DOD Business Systems Modernization

Navy ERP Adherence to Best Business Practices Critical to Avoid Past Failures Gao ID: GAO-05-858 September 29, 2005

The Department of Defense's (DOD) difficulty in implementing business systems that are efficient and effective continues despite the billions of dollars that it invests each year. For a decade now--since 1995--we have designated DOD's business systems modernization as "high-risk." GAO was asked to (1) provide a historical perspective on the planning and costs of the Navy's four Enterprise Resource Planning (ERP) pilot projects, and the decision to merge them into one program; (2) determine if the Navy has identified lessons from the pilots, how the lessons are being used, and challenges that remain; and (3) determine if there are additional best business practices that could be used to improve management oversight of the Navy ERP.

The Navy invested approximately $1 billion in four ERP pilots without marked improvement in its day-to-day operations. The planning for the pilots started in 1998, with implementation beginning in fiscal year 2000. The four pilots were limited in scope and were not intended to be corporate solutions for any of the Navy's long-standing financial and business management problems. Furthermore, because of the various inconsistencies in the design and implementation of the pilots, they were not interoperable, even though they performed many of the same business functions. In short, the efforts were failures and $1 billion was largely wasted. Because the pilots would not meet its overall requirements, the Navy decided to start over and develop a new ERP system, under the leadership of a central program office. Using the lessons learned from the pilots, the current Navy ERP program office has so far been committed to the disciplined processes necessary to manage this effort. GAO found that, unlike other systems projects it has reviewed at DOD and other agencies, Navy ERP management is following an effective process for identifying and documenting requirements. The strong emphasis on requirements management, which was lacking in the previous efforts, is critical since requirements represent the essential blueprint that system developers and program managers use to design, develop, test, and implement a system and are key factors in projects that are considered successful. While the Navy ERP has the potential to address some of the Navy's financial management weaknesses, as currently planned, it will not provide an all-inclusive end-to-end corporate solution for the Navy. For example, the current scope of the ERP does not include the activities of the aviation and shipyard depots. Further, there are still significant challenges and risks ahead as the project moves forward, such as developing and implementing 44 system interfaces with other Navy and DOD systems and converting data from legacy systems into the ERP system. The project is in its early phases, with a current estimated completion date of 2011 at an estimated cost of $800 million. These estimates are subject to, and very likely will, change. Broader challenges, such as alignment with DOD's business enterprise architecture, which is not fully defined, also present a significant risk. Given DOD's past inability to implement business systems that provide the promised capability, continued close management oversight--by the Navy and DOD--will be critical. In this regard, the Navy does not have in place the structure to capture quantitative data that can be used to assess the effectiveness of the overall effort. Also, the Navy has not established an independent verification and validation (IV&V) function. Rather, the Navy is using in-house subject matter experts and others within the project. Industry best practices indicate that the IV&V activity should be independent of the project and report directly to agency management in order to provide added assurance that reported results on the project's status are unbiased.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


GAO-05-858, DOD Business Systems Modernization: Navy ERP Adherence to Best Business Practices Critical to Avoid Past Failures This is the accessible text file for GAO report number GAO-05-858 entitled 'DOD Business Systems Modernization: Navy ERP Adherence to Best Business Practices Critical to Avoid Past Failures' which was released on October 31, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: September 2005: DOD Business Systems Modernization: Navy ERP Adherence to Best Business Practices Critical to Avoid Past Failures: GAO-05-858: GAO Highlights: Highlights of GAO-05-858, a report to congressional requesters: Why GAO Did This Study: The Department of Defense‘s (DOD) difficulty in implementing business systems that are efficient and effective continues despite the billions of dollars that it invests each year. For a decade now”since 1995”we have designated DOD‘s business systems modernization as ’high-risk.“ GAO was asked to (1) provide a historical perspective on the planning and costs of the Navy‘s four Enterprise Resource Planning (ERP) pilot projects, and the decision to merge them into one program; (2) determine if the Navy has identified lessons from the pilots, how the lessons are being used, and challenges that remain; and (3) determine if there are additional best business practices that could be used to improve management oversight of the Navy ERP. What GAO Found: The Navy invested approximately $1 billion in four ERP pilots without marked improvement in its day-to-day operations. The planning for the pilots started in 1998, with implementation beginning in fiscal year 2000. The four pilots were limited in scope and were not intended to be corporate solutions for any of the Navy‘s long-standing financial and business management problems. Furthermore, because of the various inconsistencies in the design and implementation of the pilots, they were not interoperable, even though they performed many of the same business functions. In short, the efforts were failures and $1 billion was largely wasted. Because the pilots would not meet its overall requirements, the Navy decided to start over and develop a new ERP system, under the leadership of a central program office. Using the lessons learned from the pilots, the current Navy ERP program office has so far been committed to the disciplined processes necessary to manage this effort. GAO found that, unlike other systems projects it has reviewed at DOD and other agencies, Navy ERP management is following an effective process for identifying and documenting requirements. The strong emphasis on requirements management, which was lacking in the previous efforts, is critical since requirements represent the essential blueprint that system developers and program managers use to design, develop, test, and implement a system and are key factors in projects that are considered successful. While the Navy ERP has the potential to address some of the Navy‘s financial management weaknesses, as currently planned, it will not provide an all-inclusive end-to-end corporate solution for the Navy. For example, the current scope of the ERP does not include the activities of the aviation and shipyard depots. Further, there are still significant challenges and risks ahead as the project moves forward, such as developing and implementing 44 system interfaces with other Navy and DOD systems and converting data from legacy systems into the ERP system. The project is in its early phases, with a current estimated completion date of 2011 at an estimated cost of $800 million. These estimates are subject to, and very likely will, change. Broader challenges, such as alignment with DOD‘s business enterprise architecture, which is not fully defined, also present a significant risk. Given DOD‘s past inability to implement business systems that provide the promised capability, continued close management oversight”by the Navy and DOD”will be critical. In this regard, the Navy does not have in place the structure to capture quantitative data that can be used to assess the effectiveness of the overall effort. Also, the Navy has not established an IV&V function. Rather, the Navy is using in-house subject matter experts and others within the project. Industry best practices indicate that the IV&V activity should be independent of the project and report directly to agency management in order to provide added assurance that reported results on the project‘s status are unbiased. What GAO Recommends: GAO makes three recommendations to DOD: (1) develop and implement the quantitative metrics needed to evaluate project performance and risks and use the metrics to assess progress and compliance with disciplined processes, (2) establish an independent verification and validation (IV&V) function and direct that all IV&V reports be provided to Navy management and the appropriate DOD investment review board, and (3) institute semiannual reviews of the program. DOD generally agreed with our recommendations. www.gao.gov/cgi-bin/getrpt?GAO-05-858. To view the full product, including the scope and methodology, click on the link above. For more information, contact Gregory Kutz at (202) 512- 9505 or Keith Rhodes at (202) 512-6412. [End of section] Contents: Letter: Results in Brief: Background: Navy's Pilot Projects Lacked Coordinated Management Oversight: Requirements Management Process Effective, but Implementation Challenges and Risks Remain: Additional Actions Can be Taken to Improve Management Oversight of the Navy ERP Effort: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Scope and Methodology: Appendix II: Comments from the Department of Defense: Appendix III: Identification of the Navy and Defense Systems That Must Interface with the ERP: Appendix IV: GAO Contacts and Acknowledgments: Tables: Table 1: Navy ERP Pilot Projects: Table 2: Functions Performed by the Pilot Projects: Table 3: Documentation for Detailed Requirements: Figures: Figure 1: Percent of Effort Associated with Undisciplined Projects: Figure 2: Relationship between Requirements Development and Testing: Figure 3: Navy ERP Required System Interfaces: Letter September 29, 2005: Congressional Requesters: The Department of Defense (DOD) has historically been unable to develop and implement business systems on time, within budget, and with the promised capability. As noted in our recent report,[Footnote 1] this difficulty continues despite the billions of dollars that DOD spends each year to operate, maintain, and modernize its currently reported 4,150 business systems. For fiscal year 2005, the department requested $13 billion for its existing business systems environment. For a decade now--since 1995--we have designated DOD's financial management and business systems modernization as "high-risk." In fact, of the 25 areas on GAO's governmentwide "high-risk" list, 8 are DOD specific program areas, and the department shares responsibility for 6 other high-risk areas that are governmentwide in scope.[Footnote 2] DOD has recognized the importance of transforming its business operations and systems to make them more efficient and effective in support of the department's defense mission. A critical aspect of the department's transformation effort will be its ability to effectively implement business systems on time, within budget, and with the promised capability. This report responds to your request for information on DOD's management of selected facets of its business modernization efforts that are intended to enhance the department's reporting on its results of operation. As agreed with your offices, we selected the Department of the Navy's (Navy) Enterprise Resource Planning (ERP) program,[Footnote 3] initially created as four pilot projects and now being pursued as a consolidated effort, to review and determine if it will help to resolve some of the Navy's long-standing financial and business management problems. The Navy expects the ERP to be fully operational by fiscal year 2011. It is currently estimated that for fiscal years 2004-2011, the program will cost approximately $800 million. When fully operational, the Navy reports that the ERP will manage an estimated 80 percent of its appropriated funds.[Footnote 4] Our objectives were to (1) provide a historical perspective on the planning and costs of the Navy's four ERP pilot projects, and the decision to merge them into one program; (2) determine if the Navy has identified lessons from the pilots, how the lessons are being used, and the challenges that remain; and (3) determine if there are additional best business practices that could be used to improve management oversight of the Navy ERP. To obtain a historical perspective on the planning and costs of the Navy's four ERP pilot projects, and the decision to merge them into one program, we reviewed DOD's budget justification materials and other background information on the four pilot projects and met with program management and DOD Chief Information Officer (CIO) officials. Additionally, we reviewed project documentation provided by DOD and held discussions with program management officials related to two key processes--requirements management and testing--to determine if these key aspects of program management were being performed and if the system is being designed to help address some of Navy's long-standing management problems. Further, we reviewed relevant industry standards and best practices, and interviewed and requested documentation from the Navy ERP to determine whether there are additional best business practices that could appropriately be used to improve management oversight of the ERP. Given that this effort is still in the early stages of development, we did not evaluate all best practices. Rather, we concentrated on those that could have an immediate impact in improving management's oversight. Our work was performed from August 2004 through June 2005 in accordance with U.S. generally accepted government auditing standards. Details on our scope and methodology are included in appendix I. We requested comments on a draft of this report from the Secretary of Defense or his designee. Written comments from the Deputy Under Secretary of Defense (Financial Management) and the Deputy Under Secretary of Defense (Business Transformation) are reprinted in appendix II. Results in Brief: The Navy has invested approximately $1 billion in its four pilot ERP efforts, without marked improvement in its day-to-day operations. The four pilots were limited in scope and were not intended to be a corporate solution for resolving any of the Navy's long-standing financial and business management problems. Because of the various inconsistencies in the design and implementation, the pilots were not interoperable, even though they performed many of the same business functions. The lack of a coordinated effort among the pilots led to a duplication of efforts in implementing many business functions and resulted in ERP solutions that carry out similar functions in different ways from one another. In essence, the pilots resulted in four more DOD stovepiped systems that did not enhance DOD's overall efficiency and resulted in $1 billion being largely wasted. Because the pilots were stovepiped, limited within the scope of their respective commands, and not interoperable, they did not transform the Navy's business operations. As a result, under the leadership of a central program office--something that was lacking in the pilots--the Navy decided to start over and undertake the development and implementation of a single ERP system. Using the lessons learned from the pilots, the current Navy ERP program office has so far demonstrated a commitment to the disciplined processes necessary to manage this effort and reduce the risks associated with system implementation. Specifically, we found that, unlike other reviews we have performed at DOD and other agencies, the Navy ERP program office is following an effective process for identifying and documenting requirements.[Footnote 5] Requirements represent the essential blueprint that system developers and program managers use to design, develop, test, and implement a system. While the Navy ERP has the potential to address some of the Navy's financial management weaknesses, its current planned functionality will not provide an all-inclusive end-to-end corporate solution for the Navy. For example, the current scope of the ERP does not provide for real-time asset visibility of shipboard inventory. Asset visibility has been and continues to be a long-standing problem within the department. The scope of the current effort is much larger than the pilots. The system is intended to manage an estimated 80 percent of the Navy's appropriated funds, according to the Navy ERP program office. The project has a long way to go, with a current estimated completion date of 2011, at an estimated cost of $800 million. These estimates are very likely to change, given (1) the Navy ERP's relatively early phase of development and (2) DOD's past history of not implementing systems on time and within budget. The project faces numerous significant challenges and risks that must be dealt with as the project moves forward. For example, 44 system interfaces[Footnote 6] with other Navy and DOD systems must be developed and implemented. Long-standing problems regarding the lack of integrated systems and use of nonstandard data within DOD pose significant challenges and risks to a successful Navy ERP interface with these systems. Testing the system interfaces in an end-to-end manner is necessary in order for the Navy to have reasonable assurance that the ERP will be capable of providing the intended functionality. Another challenge and risk is the Navy's ability to convert the necessary data from its legacy systems into the ERP system. Data conversion is one of the critical tasks necessary to successfully implement a new financial system. If data conversion is done right, the new system has a much greater opportunity for success. On the other hand, converting data incorrectly or entering unreliable data from a legacy system has lengthy and long-term repercussions. The adage "garbage in, garbage out" best describes the adverse impact of inadequate data conversion efforts. A broader challenge and risk that is out of the Navy ERP project's control, but could significantly affect it, is DOD's development of a business enterprise architecture (BEA).[Footnote 7] An enterprise architecture consists of snapshots of the enterprise's current environment and its target environment, as well as a capital investment road map for transitioning from the current to the target environment. The real value of an enterprise architecture is that it provides the necessary content for guiding and constraining system investments in a way that promotes interoperability and minimizes overlap and duplication. As we have recently reported,[Footnote 8] DOD's BEA still lacks many of the key elements of a well-defined architecture, and no basis exists for evaluating whether the Navy ERP will be aligned with the BEA and whether it would be a corporate solution for DOD in its "To Be" or target environment. At this time, it is unknown what the target environment will be. Therefore, it is unknown what business processes, data standards, and technological standards the Navy ERP must align to, as well as what legacy systems will be transitioned into the target environment. Developing a large-scale systems modernization program, such as the Navy ERP, without the context of an enterprise architecture poses risks of rework to comply with the BEA once it is fully defined. While we are encouraged by the Navy's management of the requirements process, other actions are needed to enhance management's oversight, both Navy and DOD, of the ERP effort. The Navy does not have in place the structure to capture quantitative data that can be used to assess the effectiveness of the overall effort. This information is necessary to understand the risk being assumed and whether the project will provide the desired functionality. Additionally, the Navy has not established an independent verification and validation (IV&V) function to provide an assessment of the Navy ERP to DOD and Navy management. Rather, the Navy is using in-house subject matter experts and others who report to the Quality Assurance team leader. Industry best practices indicate that IV&V activities should be conducted by individuals independent of the project and who report directly to agency management in order to provide added assurance that reported results on the project's status are unbiased. Since effective implementation of the disciplined processes has been shown to be a key indicator of whether a project has reduced its risk to acceptable levels, these management actions would provide increased confidence that the Navy ERP project is "on track." Considering that the project is still in its early stages of development and that there are significant challenges and high risks ahead, it is critical that mechanisms be in place to critically review the project at all stages to ensure it will result in improvements to the Navy's operations and alert the Navy and DOD if the project does not remain on schedule and within budget. Given the department's past history of not being able to successfully implement business systems on time and within budget, accountability is imperative. Thus, we are making three recommendations to the Secretary of Defense directed towards improving oversight over the Navy ERP. In its written comments on a draft of this report, DOD generally agreed with our recommendations. DOD agreed to develop quantitative metrics that can be used to evaluate the program and stated that the metrics would be developed by December 2005. While the department agreed with the recommendation to establish an IV&V, it noted that the IV&V would be within the project team and will report directly to the Navy ERP program manager. Additionally, while the department agreed with the intent of our recommendation that the Defense Business System Management Committee review the status of the Navy ERP on a semiannual basis, DOD noted that its tiered accountability structure, recently put in place to improve the control and accountability of business system investments, would provide the necessary oversight. In regard to the last two points, we continue to believe that providing the IV&V reports to the appropriate investment review board and instituting semiannual reviews by the Defense Business System Management Committee are the appropriate courses of action. Given (1) the Navy's initial estimate that the new ERP will cost at least $800 million and (2) the department's past difficulties in effectively developing and implementing business systems, substantive reviews that are focused just on the Navy ERP by the highest levels of management within the department are warranted so that management can act quicker rather than later if problems emerge. In its comments, the department took exception to our characterization of the pilots as failures and identified what it believes were achievements of the pilot programs. However, as discussed in the report, the pilots were limited in scope. Although they used the same software, inconsistencies in the design and implementation resulted in them not being interoperable. In essence, the department had four more stovepiped systems. The department's comments did not disagree with any of the above points. We characterized the pilots as failures because the department spent $1 billion on systems that did not result in marked improvement in the Navy's day-to-day operations. Furthermore, if there had been effective management oversight of the pilot programs at the outset, there would not have been a need to, in essence, start over with the Navy ERP. See the Agency Comments and Our Evaluation section of this report for a more detailed discussion of the agency comments. We have reprinted DOD's written comments in appendix II. Background: The Navy, with reported assets totaling $321 billion in fiscal year 2004,[Footnote 9] would be ranked among the largest corporations in the world if it were a private sector entity. According to the Navy, based upon the reported value of its assets, it would be ranked among the 15 largest corporations on the Fortune 500 list. Additionally, in fiscal year 2004 the Navy reported that its inventory was valued at almost $73 billion and that it held property, plant, and equipment with a reported value of almost $156 billion. Furthermore, the Navy reported for fiscal year 2004 that its operations involved total liabilities of $38 billion, that its operations had a net cost of $130 billion, and that it employed approximately 870,000 military and civilian personnel-- including reserve components.[Footnote 10] The primary mission of the Navy is to control and maintain freedom of the seas, performing an assortment of interrelated and interdependent business functions to support its military mission with service members and civilian personnel in geographically dispersed locations throughout the world. To support its military mission and perform its business functions, the Navy requested for fiscal year 2005 almost $3.5 billion for the operation, maintenance, and modernization of its business systems and related infrastructure--the most of all the DOD components- -or about 27 percent of the total $13 billion DOD fiscal year 2005 business systems budget request. Of the 4,150 reported DOD business systems, the Navy holds the largest inventory of business systems--with 2,353 reported systems or 57 percent of DOD's reported inventory of business systems. The Secretary of Defense recognized that the department's business operations and systems have not effectively worked together to provide reliable information to make the most effective business decisions. He challenged each military service to transform its business operations to support DOD's warfighting capabilities and initiated the Business Management Modernization Program (BMMP) in July 2001. Further, the Assistant Secretary of the Navy for Financial Management and Comptroller (Navy Comptroller) testified that transforming the Navy's business processes, while concurrently supporting the Global War on Terrorism, is a formidable but essential task.[Footnote 11] He stated that the goal of the transformation is to "establish a culture and sound business processes that produce high-quality financial information for decision making." One of the primary elements of the Navy's business transformation strategy is the Navy ERP. Recently Reported Business and Financial Weaknesses at the Navy: The need for business processes and systems transformation to provide management with timely information to make important business decisions is clear. However, none of the military services, including the Navy, have passed the scrutiny of an independent financial audit. Obtaining a clean (unqualified) financial audit opinion is a basic prescription for any well-managed organization, as recognized by the President's Management Agenda. For fiscal year 2004, the DOD Inspector General issued a disclaimer on the Navy's financial statements--Navy's General Fund and Working Capital Fund--citing eight material weaknesses[Footnote 12] and six material weaknesses[Footnote 13] respectively, in internal control and noncompliance with the Federal Financial Management Integrity Act of 1996 (FFMIA).[Footnote 14] The inability to obtain a clean financial audit opinion is the result of weaknesses in the Navy's financial management and related business processes and systems. Most importantly, the Navy's pervasive weaknesses have (1) resulted in a lack of reliable information to make sound decisions and report on the status of activities, including accountability of assets, through financial and other reports to the Navy and DOD management and the Congress; (2) hindered its operational efficiency; (3) adversely affected mission performance; and (4) left the Navy and DOD vulnerable to fraud, waste, and abuse, as the following examples illustrate. * The Navy's lack of detailed cost information hinders its ability to monitor programs and analyze the cost of its activities. We reported[Footnote 15] that the Navy lacked the detailed cost and inventory data needed to assess its needs, evaluate spending patterns, and leverage its telecommunications buying power. As a result, at the sites we reviewed, the Navy paid for telecommunications services it no longer required, paid too much for services it used, and paid for potentially fraudulent or abusive long-distance charges. In one instance, we found that DOD paid over $5,000 in charges for one card that was used to place 189 calls in one 24-hour period from 12 different cities to 12 different countries. * Ineffective controls over Navy foreign military sales using blanket purchase orders placed classified and controlled spare parts at risk of being shipped to foreign countries that may not be eligible to receive them. For example, we identified instances in which Navy country managers (1) overrode the system to release classified parts under blanket purchase orders without filing required documentation justifying the release; and (2) substituted classified parts for parts ordered under blanket purchase orders, bypassing the control-edit function of the system designed to check a country's eligibility to receive the parts.[Footnote 16] * The Naval Inventory Control Point and its repair contractors have not followed DOD and Navy procedures intended to provide the accountability for and visibility of inventory shipped to Navy repair contractors. Specifically, Navy repair contractors are not routinely acknowledging receipt of government-furnished material received from the Navy. A DOD procedure requires repair contractors to acknowledge receipt of government-furnished material that has been shipped to them from the Navy's supply system. However, Naval Inventory Control Point officials are not requiring repair contractors to acknowledge receipt of these materials. By not requiring repair contractors to acknowledge receipt of government-furnished material, the Naval Inventory Control Point has also departed from the procedure to follow up with the contractor within 45 days when the contractor fails to confirm receipt for an item. Without material receipt notification, the Naval Inventory Control Point cannot be assured that its repair contractors have received the shipped material. This failure to acknowledge receipt of material shipped to repair contractors can potentially impair the Navy's ability to account for shipments leading to possible fraud, waste, or abuse.[Footnote 17] * A limited Naval Audit Service audit revealed that 53 of 118 erroneous payment transactions, valued at more than $990,000, occurred because Navy certifying officials did not ensure accurate information was submitted to the Defense Finance and Accounting Service (DFAS) prior to authorizing payment. In addition, certifying officials submitted invoices to DFAS authorizing payment more than once for the same transaction.[Footnote 18] Brief Overview of Navy ERP: To address the need for business operations reform, in fiscal year 1998 the Navy established an executive committee responsible for creating a "Revolution in Business Affairs" to begin looking at transforming business affairs and identifying areas of opportunity for change. This committee, in turn, set up a number of working groups, including one called the Commercial Business Practices (CBP) Working Group,[Footnote 19] which consisted of representatives from financial management organizations across the Navy. This working group recommended that the Navy should use ERP as a foundation for change and identified various ERP initiatives that were already being developed or under consideration within the Navy. Ultimately, the Navy approved the continuation of four of these initiatives, using funds from existing resources from each of the sponsors (i.e., commands) to test the feasibility of ERP solutions within the Navy. From 1998 to 2003, four different Navy commands began planning, developing, and implementing four separate ERP pilot programs to address specific business areas. A CBP Executive Steering Group was created in December 1998 to monitor the pilot activities. As the pilots progressed in their development and implementation, the Navy identified issues that had to be addressed at a higher level than the individual pilots, such as the integration between the pilots as well as with other DOD systems, and decided that one program would provide a more enterprisewide solution for the Navy. In August 2002, the Assistant Secretary of the Navy for Research, Development, and Acquisition established a Navy-wide ERP program to "converge" the four ongoing pilots into a single program. This Navy-wide program is expected to replace all four pilots by fiscal year 2008 and to be "fully operational" by fiscal year 2011. The Navy estimates that the ERP will manage about 80 percent of the Navy's estimated appropriated funds--after excluding appropriated funds for the Marine Corps and military personnel and pay. Based on the Navy's fiscal years 2006 to 2011 defense planning budget, the Navy ERP will manage approximately $74 billion annually.[Footnote 20] According to a Navy ERP official, while the Navy ERP would account for the total appropriated amount, once transactions occur at the depots, such as when a work order is prepared for the repair of an airplane part, the respective systems at the depots will execute and maintain the detailed transactions. This accounts for about 2 percent, or approximately $1.6 billion, being executed and maintained in detail by the respective systems at the aviation and shipyard depots--not by the Navy ERP. The remaining 20 percent that the ERP will not manage comprises funds for the Navy Installations Command, field support activity, and others. Navy's Pilot Projects Lacked Coordinated Management Oversight: Each of the Navy's four ERP pilot projects was managed and funded by different major commands within the Navy. The pilots, costing over $1 billion in total, were limited in scope and were not intended to provide corporate solutions to any of the Navy's long-standing financial and business management problems. The lack of centralized management oversight and control over all four pilots allowed the pilots to be developed independently. This resulted in four more DOD stovepiped systems that could not operate with each other, even though each carried out many of the same functions and were based on the same ERP commercial-off-the-shelf (COTS) software. Moreover, due to the lack of high-level departmentwide oversight from the start, the pilots were not required to go through the same review process as other acquisition projects of similar magnitude. Pilots Developed Independently of Each Other: Four separate Navy organizations began their ERP pilot programs independently of each other, at different times, and with separate funding. All of the pilots implemented the same ERP COTS software, and each pilot was small in scale--relative to the entire Navy. For example, one of the pilots, SMART, was responsible for managing the inventory items and repair work associated with one type of engine, although the organization that implemented SMART--the Naval Supply Systems Command--managed the inventory for several types of engines. As of September 2004, the Navy estimated that the total investment in these four pilots was approximately $1 billion. Table 1 summarizes each of the pilots, the cognizant Navy organization, the business areas they address, and their reported costs through September 2004. Table 1: Navy ERP Pilot Projects: Dollars in millions. ERP pilot: CABRILLO; Organization: Space and Naval Warfare Systems Command; Area of pilot's focus: Financial Management; * Navy Working Capital Fund; Initial start: June 2000; Costs through FY 2004[A]: $67.4. ERP pilot: SMART; Organization: Naval Supply Systems Command; Area of pilot's focus: Supply Management; * Intermediate-Level Maintenance Management; * Interface to Aviation Depots; Initial start: August 2000; Costs through FY 2004[A]: $346.4. ERP pilot: NEMAIS; Organization: Naval Sea Systems Command; Area of pilot's focus: Regional Maintenance; * Intermediate-Level Maintenance Management; * Project Systems; * Workforce Management; Initial start: June 2000; Costs through FY 2004[A]: $414.6. ERP pilot: SIGMA; Organization: Naval Air Systems Command; Area of pilot's focus: Program Management with linkage among: * Contract Management; * Financial Management; * Workforce Management; Initial start: May 2001; Costs through FY 2004[A]: $215.9. Total; Costs through FY 2004[A]: $1,044.3. Source: GAO analysis of Navy data. [A] The costs reflect amounts disbursed through September 30, 2004, as reported by the Navy ERP program. [End of table] Even after the pilots came under the purview of the CBP Executive Steering Group in December 1998, they continued to be funded and controlled by their respective organizations. We have previously reported[Footnote 21] that allowing systems to be funded and controlled by component organizations has led to the proliferation of DOD's business systems. These four pilots are prime examples. While there was an attempt made to coordinate the pilots, ultimately each organization designed its ERP pilot to accommodate its specific business needs. The Navy recognized the need for a working group that would focus on integration issues among the pilots, especially because of the desire to eventually extend the pilot programs beyond the pilot organizations to the entire Navy. In this regard, the Navy established the Horizontal Integration Team in June 1999, consisting of representatives from all of the pilots to address this matter. However, one Navy official described this team as more of a "loose confederation" that had limited authority. As a result, significant resources have been invested that have not and will not result in corporate solutions to any of the Navy's long-standing business and financial management problems. This is evident as noted in the DOD Inspector General's audit reports of the Navy's financial statements discussed above. In addition to the lack of centralized funding and control, each of the pilots configured the software differently, which, according to Navy ERP program officials, caused integration and interoperability problems. While each pilot used the same COTS software package, the software offers a high degree of flexibility in how similar business functions can be processed by providing numerous configuration points.[Footnote 22] According to the Navy, over 2.4 million configuration points exist within the software. The pilots configured the software differently from each other to accommodate differences in the way they wanted to manage their functional area focus. These differences were allowed even though they perform many of the same types of business functions, such as financial management. These configuration differences include the levels of complexity in workflow activities and the establishment of the organizational structure. For example, the primary work order managed by the NEMAIS pilot is an intricate ship repair job, with numerous tasks and workers at many levels. Other pilots had much simpler work order definitions, such as preparing a budget document or procuring a single part for an engine. Because of the various inconsistencies in the design and implementation, the pilots were stovepiped and could not operate with each other, even though they performed many of the same business functions. Table 2 illustrates the similar business functions that are performed by more than one pilot. Table 2: Functions Performed by the Pilot Projects: Type of functions to be performed: Type of functions to be performed: Materials management: * Sales and distribution; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: Yes. Type of functions to be performed: Materials management: * Procurement; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: No. Type of functions to be performed: Financial management: * Financial accounting; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: Yes. Type of functions to be performed: Financial management: * Revenue and cost controlling; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: Yes. Type of functions to be performed: Financial management: * Asset accounting; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: Yes. Type of functions to be performed: Financial management: * Budgeting and funds management; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: No. Type of functions to be performed: Program management: * Project management; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: No. Type of functions to be performed: Program management: * Program planning, budgeting, control; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: No. Type of functions to be performed: Workforce management: * Time and attendance; NEMAIS: Yes; Cabrillo: Yes; SIGMA: Yes; SMART: No. Source: GAO, based upon information provided by the Navy. [End of table] By definition, an ERP solution should integrate the financial and business operations of an organization. However, the lack of a coordinated effort among the pilots led to a duplication of efforts and problems in implementing many business functions and resulted in ERP solutions that carry out redundant functions in different ways from one another. The end result of all of the differences was a "system" that could not successfully process transactions associated with the normal Navy practices of moving ships and aircraft between fleets. Another configuration problem occurred because the pilots generally developed custom roles[Footnote 23] for systems users. Problems arose after the systems began operating. Some roles did not have the correct transactions assigned to enable the users with that role to do their entire job correctly. Further, other roles violated the segregation-of- duties principle due to the inappropriateness of roles assigned to individual users. The pilots experienced other difficulties with respect to controlling the scope and performance schedules due to the lack of disciplined processes,[Footnote 24] such as requirements management. For example, the pilots did not identify in a disciplined manner the amount of work necessary to achieve the originally specified capabilities--even as the end of testing approached. There were repeated contract cost-growth adjustments, delays in delivery of many planned capabilities, and initial periods of systems' instabilities after the systems began operating. All of these problems have been shown as typical of the adverse effects normally associated with projects that have not effectively implemented disciplined processes. Pilots Lacked Departmentwide Oversight: The Navy circumvented departmentwide policy by not designating the pilots as major automated information systems acquisition programs. DOD policy in effect at the time[Footnote 25] stipulated that a system acquisition should be designated as a major program if the estimated cost of the system exceeds $32 million in a single year, $126 million in total program costs, or $378 million in total life-cycle costs, or if deemed of special interest by the DOD Chief Information Officer (CIO). According to the Naval Audit Service,[Footnote 26] all four of the pilots should have been designated as major programs based on their costs--which were estimated to be about $2.5 billion at the time--and their significance to Navy's operations. More specifically, at the time of its review, SMART's total estimated costs for development, implementation, and sustainment was over $1.3 billion--far exceeding the $378 million life-cycle cost threshold. However, because Navy management considered each of its ERP programs to be "pilots," it did not designate the efforts as major automated information systems acquisitions, thereby limiting departmental oversight.[Footnote 27] Consistent with the Clinger-Cohen Act of 1996, DOD acquisition guidance[Footnote 28] requires that certain documentation be prepared at each milestone within the system life cycle. This documentation is intended to provide relevant information for management oversight and in making decisions as to whether the investment of resources is cost beneficial. The Naval Audit Service reported[Footnote 29] that a key missing document that should have been prepared for each of the pilots was a mission needs statement.[Footnote 30] A mission needs statement was required early on in the acquisition process to describe the projected mission needs of the user in the context of the business need to be met. The mission needs statement should also address interoperability needs. As noted by the Naval Audit Service, the result of not designating the four ERP pilots as major programs was that program managers did not prepare and obtain approval of this required document before proceeding into the next acquisition phase. In addition, the pilots did not undergo mandatory integrated reviews that assess where to spend limited resources departmentwide. The DOD CIO is responsible for overseeing major automated information systems and a program executive office is required to be dedicated to executive management and not have other command responsibilities. However, because the pilots were not designated major programs, the oversight was at the organizational level that funded the pilots (i.e., command level). Navy ERP officials stated that at the beginning of the pilots, investment authority was dispersed throughout the Navy and there was no established overall requirement within the Navy to address systems from a centralized Navy enterprise level. The Navy ERP is now designated a major program under the oversight of the DOD CIO. Experience Has Shown the Effects of Not Effectively Implementing Disciplined Processes: The problems identified in the failed implementation of the four pilots are indicative of a system program that did not adhere to the disciplined processes. The successful development and implementation of systems is dependent on an organization's ability to effectively implement best practices, commonly referred to as disciplined processes, which are essential to reduce the risks associated with these projects to acceptable levels.[Footnote 31] However, the inability to effectively implement the disciplined processes necessary to reduce risks to acceptable levels does not mean that an entity cannot put in place a viable system that is capable of meeting its needs. Nevertheless, history shows that the failure to effectively implement disciplined processes and the necessary metrics to understand the effectiveness of processes implemented increases the risk that a given system will not meet its cost, schedule, and performance objectives. In past reports we have highlighted the impact of not effectively implementing the disciplined processes. These results are consistent with those experienced by the private sector. More specifically: * In April 2003, we reported[Footnote 32] that NASA had not implemented an effective requirements management process and that these requirement management problems adversely affected its testing activities. We also noted that because of the testing inadequacies, significant defects later surfaced in the production system. In May 2004, we reported[Footnote 33] that NASA's new financial management system, which was fully deployed in June 2003 as called for in the project schedule, still did not address many of the agency's most challenging external reporting issues, such as external reporting problems related to property accounting and budgetary accounting. The system continues to be unable to produce reliable financial statements. * In May 2004, we reported[Footnote 34] that the Army's initial deployments for its Logistics Modernization Program (LMP) did not operate as intended and experienced significant operational difficulties. In large part, these operational problems were due to the Army not effectively implementing the disciplined processes that are necessary to manage the development and implementation of the systems in the areas of requirements management and testing. The Army program officials have acknowledged that the problems experienced in the initial deployment of LMP could be attributed to requirements and testing. Subsequently, in June 2005,[Footnote 35] we reported that the Army still had not put into place effective management control and processes to help ensure that the problems that have been identified since LMP became operational in July 2003 are resolved in an efficient and effective manner. The Army's inability to effectively implement the disciplined processes provides it with little assurance that (1) system problems experienced during the initial deployment that caused the delay of future deployments have been corrected and (2) LMP is capable of providing the promised system functionality. The failure to resolve these problems will continue to impede operations at Tobyhanna Army Depot, and future deployment locations can expect to experience similar significant disruptions in their operations, as well as having a system that is unable to produce reliable and accurate financial and logistics data. * We reported in February 2005[Footnote 36] that DOD had not effectively managed important aspects of the requirements for the Defense Integrated Military Human Resources System, which is to be an integrated personnel and pay system standardized across all military components. For example, DOD had not obtained user acceptance of the detailed requirements nor had it ensured that the detailed requirements were complete and understandable. Based on GAO's review of a random sample of the requirements documentation, about 77 percent of the detailed requirements were difficult to understand. The problems experienced by DOD and other agencies are illustrative of the types of problems that can result when disciplined processes are not properly implemented. The four Navy pilots provide yet another example. As discussed previously, because the pilots were four stovepiped efforts, lacking centralized management and oversight, the Navy had to start over when it decided to proceed with the current ERP effort after investing about $1 billion. Figure 1 shows how organizations that do not effectively implement disciplined processes lose the productive benefits of their efforts as a project continues through its development and implementation cycle. Although undisciplined projects show a great deal of productive work at the beginning of the project, the rework associated with defects begins to consume more and more resources. In response, processes are adopted in the hopes of managing what later turns out to be, in reality, unproductive work. However, generally these processes are "too little, too late," and rework begins to consume more and more resources because the adequate foundations for building the systems were not done or not done adequately. In essence, experience shows that projects that fail to implement disciplined processes at the beginning are forced to implement them later, when it takes more time and they are less effective. As can be seen in figure 1, a major consumer of project resources in undisciplined efforts is rework (also known as thrashing). Figure 1: Percent of Effort Associated with Undisciplined Projects: [See PDF for image] [End of figure] Rework occurs when the original work has defects or is no longer needed because of changes in project direction. Disciplined organizations focus their efforts on reducing the amount of rework because it is expensive. Studies have shown that fixing a defect during testing is anywhere from 10 to 100 times more expensive than fixing it during the design or requirements phase.[Footnote 37] Requirements Management Process Effective, but Implementation Challenges and Risks Remain: To date, Navy ERP management has followed a comprehensive and disciplined requirements management process, as well as leveraged lessons learned from the implementation of the four ERP pilot programs to avoid repeating past mistakes. Assuming that the project continues to effectively implement the processes it has adopted, the planned functionality of the Navy ERP has the potential to address at least some of the weaknesses identified in the Navy's financial improvement plan. However, the project faces numerous challenges and risks. Since the program is still in a relatively early phase--it will not be fully operational until fiscal year 2011, at a currently estimated cost of $800 million--the project team must be continually vigilant and held accountable for ensuring that the disciplined processes are followed in all phases to help achieve overall success. For example, the project management office will need to ensure that it effectively oversees the challenges and risks associated with developing interfaces with 44 Navy and DOD systems and data conversion--areas that were troublesome in other DOD efforts we have audited. Considering that the project is in a relatively early phase and DOD's history of not implementing systems on time and within budget, the projected schedule and costs estimates are subject to, and very likely will, change. Furthermore, a far broader challenge, which lies outside the immediate control of the Navy ERP program office, is that the ERP is proceeding without DOD having clearly defined its BEA. As we have recently reported,[Footnote 38] DOD's BEA still lacks many of the key elements of a well-defined architecture. The real value of a BEA is that it provides the necessary content for guiding and constraining system investments in a way that promotes interoperability and minimizes overlap and duplication. Without it, rework will likely be needed to achieve those outcomes. Navy ERP Built on Lessons Learned from Pilot Projects: Although the four pilot projects were under the control of different entities and had different functional focuses, a pattern of issues emerged that the Navy recognized as being critical for effective development of future projects. The Navy determined that the pilots would not meet its overall requirements and concluded that the best alternative was to develop a new ERP system--under the leadership of a central program office--and use efforts from the pilots as starting points by performing a review of their functionality and lessons learned, eliminating redundancies, and developing new functionalities that were not addressed by the pilots. The lessons learned from the pilots cover technical, organizational, and managerial issues and reinforce the Navy's belief that it must effectively implement the processes that are necessary to effectively oversee and manage the ERP efforts. Navy ERP project management recognizes that the failure to do so would, in all likelihood, result in this ERP effort experiencing the same problems as those resulting in the failure of the four earlier pilots. One of the most important lessons learned from the earlier experiences by the Navy ERP project management is the need for following disciplined processes to identify and manage requirements. As discussed later in this report, the ERP program is following best practices in managing the system's requirements. A key part of requirements identification is to have system users involved in the process to ensure that the system will meet their needs. Additionally, the inclusion of system users in the detailed requirement development process creates a sense of ownership in the system, and prepares system users for upcoming changes to the way they conduct their business. Moreover, the experience from the pilots demonstrated that the working- level reviews must be cross functional. For example, the end-to-end process walkthroughs, discussed later, reinforce the overall business effect of a transaction throughout the enterprise, and help to avoid a stovepiped view of an entity's operations. Another lesson learned is the need to adopt business processes to conform with the types of business practices on which the standard COTS packages are based, along with the associated transaction formats.[Footnote 39] Just the opposite approach was pursued for the pilots, during which the Navy customized many portions of the COTS software to match the existing business process environment. However, the current Navy ERP management is restraining customization to the core COTS software to allow modifications only where legal or regulatory demands require. Obviously, minimizing the amount of customization reduces the complexity and costs of development. Perhaps more importantly, holding customization to a minimum helps an entity take advantage of two valuable benefits of COTS software. First, COTS software provides a mature, industry-proven "best practices" approach to doing business. The core elements of work-flow management, logistics, financial management, and other components have been optimized for efficiency and standardization in private industry over many years. According to program officials, the Navy ERP will adhere to the fundamental concepts of using a COTS package and thus take advantage of this efficiency benefit by modifying their business practices to match the COTS software rather than vice versa as was done in the four pilots. Having the software dictate processes is a difficult transition for users to accept, and Navy ERP officials recognize the challenge in obtaining buy-in from system users. To meet this challenge, they are getting users involved early in requirements definition, planning for extensive training, and ensuring that senior level leadership emphasize the importance of process change, so the entire chain of command understands and accepts its role in the new environment. In effect, the Navy is taking the adopted COTS process and then presenting it to the users. As a result, the Navy is attempting to limit the amount of customization of the software package. One important consideration in doing this is that if the standard COTS components are adopted, the maintenance burden of upgrades remains with the COTS vendor. Finally, the Navy learned from the pilots that it needed to manage its system integrators[Footnote 40] better. The ERP officials also found that they could significantly reduce their risk by using the implementation methodology of the COTS vendor rather than the specific approach of a system integrator. Each of the pilots had separate system integrators with their own particular methodology for implementing the COTS software. According to Navy ERP officials, using the implementation methodology and tool set of the COTS vendor maintains a closer link to the underlying software, and provides more robust requirements management by easily linking requirements from the highest level down to the COTS transaction level. Navy ERP is focused on staying as close as possible to the delivered COTS package, both in its avoidance of customization and its use of tools provided by the COTS vendor. In contrast, with the pilots, the Navy allowed the system integrators more latitude in the development process, relying on their expertise and experience with other ERP efforts to guide the projects. Navy ERP management realized they needed to maintain much better control over the integrators' work. As a result, the Navy established the Strategy, Architecture, and Standards Group to structure and guide the effort across the Navy. Requirements Management Process Following Best Practices: Our review found that the ERP development team has so far followed an effective process for managing its requirements development. Documentation was readily available for us to trace selected requirements from the highest level to the lowest, detailed transaction level. This traceability allows the user to follow the life of the requirement both forward and backward through the documentation, and from origin through implementation. Traceability is also critical to understanding the parentage, interconnections, and dependencies among the individual requirements. This information in turn is critical to understanding the impact when a requirement is changed or deleted. Requirements represent the blueprint that system developers and program managers use to design, develop, test, and implement a system. Improperly defined or incomplete requirements have been commonly identified as a cause of system failure and systems that do not meet their cost, schedule, or performance goals. Without adequately defined requirements that have been properly reviewed and tested, significant risk exists that the system will need extensive and costly changes before it will achieve its intended capability. Because requirements provide the foundation for system testing, specificity and traceability defects in system requirements preclude an entity from implementing a disciplined testing process. That is, requirements must be complete, clear, and well documented to design and implement an effective testing program. Absent this, an organization is taking a significant risk that its testing efforts will not detect significant defects until after the system is placed into production. Industry experience indicates that the sooner a defect is recognized and corrected, the cheaper it is to fix. As shown in figure 2, there is a direct relationship between requirements and testing. Figure 2: Relationship between Requirements Development and Testing: [See PDF for image] [End of figure] Although the actual testing activities occur late in the development cycle, test planning can help disciplined activities reduce requirements-related defects. For example, developing conceptual test cases based on the requirements derived from the concept of operations and functional requirements stages can identify errors, omissions, and ambiguities long before any code is written or a system is configured. Disciplined organizations also recognize that planning testing activities in coordination with the requirements development process has major benefits. As we have previously reported,[Footnote 41] failure to effectively manage requirements and testing activities has posed operational problems for other system development efforts. The Navy ERP requirements identification process began with formal agreement among the major stakeholders on the scope of the system, followed by detailed, working-level business needs from user groups and legacy systems. The high-level business or functional requirements identified initially are documented in the Operational Requirements Document (ORD). The ORD incorporates requirements from numerous major DOD framework documents[Footnote 42] and defines the capabilities that the system must support, including business operation needs such as acquisition, finance, and logistics. In addition, the ORD also identifies the numerous policy directives to which the Navy ERP must conform, such as numerous DOD infrastructure systems, initiatives, and policies. The ORD was distributed to over 150 Navy and DOD reviewers. It went through seven major revisions to incorporate the comments and suggestions provided by the reviewers before being finalized in April 2004. According to Navy ERP program officials, any requested role for the Navy ERP to perform that was not included in the ORD will not be supported. This is a critical decision that reduces the project's risks since "requirements creep" is another cause of projects that do not meet their cost, schedule, and performance objectives. We selected seven requirements[Footnote 43] from the ORD that related to specific Navy problem areas, such as financial reporting and asset management, and found that the requirements had the expected attributes, including the necessary detail one would normally expect to find for the requirement being reviewed. For example, a requirement stated that the ERP will provide reports of funds expended versus funds allocated. We found this requirement was described in a low-level requirement document called a Customer Input Template, which included a series of questions that must be addressed. The documentation further detailed the standard reports that were available based on the selection of configuration options. Further, the documentation of the detailed requirements identified the specific COTS screen number that would be used and described the screen settings that would be used when a screen was "activated." While the ORD specifies the overall capabilities of the system at a high level, more specific, working-level requirements also had to be developed to achieve a usable blueprint for configuration and testing of the system. To develop these lower-level requirements, the Navy ERP project held detailed working sessions where requirements and design specifications were discussed, refined, formalized, and documented. Each high-level requirement was broken down into its corresponding business processes, which in turn drove the selection of transactions (COTS functions) to be used for configuration of the software. For each selected transaction, comprehensive documentation was created to capture the source information that defines how and why a transaction must be configured. This documentation is critical for ensuring accurate configuration of the software, as well as for testing the functionality of the software after configuration. Table 3 describes the kinds of documentation used to maintain these lower-level detailed requirements. Table 3: Documentation for Detailed Requirements: Documentation name: Customer Input Templates; Documentation description: A series of questions completed for every requirement. It enforces a comprehensive review of the requirement and documents the reasoning behind the answers. Documentation name: Functional Design Specification; Documentation description: A detailed description for each interface. Documentation name: Technical Functional Script; Documentation description: A description of any customization that had to be made to a transaction. Documentation name: Implementation Guide; Documentation description: Automatically documents the actual configuration choices made by the developer for each transaction. Source: GAO, based upon information provided by the Navy. [End of table] Additionally, the Navy ERP program is using a requirements management tool containing a database that links each requirement from the highest to the lowest level and maintains the relationship between the requirements. This tool helps to automate the linkage between requirements and helps provide the project staff reasonable assurance that its stated processes have been effectively implemented. This linkage is critical to understanding the scope of any potential change. For example, the users can utilize the tool to (1) determine the number of transactions affected by a proposed change and (2) identify the detailed documentation necessary for understanding how this change will affect each business process. To further ensure that the individual transactions ultimately support the adopted business process, Navy ERP officials conducted master business scenarios[Footnote 44] or end-to- end process walkthroughs. This end-to-end view of the business process ensures that the business functionality works across the various subsystems of the COTS package. For instance, the requirements for a purchase order could be viewed simply from the vantage point of a logistics person or the acquisition community. However, a purchase order also has financial ramifications, and therefore must be posted to financial records, such as the general ledger. The master business scenarios provide a holistic review of the business process surrounding each transaction. ERP Has the Potential to Address Some of the Navy's Reported Financial Management Weaknesses: The Navy expects the new ERP project to address a number of the weaknesses cited in the Department of the Navy Financial Improvement Plan--a course of action directed towards achieving better financial management and an unqualified audit opinion for the Department of the Navy annual financial statements. According to ERP officials, the COTS software used for the ERP program will improve the Navy's current financial controls in the areas of asset visibility, financial reporting, and full cost accounting. However, the currently planned ERP is not intended to provide an all-inclusive end-to-end corporate solution for the Navy. The COTS software offers the potential for real-time asset visibility for the Navy, limited by two factors beyond the project's scope. First, items in transit fall under the authority of the U.S. Transportation Command (TRANSCOM). Once the Navy hands off an item to TRANSCOM, it does not retain visibility of that asset until it arrives at another Navy location. The second factor is the limited ability for communication with ships at sea. Once the currently planned ERP is fully implemented, it will cover all inventories, including inventory on ships. However, the data for shipboard inventory will be current only as of when the ship leaves port. Those data will typically not be updated until the ship docks in another port and can transmit updated information to the ERP system. This lag time for some ships could be as much as 3 to 4 months. While the ERP has the capability to maintain real-time shipboard inventory, the Navy has yet to decide whether to expand the scope of the ERP and build an interface with the ships, which could be extensive and costly, or install the ERP on the ships. Both options present additional challenges that necessitate thorough analysis of all alternatives before a decision is made. According to the program office, a time frame for making this critical decision has not been established. The COTS software is also intended to provide standardized government and proprietary financial reporting at any level within the defined organization. According to Navy ERP officials, full cost accounting will be facilitated by a software component integrated with the ERP. For example, the Navy expects that this component will provide up-to- date cost information--including labor, materials, and overhead--for its numerous, and often complicated, maintenance jobs. Full cost information is necessary for effective management of production, maintenance, and other activities. According to Navy ERP program officials, when fully operational in fiscal year 2011, the Navy ERP will be used by organizations comprising approximately 80 percent of Navy's estimated appropriated funds--after excluding the Marine Corps and military pay and personnel.[Footnote 45] Based on fiscal years' 2006 through 2011 defense planning budget, the Navy ERP will manage approximately $74 billion annually. The organizations that will use Navy ERP include the Naval Air Systems, the Naval Sea Systems, the Naval Supply Systems, the Space and Naval Warfare Systems, and the Navy Facilities Engineering Commands, as well as the Office of Naval Research, the Atlantic and Pacific Fleets, and the Strategic Systems Programs. However, the Navy ERP will not manage in detail all of the 80 percent. About 2 percent, or approximately $1.6 billion, will be executed and maintained in detail by respective financial management systems at the aviation and shipyard depots. For example, when a work order for a repair of an airplane part is prepared, the respective financial management system at the depot will execute and maintain the detailed transactions. The remaining 20 percent that the Navy ERP will not manage comprises the Navy Installations Command, field support activities, and others. Navy ERP officials have indicated that it is the Navy's intent to further expand the system in the future to include the aviation and shipyard depots, but definite plans have not yet been made. According to Navy ERP officials, the software has the capability to be used at the aviation and shipyard depots, but additional work would be necessary. For example, the desired functionality and related requirements--which as discussed above, are critical to the success of any project--would have to be defined for the aviation and shipyard depots. System Interfaces and Data Conversion Will Be Challenges: While the Navy's requirements management process is following disciplined processes and comprises one critical aspect of the overall project development and implementation, by itself, it is not sufficient to provide reasonable assurance of the ERP's success. Going forward, the Navy faces very difficult challenges and risks in the areas of developing and implementing 44 system interfaces with other Navy and DOD systems, and accurately converting data from the existing legacy systems to the ERP. As previously noted, financial management is a high- risk area in the department and has been designated as such since 1995. One of the contributing factors has been DOD's inability to develop integrated systems. As a result, the Navy is dependent upon the numerous interfaces to help improve the accuracy of its financial management data. Navy ERP program managers have recognized the issues of system interfaces and data conversion in their current list of key risks. They have identified some actions that need to be taken to mitigate the risks; however, they have not yet developed the memorandums of agreement with the owners of the systems which the Navy ERP will interface. According to the Navy ERP program office, they plan to complete these memorandums of agreement by October 2005. Integrated Systems: One of the long-standing problems within DOD has been the lack of integrated systems. This is evident in the many duplicative, stovepiped business systems among the 4,150 that DOD reported as belonging to its systems environment. Lacking integrated systems, DOD has a difficult time obtaining accurate and reliable information on the results of its business operations and continues to rely on either manual reentry of data into multiple systems, convoluted system interfaces, or both. These system interfaces provide data that are critical to day-to-day operations, such as obligations, disbursements, purchase orders, requisitions, and other procurement activities. Testing the system interfaces in an end-to-end manner is necessary in order for the Navy to have reasonable assurance that the ERP will be capable of providing the intended functionality. The testing process begins with the initial requirements development process. Furthermore, test planning can help disciplined activities reduce requirements-related defects. For example, developing conceptual test cases based on the requirements can identify errors, omissions, and ambiguities long before any code is written or a system is configured. The challenge now before Navy ERP is to be sure its testing scenarios accurately reflect the activities of the "real users," and the dependencies of external systems. We previously reported[Footnote 46] that Sears and Wal-Mart, recognized as leading-edge inventory management companies, have automated systems that electronically receive and exchange standard data throughout the entire inventory management process, thereby reducing the need for manual data entry. As a result, information moves through the data systems with automated ordering of inventory from suppliers; receiving and shipping at distribution centers; and receiving, selling, and reordering at retail stores. Unlike DOD, which has a proliferation of nonintegrated systems using nonstandard data, Sears and Wal-Mart require all components and subsidiaries to operate within a standard systems framework that results in an integrated system and does not allow individual systems development. For the first deployment, the Navy has to develop interfaces that permit the ERP to communicate with 44 systems--27 that are Navy specific and 17 systems belonging to other DOD entities. Figure 3 illustrates the numerous required system interfaces. Figure 3: Navy ERP Required System Interfaces: [See PDF for image] Note: See app. III for the definitions of the system acronyms. [End of figure] Long-standing problems regarding the lack of integrated systems and use of nonstandard data within DOD pose significant risks for the Navy ERP to successfully interface with these systems. Even if integration is successful, if the information within the 44 systems is not accurate and reliable, the overall information on Navy's operation provided by the ERP to Navy management and the Congress will not be useful in the decision-making process. While the Navy ERP project office is working to develop agreements with system owners for the interfaces and has been developing the functional specifications for each system, officials acknowledged that, as of May 2005, they are behind schedule in completing the interface agreements due to other tasks. The Navy ERP is dependent on the system owners to achieve their time frames for implementation. For example, the Defense Travel System (DTS)[Footnote 47] is one of the DOD systems with which the Navy ERP is to interface and exchange data. DTS is currently being implemented, and any problems that result in a DTS schedule slippage will, in turn, affect Navy ERP's interface testing. We have previously reported that the lack of system interface testing has seriously impaired the operation of other system implementation efforts. For example, in May 2004, we reported[Footnote 48] that because the system interfaces for the Defense Logistics Agency's Business Systems Modernization (BSM) program and the Army's LMP were not properly tested prior to deployment, severe operational problems were experienced. Such problems have led BSM, LMP, and organizations with which they interface--such as DFAS--to perform costly manual reentry of transactions, which can cause additional data integrity problems. For example: * BSM's functional capabilities were adversely affected because a significant number of interfaces were still in development or were being executed manually once the system became operational. Since the design of system interfaces had not been fully developed and tested, BSM experienced problems with receipts being rejected, customer orders being canceled, and vendors not being paid in a timely manner. At one point, DFAS suspended all vendor payments for about 2 months, thereby increasing the risk of late payments to contractors and violations of the Prompt Payment Act.[Footnote 49] * In January 2004, the Army reported that due to an interface failure, LMP had been unable to communicate with the Work Ordering and Reporting Communications System (WORCS) since September 2003. WORCS is the means by which LMP communicates with customers on the status of items that have been sent to the depot for repair and initiates procurement actions for inventory items. The Army has acknowledged that the failure of WORCS has resulted in duplicative shipments and billings and inventory items being delivered to the wrong locations. Additionally, the LMP program office has stated that it has not yet identified the specific cause of the interface failure. The Army is currently entering the information manually, which, as noted above, can cause additional data integrity errors. Besides the challenge of developing the 44 interfaces, the Navy ERP must also develop the means to be compliant with DOD's efforts to standardize the way that various systems exchange data with each other. As discussed in our July 2004 report,[Footnote 50] DOD is undertaking a huge and complex task (commonly referred to as the Global Information Grid or GIG) that is intended to integrate virtually all of DOD's information systems, services, applications, and data into one seamless, reliable, and secure network. The GIG initiative is focused on promoting interoperability throughout DOD by building an Internet- like network for DOD-related operations based on common standards and protocols rather than on trying to establish interoperability after individual systems become operational. DOD envisions that this type of network would help ensure systems can easily and quickly exchange data and change how military operations are planned and executed since much more information would be dynamically available to users. DOD's plans for realizing the GIG involve building a new core network and information capability and successfully integrating the majority of its weapon systems; command, control, and communications systems; and business systems with the new network. The effort to build the GIG will require DOD to make a substantial investment in a new set of core enterprise programs and initiatives. To integrate systems such as the Navy ERP into the GIG, DOD has developed (1) an initial blueprint or architecture for the GIG and (2) new policies, guidance, and standards to guide implementation. According to project officials, the Navy ERP system will be designed to support the GIG. However, they face challenges that can result in significant cost and schedule risks depending on the decisions reached. One challenge is the extent to which other DOD applications with which the Navy ERP must exchange data are compliant with the GIG. While traditional interfaces with systems that are not GIG compliant can be developed, these interfaces may suboptimize the benefits expected from the Navy ERP. The following is one example of the difficulties faced by the Navy ERP project. As mentioned previously, one system that will need to exchange data with the Navy ERP system is DTS. However, the DTS program office and the Navy ERP project office hold different views of how data should be exchanged between the two systems. The travel authorization process exemplifies these differences. DTS requires that funding information and the associated funds be provided to DTS in advance of a travel authorization being processed. In effect, DTS requires that the financial management systems set aside the funds necessary for DTS operations. Once a travel authorization is approved, DTS notifies the appropriate financial management system that an obligation has been incurred. The Navy ERP system, on the other hand, only envisions providing basic funding information to DTS in advance, and would delay providing the actual funds to DTS until they are needed in order to (1) maintain adequate funds control, (2) ensure that the funds under its control are not tied up by other systems, and (3) ensure that the proper accounting data are provided when an entry is made into its system. According to the Software Engineering Institute (SEI), a widely recognized model evaluating a system of systems interoperability is the Levels of Information System Interoperability. This model focuses on the increasing levels of sophistication of system interoperability. According to Navy ERP officials, the GIG and the ERP effort are expected to accomplish the highest level of this model--enterprise- based interoperability. In essence, systems that achieve this level of interoperability can provide multiple users access to complex data simultaneously, data and applications are fully shared and distributed, and data have a common interpretation regardless of format. This is in contrast to traditional interface strategies, such as the one used by DTS. The traditional approach is more aligned with the lowest level of the SEI model. Data exchanged at this level rely on electronic links that result in a simple electronic exchange of data. Alignment with DOD's BEA Is a Significant Risk Factor: A broader challenge and risk that is out of the Navy ERP project's control, but could significantly affect it, is DOD's development of a BEA. As we recently reported,[Footnote 51] DOD's BEA still lacks many of the key elements of a well-defined architecture and no basis exists for evaluating whether the Navy ERP will be aligned with the BEA and whether it would be a corporate solution for DOD in its "To Be" or target environment. An enterprise architecture consists of snapshots of the enterprise's current environment and its target environment, as well as a capital investment road map for transitioning from the current to the target environment. The real value of an enterprise architecture is that it provides the necessary content for guiding and constraining system investments in a way that promotes interoperability and minimizes overlap and duplication. At this time, it is unknown what the target environment will be. Therefore, it is unknown what business processes, data standards, and technological standards the Navy ERP must align to, as well as what legacy systems will be transitioned into the target environment. The Navy ERP project team is cognizant of the BEA development and has attempted to align to prior versions of it. The project team analyzed the BEA requirements and architectural elements to assess Navy ERP's compliance. The project team mapped the BEA requirements to the Navy ERP functional areas and the BEA operational activities to the Navy ERP's business processes. The Navy ERP project team recognizes that architectures evolve over time, and analysis and assessments will continue as requirements are further developed and refined. The scope of the BEA and the development approach are being revised. As a result of the new focus, DOD is determining which products from prior releases of the BEA could be salvaged and used. Since the Navy ERP is being developed absent the benefit of an enterprise architecture, there is limited, if any, assurance that the Navy ERP will be compliant with the architecture once it becomes more robust in the future. Given this scenario, it is conceivable that the Navy ERP will be faced with rework in order to be compliant with the architecture, once it is defined, and as noted earlier, rework is expensive. At the extreme, the project could fail as the four pilots did. If rework is needed, the overall cost of the Navy ERP could exceed the Navy's current estimate of $800 million. Accuracy of Data Conversion Is Critical: The ability of the Navy to effectively address its data conversion challenges will also be critical to the ultimate success of the ERP effort. A Joint Financial Management Improvement Program (JFMIP)[Footnote 52] white paper on financial system data conversion[Footnote 53] noted that data conversion (that is, converting data in a legacy system to a new system) was one of the critical tasks necessary to successfully implement a new financial system. The paper further pointed out that data conversion is one of the most frequently underestimated tasks. If data conversion is done right, the new system has a much greater opportunity for success. On the other hand, converting data incorrectly or entering unreliable data from a legacy system can have lengthy and long-term repercussions. The adage "garbage in, garbage out" best describes the adverse impact. Accurately converting data, such as account balances, from the pilots, as well as other systems that the Navy ERP is to replace, will be critical to the success of the Navy ERP. While data conversion is identified in the Navy ERP's list of key risks, it is too early in the ERP system life cycle for the development of specific testing plans. However, our previous audits have shown that if data conversion is not done properly, it can negatively impact system efficiency. For example, the Army's LMP data conversion effort has proven to be troublesome and continues to affect business operations. As noted in our recent report,[Footnote 54] when the Tobyhanna Army Depot converted ending balances from its legacy finance and accounting system--the Standard Depot System (SDS)--to LMP in July 2003, the June 30, 2003, ending account balances in SDS did not reconcile to the beginning account balances in LMP. Accurate account balances are important for producing reliable financial reports. Another example is LMP's inability to transfer accurate unit-of-issue data--quantity of an item, such as each number, dozen, or gallon--from its legacy system to LMP. This resulted in excess amounts of material ordered. Similar problems could occur with the Navy ERP if data conversion issues are not adequately addressed. The agreements between the Navy ERP and the other systems owners, discussed previously, will be critical to effectively support Navy's ERP data conversion efforts. Additional Actions Can be Taken to Improve Management Oversight of the Navy ERP Effort: Navy officials could take additional actions to improve management oversight of the Navy ERP effort. For example, we found that the Navy does not have a mechanism in place to capture the data that can be used to effectively assess the project management processes. Best business practices indicate that a key facet of project management and oversight is the ability to effectively monitor and evaluate a project's actual performance, cost, and schedule against what was planned.[Footnote 55] Performing this critical task requires the accumulation of quantitative data or metrics that can be used to evaluate a project's performance. This information is necessary to understand the risk being assumed and whether the project will provide the desired functionality. Lacking such data, the ERP program management team can only focus on the project schedule and whether activities have occurred as planned, not whether the activities achieved their objectives. Additionally, although the Navy ERP program has a verification and validation function, it relies on in-house subject matter experts and others who are not independent to provide an assessment of the Navy ERP to DOD and Navy management. The use of an IV&V function is recognized as a best business practice and can help provide reasonable assurance that the system satisfies its intended use and user needs. Further, an independent assessment of the Navy ERP would provide information to DOD and Navy management on the overall status of the project, including the effectiveness of the management processes being utilized and identification of any potential risks that could affect the project with respect to cost, schedule, and performance. Given DOD's long- standing inability to implement business systems that provide users with the promised capabilities, an independent assessment of the ERP's performance is warranted. Quantitative Data Necessary for Assessing Whether the System Will Provide the Needed Functionality: The Navy's ability to understand the impact of the weaknesses in its processes will be limited because it has not determined the quantitative data or metrics that can be used to assess the effectiveness of its project management processes. This information is necessary to understand the risk being assumed and whether the project will provide the desired functionality. The Navy has yet to establish the metrics that would allow it to fully understand (1) its capability to manage the entire ERP effort; (2) how its process problems will affect the ERP cost, schedule, and performance objectives; and (3) the corrective actions needed to reduce the risks associated with the problems identified. Experience has shown that such an approach leads to rework and thrashing instead of making real progress on the project. SEI has found that metrics identifying important events and trends are invaluable in guiding software organizations to informed decisions. Key SEI findings relating to metrics include the following. * The success of any software organization depends on its ability to make predictions and commitments relative to the products it produces. * Effective measurement processes help software groups succeed by enabling them to understand their capabilities so that they can develop achievable plans for producing and delivering products and services. * Measurements enable people to detect trends and anticipate problems, thus providing better control of costs, reducing risks, improving quality, and ensuring that business objectives are achieved.[Footnote 56] The lack of quantitative data to assess a project has been a key concern in other projects we have reviewed. Without such a process, management can only focus on the project schedule and whether activities have occurred as planned, not whether the activities achieved their objectives. Further, such quantitative data can be used to hold the project team accountable for providing the promised capability. Defect-tracking systems are one means of capturing quantitative data that can be used to evaluate project efforts. Although HHS had a system that captured the reported defects, we found that the system was not updated in a timely manner with this critical information.[Footnote 57] More specifically, one of the users identified a process weakness related to grant accounting as a problem that will affect the deployment of HHS's system--commonly referred to as a "showstopper." However, this weakness did not appear in the defect-tracking system until about 1 month later. As a result, during this interval the HHS defect-tracking system did not accurately reflect the potential problems identified by users, and HHS management was unable to determine (1) how well the system was working and (2) the amount of work necessary to correct known defects. Such information is critical when assessing a project's status. We have also reported[Footnote 58] that while NASA had a system that captured the defects that have been identified during testing, an analysis was not performed to determine the root causes of reported defects. A critical element in helping to ensure that a project meets its cost, schedule, and performance goals is to ensure that defects are minimized and corrected as early in the process as possible. Understanding the root cause of a defect is critical to evaluating the effectiveness of a process. For example, if a significant number of defects are caused by inadequate requirements definition, then the organization knows that the requirements management process it has adopted is not effectively reducing risks to acceptable levels. Analysis of the root causes of identified defects allows an organization to determine whether the requirements management approach it has adopted sufficiently reduces the risks of the system not meeting cost, schedule, and functionality goals to acceptable levels. Root- cause analysis would also help to quantify the risks inherent in the testing process that has been selected. Further, the Navy has not yet implemented an earned value management system, which is another metric that can be employed to better manage and oversee a system project. Both OMB[Footnote 59] and DOD[Footnote 60] require the use of an earned value management system. The earned value management system attempts to compare the value of work accomplished during a given period with the work scheduled for that period. By using the value of completed work as a basis for estimating the cost and time needed to complete the program, management can be alerted to potential problems early in the program. For example, if a task is expected to take 100 hours to complete and it is 50 percent complete, the earned value management system would compare the number of hours actually spent to complete the task to the number of hours expected for the amount of work performed. In this example, if the actual hours spent equaled 50 percent of the hours expected, then the earned value would show that the project's resources were consistent with the estimate. Without an effective earned value management system, the Navy and DOD management have little assurance that they know the status of the various project deliverables in the context of progress and the cost incurred in completing each of the deliverables. In other words, an effective earned value management system would be able to provide quantitative data on the status of a given project deliverable, such as a data conversion program. Based on this information, Navy management would be able to determine whether the progress of the data conversion effort was within the expected parameters for completion. Management could then use this information to determine actions to take to mitigate risk and manage cost and schedule performance. According to Navy ERP officials, they intend to implement the earned value management system as part of the contract for the next phase of the project. Independent Assessment of Navy ERP Could Enhance DOD and Navy Management Oversight of the Project: The Navy has not established an IV&V function to provide an assessment of the Navy ERP to DOD and Navy management. Best business practices indicate that use of an IV&V function is a viable means to provide management reasonable assurance that the planned system satisfies its planned use and users. An effective IV&V review process would provide independent information to DOD and Navy management on the overall status of the project, including a discussion of any impacts or potential impacts to the project with respect to cost, schedule, and performance. These assessments involve reviewing project documentation, participating in meetings at all levels within the project, and providing periodic reports and recommendations, if deemed warranted, to senior management. The IV&V function[Footnote 61] should report on every facet of a system project such as: * Testing program adequacy. Testing activities would be evaluated to ensure they are properly defined and developed in accordance with industry standard and best practices. * Critical-path analysis. A critical path defines the series of tasks that must be finished in time for the entire project to finish on schedule. Each task on the critical path is a critical task. A critical- path analysis helps to identify the impact of various project events, such as delays in project deliverables, and ensures that the impact of such delays is clearly understood by all parties involved with the project. * System strategy documents. Numerous system strategy documents that provide the foundation for the system development and operations are critical aspects of an effective system project. These documents are used for guidance in developing documents for articulating the plans and procedures used to implement a system. Examples of such documents include the Life-cycle Test Strategy, Interface Strategy, and Conversion Strategy. The IV&V reports should identify the project management weaknesses that increase the risks associated with the project to senior management so that they can be promptly addressed. The Navy ERP program's approach to the verification and validation of its project management activities relies on in-house subject matter experts and others who work for the project team's Quality Assurance leader. The results of these efforts are reported to the project manager. While various approaches can be used to perform this function, such as using the Navy's approach or hiring a contractor to perform these activities, independence is a key component to successful verification and validation activities. The system developer and project management office may have vested interests and may not be objective in their self-assessments. Accordingly, performing verification and validation activities independently of the development and management functions helps to ensure that verification and validation activities are unbiased and based on objective evidence. The Navy's adoption of verification and validation processes is a key component of its efforts to implement the disciplined processes necessary to manage this project. However, Navy and DOD management cannot obtain reasonable assurance that the processes have been effectively implemented since the present verification and validation efforts are not conducted by an independent party. In response to the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005,[Footnote 62] DOD has established a hierarchy of investment review boards from across the department to improve the control and accountability over business system investments.[Footnote 63] The boards are responsible for reviewing and approving investments to develop, operate, maintain, and modernize business systems for their respective business areas.[Footnote 64] The various boards are to report to the Defense Business Systems Management Committee (DBSMC), which is ultimately responsible for the review and approval of the department's investments in its business systems. To help facilitate this oversight responsibility, the reports prepared by the IV&V function should be provided to the appropriate investment review board and the DBSMC to assist them in the decision-making process regarding the continued investment in the Navy ERP. The information in the reports should provide reasonable assurance that an appropriate rate of return is received on the hundreds of millions of dollars that will be invested over the next several years and the Navy ERP provides the promised capabilities. To help ensure that the Navy ERP achieves its cost, schedule, and performance goals, the investment review should employ an early warning system that enables it to take corrective action at the first sign of slippages. Effective project oversight requires having regular reviews of the project's performance against stated expectations and ensuring that corrective actions for each underperforming project are documented, agreed to, implemented, and tracked until the desired outcome is achieved. Conclusions: The lack of management control and oversight and a poorly conceived concept resulted in the Navy largely wasting about $1 billion on four ERP system projects that had only a limited positive impact on the Navy's ability to produce reliable, useful, and timely information to aid in its day-to-day operations. The Navy recognizes that it must have the appropriate management controls and processes in place to have reasonable assurance that the current effort will be successful. While the current requirements management effort is adhering to the disciplined processes, the overall effort is still in the early stages and numerous challenges and significant risks remain, such as validating data conversion efforts and developing numerous systems interfaces. Given that the current effort is not scheduled to be complete until 2011 and is currently estimated by the Navy to cost about $800 million, it is incumbent upon Navy and DOD management to provide the vigilant oversight that was lacking in the four pilots. Absent this oversight, the Navy and DOD run a higher risk than necessary of finding, as has been the case with many other DOD business systems efforts, that the system may cost more than anticipated, take longer to develop and implement, and does not provide the promised capabilities. In addition, attempting large-scale systems modernization programs without a well-defined architecture to guide and constrain business systems investments, which is the current DOD state, presents the risk of costly rework or even system failure once the enterprise architecture is fully defined. Considering (1) the large investment of time and money essentially wasted on the pilots and (2) the size, complexity, and estimated costs of the current ERP effort, the Navy can ill afford another business system failure. Recommendations for Executive Action: To improve the Navy's and DOD's oversight of the Navy ERP effort, we recommend that the Secretary of Defense direct the Secretary of the Navy to require that the Navy ERP Program Management Office (1) develop and implement the quantitative metrics needed to evaluate project performance and risks and use the quantitative metrics to assess progress and compliance with disciplined processes and (2) establish an IV&V function and direct that all IV&V reports be provided to Navy management and to the appropriate DOD investment review board, as well as the project management. Furthermore, given the uncertainty of the DOD business enterprise architecture, we recommend that the Secretary of Defense direct the DBSMC to institute semiannual reviews of the Navy ERP to ensure that the project continues to follows the disciplined processes and meets its intended costs, schedule, and performance goals. Particular attention should be directed towards system testing, data conversion, and development of the numerous system interfaces with the other Navy and DOD systems. Agency Comments and Our Evaluation: We received written comments on a draft of this report from the Deputy Under Secretary of Defense (Financial Management) and the Deputy Under Secretary of Defense (Business Transformation), which are reprinted in appendix II. While DOD generally concurred with our recommendations, it took exception to our characterization that the pilots were failures and a waste of $1 billion. Regarding the recommendations, DOD agreed that it should develop and implement quantitative metrics that can be used to evaluate the Navy ERP and noted that it intends to have such metrics developed by December 2005. The department also agreed that the Navy ERP program management office should establish an IV&V function and noted that the IV&V team will report directly to the program manager. We continue to reiterate the need for the IV&V to be completely independent of the project. As noted in the report, performing IV&V activities independently of the development and management functions helps to ensure that the results are unbiased and based on objective evidence. Further, rather than having the IV&V reports provided directly to the appropriate DOD investment review boards as we recommended, DOD stated that the Navy management and/or the project management office shall inform the Office of the Under Secretary of Defense for Business Transformation of any significant IV&V results. We reiterate our support for the recommendation that the IV&V reports be provided to the appropriate investment review board so that it can determine whether any of the IV&V results are significant. Again, by providing the reports directly to the appropriate investment review board, we believe there would be added assurances that the results were objective and that the managers who will be responsible for authorizing future investments in the Navy ERP will have the information needed to make the most informed decision. With regard to the reviews by the DBSMC, DOD partially agreed. Rather than semiannual reviews by the DBSMC as we recommended, the department noted that the components (e.g., the Navy) would provide briefings on their overall efforts, initiatives, and systems during meetings with the DBSMC. Given the significance of the Navy ERP, in terms of dollars and its importance to the overall transformation of the department's business operations, and the failure of the four ERP pilots, we continue to support more proactive semiannual reviews by the DBSMC. As noted in the report, the Navy's initial estimate is that the ERP will cost at least $800 million, and given the department's past difficulties in effectively developing and implementing business systems, substantive reviews by individuals outside of the program office that are focused just on the Navy ERP by the highest levels of management within the department are warranted. Further, we are concerned that the briefings contemplated to the DBSMC may not necessarily discuss the Navy ERP, nor provide the necessary detailed discussions to offer the requisite level of confidence and assurance that the project continues to follow disciplined processes with particular attention to numerous challenges, such as system interfaces and system testing. In commenting on the report, the department depicted the pilots in a much more positive light than we believe is merited. DOD pointed out that it viewed the pilots as successful, exceeding initial expectations, and forming the foundation upon which to build a Navy enterprise solution, and took exception to our characterization that the pilots were failures and largely a waste of $1 billion. As discussed in the report, the four pilots were narrow in scope, and were never intended to be a corporate solution for resolving any of the Navy's long-standing financial and business management problems. We characterized the pilots as failures because the department spent $1 billion on systems that did not result in marked improvement in the Navy's day-to-day operations. While there may have been marginal improvements, it is difficult to ascertain the sustained, long-term benefits that will be derived by the American taxpayers for the $1 billion. Additionally, the pilots present an excellent case study as to why the centralization of the business systems funding would be an appropriate course of action for the department, as we have previously recommended.[Footnote 65] Each Navy command was allowed to develop an independent solution that focused on its own parochial interest. There was no consideration as to how the separate efforts fit within an overall departmental framework, or, for that matter, even a Navy framework. As noted in table 2, the pilots performed many of the same functions and used the same software, but yet were not interoperable because of the various inconsistencies in the design and implementation. Because the department followed the status quo, the pilots, at best, provided the department with four more stovepiped systems that perform duplicate functions. Such investments are one reason why the department reported in February 2005[Footnote 66] that it had 4,150 business systems. Further, in its comments the department noted one of the benefits of the pilots was that they "proved that the Navy could exploit commercial ERP tools without significant customization." Based upon our review and during discussions with the program office, just the opposite occurred in the pilots. Many portions of the pilots' COTS software were customized to accommodate the existing business processes, which negated the advantages of procuring a COTS package. Additionally, the department noted that one of the pilots--SMART, on which, as noted in our report, the Navy spent approximately $346 million through September 30, 2004--has already been retired. We continue to question the overall benefit that the Navy and the department derived from these four pilots and the $1 billion it spent. As agreed with your offices, unless you announce the contents of this report earlier, we will not distribute it until 30 days after its issuance date. At that time, we will send copies to the Chairmen and Ranking Minority Members, Senate Committee on Armed Services; Senate Committee on Homeland Security and Governmental Affairs; Subcommittee on Defense, Senate Committee on Appropriations; House Committee on Armed Services; House Committee on Government Reform; and Subcommittee on Defense, House Committee on Appropriations. We are also sending copies to the Under Secretary of Defense (Comptroller); the Under Secretary of Defense (Acquisition, Technology and Logistics); the Under Secretary of Defense (Personnel and Readiness); the Assistant Secretary of Defense (Networks and Information Integration); and the Director, Office of Management and Budget. Copies of this report will be made available to others upon request. In addition, the report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. If you or your staff have any questions on matters discussed in this report, please contact Gregory D. Kutz at (202) 512- 9505 or [Hyperlink, kutzg@gao.gov] or Keith A. Rhodes at (202) 512-6412 or [Hyperlink, rhodesk@gao.gov]. Key contributors to this report are listed in appendix IV. Contact points for the Offices of Congressional Relations and Public Affairs are shown on the last page of the report. Signed by: Gregory D. Kutz: Managing Director: Forensic Audits and Special Investigations: Signed by: Keith A. Rhodes: Chief Technologist: Applied Research and Methodology: Center for Engineering and Technology: List of Requesters: The Honorable Tom Davis: Chairman: Committee on Government Reform: House of Representatives: The Honorable Christopher H. Shays: Chairman: Subcommittee on National Security, Emerging Threats, and International Relations: Committee on Government Reform: House of Representatives: The Honorable Todd R. Platts: Chairman: Subcommittee on Government Management, Finance and Accountability: Committee on Government Reform: House of Representatives: The Honorable Adam H. Putnam: House of Representatives: [End of section] Appendixes: Appendix I: Scope and Methodology: To obtain a historical perspective on the planning and costs of the Navy's four Enterprise Resource Planning (ERP) pilot projects, and the decision to merge them into one program, we reviewed the Department of Defense's (DOD) budget justification materials and other background information on the four pilot projects. We also reviewed Naval Audit Service reports on the pilots. In addition, we interviewed Navy ERP program management and DOD Chief Information Officer (CIO) officials and obtained informational briefings on the pilots. To determine if the Navy has identified lessons learned from the pilots, how they are being used, and the challenges that remain, we reviewed program documentation and interviewed Navy ERP program officials. Program documentation that we reviewed included concept of operations documentation, requirements documents, the testing strategy, and the test plan. In order to determine whether the stated requirements management processes were effectively implemented, we performed an in-depth review and analysis of seven requirements that relate to the Navy's problem areas, such as financial reporting and asset management, and traced them through the various requirements documents. These requirements were selected in a manner that ensured that the requirements selected were included in the Navy's Financial Improvement Plan. Our approach to validating the effectiveness of the requirements management process relied on a selection of seven requirements from different functional areas. From the finance area, we selected the requirement to provide reports of funds expended versus funds allocated. From the intermediate-level maintenance management area, we selected the requirement related to direct cost per job and forecasting accuracy. From the procurement area, we selected the requirement to enable monitoring and management of cost versus plan. In the plant supply functions area, we reviewed the requirement related to total material visibility and access of material held by the activity and the enterprise. From the wholesale supply functions area, we selected the requirements of in-transit losses/in-transit write-offs and total material visibility and access of material held by the activity and the enterprise. Additionally, we reviewed the requirement that the ERP be compliant with federal mandates and requirements and the U.S. Standard General Ledger. In order to provide reasonable assurance that our test results for the selected requirements reflected the same processes used to document all requirements, we did not notify the project office of the specific requirements we had chosen until the tests were conducted. Accordingly, the project office had to be able to respond to a large number of potential requests rather than prepare for the selected requirements in advance. Additionally, we obtained the list of systems the Navy ERP will interface with and interviewed selected officials responsible for these systems to determine what activities the Navy ERP program office is working with them on and what challenges remain. To determine if there are additional business practices that could be used to improve management oversight of the Navy ERP, we reviewed industry standards and best practices from the Institute of Electrical and Electronics Engineers, the Software Engineering Institute, the Joint Financial Management Improvement Program, GAO executive guides, and prior GAO reports. Given that the Navy ERP effort is still in the early stages of development, we did not evaluate all best practices. Rather, we concentrated on those that could have an immediate impact in improving management's oversight. We interviewed Navy ERP program officials and requested program documentation to determine if the Navy ERP had addressed or had plans for addressing these industry standards and best practices. We did not verify the accuracy and completeness of the cost information provided by DOD for the four pilots or the Navy ERP effort. We conducted our work from August 2004 through June 2005 in accordance with U.S. generally accepted government auditing standards. We requested comments on a draft of this report from the Secretary of Defense or his designee. We received written comments on a draft of the report from the Deputy Under Secretary of Defense (Financial Management) and the Deputy Under Secretary of Defense (Business Transformation), which are reprinted in appendix II. [End of section] Appendix II: Comments from the Department of Defense: OFFICE OF THE UNDER SECRETARY OF DEFENSE: ACQUISITION TECHNOLOGY AND LOGISTICS: 3000 DEFENSE PENTAGON: WASHINGTON, DC 20301-3000: SEP 13 2005: Mr. Gregory D. Kutz: Managing Director, Forensic Audits and Special Investigations: Mr. Keith A. Rhodes: Chief Technologist, Applied Research And Methodology: Center For Engineering And Technology: United States Government Accountability Office: 441 G Street, N.W.: WASHINGTON, D.C. 20548: Dear Sirs: This is the Department of Defense (DoD) response to the Government Accountability Office (GAO) Draft Report, "DOD BUSINESS SYSTEMS MODERNIZATION: Navy ERP Adherence to Best Business Practices Critical to Avoid Past Failures" dated 11 August 2005, (GAO Code 192171/GAO-05- 858). While the Department generally concurs with the two recommendations in the report, we take strong exception to the characterization in the executive summary and throughout the report of the Navy pilots as being failures and a waste of $1 B. The Department views the pilots as successful, exceeding initial expectations, and forming the foundation upon which to build a Navy Enterprise solution. Your report recognizes that the pilots were intended to be limited in scope and not designed to be corporate solutions yet inconsistently concludes that they were failures and a waste of $1B. The SIGMA pilot, now operational at the Naval Air Systems Command, has over 15,000 users; processes over 4,700 funding documents and 139 contract actions each week; and to date, has accounted for $165B in obligations and $129B in expenditures. It is the financial system of record for this major command. Additionally, SIGMA received the 2005 Americas' SAP Users' Group (ASUG) Impact Award for achieving strategic business results, the first time such and award has been given to a government agency. The NEMAIS pilot, also operational, has resulted in standardized planning and monitoring of Intermediate level maintenance across multiple global regions and the entire non-nuclear Navy ship and submarine community. These standardized business practices permit the analyses and correction of inefficiencies not possible prior to the implementation of NEMAIS throughout the Regional Maintenance Centers (RMC). NEMAIS provided the tool necessary for the successful unification of the global RMC's providing homogeneous maintenance processes throughout the previously disparate Commands. NEMAIS has unified the efforts of approximately 11,000 personnel involved in intermediate level ships' maintenance and has significantly assisted in Navy surging 75% of the Fleet in support of Operation Iraqi Freedom and will be crucial in rapid reconstitution of the Fleet at the conclusion of Iraqi Freedom. NEMAIS will provide the methodology to easily and concisely extract the FY05 fiscal position in Navy ships' intermediate repair at a level of precision and accuracy not previously attainable through the various stovepipe legacy systems. NEMAIS provides the solution for sensitive data within the Department of Navy and is the foundation for Navy's maintenance solution. The CABRILLO pilot was developed and deployed as the financial system of record for the Space and Naval Warfare Systems Center, San Diego, 18 months after initiation. It currently serves over 3,700 people and is used to manage an annual operating budget of over $1.4B. While the final pilot, SMART has been retired, it produced the foundation for supply chain management processes that have been incorporated into the blueprint for the converged Enterprise Resource Planning (ERP) program. The four pilot projects have provided invaluable insight into processes and costs for maintenance, supply, financial and work-force management. This converged solution will be the cornerstone of the Department of the Navy's financial improvement roadmap, supporting a better integrated and auditable business processing environment that will ultimately allow us to comply with the intent of the Chief Financial Officer's act. For clarification, 35% or $350M of the $1B referred to in the draft report was for investment in development of the pilots, while 55% was for operating and support expenses, and the remaining 10% for the early definition of the converged Navy ERP solution. The sustainment expenses would have been incurred on legacy systems in either case. To characterize these investments as failures and a waste of $1B is inconsistent with the facts presented. The success of the Navy pilots proved that the Navy could exploit commercial ERP tools without significant customization, and that further business process improvements and return on investment were feasible - making a Navy wide enterprise solution an achievable goal. These investments and the lessons learned have significantly reduced the risks and uncertainty of undertaking such an ambitious program. It should also be noted that the Navy did reduce the scope and functionality originally planned for the NEMAIS solution as the Navy moved toward the integrated Navy ERP solution. PBD-022 (Program Budget Decision 22 from Program Objective Memorandum 2004 (POM04)) and the NEMAIS Acquisition Decision Memorandum (ADM) have restricted any further development and deployments. It is noted that the GAO audit has no mention of PBD-022 in the report. Footnote 27 of the report should indicate that PBD-022 was the decision point for NEMAIS to become an Acquisition Category (ACAT) I AM program even with the reduced scope. We appreciate the opportunity to provide comments on the draft report and look forward to on-going engagement and discussion with the GAO as we continue the development and deployment of the Navy ERP program and the business transformation it will bring to Navy. Signed by: Thomas Modly: Deputy Under Secretary of Defense (Financial Management) Paul Brinkley: Deputy Under Secretary of Defense (Business Transformation): Enclosure: As stated: GAO Code 192171/GAO-05-858: "DOD BUSINESS SYSTEMS MODERNIZATION: Navy ERP Adherence to Best Practices Critical to Avoid Past Failures" DEPARTMENT OF DEFENSE COMMENTS TO THE RECOMMENDATIONS: RECOMMENDATION 1: The GAO recommended that the Secretary of Defense direct the Secretary of the Navy to require that the Navy ERP Program Management Office develop and implement the quantitative metrics needed to evaluate project performance and risks and use the quantitative measures to assess progress and compliance with disciplined processes. DOD RESPONSE: Concur. The Navy ERP Direct Reporting Program Manager (DPRM) is activating quantitative metrics related to configuration control, development progress, earned value, and quality. These metrics are targeted to be operational by December 2005. Moreover the DRPM is preparing for robust tracking to prevent repetitive occurrences of similar defects. RECOMMENDATION 2: The GAO recommended that the Secretary of Defense direct the Secretary of the Navy to require that the Navy ERP Program Management Office [a] establish an independent verification and validation function and [b] direct that all IV&V reports be provided to Navy management and the appropriate DOD investment review board as well as the project management. The GAO also recommended [c] that the Defense Business Systems Management Committee institute semiannual reviews of the Navy ERP to ensure that the project continues to follows the discipline processes and meets its intended costs, schedule and performance goals. Particular attention should be directed towards the system testing, data conversion, and development of the numerous system interfaces with the other Navy and DOD systems. DOD RESPONSE: Part [a], Concur. The DRPM is establishing an independent verification and validation (IV&V) team within its organization which will report directly to the Program Manager (PM). This is expected to be in place and operational in September 2005. Part [b], Partially concur. The Department endorses tiered accountability and is holding the Components accountable for the management and execution of business system transformation. IV&V reports will be provided directly to the Navy ERP PM and the Navy Component Acquisition Executive. The Component Executive and/or the Navy ERP PM shall inform the OSD Business Transformation Office of any significant IV&V results which it believes will result in a breach of the established program baseline. Part [c], Partially concur. The Defense Business Systems Management Committee (DBSMC) meetings include Transformation briefings from each of the Components that contain their overall efforts, initiatives and systems. The DBSMC is also conducting reviews of DoD enterprise level business programs. [End of section] Appendix III: Identification of the Navy and Defense Systems That Must Interface with the ERP: Navy systems: Acronym: AIT; System name: Automated Information Technology. Acronym: CAV II; System name: Commercial Asset Visibility System. Acronym: CDF; System name: Consolidated Data File. Acronym: CDMD-OA; System name: Configuration Data Manager's Database - Open Architecture. Acronym: CRCS-CADS; System name: Common Rates Computation System/Common Allowance Development System. Acronym: DONIBIS; System name: Department of the Navy Industrial Budget Information System. Acronym: G02APU; System name: G02 Annual Pricing Update. Acronym: ITIMP; System name: Integrated Technical Item Management & Procurement. Acronym: Manugistics; System name: Manugistics. Acronym: MSWP; System name: Maintenance and Ship Work Planning. Acronym: NALCOMIS OMA & OOMA; System name: Naval Aviation Logistic Command Management Information System (2 different versions). Acronym: NALDA; System name: Naval Aviation Logistics Data Analysis. Acronym: Navy Data Mart; System name: Defense Civilian Personnel Data System. Acronym: NDMS; System name: NAVAIR Depot Maintenance System. Acronym: NES; System name: Navy Enlisted Personnel System. Acronym: One Touch; System name: One Touch Supply System. Acronym: OPINS; System name: Officer Personnel Information System. Acronym: PBIS; System name: Program Budget Information System. Acronym: RMAIS; System name: Regional Maintenance Automated Information System. Acronym: SAS; System name: SAS Activity-Based Management. Acronym: SDRS; System name: Supply Discrepancy Reporting System. Acronym: SKED; System name: Preventative Maintenance Scheduling Program. Acronym: SLDP; System name: Standard Logistics Data Procedures. Acronym: TDSA; System name: Technical Directive Status Accounting System. Acronym: TFMMS; System name: Total Force Manpower Management System. Acronym: UADPS-SP/U2; System name: Uniform Automated Data Processing System - Stock Points. DOD Systems: Acronym: ADS; System name: DFAS Corporate Database. Acronym: APVM; System name: Accounting Pre-Validation Module. Acronym: CCR; System name: Central Contractor Registration System. Acronym: DAAS; System name: Defense Automatic Addressing System. Acronym: DCAS; System name: Defense Cash Accountability System. Acronym: DCPS; System name: Defense Civilian Pay System. Acronym: DDRS; System name: Defense Departmental Reporting System. Acronym: DTS; System name: Defense Travel System. Acronym: FLIS; System name: Federal Logistics Information System. Acronym: FRS; System name: Financial Reporting System - Accounting. Acronym: ICAPS; System name: Interactive Computer Aided Provisioning System. Acronym: MISIL; System name: Management Information System for International Logistics. Acronym: PPVM; System name: Payment Pre-Validation Module. Acronym: SPS; System name: Standard Procurement System. Acronym: VPIS; System name: Vendor Pay Inquiry System. Acronym: WAWF; System name: Wide Area Workflow. Acronym: WINS; System name: Web Based Invoicing System. Source: Navy ERP program office. [End of table] [End of section] Appendix IV: GAO Contacts and Acknowledgments: GAO Contacts: Gregory D. Kutz (202) 512-9505 or [Hyperlink, kutzg@gao.gov]: Keith A. Rhodes (202) 512-6412 or [Hyperlink, rhodesk@gao.gov]: Acknowledgments: In addition to the contacts above, Darby Smith, Assistant Director; J. Christopher Martin, Senior Level Technologist; Francine DelVecchio; Kristi Karls; Jason Kelly; Mai Nguyen; and Philip Reiff made key contributions to this report. (192171): FOOTNOTES [1] GAO, DOD Business Systems Modernization: Billions Being Invested without Adequate Oversight, GAO-05-381 (Washington, D.C.: Apr. 29, 2005). [2] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005). The eight specific DOD high-risk areas are (1) approach to business transformation, (2) business systems modernization, (3) contract management, (4) financial management, (5) personnel security clearance program, (6) supply chain management, (7) support infrastructure management, and (8) weapon systems acquisition. The six governmentwide high-risk areas that include DOD are: (1) disability programs, (2) interagency contracting, (3) information systems and critical infrastructure, (4) information sharing for homeland security, (5) human capital, and (6) real property. [3] An ERP solution is an automated system using commercial off-the- shelf (COTS) software consisting of multiple, integrated functional modules that perform a variety of business-related tasks such as payroll, general ledger accounting, and supply chain management. [4] The 80 percent is calculated after excluding estimated appropriated funding for the Marine Corps and military personnel and pay. Of the 80 percent, about 2 percent of the appropriated funds will be executed and maintained in detail by the financial management systems at the aviation and shipyard depots. [5] According to the Software Engineering Institute, requirements management is a process that establishes a common understanding between the customer and the software project manager regarding the customer's business needs that will be addressed by a project. A critical part of this process is to ensure that the requirements development portion of the effort documents, at a sufficient level of detail, the problems that need to be solved and the objectives that need to be achieved. [6] An interface is a connection between two devices, applications, or networks or a boundary across which two systems communicate. [7] In July 2001, the Secretary of Defense established the Business Management Modernization Program to improve the efficiency and effectiveness of DOD business operations and to provide the department's leaders with accurate and timely information through the development and implementation of a business enterprise architecture. [8] GAO, DOD Business Systems Modernization: Long-standing Weaknesses in Enterprise Architecture Development Need to Be Addressed, GAO-05-702 (Washington, D.C.: July 22, 2005). [9] Department of the Navy, Fiscal Year 2004 Annual Financial Report (November 2004). Numbers are combined from the fiscal year 2004 General Fund and Working Capital Fund financial reports. [10] This includes the Marine Corps. [11] Status of Financial Management Reform Within the Department of Defense and the Individual Services: Hearing Before the Subcommittee on Readiness and Management Support, Senate Armed Services Committee, 108TH Cong. 2 (Nov. 18, 2004) (statement by the Assistant Secretary of the Navy (Financial Management and Comptroller), Richard Greco, Jr.) [12] The eight material weaknesses for the Navy General Fund are related to: (1) accounting and financial management systems; (2) fund balance with Treasury; (3) accounts receivable; (4) inventory and related property; (5) general property, plant, and equipment; (6) accounts payable; (7) environmental liabilities; and (8) problem disbursements. [13] The six material weaknesses for the Navy Working Capital Fund are related to: (1) accounting and financial management systems; (2) fund balance with Treasury; (3) accounts receivable; (4) inventory and related property; (5) general property, plant, and equipment; and (6) accounts payable. [14] FFMIA, Pub. L. No. 104-208, div. A., §101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996), requires the 24 major departments and agencies covered by the Chief Financial Officers Act of 1990, Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990) (31 U.S.C. § 901(b), as amended), to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Standard General Ledger at the transaction level. [15] GAO, Vendor Payments: Inadequate Management Oversight Hampers the Navy's Ability to Effectively Manage Its Telecommunication Program, GAO- 04-671 (Washington, D.C.: June 14, 2004). [16] GAO, Foreign Military Sales: Improved Navy Controls Could Prevent Unauthorized Shipment of Classified and Controlled Spare Parts to Foreign Countries, GAO-04-507 (Washington, D.C.: June 25, 2004). [17] GAO, Defense Inventory: Navy Needs to Improve the Management Over Government-Furnished Material Shipped to Its Repair Contractors, GAO- 04-779 (Washington, D.C.: July 23, 2004). [18] Naval Audit Service, Erroneous Payments Made to Navy Vendors, N2005-0011 (Washington, D.C.: Dec. 2, 2004). [19] Initially the focus of the committee was on financial practices, and it was named the Commercial Financial Practices Working Group. The committee changed its name to reflect a broader focus from financial practices to business practices. [20] The amount is based on DOD's estimated planning budget for fiscal years 2006 through 2011. [21] GAO, Department of Defense: Financial and Business Management Transformation Hindered by Long-standing Problems, GAO-04-941T (Washington, D.C.: July 8, 2004). [22] A configuration point is a place at which the system developer must define the business flows with inputs, conditions, and criteria that will be used in the application. [23] Roles are the actions and activities assigned to or required or expected of a person or group. A user's access to the transactions, reports, and applications is controlled by the roles assigned to the user. [24] Disciplined processes include a wide range of activities, including project planning and oversight, requirements management, risk management, and testing. [25] Department of Defense Directive 5000.1, The Defense Acquisition System, DOD Instruction 5000.2, Operation of the Defense Acquisition System (Apr. 5, 2002) and DOD Regulation 5000.2-R, Mandatory Procedures for Major Defense Acquisition Programs and Major Automated Information System Acquisition Programs (Apr. 5, 2002). The DOD policy also specifies that the DOD CIO is the milestone decision authority, responsible for program approval, for all major automated information systems. [26] Naval Audit Service, Department of the Navy Implementation of Enterprise Resource Planning Solutions, N2002-0024 (Washington, D.C.: Jan. 25, 2002). [27] Subsequent to the Naval Audit Service's report, on July 21, 2003, NEMAIS was designated a major automated information system. This memorandum also allowed the fielding of NEMAIS to four Navy regions. [28] DOD, Operation of the Defense Acquisition System, DOD Instruction 5000.2, (Apr. 5, 2002); and DOD Regulation 5000.2-R, Mandatory Procedures for Major Defense Acquisition Programs and Major Automated Information System Acquisition Programs (Apr. 5, 2002). The acquisition controls described in this guidance apply to all DOD acquisition programs. [29] Naval Audit Service N2002-0024. [30] The mission needs statement has been replaced by the requirement for an Initial Capabilities Document. [31] Acceptable levels refer to the fact that any systems acquisition effort will have risks and will suffer the adverse consequences associated with defects in the processes. However, effective implementation of the disciplined processes reduces the potential of risks actually occurring and prevents significant defects from materially affecting the cost, timeliness, and performance of the project. [32] GAO, Business Modernization: Improvements Needed in Management of NASA's Integrated Financial Management Program, GAO-03-507 (Washington, D.C.: Apr. 30, 2003). [33] GAO, National Aeronautics and Space Administration: Significant Actions Needed to Address Long-standing Financial Management Problems, GAO-04-754T (Washington, D.C.: May 19, 2004). [34] GAO, DOD Business Systems Modernization: Billions Continue to Be Invested with Inadequate Management Oversight and Accountability, GAO- 04-615 (Washington, D.C.: May 27, 2004). [35] GAO, Army Depot Maintenance: Ineffective Oversight of Depot Maintenance Operations and System Implementation Efforts, GAO-05-441 (Washington, D.C.: June 30, 2005). [36] GAO, DOD Systems Modernization: Management of Integrated Military Human Capital Program Needs Additional Improvements, GAO-05-189 (Washington, D.C.: Feb. 11, 2005). [37] Steve McConnell, Rapid Development: Taming Wild Software Schedules (Redmond, Wash.: Microsoft Press, 1996). [38] GAO-05-702. [39] A transaction format is a logical process, as defined by the ERP. From the user's point of view, a transaction is a self-contained unit, such as changing an address for a customer or executing a program. [40] A system integrator is a company that specializes in enabling an organization to use off-the-shelf hardware and software packages to meet the organization's computing needs. [41] See, for example, GAO-04-615 and GAO, Financial Management Systems: Lack of Disciplined Processes Puts Implementation of HHS' Financial System at Risk, GAO-04-1008 (Washington, D.C.: Sept. 23, 2004). [42] The documents include: DOD Financial Bluebook; Global Information Grid Capstone Requirements Document (CRD) Crosswalk; Global Combat Support System CRD Crosswalk; Joint Deployment Systems CRD Crosswalk; DoD Joint Technical Architecture; DOD 8500.1, Information Assurance; DOD 8510.1-M, Information Technology Security Certification and Accreditation Process; and DOD 5000.1, The Defense Acquisition System. [43] As discussed in appendix I, our approach to validating the effectiveness of the requirements management process relied on a selection of seven requirements from different functional areas. From the finance area, we selected the requirement to provide reports of funds expended versus funds allocated. From the intermediate-level maintenance management area, we selected the requirement related to direct cost per job and forecasting accuracy. From the procurement area, we selected the requirement to enable monitoring and management of cost versus plan. In the plant supply functions area, we reviewed the requirement related to total material visibility and access of material held by the activity and the enterprise. From the wholesale supply functions area, we selected the requirements of in-transit losses/in-transit write-offs and total material visibility and access of material held by the activity and the enterprise. Additionally, we reviewed the requirement that the ERP be compliant with federal mandates and requirements and the U.S. Standard General Ledger. [44] A business scenario is a description of the flow of business processes that runs within a particular area of a company process. [45] Military pay and personnel will not be included in the Navy ERP because DOD plans to use a new system--the Defense Integrated Military Human Resources System (DIMHRS)--to process these functions for all DOD components. [46] GAO, DOD Management: Examples of Inefficient and Ineffective Business Processes, GAO-02-873T (Washington, D.C.: June 25, 2002). [47] According to DOD, DTS is expected to reengineer defense travel to a seamless, paperless, automated system that meets the needs of individual travelers, force commanders, and process owners (such as finance and accounting services). DTS represents a whole new way of doing business for government and it is expected to make the travel process faster, easier, and better than ever before. During fiscal years 2004-2006, DTS is expected to be fielded to more than 250 high- volume sites across the country that serve over 80 percent of all DOD travelers. [48] GAO-04-615. [49] The Prompt Payment Act, codified at 31 U.S.C. §§ 3901 - 3907, and as implemented at 5 C.F.R. pt. 1315 (2005), provides for agencies, among other things, to pay interest and penalties under various circumstances for late payments, generally when payments are not made within 30 days of the payment due date. [50] GAO, Defense Acquisitions: The Global Information Grid and Challenges Facing Its Implementation, GAO-04-858 (Washington, D.C.: July 28, 2004). [51] GAO-05-702. [52] JFMIP was a joint and cooperative undertaking of the Department of the Treasury, GAO, the Office of Management and Budget (OMB), and the Office of Personnel Management (OPM), working in cooperation with each other and other federal agencies to improve financial management practices in the federal government. Leadership and program guidance were provided by the four Principals of JFMIP--the Secretary of the Treasury, the Comptroller General of the United States, and the Directors of OMB and OPM. Although JFMIP ceased to exist as a stand- alone organization as of December 1, 2004, the JFMIP Principals will continue to meet at their discretion. [53] JFMIP, White Paper: Financial Systems Data Conversion- Considerations (Washington, D.C.: Dec. 20, 2002). [54] GAO-05-441. [55] GAO, Information Technology: DOD's Acquisition Policies and Guidance Need to Incorporate Additional Best Practices and Controls, GAO-04-722 (Washington, D.C.: July 30, 2004). [56] William A. Florac, Robert E. Park, and Anita D. Carleton, Practical Software Measurement: Measuring for Process Management and Improvement (Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1997). [57] GAO-04-1008. [58] GAO-03-507. [59] OMB Circular No. A-11, Part 7, Planning, Budgeting, Acquisition, and Management of Capital Assets (June 21, 2005) and the supplement to Part 7, the Capital Programming Guide (July 22, 1997). [60] Under Secretary of Defense (Acquisition, Technology and Logistics), Department of Defense, Revision to DOD Earned Value Management Policy, March 7, 2005. [61] According to Institute of Electrical and Electronics Engineers (IEEE), verification and validation processes for projects such as Navy ERP can be used to determine whether (1) the products of a given activity conform to the requirements of that activity and (2) the software satisfies its intended use and user needs. This determination may include analyzing, evaluating, reviewing, inspecting, assessing, and testing software products and processes. The verification and validation processes should assess the software in the context of the system, including the operational environment, hardware, interfacing software, operators, and users. [62] Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005, Pub. L. No. 108-375, § 332, 118 Stat. 1811, 1851-56 (Oct. 28, 2004) (codified, in part, at 10 U.S.C. §§ 186, 2222). [63] The act requires the use of procedures for ensuring consistency with the guidance issued by the Secretary of Defense and the Defense Business Systems Management Committee and incorporation of common decision criteria, including standards, requirements, and priorities that result in the integration of defense business systems. [64] Approval authorities include (1) the Under Secretary of Defense for Acquisition, Technology and Logistics; (2) the Under Secretary of Defense (Comptroller); (3) the Under Secretary of Defense for Personnel and Readiness; (4) the Assistant Secretary of Defense for Networks and Information Integration/Chief Information Officer of the Department of Defense; and (5) the Deputy Secretary of Defense or an Under Secretary of Defense, as designated by the Secretary of Defense. These approval authorities are responsible for the review, approval, and oversight of business systems and must establish investment review processes for systems under their cognizance. [65] GAO-04-615. [66] GAO-05-381. GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548:

The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.