Military Personnel
Additional Actions Are Needed to Strengthen DOD's and the Coast Guard's Sexual Assault Prevention and Response Programs Gao ID: GAO-10-215 February 3, 2010Sexual assault is a crime with negative implications to military readiness and esprit de corps. In response to a congressional request, GAO, in 2008, reviewed Department of Defense (DOD) and U.S. Coast Guard sexual assault prevention and response programs and recommended a number of improvements. GAO was subsequently asked to evaluate the extent to which (1) DOD has addressed GAO's 2008 recommendations and further developed its programs, (2) DOD has established a sexual assault database, and (3) the Coast Guard has addressed GAO's 2008 recommendations and further developed its programs. To do so, GAO analyzed legislative requirements and program guidance, interviewed officials, and compared database implementation efforts to key information technology best practices.
DOD has addressed four of GAO's nine recommendations from 2008 regarding the oversight and implementation of its sexual assault prevention and response programs. For example, the Office of the Secretary of Defense (OSD) evaluated department program guidance for joint and deployed environments, and it evaluated factors that may hinder access to health care following a sexual assault. But DOD's efforts to address the other recommendations reflect less progress. For example, GAO recommended that DOD develop an oversight framework, to include long-term goals and milestones, performance goals and strategies, and criteria for measuring progress. However, GAO found that the draft framework lacks key elements needed for comprehensive oversight of DOD's programs, such as criteria for measuring progress and an indication of how it will use the information derived from such measurement to improve its programs. Until OSD incorporates all key elements into its draft oversight framework, it will remain limited in its ability to effectively manage program development to help prevent and respond to sexual assault incidents. DOD acknowledges that more work remains in order to fully develop its oversight framework. DOD has taken steps to begin acquiring a centralized sexual assault database. However, it did not meet a legislative requirement to establish the database by January 2010, and it is unclear when the database will be established because DOD does not yet have a reliable schedule to guide its efforts. Also, key system acquisition best practices associated with successfully acquiring and deploying information technology systems, such as economically justifying the proposed system solution and effectively developing and managing requirements, have largely not been performed. OSD officials said they intend to employ these acquisition best practices. Until this is accomplished the program will be at increased risk of not delivering promised mission capabilities and benefits on time and within budget. While the Coast Guard has partially implemented one of GAO's two recommendations for further developing its sexual assault prevention and response program, it has not implemented the other. In June 2009, the Coast Guard began assessing its program staff's workload, which represents progress in addressing GAO's recommendation to evaluate its processes for staffing key installation-level positions in its program. However, it has not addressed GAO's recommendation to develop an oversight framework. Further, the Coast Guard lacks a systematic process for assembling, documenting, and maintaining sexual assault incident data, and lacks quality control procedures to ensure that the program data being collected are reliable. In fiscal year 2008, for example, different Coast Guard offices documented conflicting numbers of sexual assault reports: the Coast Guard Program Office documented 30, while the Investigative Office documented 78. The Coast Guard had to resolve this significant discrepancy before it could provide its data to DOD. Without a systematic process for tracking its data, the Coast Guard lacks reliable knowledge on the occurrence of sexual assaults.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-10-215, Military Personnel: Additional Actions Are Needed to Strengthen DOD's and the Coast Guard's Sexual Assault Prevention and Response Programs
This is the accessible text file for GAO report number GAO-10-215
entitled 'Military Personnel: Additional Actions Are Needed to
Strengthen DOD's and the Coast Guard's Sexual Assault Prevention and
Response Programs' which was released on February 24, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Subcommittee on National Security and Foreign
Affairs, Committee on Oversight and Government Reform, House of
Representatives:
United States Government Accountability Office:
GAO:
February 2010:
Military Personnel:
Additional Actions Are Needed to Strengthen DOD's and the Coast
Guard's Sexual Assault Prevention and Response Programs:
GAO-10-215:
GAO Highlights:
Highlights of GAO-10-215, a report to the Chairman, Subcommittee on
National Security and Foreign Affairs, Committee on Oversight and
Government Reform, House of Representatives.
Why GAO Did This Study:
Sexual assault is a crime with negative implications to military
readiness and esprit de corps. In response to a congressional request,
GAO, in 2008, reviewed Department of Defense (DOD) and U.S. Coast
Guard sexual assault prevention and response programs and recommended
a number of improvements. GAO was subsequently asked to evaluate the
extent to which (1) DOD has addressed GAO‘s 2008 recommendations and
further developed its programs, (2) DOD has established a sexual
assault database, and (3) the Coast Guard has addressed GAO‘s 2008
recommendations and further developed its programs. To do so, GAO
analyzed legislative requirements and program guidance, interviewed
officials, and compared database implementation efforts to key
information technology best practices.
What GAO Found:
DOD has addressed four of GAO‘s nine recommendations from 2008
regarding the oversight and implementation of its sexual assault
prevention and response programs. For example, the Office of the
Secretary of Defense (OSD) evaluated department program guidance for
joint and deployed environments, and it evaluated factors that may
hinder access to health care following a sexual assault. But DOD‘s
efforts to address the other recommendations reflect less progress.
For example, GAO recommended that DOD develop an oversight framework,
to include long-term goals and milestones, performance goals and
strategies, and criteria for measuring progress. However, GAO found
that the draft framework lacks key elements needed for comprehensive
oversight of DOD‘s programs, such as criteria for measuring progress
and an indication of how it will use the information derived from such
measurement to improve its programs. Until OSD incorporates all key
elements into its draft oversight framework, it will remain limited in
its ability to effectively manage program development to help prevent
and respond to sexual assault incidents. DOD acknowledges that more
work remains in order to fully develop its oversight framework.
DOD has taken steps to begin acquiring a centralized sexual assault
database. However, it did not meet a legislative requirement to
establish the database by January 2010, and it is unclear when the
database will be established because DOD does not yet have a reliable
schedule to guide its efforts. Also, key system acquisition best
practices associated with successfully acquiring and deploying
information technology systems, such as economically justifying the
proposed system solution and effectively developing and managing
requirements, have largely not been performed. OSD officials said they
intend to employ these acquisition best practices. Until this is
accomplished the program will be at increased risk of not delivering
promised mission capabilities and benefits on time and within budget.
While the Coast Guard has partially implemented one of GAO‘s two
recommendations for further developing its sexual assault prevention
and response program, it has not implemented the other. In June 2009,
the Coast Guard began assessing its program staff‘s workload, which
represents progress in addressing GAO‘s recommendation to evaluate its
processes for staffing key installation-level positions in its
program. However, it has not addressed GAO‘s recommendation to develop
an oversight framework. Further, the Coast Guard lacks a systematic
process for assembling, documenting, and maintaining sexual assault
incident data, and lacks quality control procedures to ensure that the
program data being collected are reliable. In fiscal year 2008, for
example, different Coast Guard offices documented conflicting numbers
of sexual assault reports: the Coast Guard Program Office documented
30, while the Investigative Office documented 78. The Coast Guard had
to resolve this significant discrepancy before it could provide its
data to DOD. Without a systematic process for tracking its data, the
Coast Guard lacks reliable knowledge on the occurrence of sexual
assaults.
What GAO Recommends:
To strengthen program implementation, GAO recommends that DOD take
steps, including incorporating all key elements into its draft
oversight framework and adhering to key system acquisition best
practices, as it develops its database. GAO also recommends that the
Coast Guard take steps, including establishing a systematic process to
track program data and establishing quality control procedures. DOD
and the Coast Guard concurred with the recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-10-215] or key
components. For more information, contact Brenda S. Farrell at (202)
512-3604 or farrellb@gao.gov or Randolph C. Hite at (202) 512-3439 or
hiter@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
DOD's Efforts to Address GAO's Recommendations from 2008 Reflect
Varying Levels of Progress:
DOD Has Yet to Establish a Centralized Sexual Assault Database:
Coast Guard Has Partially Implemented One of Our Two Recommendations
from 2008:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Scope and Methodology:
Appendix II: Comments from the Department of Defense:
Appendix III: Comments from the U.S. Coast Guard:
Appendix IV: GAO Contacts and Staff Acknowledgments:
Tables:
Table 1: Nine Improvement Opportunities and Selected Corresponding
Target Improvement Initiatives Contained in OSD's Draft Oversight
Framework:
Table 2: Summary of Increments and Phases for Acquiring DOD's Defense
Sexual Assault Incident Database:
Abbreviations:
DOD: Department of Defense:
MDA: Milestone Decision Authority:
OMB: Office of Management and Budget:
OSD: Office of the Secretary of Defense:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
February 3, 2010:
The Honorable John F. Tierney:
Chairman:
Subcommittee on National Security and Foreign Affairs:
Committee on Oversight and Government Reform:
House of Representatives:
Dear Mr. Chairman:
Sexual assault is a crime that has a far-reaching negative impact on
communities, families, and individuals and has additional implications
for the military services because it undermines their core values,
degrades mission readiness and esprit de corps, subverts strategic
goodwill, and raises financial costs. Since we reported on these
implications in 2008, incidents of sexual assault have continued to
occur; in fiscal year 2008, the Department of Defense (DOD) reported
nearly 3,000 alleged sexual assault cases, and the U.S. Coast Guard
reported about 80.[Footnote 1] However, it is impossible to accurately
analyze trends or to draw conclusions from these data about the
incidence of sexual assault in the military services because, as we
have previously reported, DOD and the Coast Guard have not been using
standardized reporting requirements.[Footnote 2]
Since 2004, Congress has repeatedly taken steps to address sexual
assault in the military, including passing legislation that directs
the Secretary of Defense to develop a comprehensive policy for DOD on
the prevention of and response to sexual assaults involving members of
the Armed Forces. The comprehensive policy is to include procedures
for confidentially reporting sexual assault incidents. Further, the
Secretary of Defense is required to submit an annual report to
Congress on reported sexual assault incidents involving
servicemembers.[Footnote 3] In 2008, we issued two reports that have
helped inform congressional deliberations on sexual assault in the
military; the first, in January 2008,[Footnote 4] addressed sexual
assault at the DOD and Coast Guard academies, while the second, in
August 2008,[Footnote 5] addressed sexual assault in the military and
Coast Guard services. Our August 2008 report found that while DOD and
the Coast Guard have taken positive steps to prevent and respond to
sexual assault, program implementation was hindered by several issues,
such as the lack of an oversight framework--that is, a plan to improve
the Office of the Secretary of Defense's (OSD) oversight of the
programs; limited support from some commanders; and training that was
not consistently effective.[Footnote 6] Accordingly, we made a number
of recommendations to improve DOD and Coast Guard programs, including
recommending the development of an oversight framework to assess
program effectiveness and the evaluation of program guidance,
training, and installation-level staffing processes to enhance program
implementation. We also raised as a matter for congressional
consideration that the Coast Guard be required to annually submit to
Congress sexual assault incident and program data that are
methodologically comparable to those required of DOD. DOD and the
Coast Guard concurred with all of the recommendations in our August
2008 report, which are reprinted in the Background section of this
report. In addition, we testified twice before your Subcommittee: in
July 2008,[Footnote 7] to discuss our preliminary observations on
DOD's and the Coast Guard's sexual assault prevention and response
programs, and in September 2008, to discuss the findings and
recommendations included in our August 2008 report.[Footnote 8]
In November 2008, you requested that we continue to monitor DOD and
Coast Guard efforts to strengthen the implementation and oversight of
their respective sexual assault prevention and response programs. This
report builds upon our previous work related to sexual assault in the
military services, and assesses the extent to which (1) DOD has taken
steps to implement our recommendations from 2008 and has further
developed its programs to prevent and respond to sexual assault; (2)
DOD has taken steps to address a congressional requirement to
establish a centralized, case-level sexual assault incident database;
and (3) the Coast Guard has taken steps to implement our
recommendations from 2008 and has further developed its programs to
prevent and respond to sexual assault.
To assess the extent to which DOD has implemented our previous
recommendations, we reviewed current DOD policies and programs and
compared them with our prior findings and recommendations. We also
interviewed DOD officials to supplement our analyses of program
modifications. To assess the extent to which DOD has addressed the
congressional requirement to establish a centralized, case-level
sexual assault database, we reviewed applicable legislation[Footnote
9] to identify statutory provisions that direct DOD to make changes to
its processes for collecting and maintaining sexual assault data. We
also reviewed applicable DOD documentation, compared it to DOD,
federal, and industry guidance and to key system acquisition best
practices; and interviewed DOD officials to obtain information on the
status of the department's efforts to establish the database. To
assess the extent to which the Coast Guard has implemented our
previous recommendations, we reviewed current Coast Guard policies and
programs and compared them with our prior findings and
recommendations. We also interviewed Coast Guard officials to
supplement our analyses of program modifications. Further details
about our scope and methodology can be found in appendix I.
We conducted this performance audit from February 2009 to February
2010 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives.
Results in Brief:
DOD has taken steps to implement our August 2008 recommendations to
improve its sexual assault prevention and response program; however,
its efforts reflect various levels of progress, and opportunities
exist for further program improvements. In August 2008, we made nine
recommendations to address the program issues we identified, and DOD
has taken a number of steps to implement four of these
recommendations.[Footnote 10] For example, OSD suggested policy
revisions that have led to interim guidance for implementing sexual
assault prevention and response programs in joint and deployed
environments. Also, OSD chartered the Health Affairs Sexual Assault
Task Force, which evaluated and subsequently issued recommendations to
address factors that may hinder access to health care following a
sexual assault. However, DOD's steps toward implementing the five
other recommendations from 2008 reflect less progress, which is likely
to hinder the effectiveness of DOD's efforts to oversee its programs.
For example, although OSD has drafted an oversight framework, as we
recommended, to guide the implementation and assessment of the
department's sexual assault prevention and response programs, the
framework does not contain all the key elements needed for
comprehensive oversight. Specifically, it lacks criteria for measuring
progress, although OSD does plan to develop these within the next 2
years. The framework also lacks an indication of how it will use the
information derived from such measurement to improve its programs. Our
2008 recommendation called for the oversight framework to include long-
term goals, objectives, and milestones; performance goals and
strategies; and criteria for measuring progress. Our prior work has
also shown that results-oriented organizations use the resulting
information to guide the development of future initiatives and
identify how to budget available resources to achieve program
goals.[Footnote 11] But OSD's draft oversight framework does not
identify how it will use or report the results of its performance
assessments, does not identify how OSD's budgeting of resources
relates to its achievement of strategic program objectives, and does
not correlate with the program's two strategic plans. Until OSD
incorporates these key elements into its draft oversight framework, it
will be limited in its ability to effectively manage program
development and determine the extent to which its programs help
prevent the occurrence of sexual assaults. We are recommending that
OSD strengthen its oversight of sexual assault prevention and response
programs by incorporating all key elements into its oversight
framework.
DOD has taken preliminary steps to establish the Defense Sexual
Assault Incident Database---a centralized, case-level sexual assault
incident system--but given what has been accomplished to date and what
remains to be accomplished, DOD officials did not develop this
database in time to meet the statutorily mandated January 2010
implementation deadline.[Footnote 12] Moreover, DOD lacks a reliable
schedule to guide acquisition and implementation tasks and activities.
In addition, other key information technology management practices
that are essential to successfully acquiring and implementing the
database also remain to be accomplished. These include assessing the
program's potential overlap with and duplication of related programs,
justifying investment in the program on the basis of reliable
estimates of life cycle costs and benefits, effectively developing and
managing system requirements, adequately testing system capabilities,
and effectively managing program risks. DOD officials agree that these
key practices need to be implemented; however, they have yet to
develop plans or timeframes for doing so. Therefore, until these
practices are implemented effectively, DOD could face challenges in
successfully delivering a database that meets mission needs and does
not exceed cost and schedule commitments. As DOD moves forward with
its development of the Defense Sexual Assault Incident Database, we
are recommending that it adhere to key system development and
acquisition management processes and controls.
While the Coast Guard has partially implemented one of our
recommendations to further develop its sexual assault prevention and
response program, it has not implemented the other. In August 2008, we
reported that the Coast Guard's sexual assault prevention and response
program was hindered by several issues, and we made two
recommendations to strengthen its program's implementation.[Footnote
13] To its credit, in June 2009, the Coast Guard began assessing its
program staff's workload to address our recommendation to evaluate its
processes for staffing key installation-level positions in its sexual
assault prevention and response program. However, while the Coast
Guard has broadly identified program objectives, it has not addressed
our recommendation to develop an oversight framework that provides
comprehensive and specific guidance for operating its program. As a
result, the Coast Guard is unable to measure program progress,
accurately identify program needs, and optimize the use of available
resources. Moreover, the Coast Guard lacks a systematic process for
assembling, documenting, and maintaining sexual assault incident data,
and lacks quality control procedures to ensure that the program data
being collected are reliable. In fiscal year 2008, for example,
different Coast Guard offices documented conflicting numbers of sexual
assault reports: the Coast Guard Program Office documented 30, while
the Investigative Office documented 78. Without a systematic process
for tracking its data, the Coast Guard lacks reliable knowledge on the
occurrence of sexual assaults. We are recommending that the Coast
Guard develop a systematic process for tracking its data to ensure
that program information collected is valid and reliable.
In written comments on a draft of this report, both DOD and the Coast
Guard concurred with all of our recommendations. DOD further noted in
its comments that while it concurred with our recommendations, our
report contains technical inaccuracies and misstatements that diminish
the department's efforts. We believe that our report accurately
represents DOD's progress to address our recommendations from 2008 and
we incorporated technical corrections from DOD, where appropriate.
DOD's comments are reprinted in appendix II, and the Coast Guard's
comments are reprinted in appendix III.
Background:
Department of Defense:
In October 2004, Congress included a provision in the Ronald W. Reagan
National Defense Authorization Act for Fiscal Year 2005 that required
the Secretary of Defense to develop a comprehensive policy for DOD on
the prevention of and response to sexual assaults involving members of
the Armed Forces.[Footnote 14] The legislation required that the
policy be based on the recommendations of the Defense Task Force on
Care for Victims of Sexual Assaults and on other matters as the
Secretary deemed appropriate.[Footnote 15] Among other things, the
legislation requires the Secretary to establish a standardized
departmentwide definition of sexual assault, and to develop a policy,
using the standardized definition, to address a number of issues,
including the confidential reporting of sexual assault incidents and
the uniform collection of data on the incidence of sexual assault. The
law also requires DOD to submit an annual report to Congress on
reported sexual assault incidents involving members of the Armed
Forces.
In October 2005, DOD issued DOD Directive 6495.01, which contains its
policy for the prevention of and response to sexual assault.[Footnote
16] In June 2006, DOD issued DOD Instruction 6495.02, which provides
guidance for implementing this policy.[Footnote 17] DOD's directive
defines sexual assault as follows:
"intentional sexual contact, characterized by use of force, threats,
intimidation, abuse of authority, or when the victim does not or
cannot consent. Sexual assault includes rape, forcible sodomy (oral or
anal sex), and other unwanted sexual contact that is aggravated,
abusive or wrongful (to include unwanted and inappropriate sexual
contact), or attempts to commit these acts. "Consent" means words or
overt acts indicating a freely given agreement to the sexual conduct
at issue by a competent person. An expression of lack of consent
through words or conduct means there is no consent. Lack of verbal or
physical resistance or submission resulting from the accused's use of
force, threat of force, or placing another person in fear does not
constitute consent. A current or previous dating relationship by
itself or the manner of dress of the person involved with the accused
in the sexual conduct at issue shall not constitute consent."
In October 2008, Congress passed the Duncan Hunter National Defense
Authorization Act for Fiscal Year 2009, which includes a provision
requiring the Secretary of Defense to implement a centralized, case-
level database for the collection and maintenance of information
regarding sexual assaults involving members of the Armed Forces.
[Footnote 18] The law specifies that the database include information,
if available, about the nature of the assault, the victim, the
offender, and the outcome of any legal proceedings associated with the
assault, and requires DOD to implement the database by January 2010--
which is 15 months from the day of its enactment.
In OSD, the Under Secretary of Defense for Personnel and Readiness has
the responsibility for developing the overall policy and guidance for
the department's sexual assault prevention and response program. Under
the Office of the Under Secretary of Defense for Personnel and
Readiness, OSD's Sexual Assault Prevention and Response Office (within
the Office of the Deputy Under Secretary of Defense for Plans) serves
as the department's single point of responsibility for sexual assault
policy matters.[Footnote 19] These responsibilities include providing
the military services with guidance and technical support and
facilitating the identification and resolution of issues; developing
programs, policies, and training standards for the prevention of,
reporting of, and response to sexual assault; developing strategic
program guidance and joint planning objectives; overseeing the
department's collection and maintenance of data on reported alleged
sexual assaults involving servicemembers; establishing mechanisms to
measure the effectiveness of the department's sexual assault
prevention and response program; and preparing the department's annual
report to Congress. The Deputy Under Secretary of Defense for Plans
has the responsibility for programming, budgeting, and allocating
funds and other resources for the Sexual Assault Prevention and
Response Office.
Each military service has established a sexual assault prevention and
response office with responsibility for overseeing and managing its
sexual assault matters. Further, DOD's instruction requires the
military services to establish Sexual Assault Response Coordinator
positions and states that at the services discretion, these positions
may be staffed by members of the military, civilian employees, or DOD
contractors.[Footnote 20] Sexual Assault Response Coordinators are
generally responsible for implementing their respective services'
sexual assault prevention and response programs, including
coordinating the response to and reporting of sexual assault
incidents. Other responders include victim advocates, judge advocates,
medical and mental health providers, criminal investigative personnel,
law enforcement personnel, and chaplains.
Coast Guard:
The Coast Guard has had a sexual assault prevention and response
program in place since 1997, and in December 2007, the Coast Guard
updated its instruction to generally mirror DOD's policy. According to
Coast Guard officials, in January 2009, they revised their instruction
to incorporate what officials have stated is a more comprehensive
definition of the term "sexual assault," modify titles of certain
program personnel to better reflect their responsibility, and clarify
processes for reporting a sexual assault.[Footnote 21]
The Coast Guard's Office of Work-Life (within the Health, Safety, and
Work-Life Directorate, which is under the Office of the Assistant
Commandant for Human Resources) is responsible for overseeing and
managing sexual assault matters. At the installation level, the Coast
Guard has established Employee Assistance Program Coordinators to
manage the response to and reporting of sexual assault incidents. Like
DOD's, the Coast Guard's sexual assault prevention and response
program utilizes other responders to manage sexual assault incidents,
including victim advocates, judge advocates, medical and mental health
providers, criminal investigative personnel, law enforcement
personnel, and chaplains.
Recommendations from 2008 GAO Report[Footnote 22]
In August 2008, we issued a report containing nine recommendations to
DOD and two recommendations to the Coast Guard to improve program
implementation.[Footnote 23] With respect to DOD, we recommended that
the Secretary of Defense take the following actions:
* Review and evaluate the department's policies for the prevention of
and response to sexual assault to ensure that adequate guidance is
provided to effectively implement the program in deployed environments
and joint environments.
* Direct the military service secretaries to emphasize to all levels
of command their responsibility for supporting the program, and review
the extent to which commanders support the program and resources are
available to raise servicemembers' awareness of sexual assault matters.
* Systematically evaluate and develop an action plan to address any
factors that may prevent or discourage servicemembers from accessing
health services following a sexual assault.
* Direct the Defense Task Force on Sexual Assault in the Military
Services to begin its examination immediately, now that all members of
the task force have been appointed, and to develop a detailed plan
with milestones to guide its work.
* Require the Sexual Assault Prevention and Response Office to develop
an oversight framework to guide continued program implementation and
to evaluate program effectiveness. At a minimum, such a framework
should contain long-term goals, objectives, and milestones;
performance goals; strategies to be used to accomplish goals; and
criteria for measuring progress.
* Review and evaluate sexual assault prevention and response training
to ensure that the military services are meeting training requirements
and to enhance the effectiveness of the training.
* Evaluate the military services' processes for staffing and
designating key installation-level program positions--such as
coordinators--at installations in the United States and overseas, to
ensure that these individuals have the ability and resources to fully
carry out their responsibilities.
* Direct the military service secretaries to provide installation-
level incident data to the Sexual Assault Prevention and Response
Office annually or as requested to facilitate the analysis of sexual
assault-related data and to better target resources over time.
* Improve the usefulness of the department's annual report as an
oversight tool both internally and for congressional decision makers
by establishing baseline data to permit the analysis of data over time
and to distinguish cases in which (1) evidence was insufficient to
substantiate an alleged assault, (2) a victim recanted, or (3) the
allegations of sexual assault were unfounded.
With respect to the Coast Guard, we recommended that the Commandant of
the Coast Guard take the following actions:
* Evaluate the Coast Guard's processes for staffing key installation-
level program positions--such as coordinators--to ensure that these
individuals have the ability and resources to fully carry out their
responsibilities.
* Develop an oversight framework to guide continued program
implementation and to evaluate program effectiveness. At a minimum,
such a framework should contain long-term goals, objectives, and
milestones; performance goals; strategies to be used to accomplish
goals; and criteria for measuring progress.
We also suggested as a matter for congressional consideration that the
Coast Guard be required to annually submit to Congress sexual assault
incident and program data that are methodologically comparable to
those required of DOD. In commenting on a draft of that report, both
DOD and the Coast Guard concurred with all of our recommendations.
[Footnote 24]
DOD's Efforts to Address GAO's Recommendations from 2008 Reflect
Varying Levels of Progress:
DOD has made varying levels of progress in implementing our
recommendations from 2008 to improve its sexual assault prevention and
response programs. To its credit, DOD has implemented four of the nine
recommendations in our August 2008 report. However, DOD's efforts
toward implementing the other five recommendations reflect less
progress, which is likely to hinder the effectiveness of DOD's efforts
to oversee its programs.
DOD Has Implemented Four of Our Recommendations from 2008:
During fiscal years 2008 and 2009, DOD implemented four of the
recommendations in our August 2008 report on DOD and Coast Guard
sexual assault prevention and response programs. First, OSD
established a working group to address our recommendation to review
and evaluate the adequacy of DOD policies for implementing its sexual
assault prevention and response program in joint and deployed
environments. Based on the working group's findings, OSD submitted a
memorandum to the Joint Staff in April 2009 detailing its suggested
revisions to joint policy, which a Joint Staff official told us they
are using to modify related publications. Additionally, according to a
Joint Staff official, the Joint Staff has issued interim guidance to
support the implementation of sexual assault prevention and response
programs in joint and deployed environments until the new joint
publications are approved.[Footnote 25]
Second, the military service secretaries have taken a variety of steps
to address our recommendation to emphasize responsibility for program
support to all levels of command. For example, the military services'
top leadership spoke at their respective services' sexual assault
prevention summits, during which they emphasized the need for
"ownership" of the programs and commitment to the prevention of and
response to sexual assault. Specifically, in the spring of 2009, the
Secretary of the Army spoke to noncommissioned officers--the personnel
responsible for program implementation--on the importance of modifying
the Army's culture to actively reject sexual assault and other
inappropriate behavior. In the fall of 2009, the Secretaries of the
Air Force and Navy and the Commandant of the Marine Corps gave similar
presentations to their personnel, during which they stressed their
commitment to eradicating sexual assault in the military services. The
military services have taken even more far-reaching steps to relay
their support for and to commit resources to sexual assault prevention
and response programs. For example, the Secretary of the Navy recently
established the Navy's Sexual Assault Prevention and Response Office
that reports directly to the Secretary, which Navy officials assert
will foster additional support and accountability for its sexual
assault program initiatives. The Marine Corps, following a review of
its program staffing, established full-time Sexual Assault Response
Coordinator positions at four installations with the highest troop
concentrations and is in the process of establishing full-time
coordinator positions at installations with at least 1,000 troops as a
way to better manage its sexual assault prevention and response
programs. Additionally, the Army has incorporated an assessment of
sexual assault program awareness into promotional boards for
noncommissioned officers to promote accountability for the
implementation of prevention and response initiatives.
DOD has also taken a variety of steps to emphasize support for and to
further develop its sexual assault prevention and response programs.
For example, in fiscal year 2008, representatives from OSD and the
military services visited selected military installations to assess,
among other things, the extent to which commanders--company and field
grade officers--support sexual assault prevention and response
programs. OSD found that while most program personnel had demonstrable
support from their command, command support of sexual assault
prevention and response programs varied from installation to
installation, and stronger command support of the program was
required. OSD further reported that it is working with its
stakeholders to address its findings. Additionally, each of the
military services has incorporated interactive, scenario-based
training programs to promote increased involvement by participants and
to enhance the retention of the material being presented. For example,
the Army contracts with a company that offers a nationally recognized
presentation called "Sex Signals"--a 90-minute program that uses
interactive skits to address the topics of dating, rape, consent, and
intervention. The Air Force has implemented bystander intervention
training that incorporates techniques such as role-playing to motivate
servicemembers to take actions if they see, hear, or otherwise
recognize signs of an inappropriate or unsafe situation. The Marine
Corps has implemented and the Navy is in the process of adopting a
program called Mentors in Violence Prevention training. Like the Air
Force's program, this consists of role-playing exercises that allow
students to construct and practice ways to respond or intervene in
incidents of harassment, abuse, or violence.
Third, OSD chartered the Health Affairs Sexual Assault Task Force to
address our recommendation to evaluate and develop an action plan to
address factors that may prevent or discourage servicemembers from
seeking health services. In March 2009, the task force made a number
of recommendations intended to improve the availability of health
care, such as (1) chartering a military health system Sexual Assault
Health Care Integrated Policy Team to review department-level policies
regarding clinical practice guidelines, standards of care, research
gaps and opportunities, personnel and staffing, training requirements
and responsibilities, continuity of care, and in-theater equipment and
supplies; (2) drafting model memorandums of understanding for use by
all service military treatment facilities as they establish continuity
of care relationships with local community providers; and (3)
reviewing DOD policy, including performing peer reviews of sexual
assault cases to ensure that they are aligned with civilian practices.
Fourth, in August 2008, the Defense Task Force on Sexual Assault in
the Military Services began its examination of matters relating to
sexual assault, as we recommended. According to task force staff, the
task force has conducted interviews and focus groups with sexual
assault prevention and response program personnel at approximately 60
locations throughout the world. However, the task force did not meet
its August 11, 2009, reporting deadline. It was granted an extension,
which it met by releasing its report on December 1, 2009.[Footnote 26]
DOD's Efforts toward Implementing the Five Other Recommendations from
2008 Reflect Less Progress:
DOD's efforts to implement the five other recommendations we made in
our report issued in August 2008 reflect less progress. Further,
remaining issues with OSD's strategic planning efforts and DOD's
annual report to Congress on alleged sexual assault incidents are
likely to hinder the effectiveness of DOD's efforts to oversee its
programs.
OSD's Oversight Framework Has Been Drafted, but It Lacks Key Elements
Necessary for Comprehensive Oversight:
OSD recently drafted an oversight framework, but the framework only
partially satisfies our recommendation in that the framework does not
contain all the elements that we previously recommended as necessary
for effective strategic planning and program implementation. Further,
the draft oversight framework cannot be implemented until it is
approved--a step that OSD officials stated will occur once they have
incorporated revisions from and obtained the endorsements of the
military service secretaries. Based on our prior work on the
importance of strategic program planning guidance and our finding that
OSD had not established an oversight framework to guide the
implementation of its programs, we recommended in August 2008 that OSD
develop an oversight framework that includes, at a minimum, (1) long-
term goals, objectives, and milestones; (2) performance goals and
strategies to be used to accomplish goals; and (3) criteria for
measuring progress.[Footnote 27]
To its credit, OSD, in October 2009, completed drafting and is
preparing to begin a 3-year implementation of its oversight framework
to improve the oversight and integration of the department's sexual
assault prevention and response programs. This draft oversight
framework contains long-term goals, objectives, and milestones for
implementation. For example, it identifies nine objective-like
elements--called "improvement opportunities"--to facilitate program
oversight. Examples of the improvement opportunities include defining
core oversight roles and responsibilities, standardizing performance
measures and reports, and improving communication with stakeholders.
The draft framework also identifies action-oriented steps that
correspond with and are designed to facilitate the achievement of
these opportunities. For example, the draft framework specifies that
OSD will "define and document the policy development, coordination,
and approval process" and "define and document the process to review
alignment between policy and program development" as specific steps
toward the achievement of its objective of defining core oversight
roles and responsibilities. Table 1 details the nine opportunities and
selected steps for achieving them that are contained in the draft
framework.
Table 1: Nine Improvement Opportunities and Selected Corresponding
Target Improvement Initiatives Contained in OSD's Draft Oversight
Framework:
Improvement opportunity: Standardize core oversight processes;
Target improvement initiatives:
* Define policy development, coordination, and approval process;
* Define process to review alignment between policy and program
guidance.
Improvement opportunity: Develop and standardize performance measures;
Target improvement initiatives:
* Develop baseline measures for program performance data;
* Develop standard data collection and management plan to be tracked
across DOD.
Improvement opportunity: Promote command support of programs;
Target improvement initiatives:
* Develop and execute survey to gauge combatant command planning
status for program implementation in contingency operations;
* Assess education/training for commanders and establish required
training.
Improvement opportunity: Leverage inspectors general in evaluation of
compliance with policy;
Target improvement initiatives:
* Identify success factors of program policy to be communicated to DOD
and service inspectors general;
* Provide training to DOD and service inspectors general on emerging
sexual assault prevention and response topics.
Improvement opportunity: Improve working group/subcommittee structure;
Target improvement initiatives:
* Evaluate whether the Sexual Assault Advisory Council operating
structure could be improved to better meet DOD community needs;
* Develop subcommittee and working group charters to better define
roles and responsibilities.
Improvement opportunity: Capture victim experience data;
Target improvement initiatives:
* Develop and implement a mechanism to capture victim experience data;
* Integrate victim quality assurance mechanism into existing victim
inquiry process.
Improvement opportunity: Implement DOD quarterly review meetings;
Target improvement initiatives:
* Conduct DOD-specific oversight meetings outside of the Sexual
Assault Advisory Council operating structure;
* Review budget programming by services and commands to support
adequate staffing levels.
Improvement opportunity: Collaborate with external partners;
Target improvement initiatives:
* Establish common understanding of data definitions within DOD sexual
assault prevention and response community;
* Improve sharing of research and effective practices.
Improvement opportunity: Improve proactive communication of
information to stakeholders;
Target improvement initiatives:
* Develop and execute a comprehensive communications plan that
incorporates proactive communication strategies and key messaging for
core stakeholders;
* Develop capability for OSD staff to regularly provide military
services with relevant legislative affairs data.
Source: DOD.
[End of table]
OSD's draft oversight framework is a positive step toward stronger
management of the department's sexual assault prevention and response
programs. Further, OSD recently restructured its Sexual Assault
Advisory Council and established the Oversight Steering Committee to
more actively involve DOD's top leadership in the development and
implementation of the department's sexual assault prevention and
response initiatives. For example, DOD's instruction specifies that
the Sexual Assault Advisory Council shall be chaired by the Under
Secretary of Defense for Personnel and Readiness and shall comprise
top DOD leadership, including the Deputy Under Secretary of Defense
for Plans, the military departments' assistant secretaries for
manpower and reserve affairs, and the Vice Chairman of the Joint
Chiefs of Staff. While the establishment of such committees is an
important step toward successful implementation of the oversight
framework, implementation will require the personal involvement of top
DOD leadership to maintain the long-term focus on and accountability
for program objectives.
Further, OSD's draft oversight framework is missing key elements that
are needed to provide comprehensive oversight of DOD's sexual assault
prevention and response programs. Specifically, OSD's framework lacks
performance measures, does not identify how it will use or report the
results of its performance assessments, does not identify how OSD's
budgeting of resources relates to its achievement of strategic program
objectives, and does not correlate with the program's two strategic
plans.
Draft Oversight Framework Lacks Performance Measures and Details on
How Measures Will Be Used to Guide Program Improvements:
OSD's draft oversight framework does not satisfy our recommendation
from 2008 in that it does not yet contain performance measures, which
are needed to facilitate the evaluation of program performance and the
identification of areas needing improvement. Our prior work has shown
that managers can use performance information to identify problems and
develop solutions that will improve program results.[Footnote 28]
Currently, OSD has plans to develop a standardized set of performance
measures and targets by the second year of its 3-year plan for
implementing its oversight framework. We note that our prior work has
highlighted the importance of performance measures and that they
should include quantifiable, numerical targets or other measurable
values for determining (1) whether the desired performance results are
being achieved and (2) overall program progress.[Footnote 29] Until
performance measures are established, OSD cannot accurately assess the
progress of the department's initiatives or correctly identify and
implement actions to improve program performance.
OSD's Draft Oversight Framework Does Not Identify How Its Budgeting of
Resources Relates to the Achievement of Strategic Objectives:
In addition to its lack of performance measures, OSD's framework does
not identify how OSD's budgeting of resources relates to its
achievement of strategic program objectives, which limits the
department's ability to inform budget formulation and execution
decisions according to performance considerations. Our prior work has
demonstrated that by linking program plans with budgets, organizations
can more explicitly guide budget discussions and can assist management
by correlating total resources consumed with actual results achieved.
[Footnote 30] While these correlations have not been made in the draft
framework, OSD officials told us that the process of developing the
framework helped to identify the need and gain approval for 21 full-
time employees, which is three times the number of staff originally
approved for that office. However, until OSD explicitly correlates its
budgeting of resources to the achievement of strategic program
objectives, it will be challenged in its justification of future
budget requests.
Draft Oversight Framework Does Not Correlate with the Program's
Strategic Plans:
OSD's strategic planning documents do not correlate with the program's
two strategic plans. Our prior work has shown that clear linkages
among long-term strategic goals, objectives, strategies, and day-to-
day activities are critical for enabling a strategic plan to drive an
organization's operations. In addition to its draft oversight
framework, OSD drafted an internal strategic plan to guide the
initiatives of DOD's Sexual Assault Prevention and Response Office,
and a DOD-wide strategic plan to guide initiatives across the larger
DOD community. According to OSD officials, the oversight framework,
when approved, will support OSD's ability to meet the goals of its
strategic plans, which were designed to serve as the overarching
program planning guidance.
However, the intended correlation among these three documents is not
clear because they do not use similar terminology to clearly link
their purposes. For example, OSD's internal strategic plan is based on
five "strategic objectives" that are identical to the five "strategic
sexual assault prevention and response priorities" contained in the
DOD-wide strategic plan. In contrast, the draft oversight framework
contains terminology that is different from both strategic plans, and
it refers to its nine objective-like elements as "future state
improvement opportunities." As a result, the correlation between these
three documents is not clear. Further, the two strategic plans and the
draft oversight framework do not clearly illustrate how each supports
the achievement of the objectives and strategies contained in the
other two documents. In commenting on a draft of this report, DOD
further defined the relationship between the draft oversight framework
and its two strategic plans for sexual assault prevention and response
programs. DOD also noted that the objective-like elements in its draft
oversight framework were purposely not tied to the program objectives
in the two strategic plans. However, without consistent terminology
and clearly correlated objectives and strategies among these three
documents, the prioritization of and responsibility for these
initiatives will remain unclear. (See appendix II for DOD's comments)
Training Effectiveness Cannot Be Fully Determined without Performance
Measures:
While OSD has taken steps to evaluate the effectiveness of the sexual
assault prevention and response training provided to DOD
servicemembers, training programs cannot be assessed because OSD's
strategic plans and draft oversight framework do not contain measures
against which to benchmark performance. As we reported in August 2008,
DOD's sexual assault prevention and response training was not
consistently administered or evaluated for effectiveness. Accordingly,
we recommended that DOD undertake an evaluation of the department's
training programs.[Footnote 31] To its credit, OSD's training
subcommittee reviewed the military services' training policies and
found that they continue to provide initial and refresher training for
all personnel. However, it also found that a greater level of detail
was needed in policy to guide the execution of training requirements.
OSD's training subcommittee developed an action plan for fiscal year
2009 that included visits to selected military installations to review
sexual assault prevention and response training programs.
Nevertheless, OSD's draft oversight framework does not include
performance measures, thus limiting OSD's ability to assess the
effectiveness of training programs and other initiatives. OSD
officials, as part of their recent strategic planning efforts, have
acknowledged the need for and are planning to develop a standard set
of DOD-wide performance measures over the next few years for DOD
sexual assault prevention and response programs. However, they have
stated that these performance measures will not be established until
at least the second year of DOD's 3-year implementation plan for the
oversight framework. Until these measures are established, we continue
to assert that OSD cannot ensure that the department's sexual assault
prevention and response training effectively imparts an awareness of
the subject matter to servicemembers.
Staffing of Key Installation-Level Program Positions Has Not Been
Evaluated:
DOD has not implemented our recommendation to evaluate the military
services' processes for staffing key installation-level program
positions to ensure that they have the ability and resources to fully
carry out their responsibilities. In fiscal year 2008, OSD and the
military services examined program staffing processes during OSD's
assessments of selected military installations, and similarly
concluded that DOD's policy on selection criteria and scope of duty
for key program personnel should be further evaluated. However, OSD
officials stated that they had not taken action to address their
findings because personnel from the congressionally mandated Defense
Task Force on Sexual Assault in the Military Services advised OSD that
they would be making related recommendations in their December 2009
report to Congress. Until DOD implements our 2008 recommendation, it
cannot ensure that it is able to adequately staff and resource its
sexual assault prevention and response programs.
Installation-Level Data Are Not Being Collected While Centralized
Database Is under Development:
While the military services have agreed to provide installation-level
data on sexual assault incidents, OSD officials told us that they will
not collect them until they have implemented the statutorily mandated
centralized database to maintain these data. (For a discussion of this
database, see a later section of this report.) As we reported in our
August 2008 report, OSD could not conduct a comprehensive cross-
service trend analysis because it did not have access to installation-
level data on sexual assault incidents from the military services.
[Footnote 32] As such, we recommended that the military services
provide these data to OSD to facilitate the analysis of sexual assault-
related data and to better target resources over time. However, OSD is
not currently collecting these data, despite their availability,
because it has not yet completely standardized its data definitions
and data elements. OSD and its stakeholders have started to create a
standardized set of sexual assault data elements, thus delineating the
types of data to be provided by each of the services. However, OSD
officials told us that the process of developing and training the
numerous program personnel worldwide to collect and report
standardized data elements will be a very complex and time-consuming
undertaking. Further, OSD officials stated that they plan to finalize
the data definitions in the coming months, but added that similar to
the data elements, they will not require that the definitions be used
by the military services until the implementation of DOD's sexual
assault incident database, the date of which is not yet known.
Therefore, it is unknown when OSD will establish baseline data, which
are needed to conduct trend analyses of the military services' sexual
assault data.
DOD's Annual Report to Congress Is Not Comprehensive:
While OSD introduced some changes in DOD's annual report to Congress,
these changes have not sufficiently improved the report to ensure that
congressional stakeholders are better informed on DOD's prevention of
and response to incidents of sexual assault. As we previously
reported, DOD's annual report may not have been effectively
characterizing incidents of sexual assault in the military services,
and thus we recommended that the department improve the usefulness of
its annual report as an oversight tool.[Footnote 33] To its credit,
OSD incorporated new charts and graphics into DOD's fiscal year 2008
annual report that more specifically illustrated the demographics of
individuals involved and the locations in which sexual assaults in the
military have been occurring. Further, OSD and its stakeholders have
started to create a standardized set of sexual assault data elements
and definitions. However, the standardization is not yet complete, and
as noted previously, OSD officials told us that developing definitions
and data elements for and training the numerous program personnel
worldwide on how to consistently report on the data elements
collected, is very complex and time-consuming. OSD officials added
that the standardization of data definitions is something that they
expect to accomplish in the near term, while standardizing data
elements will take longer since it is a task that will be completed in
conjunction with their development of a centralized sexual assault
database. Further, OSD has not provided its own analysis of the
military services' reports and programs, and we do not believe that it
will be able to do so until it establishes performance measures with
which it can assess program effectiveness.
We believe that the format of the information provided in DOD's annual
report to Congress continues to complicate the reader's ability to
establish a comprehensive understanding of the department's sexual
assault prevention and response programs. Our prior work shows that
the usefulness of data ultimately depends on the degree of confidence
that users have in the data being presented. Higher confidence can be
achieved by providing key information about the data being reported,
including efforts to validate data and the implications of the data
limitations that have been identified.[Footnote 34] However, we
believe the sexual assault incident data are not qualified at the
outset of DOD's annual report to disclose that incident data may
include an alleged sexual assault that occurred prior to the victim's
or perpetrator's military service or outside of the year in which it
was reported. Our prior work shows that standardized data with common
definitions are critical to ensuring that comparable information from
multiple sources is accurately represented.[Footnote 35] However, the
military services' sections in the annual report contain similar but
not comparable types of information. For example, the Army and Air
Force structure their respective reports according to the category of
program information, and the Navy and Marine Corps structure their
report according to the responses received from program personnel
involved in their sexual assault prevention and response initiatives.
While we do not advocate for one military service's approach over
another's, the dissimilar report formats make it difficult, if not
impossible, to compare program efforts.
OSD officials told us that they have taken initial steps to address
some data inconsistencies by providing the military services with a
data collection template to begin the process of standardizing the
collection and reporting of sexual assault program information in
DOD's fiscal year 2009 annual report to Congress. This is an important
first step; however, it does not fully address our concerns in that
the military services may still be reporting data that are based on
different criteria. Further, while we recognize that the complete
standardization of the type, amount, and format of the military
services' data will be a significant undertaking, OSD will not be able
to report consistent data on the status and condition of DOD's sexual
assault prevention and response programs until these issues are
resolved. Until OSD and the military services reach consensus on the
data elements and begin disseminating the new data collection and
reporting requirements to program personnel, DOD will continue to lack
key information needed for oversight.
DOD Has Yet to Establish a Centralized Sexual Assault Database:
DOD has taken preliminary steps to implement a centralized, case-level
sexual assault incident database. However, the database was not
implemented by the statutorily mandated deadline of January 2010.
Moreover, when the database will be implemented is uncertain because a
reliable schedule to guide acquisition and implementation tasks and
activities has yet to be developed. In addition, other key information
technology management practices that are essential to successfully
acquiring and implementing the database also remain to be
accomplished. DOD officials agreed that these key practices need to be
implemented; however, they have yet to develop plans or time frames
for doing so.
The National Defense Authorization Act for Fiscal Year 2009 required
DOD to implement a centralized, case-level database for collecting and
maintaining information on sexual assaults involving members of the
Armed Forces, including information, if available, about the nature of
the assault, the victim, the offender, and the outcome of any legal
proceedings in connection with the assault.[Footnote 36] The law also
required the Secretary of Defense to submit a concept plan for this
database to Congress by January 2009 and to implement the database by
January 2010. In response to these statutory requirements, the Under
Secretary of Defense for Personnel and Readiness instructed the Sexual
Assault Prevention and Response Office to develop the Defense Sexual
Assault Incident Database. According to OSD officials, this database
is to generate congressionally mandated annual reports, run ad hoc
queries, track sexual assault victim support services, support program
administration, meet program reporting requirements, and perform data
analysis. Among other things, the database is also to ensure the
privacy and restricted reporting options of victims.
DOD Did Not Meet the Statutory Deadline for Implementing the Database,
and It Does Not Have a Schedule with Reliable Time Frames for Doing So:
DOD has established conceptual plans for acquiring and deploying a
centralized sexual assault incident database. According to these
plans, the database will be delivered in two increments, with the
first increment consisting of four phases. (See table 2 for a
description of the increments and phases.) However, these phases have
not yet been decomposed into meaningful work tasks, activities, and
events, including timeframes and resources needed to execute them.
Moreover, other important practices associated with creating a
reliable schedule of when and how these phases will be accomplished
have yet to be satisfied. Specifically, our research has identified
nine practices associated with developing and maintaining a reliable
schedule.[Footnote 37] These practices are (1) capturing all key
activities, (2) sequencing all key activities, (3) assigning resources
to all key activities, (4) integrating all key activities horizontally
and vertically, (5) establishing the duration of all key activities,
(6) establishing the critical path for all key activities, (7)
identifying float between key activities, (8) conducting a schedule
risk analysis, and (9) updating the schedule using logic and durations
to determine the dates for all key activities. According to program
officials, the steps and associated time frames for the increments and
phases identified in table 2 cannot be reliably determined until the
development and implementation contractor is hired, which will not
occur until sometime after March 31, 2010. This means that the program
office currently lacks the necessary means by which to execute a
system acquisition, gauge progress, identify and address potential
problems, and promote accountability.
Table 2: Summary of Increments and Phases for Acquiring DOD's Defense
Sexual Assault Incident Database:
Increment: 1;
Phase: 1;
Description:
* Configure the database, and establish roles and permission lists,
initial reporting, data entry/case management and interface
development;
* Present proof-of-concept to Congress to demonstrate that the
database addresses initial reporting concerns.
Increment: 1;
Phase: 2;
Description:
* Develop reporting and data entry/case management requirements and
successful interfaces between the database and the Air Force's
Investigative Information Management System and Automated Military
Justice Analysis and Management System;
* Evolve proof-of-concept to include reporting, data entry/case
management and interface development.
Increment: 1;
Phase: 3;
Description:
* Develop interfaces between the database and the Army's Sexual
Assault Data Management System and the Marine Corps Sexual Assault
Incident Reporting Database;
* Provide proof-of-concept presentations for Congress regarding
business management.
Increment: 1;
Phase: 4;
Description:
* Develop business management requirements and interfaces between the
database and the Navy's Sexual Assault Victim Intervention, the
Department of Navy's Criminal Justice Information System, and the
Consolidated Law Enforcement Operations Center.
Increment: 2;
Description:
* Expand data entry/case management functionality to address National
Guard requirements;
* Expand interfaces to capture any updates to military service-
specific systems based on new data requirements;
* Expand reporting functionality.
Source: DOD.
[End of table]
In addition, DOD's current plans include a few general milestones. For
example, OSD officials told us that the first phase of the initial
increment was to have been achieved when they provided a "proof-of-
concept" document to Congress in January 2010. However, this document
has yet to be approved. Further, they stated that they intend to
release a Request for Proposals for a database developer in the second
quarter of fiscal year 2010. Based on these milestones and the absence
of a reliable program schedule, DOD did not meet its legislative
mandate to implement the database by January 2010, and when it will
implement the database is uncertain.
DOD's Success in Acquiring and Implementing the Database Depends on
Its Use of Key Management Practices:
OSD program officials stated that they received milestone approval in
July 2009 from the milestone decision authority,[Footnote 38] the
Acting Deputy Under Secretary of Defense for Program Integration, to
conclude the Materiel Solution Analysis (previously Concept
Refinement) phase and begin the Technology Development phase of DOD's
acquisition system.[Footnote 39] Associated with this progression, DOD
has taken steps to begin employing a number of key information
technology acquisition management disciplines that are provided for in
DOD and related guidance.[Footnote 40] Our research and evaluations of
information technology programs across the federal government have
shown that adhering to such disciplines is essential to delivering
promised system capabilities and benefits on time and within budget.
Among other things, these disciplines include assessing a program's
overlap with and duplication of related programs through architecture
compliance, justifying investment in the proposed system solution on
the basis of reliable estimates of life cycle costs and benefits,
effectively developing and managing system requirements, adequately
testing system capabilities, and effectively managing program risks.
However, DOD has yet to progress to the point that it can demonstrate
that these disciplines have been fully implemented, as discussed
below. Until it does, the chances of it successfully delivering the
database are reduced.
* Architectural alignment: DOD's guidance and other guidance[Footnote
41] recognize the importance of investing in business systems within
the context of an enterprise architecture.[Footnote 42] Additionally,
our experience in reviewing federal agencies has shown that making
investments without the context of a well-defined enterprise
architecture often results in systems that are, among other things,
duplicative of other systems.[Footnote 43] Within DOD, the means for
avoiding business system duplication and overlap is the department's
process for assessing compliance with DOD's business enterprise
architecture and its associated investment review and decision-making
processes. DOD officials told us that the database was assessed for
compliance with the business enterprise architecture and received
investment review board approval as compliant in July 2009. However, a
complete set of system-level architecture products needed to perform a
thorough and meaningful compliance assessment are not yet available.
As we have previously reported,[Footnote 44] architecture compliance
is not a onetime event but rather a determination that needs to be
made at key junctures in a system's acquisition life cycle. If it is
not, unnecessary overlap and duplication with other systems, as well
as system interoperability shortfalls, can occur.
* Economic justification: Our prior work has shown that a reliable
cost estimate is critical to informed investment decision making,
realistic budget formulation and justification, program resourcing,
meaningful progress measurement, proactive course correction, and
accountability for results. Further, according to Office of Management
and Budget (OMB) guidance,[Footnote 45] justifications for an
investment should include an analysis of the investment's total life
cycle cost.[Footnote 46] DOD developed a business case for the
database in June 2009 that provides the department's proposal and
justification for its database (i.e., system solution), and this
business case includes a program cost estimate of $12.6 million. While
the cost estimate was derived in accordance with some best practices
identified in relevant cost estimating guidance, such as estimating
software costs with a parametric tool that incorporates GAO cost
estimating best practices and relying on the costs of analogous
existing systems, it was not done in accordance with others.[Footnote
47] For example, it does not include all costs over the system's life
cycle, and it has not been adjusted to account for program risks. More
specifically, program officials stated that the $12.6 million does not
include program office and management costs, relevant development
costs (e.g., testing), or sustainment costs (i.e., operations and
maintenance). OSD officials told us that they intend to develop a
reliable cost estimate once the development contract is awarded.
Without reliable estimates, a proposed system solution cannot be
adequately justified on the basis of costs and benefits, and DOD may
be at increased risk of experiencing cost overruns, schedule
slippages, and performance shortfalls.
Beyond not having a reliable cost estimate, DOD's business case does
not comply with other OMB guidance.[Footnote 48] According to OMB, the
economic analysis used to justify an investment should meet certain
criteria to be considered reasonable, including comparing alternatives
on the basis of net present value and conducting an uncertainty
analysis of benefits. While the business case includes an explanation
of why the database is needed, it does not address the costs and
benefits associated with each of the four database alternatives that
were considered (i.e., commercial-off-the-shelf case management system
software product, custom-built system, enhancement of an existing
military service system, or maintenance of the status quo). Moreover,
the four alternatives were not assessed on the basis of net present
value, including using the proper discount rate to account for
inflation. Instead, only the selected alternative was evaluated
quantitatively. Without a meaningful analysis of alternatives, DOD
lacks sufficient assurance that it has selected the most cost-
effective system solution.
* Requirements development and management: Well-defined and well-
managed requirements are the cornerstone of effective system
development and acquisition.[Footnote 49] Effective requirements
development and management includes, among other things, (1)
effectively eliciting user needs early and continuously in the system
life cycle process, (2) establishing a stable baseline set of
requirements and placing the baseline under configuration management,
(3) ensuring that system-level requirements can be traced back to
higher-level business or operational requirements (e.g., concept of
operations) and forward to system design documents (e.g., software
requirements specification) and test plans, and (4) controlling
changes to baseline requirements. DOD has begun to take steps to
engage users in the development of requirements. For example, it
formed a working group composed of representatives from each of the
military services and the National Guard to develop high-level system
requirements. Further, program officials stated that additional
actions are planned or under way to reach agreement on system
interfaces, which is important given that the database is to draw data
from multiple systems to satisfy statutory requirements. They also
said that users will be further involved in developing requirements.
For example, DOD is working with the Air Force and National Guard to
define more specific functional, performance, and data requirements,
and has initiated discussions with the Army, Navy, and Marine Corps to
do the same. In addition, program officials stated that once the high-
level system requirements are baselined, the Change Control Board,
comprising representatives from DOD and the user community, will be
established to control changes to the baseline requirements. While
these ongoing and planned actions are positive, they represent only
the beginning of a series of actions that are associated with
effectively defining and managing requirements over a system's
acquisition life cycle. To the extent that this series of actions is
not well detailed and implemented, the risk of the database not
performing as intended, and costing more and taking longer to
implement than necessary, is increased.
* Test management: According to DOD and other relevant guidance,
system testing should be progressive, meaning that it should consist
of a series of test events that first focus on the performance of
individual system components, then on the performance of integrated
system components, followed by system-level tests that focus on
whether the system (or major system increments) are acceptable,
interoperable with related systems, and operationally suitable to
users.[Footnote 50] Among other things, effective testing should
ensure that (1) all test events are governed by a well-defined test
management structure, (2) each test event is executed in accordance
with well-defined plans, and (3) the results of each test event are
captured and used to ensure that problems discovered are disclosed and
corrected. Program officials stated that they plan to work with the
development contractor to establish an effective test management
structure, develop test plans, and capture and resolve problems found
during testing. In addition, they plan to engage an independent test
organization. However, DOD has not yet developed milestones for its
testing plans or activities. Unless adequate testing is performed and
key test management structures and controls are established, it is
unlikely that the database will meet user expectations and mission
needs, and the risk of it costing more and taking longer than planned
is increased.
* Risk management: Proactively managing program risks is a key
acquisition management control that if done properly, can increase the
chances of programs delivering promised capabilities and benefits on
time and within budget. Relevant guidance, including DOD's Risk
Management Guide for DOD Acquisition, recognizes the importance of
conducting effective risk management.[Footnote 51] Among other things,
effective risk management includes (1) establishing and implementing a
written plan and defined process for risk identification, analysis,
and mitigation; (2) assigning responsibility for managing risks to key
stakeholders; (3) encouraging programwide participation in risk
management; and (4) examining the status of identified risks during
program milestone reviews. Program officials stated that they intend
to document and implement a risk management strategy that is
consistent with DOD's Risk Management Guide. To its credit, the
program office has begun to identify key risks. For example, it cited
identified risks related to (1) what officials believed to be an
unattainable congressionally mandated database implementation date of
January 2010; (2) staffing shortages that complicate the office's
ability to develop and gain approval of a large number of key
documents (e.g., privacy impact assessments, documentation required
for investment reviews, and updates of relevant DOD instructions,
etc.); (3) potential shortfalls in system development and maintenance
funding issues; (4) limitations of the military services' systems,
which are expected to provide data to DOD's database; and (5) the
military services' competing priorities, which may jeopardize their
support and involvement.[Footnote 52] However, they have yet to begin
proactively managing these risks. Unless this is done, the risks could
evolve into actual cost, schedule, and performance shortfalls.
Coast Guard Has Partially Implemented One of Our Two Recommendations
from 2008:
The Coast Guard has partially implemented one of our recommendations
from 2008 to further develop its sexual assault prevention and
response program, but it has not addressed the other. To its credit,
the Coast Guard conducted an assessment of its processes for staffing
key program positions and has continued to develop, through a variety
of initiatives, other components of its sexual assault prevention and
response program. However, the Coast Guard has not addressed our
recommendation to develop an oversight framework, and its program is
challenged by the lack of a systematic process for collecting,
documenting, and maintaining sexual assault data and by the lack of
training for program coordinators.
The Coast Guard Has Taken Steps to Implement One of Our
Recommendations from 2008 and Has Continued Developing Its Programs:
The Coast Guard has taken steps to implement our previous
recommendation to evaluate its processes for staffing key program
positions. As we previously reported, Coast Guard officials told us
that its Sexual Assault Response Coordinators do not have the time to
effectively implement a sexual assault prevention and response
program. Thus we recommended that the Coast Guard evaluate its
processes for staffing key program positions to ensure that they have
the ability and resources to fully carry out their responsibilities.
[Footnote 53] Coast Guard officials told us that current levels of
full-time staffing continue to hinder their ability to appropriately
implement various components of their sexual assault prevention and
response program, adding that the continuity of care for victims is
negatively affected since its coordinators do not possess the time or
the training to provide consistent case management services. To
address this, the Coast Guard, in June 2009 initiated an assessment of
the current workload requirements and resource allocations for its
Sexual Assault Response Coordinators. Officials told us that they plan
to use the results of this assessment to determine whether the
responsibilities of the position or associated resource levels need to
be revised. Coast Guard officials also noted that the assessment is to
be completed by December 2009, and that they hope to address any
program recommendations within 2 years of the assessment's completion.
While these are positive first steps, they do not fully address our
findings and recommendation from 2008 because the Coast Guard has yet
to complete its assessment and decide what, if any, program
modifications it will make. The Coast Guard also established two new
program positions in response to findings in our previous report.
Specifically, in September 2008, the Coast Guard established a
headquarters-level program manager position to oversee the management
of, training for, and evaluation of its sexual assault prevention and
response program. The Coast Guard also established a Sexual Assault
Response Coordinator position at its academy to manage its sexual
assault prevention and response program.
While the Coast Guard is not generally subject to the departmental
direction or statutory requirements that apply to DOD, it has
developed an instruction that charges responsible personnel with
establishing policies and procedures for its program.[Footnote 54] To
the Coast Guard's credit, Coast Guard officials stated that they
frequently leverage program information and materials obtained through
their regular participation in OSD's Sexual Assault Advisory Council
subcommittees and working groups and the military services'
conferences and summits. For example, the Coast Guard recently modeled
its victim advocate training after the Navy's curriculum, and it is
revising its data collection requirements to mirror those of DOD. The
Coast Guard is also modifying its sexual assault prevention and
response program instruction to clarify its definition of sexual
assault and revise its description of selected program positions to
better reflect program responsibilities. Coast Guard officials stated
that they plan to issue the revised instruction in spring 2010.
The Coast Guard Has Not Implemented Our Second Recommendation from
2008, and Its Program Is Hindered by Accountability Issues:
With respect to our second recommendation, the Coast Guard's efforts
to establish a program oversight framework have been limited. Although
the Coast Guard has identified broad program objectives, it has not
addressed our recommendation to develop an oversight framework that
provides comprehensive and specific guidance for operating its
programs. Further, the Coast Guard's program lacks a systematic
process for assembling, documenting, and maintaining sexual assault
incident data, lacks quality control procedures to ensure that the
program data being collected are reliable, and the Coast Guard has yet
to complete the development and implementation of training for key
program personnel. As a result, the Coast Guard's program development
efforts continue to be hindered by its inability to evaluate program
effectiveness, to accurately account for sexual assault incidents, to
prioritize program initiatives, and to help ensure that program
personnel are trained to properly execute their responsibilities.
Coast Guard Has Not Developed an Oversight Framework:
The Coast Guard has not developed an oversight framework to guide its
program development and implementation, despite its concurrence with
our August 2008 recommendation that it do so. Our prior work has
demonstrated the importance of results-oriented performance measures
to successful program oversight, and has shown that having an
effective plan for implementing initiatives and measuring progress can
help decision makers determine whether initiatives are achieving their
desired result.[Footnote 55] As we previously reported, the Coast
Guard was not able to fully evaluate the results achieved by its
efforts, and thus we recommended that it develop an oversight
framework that at a minimum includes long-term goals, objectives, and
milestones; performance goals; strategies to be used to accomplish
goals; and criteria for measuring progress.[Footnote 56] The Coast
Guard revised its program instruction to clarify departmental
oversight roles, and it has developed an action plan that broadly
defines program goals, objectives, strategies, milestones, and
criteria. However, based on our prior work on developing and enhancing
program oversight, the Coast Guard's efforts do not sufficiently
encompass the key components of an oversight framework. For example,
the Coast Guard's action plan does not contain performance measures,
nor does it identify how it plans to use the results of its program
evaluations to revise its future program objectives. Furthermore, the
strategies identified in its action plan are too vague to enable an
assessment of whether they would help achieve program goals and
objectives. For example, the Coast Guard's action plan includes as one
of the long-term program objectives, "provide updated, consistent
information on program reporting options and resources," and the
corresponding strategy is simply, "purchase and distribute marketing
materials to the field," without specifying how or when it plans to
achieve this objective.
Further, the Coast Guard has not correlated program objectives and
strategies with its internal budget requests, which limits its ability
to effectively allocate and account for program resources. As we noted
previously, our prior work shows that having program plans clearly
linked with budgets allows an organization to more explicitly guide
budget discussions and can assist program management by connecting
total resources consumed with actual results achieved.[Footnote 57]
Thus, we continue to believe that our recommendation has merit, and
that the Coast Guard will remain limited in its ability to manage and
evaluate its sexual assault prevention and response program until it
develops and implements an oversight framework.
Coast Guard Does Not Have a Systematic Process to Collect, Document,
and Maintain Sexual Assault Incident Information:
The Coast Guard does not have a systematic process to collect,
document, and maintain its sexual assault data and related program
information. The Coast Guard's instruction charges responsible program
personnel with establishing a reporting system to evaluate statistical
data related to sexual assault incidents, maintaining records to
identify victims and track services provided, and providing oversight
of quality assurance review processes to ensure the provision of
quality services.[Footnote 58] Additionally, our prior work has shown
that organizations striving to meet program goals must have
information systems in place to meet the modern need for fast,
reliable, and accurate information.[Footnote 59] However, the Coast
Guard's sexual assault program does not currently have a systematic
process to collect, document, and maintain its sexual assault incident
data. One individual maintains a hard copy log, informed by reports
from coordinators in the field, and if necessary, may call these
coordinators to get additional information. At the conclusion of our
review, Coast Guard officials told us that they are in the process of
developing a prototype to enable personnel to electronically manage
sexual assault cases, and that they expect to conduct an assessment of
prototype capabilities in early 2010. However, until the Coast Guard
establishes a systematic process for the collection, documentation,
and maintenance of these data, it will be challenged in its ability to
efficiently retrieve data and its visibility over sexual assault
incidents will remain limited.
Additionally, the Coast Guard has not instituted quality control
processes to ensure the reliability of the sexual assault incident and
program data being collected. Our prior work has highlighted the
importance of organizations assessing the quality of their program
data and ensuring that these data are complete and reliable.[Footnote
60] However, the Coast Guard has not established a process to
periodically assess the sufficiency of the program information it
collects. For example, Coast Guard officials noted that in fiscal year
2008, the Coast Guard Investigative Service, in the course of its
investigations, documented 78 reports of sexual assault, while Coast
Guard Headquarters, using the hard copy log of reports from its
coordinators, had documented only 30. Further, the Coast Guard's
sexual assault prevention and response instruction requires that
commanding officers "ensure completion of mandatory annual training on
sexual assault prevention by all unit personnel." However, officials
told us that the current system used to track training is designed to
report training compliance at the unit level, and while individual
training compliance can be discerned, the process to do so is overly
cumbersome. As a result, this practice complicates the Coast Guard's
ability to oversee whether personnel are completing their required
training. Officials added that unit compliance with training is
assessed during inspections that occur every 2 to 3 years, and the
responsible command is notified if any problems are identified.
Further, Coast Guard officials told us that while there is no
systematic process for following up on the findings from these
inspections, they are confident that the issues are taken seriously
and appropriately addressed. However, we believe that until the Coast
Guard establishes a systematic process to assess the quality and
reliability of its data, it cannot be sure that the information it
collects is relevant to and sufficient for the achievement of its
program goals.
The Coast Guard Has Not Trained Its Program Coordinators:
The Coast Guard recently developed and is starting to conduct training
for its victim advocates however, it has not provided training for its
Sexual Assault Response Coordinators--the personnel who manage the
victim advocates. The Coast Guard's instruction requires that all
Coast Guard Sexual Assault Response Coordinators be trained to perform
relevant duties, and prohibits them from accepting a restricted sexual
assault report until the training has been completed. However, Coast
Guard officials stated that they have not developed a curriculum or
implemented training for the Coast Guard's 16 Sexual Assault Response
Coordinators, because, alternatively, they were developing and
implementing a training curriculum for victim advocates. Coast Guard
officials initially told us that it would likely take up to 2 years to
develop a formalized curriculum for Coast Guard Sexual Assault
Response Coordinators, but that in the meantime, they have scheduled a
training session for coordinators in January 2010 to review policy
revisions and reporting processes. At the conclusion of our review,
Coast Guard officials stated that they have since updated their plans
to train Sexual Assault Response Coordinators, noting that they plan
to complete a formalized curriculum by May 2010 and have scheduled
training for the Coordinators during the week of May 4, 2010. However,
until such training is administered, Sexual Assault Response
Coordinators will lack formalized Coast Guard sexual assault
prevention and response training, and according to Coast Guard
officials, they will rely instead only on the general mandated
training provided to all personnel, their own professional experience,
and their interpretation of the Coast Guard's sexual assault
prevention and response policy.
Additionally, the Coast Guard's Sexual Assault Program Manager plans
to travel to Coast Guard installations throughout the country to
administer annual victim advocate training, which will eventually be
administered by coordinators. However, this may not be the most
effective use of resources, as the training could be administered by
trained Sexual Assault Response Coordinators. Until a formal
curriculum is developed and implemented, the Coast Guard cannot be
sure that it has effectively imparted program responsibilities and
requirements to its Sexual Assault Response Coordinators.
Conclusions:
Since the release of our August 2008 report, DOD has taken a number of
positive steps toward addressing our recommendations to further
strengthen its sexual assault prevention and response programs and to
develop the statutorily mandated sexual assault incident database.
Additionally, each service has proactively developed and implemented a
variety of initiatives--beyond what we recommended--to increase
program awareness and to improve prevention of and response to
occurrences of sexual assault. While such progress is noteworthy,
DOD's efforts have not fully established a sound management framework,
which must build upon the foundation of a comprehensive strategic
framework that guides program development and implementation. Without
such a foundation, DOD's programs lack the institutional support, long-
term perspective, and clear lines of accountability that are needed to
withstand the administrative, fiscal, and political pressures that
confront federal programs on a daily basis. Until OSD finalizes and
fully implements its oversight framework and strategic plans, it will
continue to lack the ability to synergize its prevention and response
initiatives, and it may not be able to effect the change in military
culture that is needed to ensure that programs are institutionalized.
Additionally, successful implementation of the oversight framework
will require the personal involvement of top DOD leadership to
maintain the long-term focus on and accountability for program
objectives.
While the Coast Guard is not generally subject to the departmental
program direction or statutory requirements that apply to DOD, it
continues to proactively develop its sexual assault prevention and
response program. The Coast Guard has, however, experienced challenges
similar to those of DOD because it lacks the long-term strategic
perspective needed to structure its program development and
implementation. Until the Coast Guard develops an oversight framework
that includes specific management improvement steps, key milestones,
and performance measures, it will be unable to accurately demonstrate
that its programs are achieving its goals of establishing a culture of
prevention, sensitive response, and accountability. Further, the Coast
Guard may not be able to demonstrate that program elements, such as
its sexual assault prevention and response training, are being
implemented in a manner that most effectively ensures its achievement
of program goals.
Recommendations for Executive Action:
We recommend that the Secretary of Defense take the following 10
actions:
* To improve the management, strategic planning, and comprehensiveness
of OSD's oversight of the department's sexual assault prevention and
response programs, direct the Under Secretary of Defense for Personnel
and Readiness to strengthen OSD's oversight framework by:
- identifying how the results of performance assessments will be used
to guide the development of future program initiatives,
- identifying how OSD's program resources correlate to its achievement
of strategic program objectives, and:
- correlating its oversight framework to the program's two strategic
plans so that program objectives, timelines, and strategies for
achieving objectives are synchronized.
* To enhance visibility over the incidence of sexual assaults
involving DOD servicemembers, the department's sexual assault
prevention and response programs, and the pending implementation of
the Defense Sexual Assault Incident Database, direct the Under
Secretary of Defense for Personnel and Readiness to standardize the
type, amount, and format of the data in the military services' annual
report submissions.
* To enhance the oversight of the sexual assault prevention and
response program in DOD, direct the Under Secretary of Defense for
Personnel and Readiness to ensure that the development and
implementation of the Defense Sexual Assault Incident Database
includes adherence to the following key system development and
acquisition management processes and controls:
- developing a reliable integrated master schedule that addresses the
nine key practices discussed in this report,
- adequately assessing the program's overlap with and duplication of
related programs through architecture compliance,
- adequately justifying investment in the proposed approach on the
basis of reliable estimates of life cycle costs and benefits,
- effectively developing and managing system requirements,
- adequately testing system capabilities, and:
- effectively managing program risks.
We are recommending that the Commandant of the Coast Guard take the
following three actions:
* To improve the oversight and accountability of the Coast Guard's
sexual assault prevention and response program:
- establish a systematic process for collecting, documenting, and
maintaining sexual assault incidence data, and:
- establish quality control processes to ensure that program
information collected is valid and reliable.
* To improve execution of sexual assault prevention and response
programs, we recommend that the Commandant of the Coast Guard
establish and administer a curriculum for all key program personnel to
ensure that they can provide proper advice to Coast Guard personnel.
Agency Comments and Our Evaluation:
In written comments on a draft of this report, both DOD and the Coast
Guard concurred with all of our recommendations. DOD noted in its
comments that our report contained technical inaccuracies, which we
addressed where appropriate, based on the technical comments received
from both DOD and the Coast Guard. Further, DOD asserted that the
report also contained misstatements that improperly diminished the
department's efforts to address our recommendations. We believe that
our report accurately represents DOD's progress to address our
recommendations from 2008. DOD's comments are reprinted in appendix
II, and the Coast Guard's comments are reprinted in appendix III.
In concurring with our recommendations aimed at improving the
management, strategic planning, and comprehensiveness of OSD's
oversight of the department's sexual assault prevention and response
programs--including that OSD should strengthen its oversight framework
by (1) identifying how the results of performance assessments will be
used to guide the development of future program initiatives, (2)
identifying how OSD's program resources correlate with its achievement
of strategic program objectives, and (3) correlating its oversight
framework with the program's two strategic plans--DOD commented that
several efforts are underway or are planned to address these issues.
For example, DOD stated that in the early part of 2010, it will have a
plan in place that details how it will track its progress toward the
performance objectives laid out in the DOD-wide strategic plan, and it
will develop a procedure to report back on progress toward objectives
and any needed corrective steps. DOD also stated that starting with
the 2012 budget cycle, OSD plans to align its budget categories with
specific performance objectives laid out in its strategic plan.
Further, DOD noted that the process it plans to use to track its
progress toward performance objectives will also allow the department
to synchronize the objectives, timelines, and strategies of its two
strategic plans. We commend DOD for taking immediate steps in response
to our recommendations, and encourage the department to continue
taking positive actions toward fully implementing them.
In its concurrence with our recommendation that the department
standardize the type, amount, and format of the data in the military
services' annual report submissions, DOD acknowledged that achieving
uniformity among the military services for all required data elements
will greatly enhance its oversight capabilities. DOD added that it
recently established definitions for case disposition data and
developed a standardized program report template, and that both are
being used by the military services to compile their respective data
for the department's fiscal year 2009 report on sexual assault in the
military services. DOD stated that the comprehensive process of
linking all of its data elements will ultimately be accomplished
through its development of the Defense Sexual Assault Incident
Database. Our report credits DOD with taking initial steps toward
developing standardized data elements and definitions, and
acknowledges the data template it developed and is using to collect a
more standardized set of data from the military services for the
department's fiscal year 2009 annual report to Congress. However, as
we noted in our report, OSD officials stated that full standardization
of data elements and definitions will not be achieved until it
implements the Defense Sexual Assault Incident Database--for which DOD
does not currently have a reliable implementation schedule. While we
recognize that this will be a complex and time-consuming task, we
continue to assert that the full establishment and implementation of
standardized data elements and definitions will facilitate a more
comprehensive understanding of DOD's sexual assault prevention and
response programs.
In concurring with our recommendation to develop a reliable integrated
master schedule for the Defense Sexual Assault Incident Database, DOD
stated that it will give priority to doing so, and will follow GAO
schedule estimating guidance. However, it added that while the
department has thus far developed schedules that it characterized as
capturing broader scope key activities, it would not be able to
capture key schedule activities or estimate a timeframe for
identifying key activities that are fundamental to developing a
reliable schedule until it acquired the assistance of the system
development contractor. DOD noted that this is because only the
contractor will know the steps and time required to adopt proprietary
materials to DOD's requirements for the database. We understand the
role that the development contractor plays in developing a reliable
integrated master schedule, which is why our recommendation does not
specify a timeframe for developing the schedule, and thus allows DOD
to first acquire a contractor's services. Further, while we agree with
the department's comment that our report does not include an
assessment of the viability of a 15-month deadline contained in
statute[Footnote 61] for the database's design, acquisition, and
implementation, we note that we told program officials during the
course of our review that such an assessment was not part of the scope
of our work because the 15-month deadline was a statutory requirement
rather than a DOD schedule-driven milestone.
In concurring with our recommendation to adequately assess the
program's overlap with related programs through architecture
compliance, the department stated that it acknowledges the benefits
derived from doing so. It added, however, that our report inaccurately
asserts that DOD has not complied with DOD guidance governing
architecture compliance by stating that a complete set of system-level
architecture products are not yet available to perform a thorough
architecture compliance assessment. In this regard, it stated that DOD
guidance does not call for the development of system-level
architecture products until the Technology Development Phase in the
Defense Acquisition System. We agree with the department's comment as
to the timing of system-level architecture products, which is why we
do not conclude that DOD has not assessed architecture compliance. As
stated in this report, architecture compliance is not a onetime event
but rather a determination that needs to be made at key junctures in a
system's acquisition life cycle. Thus, the intent of our statement and
our recommendation is to emphasize the importance of conducting
compliance activities once a complete set of system-level architecture
products is available.
In concurring with our recommendation to adequately justify investment
in the proposed database approach on the basis of reliable estimates
of life cycle costs and benefits, the department stated that it agreed
that the cost estimate in the existing business case does not account
for all life cycle costs and risks. However, it added that DOD
guidance does not require comprehensive cost estimates in the business
case and that the cost estimate in the business case was derived using
cost estimating best practices. While we agree that DOD guidance does
not explicitly state that business case cost estimates must be
comprehensive, both DOD guidance and OMB guidance state that these
cost estimates should include all costs over the system's life cycle,
which is a recognized best practice. Further, while the cost estimate
was derived in accordance with some cost estimating best practices,
such as estimating software costs with a parametric tool and relying
on the costs of analogous existing systems, it was not done in
accordance with others. For example, it was not risk adjusted. Further
the business case did not include a comparison of alternatives on the
basis of net present value.
In concurring with our recommendation to effectively develop and
manage system requirements, DOD noted that it has continued to work
with the military services in developing system requirements and that
its progress in doing so is much greater than our report states. It
also noted that since the database was legislated, Congress expanded
its annual sexual assault reporting requirements, which in turn
necessitated additional requirements development work with
stakeholders. Further, it stated that it will institute a Change
Control Board, which is a key requirements management control
mechanism, and is using a range of system life cycle management tools
that support requirements development and management. We support DOD's
continued efforts to work with stakeholders to further develop
requirements and capture them in a range of requirements documents, as
such efforts are consistent with our recommendation. Also consistent
with our recommendation are its plans to institute a Change Control
Board and use relevant requirements-related tools.
In concurring with our recommendation to adequately test system
capabilities, DOD stated that our report does not sufficiently
describe its efforts to develop a detailed test plan defining the
program's testing approach and strategy, including the entrance and
exit criteria for each testing phase. We agree that our report does
not cite the development of this plan because no such plan was
provided to us as part of the documentation set submitted for the
database's milestone acquisition approval, nor were we made aware of
the existence of such a plan. Moreover, program officials told us that
a test plan would be developed after the contractor was hired, and
DOD's comments on our draft report acknowledge that a final test plan
has yet to be created.
In concurring with our recommendation to effectively manage program
risks, DOD noted that our statement that risk management has yet to
begin is incorrect because key risks have been identified. We agree
that risk identification, which is the first step in risk management,
has begun, as our report recognizes. We also agree that the statement
in our draft report that risk management has yet to begin is not
consistent with its recognition of these risk identification efforts.
As a result, we have modified the report to note that many aspects of
risk management have yet to begin, which DOD also states in its
comments on our draft report.
The Coast Guard also concurred with our recommendations aimed at
improving the oversight, accountability, and execution of its sexual
assault prevention and response programs, including (1) establishing a
systematic process for collecting, documenting, and maintaining sexual
assault incidence data; (2) establishing quality control processes to
ensure that program information collected is valid and reliable; and
(3) establishing and administering a curriculum for all key program
personnel to ensure that they can provide proper advice to Coast Guard
personnel. In commenting on our draft report, the Coast Guard noted
that it has several initiatives underway to continue developing its
sexual assault prevention and response program. For example, the Coast
Guard stated that an electronic database to track sexual assault
reports is in the prototype development phase, and based on current
progress, it expects to complete the database in 2010. Further, the
Coast Guard noted that it has completed an assessment of workload
requirements and resource allocations for its Sexual Assault Response
Coordinators, and upon release of the final report, the Coast Guard
plans to review and analyze the recommendations and, as appropriate,
incorporate additional resource requirements into its annual budget
process. We commend the Coast Guard for the steps it has taken and its
plans for further developing its sexual assault prevention and
response program, and we encourage the service to continue taking
positive actions toward fully implementing our recommendations.
As agreed with your office, unless you publicly announce the contents
of this report earlier, we plan no further distribution until thirty
days from the report date. At that time, we will send copies to
interested members of Congress; the Secretaries of Defense, Homeland
Security, the Army, the Navy, and the Air Force; the Commandant of the
Marine Corps; and the Commandant of the Coast Guard. The report also
will be available at no charge on the GAO Web site at [hyperlink,
http://www.gao.gov].
If you or your staff have any questions concerning this report, please
contact Brenda Farrell at (202) 512-3604 or farrellb@gao.gov or
Randolph Hite at (202) 512-3439 or hiter@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. Key contributors to this report are
listed in appendix IV.
Sincerely yours,
Signed by:
Brenda S. Farrell:
Director, Defense Capabilities and Management:
Signed by:
Randolph C. Hite:
Director, Information Technology Architecture and Systems:
[End of section]
Appendix I: Scope and Methodology:
To determine the extent to which the Department of Defense (DOD) has
taken steps to address our previous recommendations in GAO-08-924
regarding programs to prevent and respond to sexual assault, we
reviewed relevant statutory requirements and obtained and analyzed
DOD's policies, guidance, and procedures for the prevention of and
response to sexual assault incidents. We also interviewed officials in
DOD, the Army, the Air Force, the Navy, the Marine Corps, and the
Defense Task Force on Sexual Assault in the Military Services to gain
a comprehensive understanding of their efforts to address our previous
recommendations. We also obtained and analyzed the Office of the
Secretary of Defense's (OSD) strategic plans and draft oversight
framework for the department's sexual assault prevention and response
efforts to determine whether they contained the elements necessary for
effective program implementation. In addition, we obtained and
analyzed DOD's annual reports to Congress on sexual assault in the
military services for fiscal years 2007 and 2008 to assess the extent
to which OSD addressed our recommendation to improve the usefulness of
DOD's annual report.
To determine the extent to which DOD has taken steps to address a
statutory requirement to establish a centralized, case-level sexual
assault incident database, we reviewed statutory provisions related to
DOD's process for collecting and maintaining sexual assault data. We
also interviewed DOD officials to obtain information on the
department's efforts to establish the database; reviewed documentation
related to database development; and compared this documentation to
relevant DOD, federal, GAO, and industry guidance.
To determine the extent to which the U.S. Coast Guard has taken steps
to address our previous recommendations regarding policies and
programs to prevent and respond to sexual assault, we identified
relevant legislative requirements and obtained and analyzed the Coast
Guard's policies, guidance, and procedures for the prevention of and
response to sexual assault incidents. We also interviewed Coast Guard
officials to gain a comprehensive understanding of their efforts to
address our previous recommendations. We also obtained and analyzed
the Coast Guard's action plan for sexual assault prevention and
response to determine the extent to which it consisted of the elements
that we recommended be included in an oversight framework.
We visited or contacted the following organizations during our review:
Department of Defense:
* Defense Task Force on Sexual Assault in the Military Services,
Alexandria, Virginia:
* Sexual Assault Prevention and Response Office, Arlington, Virginia:
* Office of the Assistant Secretary of Defense for Health Affairs,
Falls Church, Virginia:
- Defense Center of Excellence for Psychological Health and Traumatic
Brain Injury, Rosslyn, Virginia:
Office of the Chairman, Joint Chiefs of Staff:
* J-1, Manpower and Personnel, Washington, D.C.
Department of the Army:
* Sexual Harassment/Assault Response and Prevention Program Office,
Washington, D.C.
Department of the Air Force:
* Office of the Assistant Secretary (Manpower and Reserve Affairs),
Washington, D.C.
- Office of the Deputy Assistant Secretary (Force Management
Integration), Washington, D.C.
* Deputy Chief of Staff for Manpower, Personnel and Services,
Washington, D.C.
- Sexual Assault Prevention and Response Program Office, Washington,
D.C.
Department of the Navy:
* Sexual Assault Prevention and Response Office, Washington, D.C.
United States Marine Corps:
* Manpower and Reserve Affairs:
- Sexual Assault Prevention and Response Office, Quantico, Virginia:
U.S. Coast Guard:
* Health, Safety and Work-Life Directorate, Office of Work-Life,
Washington, D.C.
We conducted this performance audit from February 2009 through
February 2010 in accordance with generally accepted government
auditing standards. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a
reasonable basis for our findings and conclusions based on our audit
objectives.
[End of section]
Appendix II: Comments from the Department of Defense:
Office Of The Under Secretary Of Defense:
Personnel And Readiness:
4000 Defense Pentagon:
Washington, D.C. 20301-4000:
January 8, 2010:
Ms. Brenda S. Farrell:
Director, Defense Capabilities and Management:
U.S. Government Accountability Office:
441 G Street, N.W.
Washington, DC 20548:
Dear Ms. Farrell:
I appreciate the opportunity to respond to the General Accountability
Office's proposed report, Military Personnel: Additional Actions are
Needed to Strengthen DoD's and the Coast Guard's Sexual Assault
Prevention and Response Programs (GAO-10215). The attached comments
will pertain only to the sections identified for DoD action.
The report recognized the progress the Department has made in the few
months since the GAO published its prior report on the Sexual Assault
Prevention and Response (SAPR) Program in August 2008. As the GAO
noted in both this and the prior report, the Department has invested
considerable time, attention, and resources to assist victims, prevent
sexual assault, and implement this very important program.
The Department concurs with all GAO recommendations. We acknowledge that
this report comes only 16 months after the 2008 report on the same
topic was issued. Despite the very short time between reports, the
Department was able to fully implement four of the nine original
recommendations. Given sufficient time, the Department will
demonstrate further progress by implementing the remaining
recommendations.
Notwithstanding the Department's agreement with all recommendations,
the present report contains technical inaccuracies and misstatements
that improperly diminish the Department's considerable efforts to
implement the five remaining GAO recommendations. The attached
comments more comprehensively summarize the Department's work in these
areas.
There were 13 technical corrections noted by DoD, including the Air
Force and Navy, that were forwarded separately to the GAO staff.
Again, the opportunity to clarify the Department's progress is
appreciated. As you know, my point of contact is Kaye Whitley,
Director, SAPRO. She may be reached at 703-696-9422.
Sincerely,
Signed by:
Gail H. McGinn:
Deputy Under Secretary of Defense (Plans):
Performing the Duties of the Under Secretary of Defense (Personnel and
Readiness):
Enclosure: As stated:
[End of letter]
GAO Draft Report Dated December 8, 2009 GAO-10-215 (GAO Code 351324):
"Military Personnel: Additional Actions Are Needed To Strengthen DOD's
And The Coast Guard's Sexual Assault Prevention And Response Programs"
Department Of Defense Comments To The GAO Recommendations:
Introduction And Clarification:
The Department concurs with all GAO recommendations. Despite the
Department's agreement with all recommendations, the present report
contains technical inaccuracies and misstatements. The Department's
corrections are included in Tab B. However, the GAO Report text
indicates some confusion about the relationship between the three
documents mentioned here: Oversight Framework, DoD-Wide Strategic
Plan, and SAPRO Strategic Plan. As an initial clarification, the
unique role played by each document is laid out below:
Oversight Framework for Sexual Assault Prevention and Response:
Purpose: Lay out roadmap to institutionalize the oversight activity.
This document lays out the oversight process for the entire Department
to implement over a three-year timeframe, with SAPRO taking the lead
responsibility.
Department of Defense-Wide Sexual Assault Prevention and Response
Strategic Plan:
Purpose: Relate SAPRO and Service activities to the five DoD-wide
strategic SAPR priorities.
This document provides an overview of the connection between SAPRO and
Service goals and objectives and each of the five strategic SAPR
priorities.
OSD-SAPRO Strategic Plan:
Purpose: Connect detailed SAPRO-specific activities to DoD-wide SAPR
priorities.
Building off of the contents of the DoD-wide strategic plan, the SAPRO
strategic plan goes to the next level of detail needed for the office
to develop and track performance objectives.
The two strategic plans are considered "living documents" in that they
will be reviewed annually to consider modification. The Oversight
Framework will be implemented during the coming three years, with
progress toward the implementation tracked as part of the SAPRO
strategic plan.
Response To Recommendations:
Recommendation 1: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
strengthen OSD's oversight framework by identifying how the results of
performance assessments will be used to guide the development of
future program initiatives.
DOD Response:
Concur: As noted in the GAO Report, OSD and the Services have efforts
underway to measure the activities outlined in the DoD-wide strategic
plan as well as the SAPRO strategic plan. Once those measures and
performance objectives are clarified, SAPRO is reviewing several
different options for tracking progress against objectives. For
example, the Executive Secretariat uses an online tracking system to
follow performance objectives listed in the Personnel and Readiness
strategic plan as well as to track progress on mandates and
recommendations related to the Wounded, Ill and Injured. SAPRO is
considering the adoption of a similar system. Early in 2010, SAPRO
will have a plan in place for how SAPRO will track progress toward
performance objectives laid out in the DoD-wide strategic plan. The
system will allow for revisions to the tracked objectives as they may
need to be revised following an annual review. In addition, SAPRO will
develop a procedure to report back on progress toward objectives, and
any needed corrective steps.
Recommendation 2: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
strengthen OSD's oversight framework by identifying how OSD's program
resources correlate to its achievement of strategic program objectives.
DOD Response:
Concur: In the past, SAPRO has aligned its budget categories with the
broad categories of activities pursued by the Office. (The Services
separately budget for their implementation efforts.) With upcoming
budget cycles (starting with 2012), building off the new strategic
plan, SAPRO will align its budget categories with specific performance
objectives laid out in the plan. Spending plans for the year will
connect activities and resources, and periodic reviews will take place
to ensure these spending plans are tracking with the activities needed
to ensure achievement of performance objectives.
Recommendation 3: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
strengthen OSD's oversight framework by correlating its oversight
framework to the program's two strategic plans so that program
objectives, timelines, and strategies for achieving objectives are
synchronized.
DOD Response:
Concur: See response to Recommendation 1. The online tracking
procedure will allow SAPRO to coordinate the synchronization of
objectives, timelines, and strategies laid out in the DoD-wide
strategic plan and the SAPRO strategic plan.
As clarification, in referring to the Framework document, the GAO
report mentions "nine objective-like elements as 'future state
improvement opportunities.'" These framework elements are
intentionally not directly tied to the program objectives laid out in
the DoD-wide and SAPRO strategic plans. The elements are what will be
used as guides in forming and instituting the framework process. They
will not be tied to a timeframe laid out in the strategic plans; that
is, once in place, the elements will be enduring guidelines for how
oversight will be done. In contrast, the two strategic plans have
objectives-”tied to specific program needs--which will by definition
evolve over time as needed.
Recommendation 4: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
standardize the type, amount, and format of the data in military
services' existing report submissions. (p. 43/GAO Draft Report)
DOD Response:
Concur: DoD believes that comprehensive data collection and analysis
is vital to policy analysis and program implementation. DoD also
agrees that achieving uniformity among the Services for all required
data elements will greatly enhance its oversight capabilities, and is
poised to continue the cross-Service data standardization process. DoD
currently requires the Services to use the newly-established case
disposition data definitions in their collection and reporting of SAPR
data, and is providing technical assistance as needed to increase the
reliability of the provided data. The FY09 Annual Report Data Call
also required these additional data points to be provided to DoD in
support of its Annual Report to Congress on Sexual Assault in the
Military. DoD revised its FY09 Data Call to include standardized
program report templates, which will enable SAPRO to more effectively
analyze the Services' reports and increase the amount of comparable
information they contain. The FY09 Data Call also provided revised and
standardized quantitative data collection templates that include the
new disposition data definitions agreed to by SAPRO and the Services,
as well as a refined reporting matrix for case synopses that more
clearly defines the data that they must provide and the format they
must use. SAPRO is also officially requiring that Service data and
information should only be reported to SAPRO after the Services
coordinate with their respective Judge Advocate General for
verification, completeness and explanations, as appropriate.
Achieving complete data uniformity among the Services for all reported
information will greatly enhance DoD's oversight capabilities, and
this comprehensive data element linkage process will ultimately be
accomplished through the development of the Defense Sexual Assault
Incident Database. In support of this Department-wide initiative,
SAPRO has conferred with DoD IG on the need to define remaining
investigative process terms to ensure data uniformity across the
Services as currently provided in existing report submissions and as
reported through DSAID in the future.
Recommendation 5: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including developing
a reliable integrated master schedule that addresses the nine key
practices discussed in the report. (p. 44/GAO Draft Report)
DOD Response:
Concur: The Department is committed to the timely and lawful
development of the Defense Sexual Assault Incident Database (DSAID).
The Department will follow the proffered GAO guidance and prioritize
the development of a reliable, integrated master schedule for the
Defense Sexual Assault Incident Database (DSAID) deployment. The first
practice the GAO associates with developing and maintaining a reliable
schedule is "capturing all key activities." As noted in the report,
the Department has made efforts to develop schedules to capture
broader scope key activities that support individual policy,
requirements, and acquisition tasks with available information.
Unfortunately, the Department cannot capture key activities or even
estimate a timeframe for identifying key activities associated with
development and implementation without the assistance of the system
developer. While GAO guidance identifies estimation methods, only the
developer will know the steps and time required to adapt their
proprietary materials to meet DSAID system requirements and
functionality. At this time, the goal of schedule reliability cannot
be attained without the developer's assistance. The Request for
Proposal for a DSAID developer is scheduled for release early in the
second quarter of FY10. This process is constrained by Federal
contracting law[Footnote 62] and cannot be further expedited. Through
the acquisition process, the Department has been able to validate the
system deployment steps cited in the GAO report (p 28). However,
contracting specialists have advised that, again, only the developer
can ascribe a time and order to those steps. Notably missing from the
GAO report was an assessment of the viability of a fifteen-month
deadline for data system design, acquisition and implementation that
takes into account the GAO's thorough planning guidance, Departmental
policy requirements, and Federal contracting law. A complete DSAID
integrated master schedule will be created once a contract for
development is awarded and a technical solution is identified. This
schedule will not only integrate GAO guidance but also leverage the
technical expertise of the developer.
Recommendation 6: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including adequately
assessing the program's overlap with and duplication of related
programs through architecture compliance.
DOD Response:
Concur: The Department acknowledges the benefits derived from
assessing DSAID's integration with extant DoD systems. As noted by the
GAO, "...architecture compliance is not a "one time" event but rather
a determination that needs to be made at key junctures in a system's
acquisition life cycle." In the Department, these "key junctures" are
known as Milestone A (entry into the Technology Development Phase)
Milestone B (entry into the Engineering and Manufacturing Development
Phase also known as "Program Initiation",), and Milestone C (entry
into the Production and Deployment Phase). As documented by the GAO,
DSAID obtained Milestone A approval in July 2009. The OV-1, High Level
Operational Concept Graphic, OV-5a, Operational Activity Model, and SV-
4, Systems Functionality Description, constitute the three enterprise
architecture documents required for Milestone A approval. These three
documents were included in the approved package.
The GAO further notes, "...a complete set of system-level architecture
products needed to perform a thorough and meaningful compliance
assessment are not yet available." As written, this statement
inaccurately asserts that the Department has somehow failed to comply
with enterprise architecture requirements. This is not the case.
According to DoD Instruction 5000.02, Operation of Defense Acquisition
System, the "system-level" enterprise architecture products desired by
GAO are developed during the Technology Development Phase and are
required for a favorable Milestone B approval. The Department is
currently evaluating DSAID's placement in its architecture and is
producing the documentation required for Milestone B approval. The GAO
is welcome to review all future architecture documents once the
Milestone Decision Authority approves them.
Recommendation 7: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including adequately
justifying investment in the proposed approach on the basis of
reliable estimates of life-cycle costs and benefits.
DOD Response:
Concur: The Department agrees and must justify its investment in the
proposed approach for DSAID as part of the acquisition process.
In the report, GAO notes, "DOD developed a business case for the
database in June 2009...and this business case includes a program cost
estimate of $12.6 million. However, the cost estimate is not reliable
because it was not derived in accordance with the best practices
identified in relevant cost estimating guidance. For example, it does
not include all costs over the system's life-cycle, and it has not
been adjusted to account for program risks." The Department agrees
that the cost estimate in the business case did not account for all
life-cycle costs and risks. However, DoD Instruction 5000.02,
Operation of Defense Acquisition System, does not require
comprehensive cost estimates in the business case.
The Department contends that best practices in cost estimation were
indeed used to produce the cost estimate in the business case
submitted for Milestone A. The cost estimate relied on vendor input,
the costs of analogous existing systems, and SEER for Software (SEER-
SEMTm) by Galorath Incorporated. It was through the SEER-SEMTm
software that the GAO Cost Estimating and Assessment Guidelines were
applied in the development of the cost estimate. Moreover, Dan
Galorath, of Galorath Incorporated was an expert used in developing
the GAO Cost Estimate and Assessment Guide.[Footnote 63] The
Department of Defense Manual on Cost Analysis Guidance and Procedures
and the Society of Cost Estimating and Analysis' principles were also
used in the development of the cost estimate.
The GAO Report further states, "OSD officials told us that they intend
to develop a reliable cost estimate once the development contract is
awarded." While this is an accurate statement, it does not capture the
work accomplished to date to satisfy the requirements of the
acquisition process. Since the cost estimate was developed for
Milestone A, the cost estimate was updated to facilitate assessment of
proposals from prospective developers. Cost estimates have been
refined to include risk, additional Congressional requirements,
Operations and Maintenance (O&M), and testing. However, full O&M costs
cannot be estimated until a technical solution is selected.
Recommendation 8: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including
effectively developing and managing system requirements.
DOD Response:
Concur: The Department agrees that a Requirements Management Plan is a
best practice[Footnote 64] that has been employed in DSAID
development. As acknowledged in the report, the Department has "begun
to take steps to engage users in the development of requirements for
DSAID." However, Department progress in this area is much greater than
what is inferred in the report. GAO's summary did not capture that the
Department has continued work with the Army, Marine Corps, Navy, Air
Force, and National Guard to develop system requirements.
Specifically, the Department has completed development of data element
requirements/attributes, usage, and definitions for a comprehensive
DSAID baseline covering Victim Case Management; Incident information;
Subject Demographics; Subject Disposition; and SAPR Program
Administration data. This information is captured in the following
documents:
Requirements Package Overview and Supplemental Requirements;
* Use Case Models and Use Case documents;
* Report and Ad-Hoc Queries Specification;
* Air Force Systems Interface Mapping Data;
* Army Systems Interface Mapping Data; and;
* Department of Navy Systems Interface Mapping Data.
Additionally, interface mapping activities have been completed for the
Air Force and National Guard and considerable progress has been made
with the Army, Marine Corps and the Navy.
It should be noted that since the database was legislated, Congress
expanded its annual reporting requirements, necessitating additional
work with stakeholders. Once these high-level system requirements are
baselined, the Department will institute a Change Control Board (CCB)
to manage emerging DSAID requirements to ensure they are appropriately
addressed. In addition, the requirements and development efforts are
being managed within a suite of tools that provide consistency in
products and allow for better control of requested changes to baseline
requirements and/or system development. Specifically, the tools
provide:
* life cycle management and control of software development assets;
* tracking of defects and changes;
* centralized control of test activity management, execution, and
reporting; and;
* management of the requirements and documentation of the software
development process from start to finish.
Recommendation 9: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including adequately
testing system capabilities.
DOD Response:
Concur: However, the GAO's synopsis does not sufficiently describe the
Department's progress in this area and omitted mention of the detailed
test plan developed as a part of the documentation for Milestone A.
This test plan identifies how the incremental functional requirements
are to be tested, prior to and post release. The plan also defines the
testing approach and strategy, including the entrance and exit
criteria for each testing phase. Additionally, the plan outlines
additional testing cycles to address changes required by the
identified DSAID technical solution.
Throughout the development and implementation of DSAID, many types of
testing will be conducted, to include Systems Interface Testing (SIT),
Unit Testing, Integration Testing, System Testing, Regression Testing,
User Acceptance Testing (UAT), and Performance Testing. All testing
will ensure baseline requirements are met, intended business functions
are captured, and that data is properly interfaced with existing
Service systems.
In addition to the DSAID Test Plan created for Milestone A, a final
testing plan with an independent tester will be created for Milestone
B in accordance with DoD Directive 5000.02, Operation of Defense
Acquisition System. The Department will work with the developer once
selected to define how it will document and provide results.
Throughout the process, all testing documents will be refined at key
junctures to ensure all issues are addressed. The DSAID Test Plan will
provide the framework through which SAPRO and the developer will
evaluate whether the functionality delivered meets the requirements as
described in the requirements documentation. The developer will also
be required to conduct regression testing of the system to validate
that new requirements do not pose any adverse impact to current
functionality.
RECOMMENDATION 10: The GAO recommends that the Secretary of Defense
direct the Under Secretary of Defense for Personnel and Readiness to
ensure that the development and implementation of the Defense Sexual
Assault Incident Database includes adherence to key system development
and acquisition management processes and controls including
effectively managing program risks. (p. 44/GAO Draft Report)
DOD Response:
Concur: However, the GAO report comment that DSAID "...risk management
has yet to begin..." is incorrect. According to the GAO recommended
resource,[Footnote 65] the first step in risk management is "Risk
Identification." The Department has identified a number of risks
associated with DSAID, has incorporated them in to its Risk
Communications Strategy, and has conveyed those risks to targeted
stakeholders. The Department's DSAID briefing to GAO and other
stakeholders included these risks. The GAO's ability to accurately
incorporate five of these risks into its report on pages 34 and 35 is
evidence itself that the initial step in risk management has begun.
However, the Department acknowledges that there are many steps
remaining in Risk Management that must be addressed. The Department
will apply the approach recommended in the Risk Management Guide for
DOD Acquisition,[Footnote 66] which identifies that management is a
continuous process that is accomplished throughout DSAID's life cycle.
The risk management strategy will make certain that task requirements
are executed with proper mitigation of technical, operational, and
management risks. It will employ a consistent, five step approach to
identify, analyze, plan, act, and monitor and learn about real and
potential risks to ensure improved and sustained product delivery.
[End of section]
Appendix III: Comments from the U.S. Coast Guard:
U.S. Department of Homeland Security:
Washington, DC 20528:
January 6, 2010:
Ms. Brenda S. Farrell:
Director, Defense Capabilities and Management:
U.S. Government Accountability Office:
441 G St., N.W.
Washington, D.C. 20548:
Dear Ms. Farrell:
Thank you for the opportunity to review and provide comments on the
Government Accountability Office's (GAO) draft report titled, Military
Personnel: Additional Actions Are Needed to Strengthen DOD's and the
Coast Guard's Sexual Assault Prevention and Response Programs (GA0-10-
215).
The Department of Homeland Security (DHS) has reviewed the referenced
report and concurs with the recommendations. We would like to note
that the United States Coast Guard (USCG) continues to make progress
in the development of its Sexual Assault Prevention and Response
Program. USCG-specific Sexual Assault Response Coordinator (SARC)
training for all personnel performing SARC duties, including Employee
Assistance Program Coordinators (EAPC) and Family Advocacy
Specialists, is scheduled for May 2010.
Victim Advocate Training also continues throughout the USCG, with
several more sessions scheduled for 2010. A Work-Life Information
System (an electronic database designed to help track sexual assault
reports) is in the prototype development phase and current progress
suggests that it should be completed within 2010. A Manpower
Requirements Analysis on the EAPCs has been completed, and the final
report is expected to be released in early 2010. Initial review of the
data suggests that additional EAPCs may be needed. Upon release of a
final report, the USCG will carefully review and analyze all
recommendations. Requests for additional resource requirements will be
submitted, as appropriate, for review as part of the USCG's annual
budget build process.
Thank you for the opportunity to review and provide comments to the
draft report and we look forward to working with you on future
homeland security issues.
Sincerely,
Signed by:
Jerald E. Levine:
Director:
Audit Liaison:
[End of section]
Appendix IV: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Brenda S. Farrell, (202) 512-3604 or farrellb@gao.gov:
Randolph C. Hite, (202) 512-3439 or hiter@gao.gov:
Acknowledgments:
In addition to the contacts named above, key contributors to this
report include Marilyn K. Wasleski, Assistant Director; Neelaxi
Lakhmani, Assistant Director; Divya Bali; Stacy Bennett; Steve
Caldwell; Elizabeth Curda; Matt Dove; K. Nicole Harms; Jim Houtz; Ron
La Due Lake; Kim Mayo; Geoffrey Peck; Adam Vodraska; and Cheryl A.
Weissman.
[End of section]
Footnotes:
[1] In fiscal year 2008, DOD reported 2,908 alleged incidents of
sexual assault involving military servicemembers, and the Coast Guard
reported 84. However, data on the reported alleged sexual assault
incidents in DOD and the Coast Guard are imprecise representations of
the extent to which sexual assault is occurring in the military
services because they may include incidents that occurred before a
victim's military service began or before fiscal year 2008.
Furthermore, these data are reported regardless of the final outcome
and therefore some of these reports may turn out to be
unsubstantiated. The military services' fiscal year 2009 sexual
assault incident data were not included in our report because they
will not be published by DOD until March 15, 2010.
[2] GAO, Military Personnel: DOD's and the Coast Guard's Sexual
Assault Prevention and Response Programs Face Implementation and
Oversight Challenges, [hyperlink,
http://www.gao.gov/products/GAO-08-924] (Washington, D.C.: Aug. 29,
2008).
[3] Pub. L. No. 108-375, § 577 (2004).
[4] GAO, Military Personnel: The DOD and Coast Guard Academies Have
Taken Steps to Address Incidents of Sexual Harassment and Assault, but
Greater Federal Oversight Is Needed, [hyperlink,
http://www.gao.gov/products/GAO-08-296] (Washington, D.C.: Jan.17,
2008).
[5] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[6] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[7] GAO, Military Personnel: Preliminary Observations on DOD's and the
Coast Guard's Sexual Assault Prevention and Response Programs,
[hyperlink, http://www.gao.gov/products/GAO-08-1013T] (Washington,
D.C.: July 31, 2008).
[8] GAO, Military Personnel: Actions Needed to Strengthen
Implementation and Oversight of DOD's and the Coast Guard's Sexual
Assault Prevention and Response Programs, [hyperlink,
http://www.gao.gov/products/GAO-08-1146T] (Washington, D.C.: Sept. 10,
2008).
[9] Pub. L. No. 110-417, § 563 (2008).
[10] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[11] GAO, Managing for Results: Agency Progress in Linking Performance
Plans With Budgets and Financial Statements, [hyperlink,
http://www.gao.gov/products/GAO-02-236] (Washington, D.C.: Jan. 4,
2002).
[12] Pub. L. No. 110-417, § 563 (2008).
[13] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[14] Pub. L. No. 108-375, § 577 (2004).
[15] In February 2004, the Secretary of Defense directed the Under
Secretary of Defense for Personnel and Readiness to undertake a 90-day
review to assess sexual assault policies and programs in DOD and the
services and recommend changes to increase prevention, promote
reporting, enhance the quality of support provided to victims
especially within combat theaters, and improve accountability for
offender actions. Among the recommendations of the task force was that
DOD establish a single point of accountability for all sexual assault
policy matters within the department.
[16] Department of Defense Directive 6495.01, Sexual Assault
Prevention and Response (SAPR) Program (Oct. 6, 2005), as updated by
subsequent changes.
[17] Department of Defense Instruction 6495.02, Sexual Assault
Prevention and Response Program Procedures (June 23, 2006), as updated
by subsequent changes.
[18] Pub. L. No. 110-417, § 563 (2008).
[19] This responsibility does not include responsibility for legal
processes provided under the Uniform Code of Military Justice and
Manual for Courts-Martial and criminal investigative policy matters
that are assigned to the judge advocates general of the military
services and DOD's Inspector General, respectively.
[20] Department of Defense Instruction 6495.02, Sexual Assault
Prevention and Response Program Procedures (Jun. 23, 2006).
[21] U.S. Coast Guard Commandant Instruction 1754.10D, Sexual Assault
Prevention and Response (SAPR) Program (Jan. 16, 2009).
[22] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[23] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[24] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[25] Memorandum for the Director, Joint Staff (J-1), Sexual Assault
Prevention and Response Guidance for Joint Publications (Apr. 7, 2009).
[26] Section 576 of the Ronald W. Reagan National Defense
Authorization Act for Fiscal Year 2005 directed the task force to
conduct an examination of matters relating to sexual assault in cases
involving members of the Armed Forces, and required the task force to
submit a report not later than 1 year after initiation of its
examination. Section 566 of the National Defense Authorization Act for
Fiscal Year 2010, Pub. L. No. 111-84 (2009), amended the previous
statute and provided a deadline of no later than December 1, 2009. The
Report of the Defense Task Force on Sexual Assault in the Military
Services was released on December 1, 2009.
[27] GAO, The Results Act: An Evaluator's Guide to Assessing Agency
Annual Performance Plans, [hyperlink,
http://www.gao.gov/products/GAO/GGD-10.1.20] (Washington, D.C.: April
1998); Managing for Results: Critical Issues for Improving Federal
Agencies' Strategic Plans, [hyperlink,
http://www.gao.gov/products/GAO/GGD-97-180] (Washington, D.C.: Sept.
16, 1997); and [hyperlink, http://www.gao.gov/products/GAO-08-924].
[28] GAO, Managing for Results: Enhancing Agency Use of Performance
Information for Management Decision Making, [hyperlink,
http://www.gao.gov/products/GAO-05-927] (Washington, D.C.: Sept. 9,
2005).
[29] [hyperlink, http://www.gao.gov/products/GAO/GGD-10.1.20].
[30] [hyperlink, http://www.gao.gov/products/GAO-02-236].
[31] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[32] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[33] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[34] GAO, Agency Performance Plans: Examples of Practices That Can
Improve Usefulness to Decisionmakers, [hyperlink,
http://www.gao.gov/products/GAO/GGD/AIMD-99-69] (Washington, D.C.:
Feb. 26, 1999).
[35] GAO, Managing for Results: Barriers to Interagency Coordination,
[hyperlink, http://www.gao.gov/products/GAO/GGD-00-106] (Washington,
D.C.: Mar. 29, 2000).
[36] Pub. L. No. 110-417, § 563 (2008).
[37] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for
Developing and Managing Capital Program Costs, [hyperlink,
http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009).
[38] According to Department of Defense Directive 5000.01, The Defense
Acquisition System (May 12, 2003), a milestone decision authority
(MDA) is the designated individual with overall responsibility for the
program. The MDA has the authority to approve entry of an acquisition
program into the next phase of the acquisition, including approving
the program to proceed through its acquisition cycle on the basis of,
for example, the acquisition plan, an economic analysis, and the
Acquisition Program Baseline.
[39] Department of Defense Instruction 5000.02, Operation of the
Defense Acquisition System (Dec. 8, 2008), establishes a simplified
and flexible management framework for translating capability needs and
technology opportunities into stable, affordable, and well-managed
acquisition programs. The system consists of five key program life
cycle phases and three related milestone decision points--(1) Materiel
Solution Analysis (previously Concept Refinement), followed by
Milestone A; (2) Technology Development, followed by Milestone B; (3)
Engineering and Manufacturing Development (previously System
Development and Demonstration), followed by Milestone C; (4)
Production and Deployment; and (5) Operations and Support.
[40] See, for example, Department of Defense Instruction 5000.02,
Operation of the Defense Acquisition System; Institute of Electrical
and Electronics Engineers, Standard 1012-2004 for Software
Verification and Validation (New York: June 8, 2005); and [hyperlink,
http://www.gao.gov/products/GAO-09-3SP].
[41] Department of Defense Architecture Framework, Version 1.5, Volume
1 (April 2007); GAO, Information Technology: A Framework for Assessing
and Improving Enterprise Architecture Management (Version 1.1),
[hyperlink, http://www.gao.gov/products/GAO-03-584G] (Washington,
D.C.: April 2003); Chief Information Officers Council, A Practical
Guide to Federal Enterprise Architecture, Version 1.0 (February 2001);
and Institute of Electrical and Electronics Engineers (IEEE), Standard
for Recommended Practice for Architectural Description of Software-
Intensive Systems 1471-2000 (Sept. 21, 2000).
[42] A well-defined enterprise architecture provides a clear and
comprehensive picture of an entity, whether it is an organization
(e.g., a federal department) or a functional or mission area that cuts
across more than one organization (e.g., personnel management). This
picture consists of snapshots of both the enterprise's current, or "as
is," environment and its target or "to be" environment, as well as a
capital investment road map for transitioning from the current to the
target environment. These snapshots consist of integrated "views,"
which are one or more architecture products that describe, for
example, the enterprise's business processes and rules; information
needs and flows among functions, supporting systems, services, and
applications; and data and technical standards and structures.
[43] See, for example, GAO, Information Technology: FBI Is Taking
Steps to Develop an Enterprise Architecture, but Much Remains to Be
Accomplished, [hyperlink, http://www.gao.gov/products/GAO-05-363]
(Washington, D.C.: Sept. 9, 2005); Homeland Security: Efforts Under
Way to Develop Enterprise Architecture, but Much Work Remains,
[hyperlink, http://www.gao.gov/products/GAO-04-777] (Washington, D.C.:
Aug. 6, 2004); Information Technology: Architecture Needed to Guide
NASA's Financial Management Modernization, [hyperlink,
http://www.gao.gov/products/GAO-04-43] (Washington, D.C.: Nov.21,
2003); and DOD Business Systems Modernization: Important Progress Made
to Develop Business Enterprise Architecture, but Much Work Remains,
[hyperlink, http://www.gao.gov/products/GAO-03-1018] (Washington,
D.C.: Sept. 19, 2003).
[44] GAO, DOD Business System Modernization: Key Navy Programs'
Compliance with DOD's Federated Business Enterprise Architecture Needs
to Be Adequately Demonstrated, [hyperlink,
http://www.gao.gov/products/GAO-08-972] (Washington, D.C.: Aug. 7,
2008).
[45] Office of Management and Budget, Circular A-11, Preparation,
Submission, and Execution of the Budget (Washington, D.C., Executive
Office of the President, August 2009), and Capital Programming Guide:
Supplement to Office of Management and Budget, Circular A-11, Part 7,
Preparation, Submission, and Execution of the Budget (Washington,
D.C., Executive Office of the President, June 2006).
[46] Office of Management and Budget, Circular A-94, Guidelines and
Discount Rates for Benefit-Cost Analysis of Federal Programs
(Washington, D.C., Executive Office of the President, Oct. 29, 1992),
defines "life cycle cost" as "the overall estimated cost for a
particular program alternative over the time period corresponding to
the life of the program, including direct and indirect initial costs
plus any periodic or continuing costs of operation and maintenance."
[47] [hyperlink, http://www.gao.gov/products/GAO-09-3SP].
[48] Office of Management and Budget, Circular A-94, Guidelines and
Discount Rates for Benefits-Cost Analysis of Federal Programs, and
Circular A-11, Part 7, Planning, Budgeting, Acquisition and Management
of Capital Assets (Washington, D.C., November 2009).
[49] The Capability Maturity Model® Integration for Development,
developed by the Software Engineering Institute of Carnegie Mellon
University, defines key practices that are recognized hallmarks for
successful organizations that if effectively implemented, can greatly
increase the chances of successfully developing and acquiring software
and systems. Carnegie Mellon University, Software Engineering
Institute, Capability Maturity Model® Integration for Development,
Version 1.2 (Pittsburgh, August 2006).
[50] See, for example, Department of Defense Instruction 5000.02,
Operation of the Defense Acquisition System; Defense Acquisition
University, Test and Evaluation Management Guide; Institute of
Electrical and Electronics Engineers, Standard 1012-2004 for Software
Verification and Validation; and Carnegie Mellon University, Software
Engineering Institute, Capability Maturity Model Integration for
Acquisition, Version 1.2, CMU/SEI-2007-TR-017(Pittsburgh, November
2007).
[51] Department of Defense, Risk Management Guide for DOD Acquisition,
6th Edition, Version 1.0, [hyperlink,
http://www.acq.osd.mil/sse/ed/docs/2006-RM-Guide-4Aug06-final-
version.pdf] (accessed Nov. 27, 2009), and Carnegie Mellon University,
Software Engineering Institute, CMMI for Acquisition, Version 1.2.
[52] The Department of the Air Force stated that to date, it has not
identified any expected limitations for providing data from other
systems or expressed any concerns about competing priorities.
[53] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[54] U.S. Coast Guard Commandant Instruction 1754.10D, Sexual Assault
Prevention and Response (SAPR) Program (Jan. 16, 2009).
[55] GAO, Results-Oriented Cultures: Implementation Steps to Assist
Mergers and Organizational Transformations, [hyperlink,
http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2,
2003).
[56] [hyperlink, http://www.gao.gov/products/GAO-08-924].
[57] [hyperlink, http://www.gao.gov/products/GAO-02-236].
[58] The Coast Guard's instruction specifically charges the Sexual
Assault Prevention and Response Program Manager with establishing the
reporting system, and specifically charges the Employee Assistance
Program Coordinator/Sexual Assault Response Coordinator with
maintaining records to identify victims and track services provided.
[59] GAO, Executive Guide: Effectively Implementing the Government
Performance and Results Act, [hyperlink,
http://www.gao.gov/products/GAO/GGD-96-118] (Washington, D.C.: June
1996).
[60] [hyperlink, http://www.gao.gov/products/GAO/GGD-96-118].
[61] Pub. L. No. 110-417, § 563 (2008).
[62] Federal Acquisition Regulation (FAR) and The Competition in
Contracting Act of 1984 (CICA), 41 U.S.C. 253.
[63] p. 324, GAO Cost Estimate and Assessment Guide.
[64] Office of Management and Budget Circular A-94, Guidelines and
Discount Rates for Benefits-Cost Analysis of Federal Programs
Washington, D.C.: Oct 29, 1992; Office of Management and Budget
Circular A-11, part 7, Planning, Budgeting, Acquisition and Management
of Capital Assets (Washington, D.C.: Nov 2009).
[65] Department of Defense, Risk Management Guide for DOD Acquisition,
6th Edition, Version 1.0, pg 7.
[66] Ibid.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
