernization Management Structures
and Activities:
For DOD to successfully transform its overall business operations, it
will need senior level management accountability, a comprehensive and
integrated business transformation plan that covers all of its key
business functions; people with needed skills, knowledge, experience,
responsibility, and authority to implement the plan; an effective
process and related tools; and results-oriented performance measures
that link institutional, unit, and individual performance goals and
expectations to promote accountability for results. Over the last 3
years, GAO has made several recommendations that if implemented
successfully could help DOD move forward in establishing the means to
successfully address the challenges it faces in transforming its
business operations. For example, as the Comptroller General testified
before this subcommittee earlier this year, DOD needs a full-time CMO
position, created through legislation, with responsibility and
authority for DOD's overall business transformation efforts.[Footnote
32] The CMO must be a person with significant authority and experience
who would report directly to the Secretary of Defense. Given the nature
and complexity of the overall business transformation effort, and the
need for sustained attention over a significant period of time, this
position should be a term appointment and the person should be subject
to a performance contract.
The Secretary of Defense, Acting Deputy Secretary of Defense, and other
senior leaders have clearly shown commitment to business transformation
and addressing deficiencies in the Department's business operations. As
I discussed earlier, DOD has taken several actions, including setting
up the DBSMC, publishing a business enterprise transition plan and most
recently, establishing the Business Transformation Agency. Moreover,
DOD is examining various aspects of its business operations as part of
the ongoing Quadrennial Defense Review. While these management
structures and plan are positive steps, their primary focus, at this
point, appears to be on business systems modernization. Clearly,
maintaining effective and modern business systems is a key enabler to
transformation. However, business transformation is much broader and
encompasses not only the supporting systems, but also the planning,
management, organizational structures, and processes related to all
DOD's major business areas. Such areas include support infrastructure
management, human capital management, financial management, weapon
systems acquisition, contract management, planning and budgeting, and
supply chain management. Recognizing that DOD is continuing to evolve
its efforts to plan and organize itself to achieve business
transformation, critical to the success of these efforts will be
management attention and structures that focus on transformation from a
broad perspective and a clear strategic and integrated plan that, at a
summary level, addresses all of the department's major business areas.
This strategic plan should contain results-oriented performance
measures that link institutional, unit, and individual goals, measures
and expectations, and would be instrumental in establishing investment
priorities and guiding the department's resource decisions.
Finally, the lynchpin to ensure successful business transformation is
the presence of strong and sustained executive leadership with
appropriate responsibility, authority, and accountability. The central
authority we had envisioned to allow for strong and sustained executive
leadership over DOD's business management reform efforts is a full-
time, executive-level II position for a CMO, who would serve as the
Deputy Secretary of Defense for Management. This position would divide
and institutionalize the functions of the Deputy Secretary of Defense
by creating a separate Deputy Secretary of Defense for Management. As
we envision it, the CMO would feature a term of office that spans
administrations, which would serve to underscore the importance of
taking a professional, nonpartisan, institutional, and sustainable
approach to the overall business transformation effort. As I understand
it, DOD's position is that the Acting Deputy Secretary of Defense, who
also serves as the chair of the DBSMC, has the requisite position,
authority, and purview to perform the functions of a CMO. Under the
Acting Deputy's leadership, DOD expects to be able to demonstrate
progress towards achieving business reform. Comptroller General Walker
continues to believe a CMO is necessary to provide the sustained
leadership needed to achieve true business transformation. In light of
DOD's position, we would encourage the Subcommittee to require DOD to
periodically report on its efforts, including describing the specific
goals and measures against which it is measuring its progress in
achieving business reform.
In closing, the department as made important progress in the last 6
months in establishing the kind of business systems modernization
management capabilities that our research and evaluations show are
essential to a successful modernization program--namely, an
architecture, a transition plan, and system investment decision-making
structures and processes. But more needs to be done to complete each of
these areas, and most importantly, to ensure that they are reflected in
how each and every business system investment is managed. While the new
business transformation agency can help get this done, much remains to
be accomplished before this agency is functioning as intended. Beyond
systems modernization, overall business transformation remains a major
challenge. The creation of a CMO position, and the development of a
strategic transformation plan to integrate and guide the department's
people, process, and technology change initiatives, would go a long way
in helping the department meet this challenge.
Mr. Chairman and Members of the Subcommittee, this concludes my
prepared statement. I would be happy to answer any questions you may
have at this time.
FOOTNOTES
[1] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.
January 2005).
[2] S.780, 109TH Cong., 1st Sess. introduced in the U.S. Senate on
April 15, 2005, would create a statutory Chief Management Officer.
[3] The E-Government Act of 2002, Pub. L. No. 107-347, § 101(a), 116
Stat. 2899, 2903-05, (Dec. 17, 2002), Sec 44 U.S.C. § 3602 (e), (f).
[4] See, for example, GAO, Homeland Security: Efforts Under Way to
Develop Enterprise Architecture, but Much Work Remains, GAO-04-777
(Washington, D.C. Aug. 6, 2004); DOD Business Systems Modernization:
Limited Progress in Development of Business Enterprise Architecture and
Oversight of Information Technology Investments, GAO-04-731R
(Washington, D.C. May 17, 2004); and Information Technology:
Architecture Needed to Guide NASA's Financial Management Modernization,
GAO-04-43 (Washington, D.C. Nov. 21, 2003).
[5] The Clinger-Cohen Act of 1996, 40 U.S.C. sections 11101-11704. This
act expanded the responsibilities of OMB and the agencies that had been
set under the Paperwork Reduction Act, which requires that agencies
engage in capital planning and performance and results-based
management. 44 U.S.C. § 3504(a)(1)(B)(vi) (OMB); 44 U.S.C. § 3506(h)(5)
(agencies)
[6] We have made recommendations to improve OMB's process for
monitoring high-risk IT investments; see GAO, Information Technology:
OMB Can Make More Effective Use of Its Investment Reviews, GAO-05-276
(Washington, D.C. Apr. 15, 2005).
[7] This policy is set forth and guidance is provided in OMB Circular
No. A-11 (section 300) and in OMB's Capital Programming Guide, which
directs agencies to develop, implement, and use a capital programming
process to build their capital asset portfolios.
[8] GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity, GAO-04-394G (Washington, D.C.
March 2004).
[9] GAO, Information Technology: Architecture Needed to Guide
Modernization of DOD's Financial Operations, GAO-01-525 (Washington,
D.C. May 17, 2001);DOD Business Systems Modernization: Improvements to
Enterprise Architecture Development and Implementation Efforts Needed,
GAO-03-458 (Washington, D.C. Feb. 28, 2003); Information Technology:
Observations on Department of Defense's Draft Enterprise Architecture,
GAO-03-571R (Washington, D.C. Mar. 28, 2003); Business Systems
Modernization: Summary of GAO's Assessment of the Department of
Defense's Initial Business Enterprise Architecture, GAO-03-877R
(Washington, D.C. July 7, 2003); DOD Business Systems Modernization:
Important Progress Made to Develop Business Enterprise Architecture,
but Much Work Remains, GAO-03-1018 (Washington, D.C. Sept. 19, 2003);
DOD Business Systems Modernization: Limited Progress in Development of
Business Enterprise Architecture and Oversight of Information
Technology Investments, GAO-04-731R (Washington, D.C. May 17, 2004).
[10] GAO, DOD Business Systems Modernization: Billions Being Invested
without Adequate Oversight, GAO-05-381 (Washington, D.C. Apr. 29,
2005); DOD Business Systems Modernization: Long-standing Weaknesses in
Enterprise Architecture Development Need to Be Addressed, GAO-05-702
(Washington, D.C. July 22, 2005).
[11] Bob Stump National Defense Authorization Act for Fiscal Year 2003,
Pub. L. No. 107-314, § 1004, 116 Stat. 2458, 2629-2631 (Dec. 2, 2002).
[12] See GAO, Defense Management: Key Elements Needed to Successfully
Transform DOD Business Operations, GAO-05-629T (Washington, D.C. Apr.
28, 2005).
[13] Ronald W. Reagan National Defense Authorization Act for Fiscal
Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct.
28, 2004) (codified in part at 10 U.S.C. § 2222).
[14] Approval authorities include the Under Secretary of Defense for
Acquisition, Technology, and Logistics; the Under Secretary of Defense
(Comptroller); the Under Secretary of Defense for Personnel and
Readiness; and the Assistant Secretary of Defense for Networks and
Information Integration/Chief Information Officer of the Department of
Defense. These approval authorities are responsible for the review,
approval, and oversight of business systems and must establish
investment review processes for systems under their cognizance.
[15] Ronald W. Reagan National Defense Authorization Act for Fiscal
Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-1856 (Oct.
28, 2004) (codified in part at 10 U.S.C. § 2222).
[16] The Department of Defense Architecture Framework recommends that
the architecture include 23 of the 26 possible architecture products to
meet the department's stated intention to use the architecture as the
basis for departmentwide business and systems modernization.
[17] DOD, Department of Defense Architecture Framework, Version 1.0,
Volume 1 (August 2003) and Volume 2 (February 2004).
[18] JFMIP was a joint and cooperative undertaking of the Department of
the Treasury, GAO, the Office of Management and Budget (OMB), and the
Office of Personnel Management (OPM), working in cooperation with each
other and other federal agencies to improve financial management
practices in the federal government. Leadership and program guidance
were provided by the four Principals of JFMIP--the Secretary of the
Treasury, the Comptroller General of the United States, and the
Directors of OMB and OPM. Although JFMIP ceased to exist as a stand-
alone organization as of December 1, 2004, the JFMIP Principals will
continue to meet at their discretion.
[19] The United States Standard General Ledger provides a uniform Chart
of Accounts and technical guidance to be used in standardizing federal
agency accounting.
[20] DOD components include the military services, defense agencies,
and field activities.
[21] DOD, Expeditionary Combat Support System Sources Sought Synopsis
(May 10, 2004).
[22] For example, for DOD's military personnel and pay system, the
Defense Integrated Military Human Resources System (DIMHRS), the plan
cites a goal of reducing manual workarounds for military pay by 9
percent.
[23] GAO, DOD Business Systems Modernization: Billions Continue to Be
Invested with Inadequate Management Oversight and Accountability, GAO-
04-615 (Washington, D.C. May 27, 2004).
[24] National security systems are intelligence systems, cryptologic
activities related to national security, military command and control
systems, and equipment that is an integral part of a weapon or weapons
system or is critical to the direct fulfillment of military or
intelligence missions.
[25] GAO-05-381.
[26] GAO-04-615.
[27] See 10 U.S.C. § 186.
[28] The term 'defense business system modernization' is defined in 10
U.S.C. § 2222(j) (3) as "(A) the acquisition or development of a new
defense business system; or (B) any significant modification or
enhancement of an existing defense business system (other than
necessary to maintain current services)."
[29] The six systems were reviewed under the criteria set forth in the
fiscal year 2003 defense authorization act.
[30] See 10 U.S.C. § 2222 (a)(1)(C).
[31] The vice chair of the DBSMC is the Under Secretary of Defense for
Acquisition, Technology and Logistics.
[32] S.780, 109TH Cong., 1st Sess. introduced in the U.S. Senate on
April 15, 2005, would create a statutory Chief Management Officer.
