Enterprise Architecture
Leadership Remains Key to Establishing and Leveraging Architectures for Organizational Transformation
Gao ID: GAO-06-831 August 14, 2006
A well-defined enterprise architecture is an essential tool for leveraging information technology (IT) to transform business and mission operations. GAO's experience has shown that attempting to modernize and evolve IT environments without an architecture to guide and constrain investments results in operations and systems that are duplicative, not well integrated, costly to maintain, and ineffective in supporting mission goals. In light of the importance of enterprise architectures, GAO developed a five stage architecture management maturity framework that defines what needs to be done to effectively manage an architecture program. Under GAO's framework, a fully mature architecture program is one that satisfies all elements of all stages of the framework. As agreed, GAO's objective was to determine the status of major federal department and agency enterprise architecture efforts.
The state of the enterprise architecture programs at the 27 major federal departments and agencies is mixed, with several having very immature programs, several having more mature programs, and most being somewhere in between. Collectively, the majority of these architecture efforts can be viewed as a work-in-progress with much remaining to be accomplished before the federal government as a whole fully realizes their transformational value. More specifically, seven architecture programs have advanced beyond the initial stage of the GAO framework, meaning that they have fully satisfied all core elements associated with the framework's second stage (establishing the management foundation for developing, using, and maintaining the architecture). Of these seven, three have also fully satisfied all the core elements associated with the third stage (developing the architecture). None have fully satisfied all of the core elements associated with the fourth (completing the architecture) and fifth (leveraging the architecture for organizational change) stages. Nevertheless, most have fully satisfied a number of the core elements across the stages higher than the stage in which they have met all core elements, with all 27 collectively satisfying about 80, 78, 61, and 52 percent of the stage two through five core elements, respectively. Further, most have partially satisfied additional elements across all the stages, and seven need to fully satisfy five or fewer elements to achieve the fifth stage. The key to these departments and agencies building upon their current status, and ultimately realizing the benefits that they cited architectures providing, is sustained executive leadership, as virtually all the challenges that they reported can be addressed by such leadership. Examples of the challenges are organizational parochialism and cultural resistance, adequate resources (human capital and funding), and top management understanding; examples of benefits cited are better information sharing, consolidation, improved productivity, and reduced costs.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
GAO-06-831, Enterprise Architecture: Leadership Remains Key to Establishing and Leveraging Architectures for Organizational Transformation
This is the accessible text file for GAO report number GAO-06-831
entitled 'Enterprise Architecture: Leadership Remains Key to
Establishing and Leveraging Architectures for Organizational
Transformation' which was released on September 12, 2006.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Committee on Government Reform, House of
Representatives:
August 2006:
Enterprise Architecture:
Leadership Remains Key to Establishing and Leveraging Architectures for
Organizational Transformation:
GAO-06-831:
GAO Highlights:
Highlights of GAO-06-831, a report to the Chairman, Committee on
Government Reform, House of Representatives
Why GAO Did This Study:
A well-defined enterprise architecture is an essential tool for
leveraging information technology (IT) to transform business and
mission operations. GAO‘s experience has shown that attempting to
modernize and evolve IT environments without an architecture to guide
and constrain investments results in operations and systems that are
duplicative, not well integrated, costly to maintain, and ineffective
in supporting mission goals. In light of the importance of enterprise
architectures, GAO developed a five stage architecture management
maturity framework that defines what needs to be done to effectively
manage an architecture program. Under GAO‘s framework, a fully mature
architecture program is one that satisfies all elements of all stages
of the framework. As agreed, GAO‘s objective was to determine the
status of major federal department and agency enterprise architecture
efforts.
What GAO Found:
The state of the enterprise architecture programs at the 27 major
federal departments and agencies is mixed, with several having very
immature programs, several having more mature programs, and most being
somewhere in between. Collectively, the majority of these architecture
efforts can be viewed as a work-in-progress with much remaining to be
accomplished before the federal government as a whole fully realizes
their transformational value. More specifically, seven architecture
programs have advanced beyond the initial stage of the GAO framework,
meaning that they have fully satisfied all core elements associated
with the framework‘s second stage (establishing the management
foundation for developing, using, and maintaining the architecture). Of
these seven, three have also fully satisfied all the core elements
associated with the third stage (developing the architecture). None
have fully satisfied all of the core elements associated with the
fourth (completing the architecture) and fifth (leveraging the
architecture for organizational change) stages. Nevertheless, most have
fully satisfied a number of the core elements across the stages higher
than the stage in which they have met all core elements, with all 27
collectively satisfying about 80, 78, 61, and 52 percent of the stage
two through five core elements, respectively (see figure). Further,
most have partially satisfied additional elements across all the
stages, and seven need to fully satisfy five or fewer elements to
achieve the fifth stage.
The key to these departments and agencies building upon their current
status, and ultimately realizing the benefits that they cited
architectures providing, is sustained executive leadership, as
virtually all the challenges that they reported can be addressed by
such leadership. Examples of the challenges are organizational
parochialism and cultural resistance, adequate resources (human capital
and funding), and top management understanding; examples of benefits
cited are better information sharing, consolidation, improved
productivity, and reduced costs.
Figure: Percentage of Framework Elements Collectively Satisfied by All
Departments and Agencies in Each Stage:
[See PDF for Image]
Source: GAO analysis of department/agency data.
Note: There are no framework elements in stage 1.
[End of Figure]
What GAO Recommends:
To increase the maturity of federal enterprise architecture efforts,
GAO is making a recommendation to each department and agency aimed at
improving their respective architecture programs. In commenting on a
draft of this report, all but one department fully agreed with its
recommendation and all but six departments and agencies fully agreed
with our findings about its program. Two departments did not comment.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-831].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Randolph C. Hite at (202)
512-3439 or hiter@gao.gov.
[End of Section]
Contents:
Letter:
Results in Brief:
Background:
Overall State of Enterprise Architecture Management Is a Work-in-
Progress, Although a Few Agencies Have Largely Satisfied Our Framework:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendixes:
Appendix I: Reported Enterprise Architecture Costs Vary, with
Contractors and Personnel Accounting for Most Costs:
Appendix II: Departments and Agencies Reported Experiences with Their
Architecture Tools and Frameworks:
Appendix III: Objective, Scope, and Methodology:
Appendix IV: Detailed Assessments of Individual Departments and
Agencies against Our EA Management Maturity Framework:
Appendix V: Comments from the Department of Commerce:
Appendix VI: Comments from the Department of Defense:
GAO Comments:
Appendix VII: Comments from the Department of Education:
Appendix VIII: Comments from the Department of Energy:
Appendix IX: Comments from the Department of Homeland Security:
GAO Comments:
Appendix X: Comments from the Department of Housing and Urban
Development:
Appendix XI: Comments from the Department of the Interior:
Appendix XII: Comments from the Department of Justice:
GAO Comments:
Appendix XIII: Comments from the Department of State:
GAO Comments:
Appendix XIV: Comments from the Department of the Treasury:
Appendix XV: Comments from the Department Veterans Affairs:
Appendix XVI: Comments from the Environmental Protection Agency:
GAO Comments:
Appendix XVII: Comments from the General Services Administration:
Appendix XVIII: Comments from the National Aeronautics and Space
Administration
Appendix XIX: Comments from the Social Security Administration:
GAO Comments:
Appendix XX: Comments from the U.S. Agency for International
Development:
Appendix XXI: GAO Contact and Staff Acknowledgements:
Tables:
Table 1: Federal Enterprise Architecture Reference Models:
Table 2: OMB Enterprise Architecture Assessment Framework Capability
Areas:
Table 3: Summary of EAMMF Version 1.1: Core Elements Categorized by
Group:
Table 4: Maturity Stage of Major Department and Agency Enterprise
Architecture Programs:
Table 5: Percent of Framework Elements Satisfied by Department and
Agency Architecture Programs within Each Maturity Stage:
Table 6: Departments and Agencies That Need to Satisfy 5 or Fewer Core
Elements to Achieve Stage 5:
Table 7: Degree to Which Departments and Agencies Are Experiencing
Enterprise Architecture Challenges:
Table 8: Enterprise Architecture Benefits Reported As Being or To Be
Achieved to a Significant Extent:
Table 9: Department and Agency Reported Satisfaction with Tools:
Table 10: Department and Agency Framework Satisfaction Levels:
Table 11: List of Architecture Programs Included in this Report:
Table 12: Stage 2 Evaluation Criteria:
Table 13: Stage 3 Evaluation Criteria:
Table 14: Stage 4 Evaluation Criteria:
Table 15: Stage 5 Evaluation Criteria:
Table 16: Department of Agriculture Satisfaction of EAMMF:
Table 17: Department of the Air Force Satisfaction of EAMMF:
Table 18: Department of the Army Satisfaction of EAMMF:
Table 19: Department of Commerce Satisfaction of EAMMF:
Table 20: DOD Business Enterprise Architecture Satisfaction of EAMMF:
Table 21: DOD Global Information Grid Satisfaction of EAMMF:
Table 22: Department of Education Satisfaction of EAMMF:
Table 23: Department of Energy Satisfaction of EAMMF:
Table 24: Department of Health and Human Services Satisfaction of
EAMMF:
Table 25: Department of Homeland Security Satisfaction of EAMMF:
Table 26: Department of Housing and Urban Development Satisfaction of
EAMMF:
Table 27: Department of the Interior Satisfaction of EAMMF:
Table 28: Department of Justice Satisfaction of EAMMF:
Table 29: Department of Labor Satisfaction of EAMMF:
Table 30: Department of the Navy Satisfaction of EAMMF:
Table 31: Joint Enterprise Architecture Satisfaction of EAMMF:
Table 32: Department of Transportation Satisfaction of EAMMF:
Table 33: Department of the Treasury Satisfaction of EAMMF:
Table 34: Department of Veterans Affairs Satisfaction of EAMMF:
Table 35: Environmental Protection Agency Satisfaction of EAMMF:
Table 36: General Services Administration Satisfaction of EAMMF:
Table 37: National Aeronautics and Space Administration Satisfaction of
EAMMF:
Table 38: National Science Foundation Satisfaction of EAMMF:
Table 39: Nuclear Regulatory Commission Satisfaction of EAMMF:
Table 40: Office of Personnel Management Satisfaction of EAMMF:
Table 41: Small Business Administration Satisfaction of EAMMF:
Table 42: Social Security Administration Satisfaction of EAMMF:
Table 43: U. S. Agency for International Development Satisfaction of
EAMMF:
Figures:
Figure 1: Summary of EAMMF Version 1.1: Maturity Stages, Critical
Success Attributes, and Core Elements:
Figure 2: Overall Satisfaction of Core Elements Associated with
Architecture Governance
Figure 3: Overall Satisfaction of Core Elements Associated with
Architecture Content:
Figure 4: Overall Satisfaction of Core Elements Associated with
Architecture Use:
Figure 5: Overall Satisfaction of Core Elements Associated with
Architecture Measurement:
Figure 6: Department/Agency Maturity Stage Based on Fully Versus
Partially Satisfied Criterion:
Figure 7: Reported Development Costs to Date for Departments and
Agencies:
Figure 8: Reported Estimated Completion Costs for Departments and
Agencies:
Figure 9: Reported Estimated Annual Maintenance Costs for Departments
and Agencies:
Figure 10: Breakdown of Enterprise Architecture Development Costs for
all Departments and Agencies:
Figure 11: Reported Enterprise Architecture Contractor Costs by
Category:
Figure 12: Enterprise Architecture Tools Used by Departments and
Agencies:
Figure 13: Frameworks Used by Departments and Agencies:
Abbreviations:
BEA: Business Enterprise Architecture:
CIO: Chief Information Officer:
DHS: Department of Homeland Security:
DOD: Department of Defense:
DODAF: Department of Defense Architecture Framework:
DOJ: Department of Justice:
EA: Enterprise Architecture:
EAMMF: Enterprise Architecture Management Maturity Framework:
EAMS: Enterprise Architecture Management System:
EPA: Environmental Protection Agency:
FAA: Federal Aviation Administration:
FBI: Federal Bureau of Investigation:
FEAF: Federal Enterprise Architecture Framework:
FEAPMO: Federal Enterprise Architecture Program Management Office:
GIG: Global Information Grid:
GSA: General Services Administration:
HHS: Department of Health and Human Services:
HUD: Department of Housing and Urban Development:
IT: Information Technology:
IV&V: Independent Verification and Validation:
NASA: National Aeronautics and Space Administration:
NIST: National Institute of Standards and Technology:
NRC: Nuclear Regulatory Commission:
NSF: National Science Foundation:
OMB: Office of Management and Budget:
OPM: Office of Personnel Management:
SBA: Small Business Administration:
SSA: Social Security Administration:
TOGAF: The Open Group Architecture Framework:
USAID: United States Agency for International Development:
USDA: United States Department of Agriculture:
VA: Department of Veterans Affairs:
August 14, 2006:
The Honorable Tom Davis:
Chairman:
Committee on Government Reform:
House of Representatives:
A well-defined enterprise architecture[Footnote 1] is an essential tool
for leveraging information technology (IT) in the transformation of
business and mission operations. Our experience with federal
departments and agencies has shown that attempting to modernize and
evolve IT environments without an enterprise architecture to guide and
constrain investments often results in operations and systems that are
duplicative, not well integrated, unnecessarily costly to maintain and
interface, and ineffective in supporting mission goals. Moreover, the
development, implementation, and maintenance of architectures are
widely recognized as hallmarks of successful public and private
organizations, and their use is required by the Clinger-Cohen Act and
the Office of Management and Budget (OMB). In light of the importance
of these architectures, you requested that we determine the current
status of major federal department and agency enterprise architecture
efforts.
To accomplish our objective, we surveyed 27 major federal departments
and agencies using a questionnaire that was based on our maturity
framework for assessing and improving enterprise architecture
management,[Footnote 2] and we collected and reviewed documentation to
verify agency responses. We then analyzed the results to determine the
extent to which each of the 27 satisfied our maturity
framework,[Footnote 3] and the challenges and benefits that each
department and agency sees. We also collected information about, for
example, department and agency architecture costs and architecture
framework and tool use and satisfaction, which is summarized in
appendixes I and II. Because our framework defines what needs to be
done to effectively manage an enterprise architecture program, and not
the details surrounding how it needs to be done, the scope of our
review did not include assessing the quality of enterprise architecture
products and activities and associated management structures and
processes that make up our framework. As such, scoring high on our
maturity scale should be viewed as an indicator of, and not a guarantee
that, a department or agency necessarily has a well-defined
architecture and that it is being effectively implemented. We conducted
our work in accordance with generally accepted government auditing
standards. Details of our objective, scope, and methodology are in
appendix III.
Results in Brief:
The state of the enterprise architecture programs at the 27 major
federal departments and agencies is varied, with several having very
immature programs, several having more mature programs, and most being
somewhere in between. Collectively, this means that the bulk of the
federal government's enterprise architecture efforts can be viewed as a
work in process with much to be accomplished before their
transformation value is fully realized. To effectively establish and
leverage enterprise architectures as instruments of organizational
transformation, research by us and others show that architecture
programs should be founded upon both an institutional commitment to the
architecture and a measured and verified organizational capability to
properly develop and use it to affect operational and technological
change. Our five stage architecture framework for managing and
evaluating the status of architecture efforts consists of 31 core
elements related to architecture governance, content, use, and
measurement that reflect these basic attributes.[Footnote 4] Of the 27
departments and agencies, 7 have advanced beyond the initial stage of
our framework, meaning that they have fully satisfied all the core
elements associated with the framework's second stage (establishing the
management foundation for developing, using, and maintaining the
architecture). Of these seven, four have also fully satisfied all the
core elements associated with the third stage (developing the
architecture). None have fully satisfied all of the core elements
associated with the fourth (completing the architecture) and fifth
(leveraging the architecture for organizational change) stages.
Nevertheless, most of the departments and agencies have fully satisfied
a number of the core elements across stages higher than that at which
they have met all core elements. When this is considered, the profile
shows that about 77 percent of the programs reviewed have fully
satisfied the architecture governance core elements, 68 percent have
fully satisfied the architecture content core elements, 52 percent have
fully satisfied the architecture use core elements, and 47 have fully
satisfied the architecture measurement core elements. Moreover, most of
the departments and agencies have also partially satisfied additional
core elements across all the stages. Seventeen of the departments and
agencies have at least partially satisfied the core elements associated
with achieving the framework's third stage, with four having partially
satisfied the elements associated with achieving higher stages.
As we have previously reported, the key to these departments and
agencies building upon their current status, and ultimately realizing
the many benefits that they cited architectures providing, will be
sustained executive leadership, as virtually all the barriers that the
agencies reported can be addressed through such leadership. Examples of
these barriers or challenges are overcoming organizational parochialism
and cultural resistance, having adequate resources (human capital and
funding), and fostering top management understanding. Examples of the
benefits include better information sharing, consolidation, improved
productivity, and reduced costs. To assist the departments and agencies
in addressing their architectural barriers, managing their architecture
programs, and realizing their architecture benefits, we are making
recommendations to heads of major departments and agencies for
developing and implementing plans aimed at satisfying all of the
conditions in our architecture management maturity framework.
We received written or oral comments on a draft of this report from 25
of the departments and agencies in our review.[Footnote 5] Of the 25,
24 fully agreed with our recommendation and one department partially
agreed. Nineteen departments and agencies agreed with our findings and
six partially agreed. Of the six that disagreed with certain aspects of
our findings, the disagreements largely centered around (1) the
adequacy of the documentation that they provided to demonstrate
satisfaction of a specific core element and (2) recognition of steps
that they reported taking after we concluded our review. For the most
part, these isolated areas of disagreement did not result in any
changes to our findings for two primary reasons. First, our findings
across the departments and agencies were based on consistently applied
evaluation criteria governing the adequacy of documentation, and were
not adjusted to accommodate any one particular department or agency.
Second, our findings represent the state of each architecture program
as of March 2006, and thus to be consistent do not reflect activities
that may have occurred after this time. Beyond these comments, several
departments and agencies offered suggestions for improving our
framework, which we will consider in issuing the next version of the
framework, and several provided technical comments, which we have
incorporated, as appropriate, in this report.
Background:
An enterprise architecture is a blueprint that describes the current
and desired state of an organization or functional area in both logical
and technical terms, as well as a plan for transitioning between the
two states. Enterprise architectures are a recognized tenet of
organizational transformation and IT management in public and private
organizations. Without an enterprise architecture, it is unlikely that
an organization will be able to transform business processes and
modernize supporting systems to minimize overlap and maximize
interoperability. The concept of enterprise architectures originated in
the mid-1980s; various frameworks for defining the content of these
architectures have been published by government agencies and OMB.
Moreover, legislation and federal guidance requires agencies to develop
and use architectures. For more than a decade, we have conducted work
to improve agency architecture efforts. To this end, we developed an
enterprise architecture management maturity framework that provides
federal agencies with a common benchmarking tool for assessing the
management of their enterprise architecture efforts and developing
improvement plans.
Enterprise Architecture Description and Importance:
An enterprise can be viewed as either a single organization or a
functional area that transcends more than one organization (e.g.,
financial management, homeland security). An architecture can be viewed
as the structure (or structural description) of any activity. Thus,
enterprise architectures are basically systematically derived and
captured descriptions--in useful models, diagrams, and narrative.
More specifically, an architecture describes the enterprise in logical
terms (such as interrelated business processes and business rules,
information needs and flows, and work locations and users) as well as
in technical terms (such as hardware, software, data, communications,
and security attributes and performance standards). It provides these
perspectives both for the enterprise's current or "as-is" environment
and for its target or "to-be" environment, as well as a transition plan
for moving from the "as-is" to the "to-be" environment.
The importance of enterprise architectures is a basic tenet of both
organizational transformation and IT management, and their effective
use is a recognized hallmark of successful public and private
organizations. For over a decade, we have promoted the use of
architectures, recognizing them as a crucial means to a challenging
end: optimized agency operations and performance. The alternative, as
our work has shown, is the perpetuation of the kinds of operational
environments that burden most agencies today, where a lack of
integration among business operations and the IT resources supporting
them leads to systems that are duplicative, poorly integrated, and
unnecessarily costly to maintain and interface.[Footnote 6] Employed in
concert with other important IT management controls (such as portfolio-
based capital planning and investment control practices), architectures
can greatly increase the chances that the organizations' operational
and IT environments will be configured so as to optimize mission
performance.
Brief History of Architecture Frameworks and Management Guidance:
During the mid-1980s, John Zachman, widely recognized as a leader in
the field of enterprise architecture, identified the need to use a
logical construction blueprint (i.e., an architecture) for defining and
controlling the integration of systems and their components.[Footnote
7] Accordingly, Zachman developed a structure or framework for defining
and capturing an architecture, which provides for six perspectives or
"windows" from which to view the enterprise.[Footnote 8] Zachman also
proposed six abstractions or models associated with each of these
perspectives.[Footnote 9] Zachman's framework provides a way to
identify and describe an entity's existing and planned component parts
and the parts' relationships before the entity begins the costly and
time-consuming efforts associated with developing or transforming
itself.
Since Zachman introduced his framework, a number of frameworks have
emerged within the federal government, beginning with the publication
of the National Institute of Standards and Technology (NIST) framework
in 1989. Since that time, other federal entities have issued
frameworks, including the Department of Defense (DOD) and the
Department of the Treasury. In September 1999, the federal Chief
Information Officers (CIO) Council published the Federal Enterprise
Architecture Framework (FEAF), which was intended to provide federal
agencies with a common construct for their architectures, thereby
facilitating the coordination of common business processes, technology
insertion, information flows, and system investments among federal
agencies. The FEAF described an approach, including models and
definitions, for developing and documenting architecture descriptions
for multi-organizational functional segments of the federal
government.[Footnote 10]
More recently, OMB established the Federal Enterprise Architecture
Program Management Office (FEAPMO) to develop a federal enterprise
architecture according to a collection of five reference models (see
table 1). These models are intended to facilitate governmentwide
improvement through cross-agency analysis and the identification of
duplicative investments, gaps, and opportunities for collaboration,
interoperability, and integration within and across government
agencies.
Table 1: Federal Enterprise Architecture Reference Models:
Reference model: Performance Reference Model;
Description: Provides a common set of general performance outputs and
measures for agencies to use to achieve business goals and objectives.
Reference model: Business Reference Model;
Description: Describes the business operations of the federal
government independent of the agencies that perform them, including
defining the services provided to state and local governments.
Reference model: Service Component Reference Model;
Description: Identifies and classifies IT service (i.e., application)
components that support federal agencies and promotes the reuse of
components across agencies.
Reference model: Data and Information Reference Model;
Description: Describes, at an aggregate level, the types of data and
information that support program and business line operations, and the
relationships among these types.
Reference model: Technical Reference Model;
Description: Describes how technology is supporting the delivery of
service components, including relevant standards for implementing the
technology.
Source: GAO.
[End of table]
OMB has identified multiple purposes for the Federal Enterprise
Architecture, such as the following:
* informing agency enterprise architectures and facilitating their
development by providing a common classification structure and
vocabulary;
* providing a governmentwide framework that can increase agency
awareness of IT capabilities that other agencies have or plan to
acquire, so that they can explore opportunities for reuse;
* helping OMB decision makers identify opportunities for collaboration
among agencies through the implementation of common, reusable, and
interoperable solutions; and:
* providing the Congress with information that it can use as it
considers the authorization and appropriation of funding for federal
programs.
Although these post-Zachman frameworks differ in their nomenclatures
and modeling approaches, each consistently provides for defining an
enterprise's operations in both logical and technical terms, provides
for defining these perspectives for the enterprise's current and target
environments, and calls for a transition plan between the two.
Several laws and regulations address enterprise architecture. For
example, the Clinger-Cohen Act of 1996 directs the CIOs of major
departments and agencies to develop, maintain, and facilitate the
implementation of information technology architectures as a means of
integrating agency goals and business processes with information
technology.[Footnote 11] Also, OMB Circular A-130, which implements the
Clinger-Cohen Act, requires that agencies document and submit their
initial enterprise architectures to OMB and that agencies submit
updates when significant changes to their enterprise architectures
occur.The circular also directs OMB to use various reviews to evaluate
the adequacy and efficiency of each agency's compliance with the
circular.
A Decade of GAO Work Has Focused on Improving Agency Enterprise
Architecture Efforts:
We began reviewing federal agencies' use of enterprise architectures in
1994, initially focusing on those agencies that were pursuing major
systems modernization programs that were high risk. These included the
National Weather Service systems modernization,[Footnote 12] the
Federal Aviation Administration (FAA) air traffic control
modernization,[Footnote 13] and the Internal Revenue Service tax
systems modernization.[Footnote 14] Generally, we reported that these
agencies' enterprise architectures were incomplete, and we made
recommendations that they develop and implement complete enterprise
architectures to guide their modernization efforts.
Since then, we have reviewed enterprise architecture management at
other federal agencies, including the Department of Education
(Education),[Footnote 15] the Customs Service,[Footnote 16] the
Immigration and Naturalization Service,[Footnote 17] the Centers for
Medicare and Medicaid Services,[Footnote 18] FAA,[Footnote 19] and the
Federal Bureau of Investigation (FBI).[Footnote 20] We have also
reviewed the use of enterprise architectures for critical agency
functional areas, such as the integration and sharing of terrorist
watch lists across key federal departments[Footnote 21] and DOD
financial management,[Footnote 22] logistics management,[Footnote 23]
combat identification,[Footnote 24] and business systems
modernization.[Footnote 25] These reviews continued to identify the
absence of complete and enforced enterprise architectures, which in
turn has led to agency business operations, systems, and data that are
duplicative, incompatible, and not integrated; these conditions have
either prevented agencies from sharing data or forced them to depend on
expensive, custom-developed system interfaces to do so. Accordingly, we
made recommendations to improve the respective architecture efforts. In
some cases progress has been made, such as at DOD and FBI. As a
practical matter, however, considerable time is needed to completely
address the kind of substantive issues that we have raised and to make
progress in establishing more mature architecture programs.
In 2002 and 2003, we also published reports on the status of enterprise
architectures governmentwide. The first report (February 2002)[Footnote
26] showed that about 52 percent of federal agencies self-reported
having at least the management foundation that is needed to
successfully develop, implement, and maintain an enterprise
architecture, and that about 48 percent of agencies had not yet
advanced to that basic stage of maturity. We attributed this state of
architecture management to four management challenges: (1) overcoming
limited executive understanding, (2) inadequate funding, (3)
insufficient number of skilled staff, and (4) organizational
parochialism. Additionally, we recognized OMB's efforts to promote and
oversee agencies' enterprise architecture efforts. Nevertheless, we
determined that OMB's leadership and oversight could be improved by,
for example, using a more structured means of measuring agencies'
progress and by addressing the above management challenges.
The second report (November 2003)[Footnote 27] showed the percentage of
agencies that had established at least a foundation for enterprise
architecture management was virtually unchanged. We attributed this to
long-standing enterprise architecture challenges that had yet to be
addressed. In particular, more agencies reported lack of agency
executive understanding of enterprise architecture and the scarcity of
skilled architecture staff as significant challenges. OMB generally
agreed with our findings and the need for additional agency
assessments. Further, it stated that fully implementing our
recommendations would require sustained management attention, and that
it had begun by working with the CIO Council to establish the Chief
Architect Forum and to increase the information OMB reports on
enterprise architecture to Congress.
Since then, OMB has developed and implemented an enterprise
architecture assessment tool. According to OMB, the tool helps better
understand the current state of an agency's architecture and assists
agencies in integrating architectures into their decision-making
processes. The latest version of the assessment tool (2.0) was released
in December 2005 and includes three capability areas: (1) completion,
(2) use, and (3) results. Table 2 describes each of these areas.
Table 2: OMB Enterprise Architecture Assessment Framework Capability
Areas:
Capability area: Completion;
Description: Addresses ensuring that architecture products describe the
agency in terms of processes, services, data, technology, and
performance and that the agency has developed a transition strategy.
Capability area: Use;
Description: Addresses the establishment of important management
practices, processes, and policies, such as configuration management,
communications, and integration of the architecture with capital
planning processes.
Capability area: Results;
Description: Addresses the effectiveness and value of the architecture
by encouraging performance measurements and using it to ensure agency
policies align to OMB IT policy.
Source: OMB.
[End of table]
The tool also includes criteria for scoring an agency's architecture
program on a scale of 0 to 5.[Footnote 28] In early 2006, the major
departments and agencies were required by OMB to self assess their
architecture programs using the tool. OMB then used the self assessment
to develop its own assessment. These assessment results are to be used
in determining the agency's e-Government score within the President's
Management Agenda.
GAO's Enterprise Architecture Management Maturity Framework (EAMMF):
In 2002, we developed version 1.0 of our Enterprise Architecture
Management Maturity Framework (EAMMF) to provide federal agencies with
a common benchmarking tool for planning and measuring their efforts to
improve enterprise architecture management, as well as to provide OMB
with a means for doing the same governmentwide. We issued an update of
the framework (version 1.1) in 2003.[Footnote 29] This framework is an
extension of A Practical Guide to Federal Enterprise Architecture,
Version 1.0, published by the CIO Council.[Footnote 30] Version 1.1 of
the framework arranges 31 core elements (practices or conditions that
are needed for effective enterprise architecture management) into a
matrix of five hierarchical maturity stages and four critical success
attributes that apply to each stage. Within a given stage, each
critical success attribute includes between one and four core elements.
Based on the implicit dependencies among the core elements, the EAMMF
associates each element with one of five maturity stages (see fig. 1).
The core elements can be further categorized by four groups:
architecture governance, content, use, and measurement.
EAMMF Stages:
Stage 1: Creating EA awareness. At stage 1, either an organization does
not have plans to develop and use an architecture, or it has plans that
do not demonstrate an awareness of the value of having and using an
architecture. While stage 1 agencies may have initiated some enterprise
architecture activity, these agencies' efforts are ad hoc and
unstructured, lack institutional leadership and direction, and do not
provide the management foundation necessary for successful enterprise
architecture development as defined in stage 2.
Stage 2: Building the EA management foundation. An organization at
stage 2 recognizes that the enterprise architecture is a corporate
asset by vesting accountability for it in an executive body that
represents the entire enterprise. At this stage, an organization
assigns enterprise architecture management roles and responsibilities
and establishes plans for developing enterprise architecture products
and for measuring program progress and product quality; it also commits
the resources necessary for developing an architecture--people,
processes, and tools. Specifically, a stage 2 organization has
designated a chief architect and established and staffed a program
office responsible for enterprise architecture development and
maintenance. Further, it has established a committee or group that has
responsibility for enterprise architecture governance (i.e., directing,
overseeing, and approving architecture development and maintenance).
This committee or group membership has enterprisewide representation.
At stage 2, the organization either has plans for developing or has
started developing at least some enterprise architecture products, and
it has developed an enterprisewide awareness of the value of enterprise
architecture and its intended use in managing its IT investments. The
organization has also selected a framework and a methodology that will
be the basis for developing the enterprise architecture products and
has selected a tool for automating these activities.
Stage 3: Developing the EA. An organization at stage 3 focuses on
developing architecture products according to the selected framework,
methodology, tool, and established management plans. Roles and
responsibilities assigned in the previous stage are in place, and
resources are being applied to develop actual enterprise architecture
products. At this stage, the scope of the architecture has been defined
to encompass the entire enterprise, whether organization-based or
function-based. Although the products may not be complete, they are
intended to describe the organization in terms of business,
performance, information/data, service/application, and technology
(including security explicitly in each) as provided for in the
framework, methodology, tool, and management plans.[Footnote 31]
Further, the products are to describe the current (as-is) and future
(to-be) states and the plan for transitioning from the current to the
future state (the sequencing plan). As the products are developed and
evolve, they are subject to configuration management. Further, through
the established enterprise architecture management foundation, the
organization is tracking and measuring its progress against plans,
identifying and addressing variances, as appropriate, and then
reporting on its progress.
Stage 4: Completing the EA. An organization at stage 4 has completed
its enterprise architecture products, meaning that the products have
been approved by the enterprise architecture steering committee
(established in stage 2) or an investment review board, and by the CIO.
The completed products collectively describe the enterprise in terms of
business, performance, information/data, service/application, and
technology for both its current and future operating states, and the
products include a plan for transitioning from the current to the
future state. Further, an independent agent has assessed the quality
(i.e., completeness and accuracy) of the enterprise architecture
products. Additionally, evolution of the approved products is governed
by a written enterprise architecture maintenance policy approved by the
head of the organization.
Stage 5: Leveraging the EA to manage change. An organization at stage 5
has secured senior leadership approval of the enterprise architecture
products and a written institutional policy stating that IT investments
must comply with the architecture, unless granted an explicit
compliance waiver. Further, decision makers are using the architecture
to identify and address ongoing and proposed IT investments that are
conflicting, overlapping, not strategically linked, or redundant. As a
result, stage 5 entities avoid unwarranted overlap across investments
and ensure maximum systems interoperability, which in turn ensures the
selection and funding of IT investments with manageable risks and
returns. Also, at stage 5, the organization tracks and measures
enterprise architecture benefits or return on investment, and
adjustments are continuously made to both the enterprise architecture
management process and the enterprise architecture products.
EAMMF Attributes:
Attribute 1: Demonstrates commitment. Because the enterprise
architecture is a corporate asset for systematically managing
institutional change, the support and sponsorship of the head of the
enterprise are essential to the success of the architecture effort. An
approved enterprise policy statement provides such support and
sponsorship, promoting institutional buy-in and encouraging resource
commitment from participating components. Equally important in
demonstrating commitment is vesting ownership of the architecture with
an executive body that collectively owns the enterprise.
Attribute 2: Provides capability to meet commitment. The success of the
enterprise architecture effort depends largely on the organization's
capacity to develop, maintain, and implement the enterprise
architecture. Consistent with any large IT project, these capabilities
include providing adequate resources (i.e., people, processes, and
technology), defining clear roles and responsibilities, and defining
and implementing organizational structures and process management
controls that promote accountability and effective project execution.
Attribute 3: Demonstrates satisfaction of commitment. Satisfaction of
the organization's commitment to develop, maintain, and implement an
enterprise architecture is demonstrated by the production of artifacts
(e.g., the plans and products). Such artifacts demonstrate follow
through--that is, actual enterprise architecture production.
Satisfaction of commitment is further demonstrated by senior leadership
approval of enterprise architecture documents and artifacts;
such approval communicates institutional endorsement and ownership of
the architecture and the change that it is intended to drive.
Attribute 4: Verifies satisfaction of commitment. This attribute
focuses on measuring and disclosing the extent to which efforts to
develop, maintain, and implement the enterprise architecture have
fulfilled stated goals or commitments of the enterprise architecture.
Measuring such performance allows for tracking progress that has been
made toward stated goals, allows appropriate actions to be taken when
performance deviates significantly from goals, and creates incentives
to influence both institutional and individual behaviors.
Figure 1: Summary of EAMMF Version 1.1: Maturity Stages, Critical
Success Attributes, and Core Elements:
[See PDF for image]
Source: GAO.
Note: Each stage includes all elements of previous stages.
[End of figure]
EAMMF Groups:
The framework's 31 core elements can also be placed in one of four
groups of architecture related activities, processes, products, events,
and structures. The groups are architecture governance, content, use,
and measurement. These groups are generally consistent with the
capability area descriptions in the previously discussed OMB enterprise
architecture assessment tool. For example, OMB's completion capability
area addresses ensuring that architecture products describe the agency
in terms of processes, services, data, technology, and performance and
that the agency has developed a transition strategy. Similarly, our
content group includes developing and completing these same enterprise
architecture products. In addition, OMB's results capability area
addresses performance measurement as does our measurement group, and
OMB's use capability area addresses many of the same elements in our
governance and use groups.
Table 3 lists the core elements according to EAMMF group.
Table 3: Summary of EAMMF Version 1.1: Core Elements Categorized by
Group:
Group: Governance;
Core element: Adequate resources exist (stage 2);
Committee or group representing the enterprise is responsible for
directing, overseeing, and approving EA (stage 2);
Program office responsible for EA development and maintenance exists
(stage 2);
Chief architect exists (stage 2);
EA being developed using a framework, methodology, and automated tool
(stage 2);
EA plans call for describing "as-is" environment, "to-be" environment,
and sequencing plan (stage 2);
EA plans call for describing enterprise in terms of business,
performance, information/data, application/service, and technology
(stage 2);
EA plans call for business, performance, information/data,
application/service, and technology to address security (stage 2);
Written and approved policy exists for EA development (stage 3);
Written and approved policy exists for EA maintenance (stage 4);
Organization CIO has approved EA (stage 4);
Committee or group representing the enterprise or the investment review
board has approved current version of EA (stage 4);
Written and approved organization policy exists for IT investment
compliance with EA (stage 5);
Organization head has approved current version of EA (stage 5).
Group: Content;
Core element: EA products are under configuration management (stage 3);
EA products describe or will describe "as-is" environment, "to-be"
environment and sequencing plan (stage 3);
Both "as-is" and "to-be" environments are described or will be
described in terms given in stage 2 (stage 3);
These descriptions address or will address security (stage 3);
EA products and management processes undergo independent verification
and validation (stage 4);
EA products describe "as-is" environment, "to-be" environment, and
sequencing plan (stage 4);
Both "as-is" and "to-be" environments are described in terms given in
stage 2 (stage 4);
These descriptions address security (stage 4);
Process exists to formally manage EA change (stage 5);
EA products are periodically updated (stage 5).
Group: Use;
Core element: EA is integral component of IT investment management
process (stage 5);
Measurement: IT investments comply with EA (stage 5).
Group: Measurement;
Core element: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment (stage 2);
Progress against EA plans is measured and reported (stage 3);
Quality of EA products is measured and reported (stage 4);
Return on EA investment is measured and reported (stage 5);
Compliance with EA is measured and reported (stage 5).
Source: GAO.
[End of table]
Overall State of Enterprise Architecture Management Is a Work-in-
Progress, Although a Few Agencies Have Largely Satisfied Our Framework:
Most of the 27 major departments and agencies have not fully satisfied
all the core elements associated with stage 2 of our maturity
framework. At the same time, however, most have satisfied a number of
core elements at stages 3, 4, and 5. Specifically, although only seven
have fully satisfied all the stage 2 elements, the 27 have on average
fully satisfied 80, 78, 61, and 52 percent of the stage 2, 3, 4, and 5
elements, respectively. Of the core elements that have been fully
satisfied, 77 percent of those related to architecture governance have
been fully satisfied, while 68, 52, and 47 percent of those related to
architecture content, use, and measurement, respectively, have been
fully satisfied. Most of the 27 have also at least partially satisfied
a number of additional core elements across all the stages. For
example, all but 7 have at least partially satisfied all the elements
required to achieve stage 3 or higher. Collectively, this means efforts
are underway to mature the management of most agency enterprise
architecture programs, but overall these efforts are uneven and still a
work-in-progress and they face numerous challenges that departments and
agencies identified. It also means that some architecture programs
provide examples from which less mature programs could learn and
improve. Without mature enterprise architecture programs, some
departments and agencies will not realize the many benefits that they
attributed to architectures, and they are at risk of investing in IT
assets that are duplicative, not well-integrated, and do not optimally
support mission operations.
The Degree to which Major Departments and Agencies Have Fully Satisfied
Our Framework's Core Elements Is Uneven and Their Collective Efforts
Can Be Viewed as a Work-in-Progress:
To qualify for a given stage of maturity under our architecture
management framework, a department or agency had to fully satisfy all
of the core elements at that stage. Using this criterion, three
departments and agencies are at stage 2, meaning that they demonstrated
to us through verifiable documentation that they have established the
foundational commitments and capabilities needed to manage the
development of an architecture. In addition, four are at stage 3,
meaning that they similarly demonstrated that their architecture
development efforts reflect employment of the basic control measures in
our framework. Table 4 summarizes the maturity stage of each
architecture program that we assessed. Appendix IV provides the
detailed results of our assessment of each department and agency
architecture program against our maturity framework.
Table 4: Maturity Stage of Major Department and Agency Enterprise
Architecture Programs:
Department/Agency: Department of Housing and Urban Development (HUD);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 3.
Department/Agency: Department of the Interior (Interior);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 3.
Department/Agency: Department of Justice (DOJ);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 3.
Department/Agency: Department of Labor (Labor);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 3.
Department/Agency: Department of Agriculture (USDA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 2.
Department/Agency: Department of Homeland Security (DHS);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 2.
Department/Agency: Office of Personnel Management (OPM);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 2.
Department/Agency: Department of the Air Force (Air Force);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of the Army (Army);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Commerce (Commerce);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Defense - Business Enterprise
Architecture (BEA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Defense - Global Information Grid
(GIG);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Education (Education);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Energy (Energy);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Health and Human Services (HHS);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of the Navy (Navy);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of State (State);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of the Treasury (Treasury);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Transportation (Transportation);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Department of Veterans Affairs (VA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Environmental Protection Agency (EPA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: General Services Administration (GSA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: National Aeronautics and Space Administration
(NASA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: National Science Foundation (NSF);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Nuclear Regulatory Commission (NRC);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Small Business Administration (SBA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: Social Security Administration (SSA);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Department/Agency: U.S. Agency for International Development (USAID);
Stage when program required to fully satisfy all elements in one stage
to advance to the next: 1.
Source: GAO analysis of department and agency data.
[End of table]
While using this criterion provides an important perspective on the
state of department and agency architecture programs, it can mask the
fact that the programs have met a number of core elements across higher
stages of maturity. When the percentage of core elements that have been
fully satisfied at each stage is considered, the state of the
architecture efforts generally shows both a larger number of more
robust architecture programs as well as more variability across the
departments and agencies. Specifically, 16 departments and agencies
have fully satisfied more than 70 percent of the core elements.
Examples include Commerce, which has satisfied 87 percent of the core
elements, including 75 percent of the stage 5 elements, even though it
is at stage 1 because its enterprise architecture approval board does
not have enterprisewide representation (a stage 2 core element).
Similarly, SSA, which is also a stage 1 because the agency's enterprise
architecture methodology does not describe the steps for developing,
maintaining, and validating the agency's enterprise architecture (a
stage 2 core element), has at the same time satisfied 87 percent of all
the elements, including 63 percent of the stage 5 elements. In
contrast, the Army, which is also in stage 1, has satisfied but 3
percent of all framework elements. Overall, 10 agency architecture
programs fully satisfied more than 75 percent of the core elements, 14
between 50 and 75 percent, and 4 fewer than 50 percent. These four
included the three military departments. Table 5 summarizes for each
department and agency the percentage of core elements fully satisfied
in total and by maturity stage.
Table 5: Percent of Framework Elements Satisfied by Department and
Agency Architecture Programs within Each Maturity Stage:
Stage 3;
Departments/Agencies and Maturity Stages: Department of the Interior;
Percent of framework elements satisfied: 97;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 100.
Stage 3;
Departments/Agencies and Maturity Stages: Department of Housing and
Urban Development;
Percent of framework elements satisfied: 94;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 75;
Percent of stage 5 elements satisfied: 100.
Stage 3;
Departments/Agencies and Maturity Stages: Department of Labor;
Percent of framework elements satisfied: 87;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 63.
Stage 3;
Departments/Agencies and Maturity Stages: Department of Justice;
Percent of framework elements satisfied: 77;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 63;
Percent of stage 5 elements satisfied: 50.
Stage 2;
Departments/Agencies and Maturity Stages: Office of Personnel
Management;
Percent of framework elements satisfied: 94;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 100.
Stage 2;
Departments/Agencies and Maturity Stages: Department of Homeland
Security;
Percent of framework elements satisfied: 77;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 75;
Percent of stage 5 elements satisfied: 50.
Stage 2;
Departments/Agencies and Maturity Stages: Department of Agriculture;
Percent of framework elements satisfied: 61;
Percent of stage 2 elements satisfied: 100;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 50;
Percent of stage 5 elements satisfied: 25.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Commerce;
Percent of framework elements satisfied: 87;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 75.
Stage 1;
Departments/Agencies and Maturity Stages: Social Security
Administration;
Percent of framework elements satisfied: 87;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 100;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Education;
Percent of framework elements satisfied: 84;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 75;
Percent of stage 5 elements satisfied: 75.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Energy;
Percent of framework elements satisfied: 77;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 50.
Stage 1;
Departments/Agencies and Maturity Stages: National Aeronautics and
Space Administration;
Percent of framework elements satisfied: 71;
Percent of stage 2 elements satisfied: 67;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 63;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Small Business
Administration;
Percent of framework elements satisfied: 71;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 75;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Department of the Treasury;
Percent of framework elements satisfied: 71;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 63;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Health and
Human Services;
Percent of framework elements satisfied: 71;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 100;
Percent of stage 4 elements satisfied: 38;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Environmental Protection
Agency;
Percent of framework elements satisfied: 74;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 88;
Percent of stage 5 elements satisfied: 38.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Defense -
Global Information Grid;
Percent of framework elements satisfied: 71;
Percent of stage 2 elements satisfied: 89;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 75;
Percent of stage 5 elements satisfied: 50.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Defense -
Business Enterprise Architecture;
Percent of framework elements satisfied: 68;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 63;
Percent of stage 5 elements satisfied: 63.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Veterans
Affairs;
Percent of framework elements satisfied: 65;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 50;
Percent of stage 5 elements satisfied: 50.
Stage 1;
Departments/Agencies and Maturity Stages: Department of Transportation;
Percent of framework elements satisfied: 65;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 50;
Percent of stage 5 elements satisfied: 50.
Stage 1;
Departments/Agencies and Maturity Stages: Department of State;
Percent of framework elements satisfied: 58;
Percent of stage 2 elements satisfied: 67;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 63;
Percent of stage 5 elements satisfied: 38.
Stage 1;
Departments/Agencies and Maturity Stages: General Services
Administration;
Percent of framework elements satisfied: 55;
Percent of stage 2 elements satisfied: 67;
Percent of stage 3 elements satisfied: 50;
Percent of stage 4 elements satisfied: 50;
Percent of stage 5 elements satisfied: 50.
Stage 1;
Departments/Agencies and Maturity Stages: Nuclear Regulatory
Commission;
Percent of framework elements satisfied: 55;
Percent of stage 2 elements satisfied: 67;
Percent of stage 3 elements satisfied: 83;
Percent of stage 4 elements satisfied: 50;
Percent of stage 5 elements satisfied: 25.
Stage 1;
Departments/Agencies and Maturity Stages: National Science Foundation;
Percent of framework elements satisfied: 52;
Percent of stage 2 elements satisfied: 78;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 25;
Percent of stage 5 elements satisfied: 38.
Stage 1;
Departments/Agencies and Maturity Stages: Department of the Air Force;
Percent of framework elements satisfied: 45;
Percent of stage 2 elements satisfied: 56;
Percent of stage 3 elements satisfied: 67;
Percent of stage 4 elements satisfied: 38;
Percent of stage 5 elements satisfied: 25.
Stage 1;
Departments/Agencies and Maturity Stages: Agency for International
Development;
Percent of framework elements satisfied: 39;
Percent of stage 2 elements satisfied: 67;
Percent of stage 3 elements satisfied: 50;
Percent of stage 4 elements satisfied: 13;
Percent of stage 5 elements satisfied: 25.
Stage 1;
Departments/Agencies and Maturity Stages: Department of the Navy;
Percent of framework elements satisfied: 32;
Percent of stage 2 elements satisfied: 44;
Percent of stage 3 elements satisfied: 50;
Percent of stage 4 elements satisfied: 25;
Percent of stage 5 elements satisfied: 13.
Stage 1;
Departments/Agencies and Maturity Stages: Department of the Army;
Percent of framework elements satisfied: 3;
Percent of stage 2 elements satisfied: 11;
Percent of stage 3 elements satisfied: 0;
Percent of stage 4 elements satisfied: 0;
Percent of stage 5 elements satisfied: 0.
Source: GAO analysis of department and agency data.
[End of table]
Notwithstanding the additional perspective that the percentage of core
elements fully satisfied across all stages provides, it is important to
note that the staged core elements in our framework represent a
hierarchical or systematic progression to establishing a well-managed
architecture program, meaning that core elements associated with lower
framework stages generally support the effective execution of higher
maturity stage core elements. For instance, if a program has developed
its full suite of "as-is" and "to-be" architecture products, including
a sequencing plan (stage 4 core elements), but the products are not
under configuration management (stage 3 core element), then the
integrity and consistency of the products will be not be assured. Our
analysis showed that this was the case for a number of architecture
programs. For example, State has developed certain "as-is" and "to-be"
products for the Joint Enterprise Architecture, which is being
developed in collaboration with USAID, but an enterprise architecture
configuration management plan has not yet been finalized.
Further, not satisfying even a single core element can have a
significant impact on the effectiveness of an architecture program. For
example, not having adequate human capital with the requisite knowledge
and skills (stage 2 core element), not using a defined framework or
methodology (stage 2 core element), or not using an independent
verification and validation agent (stage 4 core element), could
significantly limit the quality and utility of an architecture. The
DOD's experience between 2001 and 2005 in developing its BEA is a case
in point. During this time, we identified the need for the department
to have an enterprise architecture for its business operations, and we
made a series of recommendations grounded in, among other things, our
architecture management framework to ensure that it was successful in
doing so.[Footnote 32] In 2005,[Footnote 33] we reported that the
department had not implemented most of our recommendations. We further
reported that despite developing multiple versions of a wide range of
architecture products, and having invested hundreds of millions of
dollars and 4 years in doing so, the department did not have a well-
defined architecture and that what it had developed had limited
utility. Among other things, we attributed the poor state of its
architecture products to ineffective program governance,
communications, program planning, human capital, and configuration
management, most of which are stage 2 and 3 foundational core elements.
To the department's credit, we recently reported that it has since
taken a number of actions to address these fundamental weaknesses and
our related recommendations and that it is now producing architecture
products that provide a basis upon which to build.
The significance of not satisfying a single core element is also
readily apparent for elements associated with the framework's content
group. In particular, the framework emphasizes the importance of
planning for, developing, and completing an architecture that includes
the "as-is" and the "to-be" environments as well as a plan for
transitioning between the two. It also recognizes that the "as-is" and
"to-be" should address the business, performance, information/data,
application/service, technology, and security aspects of the
enterprise. To the extent these aspects are not addressed in this way,
the quality of the architecture and thus its utility will suffer. In
this regard, we found examples of departments and agencies that were
addressing some but not all of these aspects. For example, HUD has yet
to adequately incorporate security into its architecture. This is
significant because security is relevant to all the other aspects of
its architecture, such as information/data and applications/services.
As another example, NASA's architecture does not include a plan for
transitioning from the "as-is" to the "to-be" environments. According
to the administration's Chief Enterprise Architect, a transition plan
has not yet been developed because of insufficient time and staff.
Looking across all the departments and agencies at core elements that
are fully satisfied, not by stage of maturity, but by related groupings
of core elements, provides an additional perspective on the state of
the federal government's architecture efforts. As noted earlier, these
groupings of core elements are architecture governance, content, use,
and measurement. Overall, departments and agencies on average have
fully satisfied 77 percent of the governance-related elements. In
particular, 93 and 96 percent of the agencies have established an
architecture program office and appointed a chief architect,
respectively. In addition, 93 percent have plans that call for their
respective architectures to describe the "as-is" and the "to-be"
environments, and for having a plan for transitioning between the two
(see fig. 2). In contrast, however, the core element associated with
having a committee or group with representation from across the
enterprise directing, overseeing, and approving the architecture was
fully satisfied by only 57 percent of the agencies. This core element
is important because the architecture is a corporate asset that needs
to be enterprisewide in scope and accepted by senior leadership if it
is to be leveraged for organizational change.
Figure 2: Overall Satisfaction of Core Elements Associated with
Architecture Governance:
[See PDF for image]
Source: GAO analysis of department/agency data.
Note: Numbers might not add to 100 percent due to rounding.
[End of figure]
In contrast to governance, the extent of full satisfaction of those
core elements that are associated with what an architecture should
contain varies widely (see fig. 3). For example, the three content
elements that address prospectively what the architecture will contain,
either in relation to plans or some provision for including needed
content, were fully satisfied about 90 percent of the time. However,
the core elements addressing whether the products now contain such
content were fully satisfied much less frequently (between 54 and 68
percent of the time, depending on the core element), and the core
elements associated with ensuring the quality of included content, such
as employing configuration management and undergoing independent
verification and validation, were also fully satisfied much less
frequently (54 and 21 percent of the time, respectively). The state of
these core elements raises important questions about the quality and
utility of the department and agency architectures.
Figure 3: Overall Satisfaction of Core Elements Associated with
Architecture Content:
[See PDF for image]
Source: GAO analysis of department/agency data.
Note: Numbers might not add to 100 percent due to rounding.
[End of figure]
The degree of full satisfaction of those core elements associated with
the remaining two groups--use and measurement--is even lower (see figs.
4 and 5, respectively). For example, the architecture use-related core
elements were fully satisfied between 39 and 64 percent of the time,
while the measurement-related elements were satisfied between 14 and 71
percent. Of particular note is that only 39 percent of the departments
and agencies could demonstrate that IT investments comply with their
enterprise architectures, only 43 percent of the departments and
agencies could demonstrate that compliance with the enterprise
architecture is measured and reported, and only 14 percent were
measuring and reporting on their respective architecture program's
return on investment. As our work and related best practices show, the
value in having an architecture is using it to affect change and
produce results. Such results, as reported by the departments and
agencies include improved information sharing, increased consolidation,
enhanced productivity, and lower costs, all of which contribute to
improved agency performance. To realize these benefits, however, IT
investments need to comply with the architecture and measurement of
architecture activities, including accrual of expected benefits, needs
to occur.
Figure 4: Overall Satisfaction of Core Elements Associated with
Architecture Use:
[See PDF for image]
Source: GAO analysis of department/agency data.
Note: Numbers might not add to 100 percent due to rounding.
[End of figure]
Figure 5: Overall Satisfaction of Core Elements Associated with
Architecture Measurement:
[See PDF for image]
Source: GAO analysis of department/agency data.
Note: Numbers might not add to 100 percent due to rounding.
[End of figure]
Most Agencies Have at Least Partially Satisfied Most Framework
Elements:
In those instances where departments and agencies have not fully
satisfied certain core elements in our framework, most have at least
partially satisfied[Footnote 34] these elements. To illustrate, 4
agencies would improve to at least stage 4 if the criterion for being a
given stage was relaxed to only partially satisfying a core element.
Moreover, 11 of the remaining agencies would advance by two stages
under such a less demanding criterion, and only 6 would not improve
their stage of maturity under these circumstances. A case in point is
Commerce, which could move from stage 1 to stage 5 under these
circumstances because it has fully satisfied all but four core elements
and these remaining four (one each at stages 2 and 4 and two at stage
5) are partially satisfied. Another case in point is the SSA, which has
fully satisfied all but four core elements (one at stage 2 and three at
stage 5) and has partially satisfied three of these remaining four. If
the criterion used allowed advancement to the next stage by only
partially satisfying core elements, the administration would be stage
4. (See fig. 6 for a comparison of department and agency program
maturity stages under the two criteria.)
Figure 6: Department/Agency Maturity Stage Based on Fully Versus
Partially Satisfied Criterion:
[See PDF for image]
Source: GAO analysis of department/agency data.
[End of figure]
As mentioned earlier, departments and agencies can require considerable
time to completely address issues related to their respective
enterprise architecture programs. It is thus important to note that
even though certain core elements are partially satisfied, fully
satisfying some of them may not be accomplished quickly and easily. It
is also important to note the importance of fully, rather than
partially, satisfying certain elements, such as those that fall within
the architecture content group. In this regard, 18, 18, and 21 percent
of the departments and agencies partially satisfied the following stage
4 content-related core elements, respectively: "EA products describe
'as-is' environment, 'to-be' environment and sequencing plan"; "Both
'as-is' and 'to-be' environments are described in terms of business,
performance, information/data, application/service, and technology";
and "These descriptions fully address security." Not fully satisfying
these elements can have important implications for the quality of an
architecture, and thus its usability and results.
Seven Departments or Agencies Need to Satisfy Five or Fewer Core
Elements to Be at Stage 5:
Seven departments or agencies would meet our criterion for stage 5 if
each was to fully satisfy one to five additional core elements (see
table 6). For example, Interior could achieve stage 5 by satisfying one
additional element: "EA products and management processes undergo
independent verification and validation." In this regard, Interior
officials have drafted a statement of work intended to ensure that
independent verification and validation of enterprise architecture
products and management processes is performed. The other six
departments and agencies are HUD and OPM, which could achieve stage 5
by satisfying two additional elements; Commerce, Labor, and SSA, which
could achieve the same by satisfying four additional elements; and
Education which could be at stage 5 by satisfying five additional
elements. Of these seven, five have not fully satisfied the independent
verification and validation core element.
Notwithstanding the fact that five or fewer core elements need to be
satisfied by these agencies to be at stage 5, it is important to note
that in some cases the core elements not being satisfied are not only
very important, but also neither quickly nor easily satisfied. For
example, one of the two elements that HUD needs to satisfy is having
its architecture products address security. This is extremely important
as security is an integral aspect of the architecture's performance,
business, information/data, application/service, and technical models,
and needs to be reflected thoroughly and consistently across each of
them.
Table 6: Departments and Agencies That Need to Satisfy 5 or Fewer Core
Elements to Achieve Stage 5:
Department/agency: Department of the Interior;
Number of unsatisfied elements: 1;
Unsatisfied element(s): * EA products and management processes undergo
independent verification and validation.
Department/agency: Department of Housing and Urban Development;
Number of unsatisfied elements: 2;
Unsatisfied element(s): * EA products and management processes undergo
independent verification and validation;
* Business, performance, information/data, application/ service, and
technology descriptions address security.
Department/agency: Office of Personnel Management;
Number of unsatisfied elements: 2;
Unsatisfied element(s): * Progress against EA plans is measured and
reported;
* EA products and management processes undergo independent verification
and validation.
Department/agency: Department of Commerce;
Number of unsatisfied elements: 4;
Unsatisfied element(s): * Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
* Committee or group representing the enterprise or the investment
review board has approved current version of EA;
* Written and approved organization policy exists for IT investment
compliance with EA;
* IT investments comply with EA.
Department/agency: Department of Labor;
Number of unsatisfied elements: 4;
Unsatisfied element(s): * EA products and management processes undergo
independent verification and validation;
* IT investments comply with EA;
* Return on EA investment is measured and reported;
* Compliance with EA is measured and reported.
Department/agency: Social Security Administration;
Number of unsatisfied elements: 4;
Unsatisfied element(s): * EA is being developed using a framework,
methodology, and automated tool;
* Organization head has approved current version of EA;
* Return on EA investment is measured and reported;
* Compliance with EA is measured and reported.
Department/agency: Department of Education;
Number of unsatisfied elements: 5;
Unsatisfied element(s): * Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
* EA products and management processes undergo independent verification
and validation;
* Committee or group representing the enterprise or the investment
review board has approved current version of EA;
* Organization head has approved current version of EA;
* Return on EA investment is measured and reported.
Source: GAO.
[End of table]
Departments and Agencies Report Numerous Challenges Facing Them in
Developing and Using Enterprise Architectures:
The challenges facing departments and agencies in developing and using
enterprise architectures are formidable. The challenge that most
departments and agencies cited as being experienced to the greatest
extent is the one that having and using an architecture is intended to
overcome--organizational parochialism and cultural resistance to
adopting an enterprisewide mode of operation in which organizational
parts are sub-optimized in order to optimize the performance and
results of the enterprise as a whole. Specifically, 93 percent of the
departments and agencies reported that they encountered this challenge
to a significant (very great or great) or moderate extent. Other
challenges reported to this same extent were ensuring that the
architecture program had adequate funding (89 percent), obtaining staff
skilled in the architecture discipline (86 percent), and having the
department or agency senior leaders understand the importance and role
of the enterprise architecture (82 percent).
As we have previously reported, sustained top management leadership is
the key to overcoming each of these challenges. In this regard, our
enterprise architecture management maturity framework provides for such
leadership and addressing these and other challenges through a number
of core elements. These elements contain mechanisms aimed at, for
example, establishing responsibility and accountability for the
architecture with senior leaders and ensuring that the necessary
institutional commitments are made to the architecture program, such as
through issuance of architecture policy and provision of adequate
resources (both funding and people). See table 7 for a listing of the
reported challenges and the extent to which they are being experienced.
Table 7: Degree to Which Departments and Agencies Are Experiencing
Enterprise Architecture Challenges:
Challenge: Overcoming parochialism/cultural resistance;
Percentage of departments and agencies experiencing the challenge to a
great or very great extent: 76.
Challenge: Ensuring adequate funding;
Percentage of departments and agencies experiencing the challenge to a
great or very great extent: 52.
Challenge: Fostering top management understanding;
Percentage of departments and agencies experiencing the challenge to a
great or very great extent: 48.
Challenge: Obtaining skilled staff;
Percentage of departments and agencies experiencing the challenge to a
great or very great extent: 48.
Source: GAO analysis based on department/agency data.
[End of table]
Many Departments and Agencies Reported That They Have Already Realized
Significant Architecture Benefits, While Most Expect to Do So in the
Future:
A large percentage of the departments and agencies reported that they
have already accrued numerous benefits from their respective
architecture programs (see table 8). For example, 70 percent said that
have already improved the alignment between their business operations
and the IT that supports these operations to a significant extent. Such
alignment is extremely important. According to our IT investment
management maturity framework,[Footnote 35] alignment between business
needs and IT investments is a critical process in building the
foundation for an effective approach to IT investment management. In
addition, 64 percent responded that they have also improved
information/knowledge sharing to a significant or moderate extent. Such
sharing is also very important. In 2005, for example, we added homeland
security information sharing to our list of high-risk areas because
despite the importance of information to fighting terrorism and
maintaining the security of our nation, many aspects of homeland
security information sharing remain ineffective and
fragmented.[Footnote 36] Other examples of mission- effectiveness
related benefits reported as already being achieved to a significant or
moderate extent by roughly one-half of the departments and agencies
included improved agency management and change management and improved
system and application interoperability.
Beyond these benefits, departments and agencies also reported already
accruing, to a significant or moderate extent, a number of efficiency
and productivity benefits. For example, 56 percent reported that they
have increased the use of enterprise software licenses, which can
permit cost savings through economies of scale purchases; 56 percent
report that they have been able to consolidate their IT infrastructure
environments, which can reduce the costs of operating and maintaining
duplicative capabilities; 41 percent reported that they have been able
to reduce the number of applications, which is a key to reducing
expensive maintenance costs; and 37 percent report productivity
improvements, which can free resources to focus on other high priority
matters.
Notwithstanding the number and extent of benefits that department and
agency responses show have already been realized, these same responses
also show even more benefits that they have yet to realize (see table
8). For example, 30 percent reported that they have thus far achieved,
to little or no extent, better business and IT alignment. They
similarly reported that they have largely untapped many other
effectiveness and efficiency benefits, with between 36 and 70 percent
saying these benefits have been achieved to little or no extent,
depending on benefit. Moreover, for all the cited benefits, a far
greater percentage of the departments and agencies (74 to 93 percent)
reported that they expect to realize each of the benefits to a
significant or moderate extent sometime in the future. What this
suggests is that the real value in the federal government from
developing and using enterprise architecture remains largely unrealized
potential.
Our architecture maturity framework recognizes that a key to realizing
this potential is effectively managing department and agency enterprise
architecture programs. However, knowing whether benefits and results
are in fact being achieved requires having associated measures and
metrics. In this regard, very few (21 percent) of the departments and
agencies fully satisfied our stage 5 core element, "Return on EA
investment is measured and reported." Without satisfying this element,
it is unlikely that the degree to which expected benefits are accrued
will be known.
Table 8: Enterprise Architecture Benefits Reported As Being or To Be
Achieved to a Significant Extent:
Benefit: Improved business and information technology alignment;
Percent reporting that the benefit is being achieved: 70;
Percent reporting that the benefit will be achieved: 93.
Benefit: Improved information/knowledge sharing;
Percent reporting that the benefit is being achieved: 64;
Percent reporting that the benefit will be achieved: 93.
Benefit: Improved agency and change management;
Percent reporting that the benefit is being achieved: 54;
Percent reporting that the benefit will be achieved: 89.
Benefit: Increased infrastructure consolidation;
Percent reporting that the benefit is being achieved: 56;
Percent reporting that the benefit will be achieved: 81.
Benefit: Increased use of enterprise licenses;
Percent reporting that the benefit is being achieved: 56;
Percent reporting that the benefit will be achieved: 89.
Benefit: Improved systems interoperability;
Percent reporting that the benefit is being achieved: 48;
Percent reporting that the benefit will be achieved: 93.
Benefit: Improved application interoperability;
Percent reporting that the benefit is being achieved: 46;
Percent reporting that the benefit will be achieved: 81.
Benefit: Fewer applications;
Percent reporting that the benefit is being achieved: 41;
Percent reporting that the benefit will be achieved: 89.
Benefit: Optimized business processes;
Percent reporting that the benefit is being achieved: 41;
Percent reporting that the benefit will be achieved: 89.
Benefit: Improved data integration;
Percent reporting that the benefit is being achieved: 39;
Percent reporting that the benefit will be achieved: 89.
Benefit: Enhanced productivity;
Percent reporting that the benefit is being achieved: 37;
Percent reporting that the benefit will be achieved: 81.
Benefit: Improved data reuse;
Percent reporting that the benefit is being achieved: 33;
Percent reporting that the benefit will be achieved: 93.
Benefit: Lower system-related costs;
Percent reporting that the benefit is being achieved: 30;
Percent reporting that the benefit will be achieved: 85.
Benefit: Reduced system complexity;
Percent reporting that the benefit is being achieved: 30;
Percent reporting that the benefit will be achieved: 74.
Source: GAO based on department and agency data.
Note: Significant extent means a very great, great, or moderate extent.
[End of table]
Conclusions:
If managed effectively, enterprise architectures can be a useful change
management and organizational transformation tool. The conditions for
effectively managing enterprise architecture programs are contained in
our architecture management maturity framework. While a few of the
federal government's 27 major departments and agencies have fully
satisfied all the conditions needed to be at stage 2 or above in our
framework, many have fully satisfied a large percentage of the core
elements across most of the stages, particularly those elements related
to architecture governance. Nevertheless, most departments and agencies
are not yet where they need to be relative to architecture content,
use, and measurement and thus the federal government is not as well
positioned as it should be to realize the significant benefits that a
well-managed architecture program can provide. Moving beyond this
status will require most departments and agencies to overcome some
significant obstacles and challenges. The key to doing so continues to
be sustained organizational leadership. Without such organizational
leadership, the benefits of enterprise architecture will not be fully
realized.
Recommendations for Executive Action:
To assist the 27 major departments and agencies in addressing
enterprise architecture challenges, managing their architecture
programs, and realizing architecture benefits, we recommend that the
Administrators of the Environmental Protection Agency, General Services
Administration, National Aeronautics and Space Administration, Small
Business Administration, and U.S. Agency for International Development;
the Attorney General; the Commissioners of the Nuclear Regulatory
Commission and Social Security Administration; the Directors of the
National Science Foundation and the Office of Personnel Management; and
the Secretaries of the Departments of Agriculture, Commerce, Defense,
Education, Energy, Health and Human Services, Homeland Security,
Housing and Urban Development, Interior, Labor, State, Transportation,
Treasury, and Veterans Affairs ensure that their respective enterprise
architecture programs develop and implement plans for fully satisfying
each of the conditions in our enterprise architecture management
maturity framework.
Agency Comments and Our Evaluation:
We received written or oral comments on a draft of this report from 25
of the departments and agencies in our review.[Footnote 37] Of the 25
departments and agencies, all but one department fully agreed with our
recommendation. Nineteen departments and agencies agreed and six
partially agreed with our findings. Areas of disagreement for these six
centered on (1) the adequacy of the documentation that they provided to
demonstrate satisfaction of certain core elements and (2) recognition
of steps that they reported taking to satisfy certain core elements
after we concluded our review. For the most part, these isolated areas
of disagreement did not result in any changes to our findings for two
primary reasons. First, our findings across the departments and
agencies were based on consistently applied evaluation criteria
governing the adequacy of documentation, and were not adjusted to
accommodate any one particular department or agency. Second, our
findings represent the state of each architecture program as of March
2006, and thus to be consistent do not reflect activities that may have
occurred after this time. Beyond these comments, several agencies
offered suggestions for improving our framework, which we will consider
prior to issuing the next version of the framework. The departments'
and agencies' respective comments and our responses, as warranted, are
as follows:
* Agriculture's Associate CIO provided e-mail comments stating that the
department will incorporate our recommendation into its enterprise
architecture program plan.
* Commerce's CIO stated in written comments that the department
concurred with our findings and will consider actions to address our
recommendation. Commerce's written comments are reproduced in appendix
V.
* DOD's Director, Architecture and Interoperability, stated in written
comments that the department generally concurred with our
recommendation to the five DOD architecture programs included in our
review. However, the department stated that it did not concur with the
one aspect of the recommendation directed at the GIG architecture
concerning independent verification and validation (IV&V) because it
believes that its current internal verification and validation
activities are sufficient. We do not agree for two reasons. First,
these internal processes are not independently performed. As we have
previously reported, IV&V is a recognized hallmark of well managed
programs, including architecture programs, and to be effective, it must
be performed by an entity that is independent of the processes and
products that are being reviewed. Second, the scope of the internal
verification and validation activities only extends to a subset of the
architecture products and management processes.
The department also stated that it did not concur with one aspect of
our finding directed at BEA addressing security. According to DOD,
because GIG addresses security and the GIG states that it extends to
all defense mission areas, including the business mission area, the BEA
in effect addresses security. We do not fully agree. While we
acknowledge that GIG addresses security and states that it is to extend
to all DOD mission areas, including the business mission area, it does
not describe how this will be accomplished for BEA. Moreover, nowhere
in the BEA is security addressed, either through statement or
reference, relative to the architecture's performance, business,
information/data, application/service, and technology products. DOD's
written comments, along with our responses, are reproduced in appendix
VI.
* Education's Assistant Secretary for Management and Acting CIO stated
in written comments that the department plans to address our findings.
Education's written comments are reproduced in appendix VII.
* Energy's Acting Associate CIO for Information Technology Reform
stated in written comments that the department concurs with our report.
Energy's written comments are reproduced in appendix VIII.
* DHS's Director, Departmental GAO/OIG Liaison Office, stated in
written comments that the department has taken, and plans to take,
steps to address our recommendation. DHS's written comments, along with
our responses to its suggestions for improving our framework, are
reproduced in appendix IX. DHS also provided technical comments via e-
mail, which we have incorporated, as appropriate, in the report.
* HUD's CIO stated in written comments that the department generally
concurs with our findings and is developing a plan to address our
recommendation. The CIO also provided updated information about
activities that the department is taking to address security in its
architecture. HUD's written comments are reproduced in appendix X.
* Interior's Assistant Secretary, Policy, Management and Budget, stated
in written comments that the department agrees with our findings and
recommendation and that it has recently taken action to address them.
Interior's written comments are reproduced in appendix XI.
* DOJ's CIO stated in written comments that our findings accurately
reflect the state of the department's enterprise architecture program
and the areas that it needs to address. The CIO added that our report
will help guide the department's architecture program and provided
suggestions for improving our framework and its application. DOJ's
written comments, along with our responses to its suggestions, are
reproduced in appendix XII.
* Labor's Deputy CIO provided e-mail comments stating that the
department concurs with our findings. The Deputy CIO also provided
technical comments that we have incorporated, as appropriate, in the
report.
* State's Assistant Secretary for Resource Management and Chief
Financial Officer provided written comments that summarize actions that
the department will take to fully satisfy certain core elements and
that suggest some degree of disagreement with our findings relative to
three other core elements. First, the department stated that its
architecture configuration management plan has been approved by both
the State and USAID CIOs. However, it provided no evidence to
demonstrate that this was the case as of March 2006 when we concluded
our review, and thus we did not change our finding relative to
architecture products being under configuration management. Second, the
department stated that its enterprise architecture has been approved by
State and USAID executive offices. However, it did not provide any
documentation showing such approval. Moreover, it did not identify
which executive offices it was referring to so as to allow a
determination of whether they were collectively representative of the
enterprise. As a result, we did not change our finding relative to
whether a committee or group representing the enterprise or an
investment review board has approved the current version of the
architecture. Third, the department stated that it provided us with IT
investment score sheets during our review that demonstrate that
investment compliance with the architecture is measured and reported.
However, no such score sheets were provided to us. Therefore, we did
not change our finding. The department's written comments, along with
more detailed responses, are reproduced in appendix XIII.
* Treasury's Associate CIO for E-Government stated in written comments
that the department concurs with our findings and discussed steps being
taken to mature its enterprise architecture program. The Associate CIO
also stated that our findings confirm the department's need to provide
executive leadership in developing its architecture program and to
codify the program into department policy. Treasury's written comments
are reproduced in appendix XIV.
* VA's Deputy Secretary stated in written comments that the department
concurred with our recommendation and that it will provide a detailed
plan to implement our recommendation. VA's written comments are
reproduced in appendix XV.
* EPA's Acting Assistant Administrator and CIO stated in written
comments that the agency generally agreed with our findings and that
our assessment is a valuable benchmarking exercise that will help
improve agency performance. The agency also provided comments on our
findings relative to five core elements. For one of these core
elements, the comments directed us to information previously provided
about the agency's architecture committee that corrected our
understanding and resulted in us changing our finding about this core
element. With respect to the other four core elements concerning use of
an architecture methodology, measurement of progress against program
plans, integration of the architecture into investment decision making,
and management of architecture change, the comments also directed us to
information previously provided but this did not result in any changes
to our findings because evidence demonstrating full satisfaction of
each core element was not apparent. EPA's written comments, along with
more detailed responses to each, are reproduced in appendix XVI.
* GSA's Administrator stated in written comments that the agency
concurs with our recommendation. The Administrator added that our
findings will be critical as the agency works towards further
implementing our framework's core elements. GSA's written comments are
reproduced in appendix XVII.
* NASA's Deputy Administrator stated in written comments that the
agency concurs with our recommendation. NASA's written comments are
reproduced in appendix XVIII. NASA's GAO Liaison also provided
technical comments via e-mail, which we have incorporated, as
appropriate, in the report.
* NSF's CIO provided e-mail comments stating that the agency will use
the information in our report, where applicable, for future planning
and investment in its architecture program. The CIO also provided
technical comments that we have incorporated, as appropriate, in the
report.
* NRC's GAO liaison provided e-mail comments stating that the agency
substantially agrees with our findings and describing activities it has
recently taken to address them.
* OPM's CIO provided e-mail comments stating that the agency agrees
with our findings and describing actions it is taking to address them.
* SBA's GAO liaison provided e-mail comments in which the agency
disagreed with our findings on two core elements. First, and
notwithstanding agency officials' statements that its architecture
program did not have adequate resources, the liaison did not agree with
our "partially satisfied" assessment for this core element because,
according to the liaison, the agency has limited discretionary funds
and competing, but unfunded, federal mandates to comply with that limit
discretionary funding for an agency of its size. While we acknowledge
SBA's challenges, we would note that they are not unlike the resource
constraints and competing priority decisions that face most agencies,
and that while the reasons why an architecture program may not be
adequately resourced may be justified, the fact remains that any
assessment of the architecture program's maturity, and thus its
likelihood of success, needs to recognize whether adequate resources
exist. Therefore, we did not change our finding on this core element.
Second, the liaison did not agree with our finding that the agency did
not have plans for developing metrics for measuring architecture
progress, quality, compliance, and return on investment. However, our
review of documentation provided by SBA and cited by the liaison showed
that while such plans address metric development for architecture
progress, quality, and compliance, they do not address architecture
return on investment. Therefore, we did not change our finding that
this core element was partially satisfied.
* SSA's Commissioner stated in written comments that the report is both
informative and useful, and that the agency agrees with our
recommendation and generally agrees with our findings. Nevertheless,
the agency disagreed with our findings on two core elements. First, the
agency stated that documentation provided to us showed that it has a
methodology for developing, maintaining, and validating its
architecture. We do not agree. In particular, our review of SSA
provided documentation showed that it did not adequately describe the
steps to be followed relative to development, maintenance, or
validation. Second, the agency stated that having the head of the
agency approve the current version of the architecture is satisfied in
SSA's case because the Clinger-Cohen Act of 1996 vests its CIO with
enterprise architecture approval authority and the CIO has approved the
architecture. We do not agree. The core element in our framework
concerning enterprise architecture approval by the agency head is
derived from federal guidance and best practices upon which our
framework is based. This guidance and related practices, and thus our
framework, recognize that an enterprise architecture is a corporate
asset that is to be owned and implemented by senior management across
the enterprise, and that a key characteristic of a mature architecture
program is having the architecture approved by the department or agency
head. Because the Clinger-Cohen Act does not address approval of an
enterprise architecture, our framework's core element for agency head
approval of an enterprise architecture is not inconsistent with, and is
not superseded by, that act. SSA's written comments, along with more
detailed responses, are reproduced in appendix XIX.
* USAID's Acting Chief Financial Officer stated in written comments
stated that the agency will work with State to implement our
recommendation. USAID's written comments are reproduced in appendix XX.
As agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution until 30 days
from the report date. At that time, we will send copies of this report
to the Administrators of the Environmental Protection Agency, General
Services Administration, National Aeronautics and Space Administration,
Small Business Administration, and U.S. Agency for International
Development; the Attorney General; the Commissioners of the Nuclear
Regulatory Commission and Social Security Administration; the Directors
of the National Science Foundation and the Office of Personnel
Management; and the Secretaries of the Departments of Agriculture,
Commerce, Defense, Education, Energy, Health and Human Services,
Homeland Security, Housing and Urban Development, Interior, Labor,
State, Transportation, Treasury, and Veterans Affairs. We will also
make copies available to others upon request. In addition, the report
will be available at no charge on the GAO Web site at [Hyperlink,
http://www.gao.gov].
If you have any questions concerning this information, please contact
me at (202) 512-3439 or by e-mail at hiter@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. Key contributors to this report are
listed in appendix XXI.
Sincerely yours,
Signed by:
Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
[End of section]
Appendix I: Reported Enterprise Architecture Costs Vary, with
Contractors and Personnel Accounting for Most Costs:
Department-and agency-reported data show wide variability in their
costs to develop and maintain their enterprise architectures.
Generally, the costs could be allocated to several categories with the
majority of costs attributable to contractor support and agency
personnel.
Architecture Development and Maintenance Costs Vary:
As we have previously reported, the depth and detail of the
architecture to be developed and maintained is dictated by the scope
and nature of the enterprise and the extent of enterprise
transformation and modernization envisioned. Therefore, the
architecture should be tailored to the individual enterprise and that
enterprise's intended use of the architecture. Accordingly, the level
of resources that a given department or agency invests in its
architecture is likely to vary.
Departments and agencies reported that they have collectively invested
a total of $836 million to date on enterprise architecture development.
Across the 27 departments and agencies, these development costs ranged
from a low of $2 million by the Department of the Navy to a high of
$433 million by the Department of Defense (DOD) on its Business
Enterprise Architecture (BEA). Department and agency estimates of the
costs to complete their planned architecture development efforts
collectively total about $328 million. The department and agencies
combined estimates of annual architecture maintenance costs is about
$146 million. These development and maintenance estimates, however, do
not include the Departments of the Army and Justice because neither
provided these cost estimates. Figures 7 through 9 depict the
variability of cost data reported by the departments and agencies.
Figure 7: Reported Development Costs to Date for Departments and
Agencies:
[See PDF for image]
Source: Cited departments and agencies.
Note: The Departments of the Army and Justice did not provide
development costs.
[End of figure]
Figure 8: Reported Estimated Completion Costs for Departments and
Agencies:
[See PDF for image]
Source: Cited departments and agencies.
Note: The Departments of the Air Force, Army, Energy, Justice, and
Navy, the DOD's BEA and Global Information Grid (GIG), and OPM did not
provide completion costs. NSF reported completion costs ($15,000),
which are not identified on this figure.
[End of figure]
Figure 9: Reported Estimated Annual Maintenance Costs for Departments
and Agencies:
[See PDF for image]
Source: Cited departments and agencies.
Note: The Departments of the Army, Justice, and Navy did not provide
maintenance costs.
[End of figure]
Contractor Support Accounts for the Majority of Architecture
Development Costs:
All of the departments and agencies reported developing their
architecture in-house using contractor support. All but two of the
departments and agencies allocated their respective architecture
development costs to the following cost categories:[Footnote 38]
contractor support, agency personnel, tools, methodologies, training,
and other.[Footnote 39] These 26 agencies accounted for about $741
million of the $836 million total development costs cited above. The
vast majority (84 percent) of the $741 million were allocated to
contractor services ($621 million), followed next by agency personnel
(13 percent or $94 million). The remaining $26 million were allocated
as follows: $12 million (2 percent) to architecture tools;
$9 million (1 percent) to "other" costs; $4 million (1 percent) to
architecture methodologies; and $2 million (less than 1 percent) to
training. (See fig. 10.)
Figure 10: Breakdown of Enterprise Architecture Development Costs for
all Departments and Agencies:
[See PDF for image]
Source: GAO analysis of department and agency data.
Note: Numbers do not add to 100 percent due to rounding.
[End of figure]
Architecture Development Activities Were Reported as Largest Component
of Contractor-Related Costs:
The departments and agencies allocated the reported $621 million in
contractor-related costs to the following five contractor cost
categories: architecture development, independent verification and
validation, methodology, support services, and other.[Footnote 40] Of
these categories, architecture development activities accounted for the
majority of costs--about $594 million (87 percent). The remaining $85
million was allocated as follows: $51 million (7 percent) to support
services, $13 million (2 percent) to "other" costs, $11 million (2
percent) to independent verification and validation, and $10 million (1
percent) to methodologies. (See fig. 11.)
Figure 11: Reported Enterprise Architecture Contractor Costs by
Category:
[See PDF for image]
Source: GAO analysis of department and agency data.
Note: Numbers do not add to 100 percent due to rounding.
[End of figure]
[End of section]
Appendix II: Departments and Agencies Reported Experiences with Their
Architecture Tools and Frameworks:
Departments and agencies reported additional information related to the
implementation of their enterprise architectures. This information
includes architecture tools and frameworks.
Departments and Agencies Reported Using a Variety of Enterprise
Architecture Tools with Varying Degrees of Satisfaction:
As stated in our enterprise architecture management maturity framework,
an automated architecture tool serves as the repository of architecture
artifacts, which are the work products that are produced and used to
capture and convey architectural information. An agency's choice of
tool should be based on a number of considerations, including agency
needs and the size and complexity of the architecture.[Footnote 41]
The departments and agencies reported that they use various automated
tools to develop and maintain their enterprise architectures, with 12
reporting that they use more than one tool. In descending order of
frequency, the architecture tools identified were System Architect (18
instances), Microsoft Visio (17), Metis (12), Rational Rose (8), and
Enterprise Architecture Management System (EAMS) (4). In addition, 21
departments and agencies reported using one or more other architecture
tools.[Footnote 42] Figure 12 shows the number of departments and
agencies using each architecture tool, including the other
tools.[Footnote 43]
Figure 12: Enterprise Architecture Tools Used by Departments and
Agencies:
[See PDF for image]
Source: GAO analysis of department and agency data.
[End of figure]
The departments and agencies also reported various levels of
satisfaction with the different enterprise architecture tools.
Specifically, about 75 percent of those using Microsoft Visio were
either very or somewhat satisfied with the tool, as compared to about
67 percent of those using Metis, about 63 percent of those using
Rational Rose, about 59 percent of those using System Architect, and 25
percent of those using EAMS. This means that the percentage of
departments and agencies that were dissatisfied, either somewhat or
very, with their respective tools ranged from a high of 75 percent of
those using EAMS, to a low of about 6 percent of those using System
Architect. No departments or agencies that used Metis, Rational Rose,
or Microsoft Visio reported any dissatisfaction. See table 9 for a
summary of department and agency reported satisfaction with their
respective tools.
Table 9: Department and Agency Reported Satisfaction with Tools:
Tool name (Vendor): EAMS;
Using tool: 4;
Very satisfied or somewhat satisfied: 1;
Number of departments and agencies: Neither satisfied nor dissatisfied:
0;
Somewhat or very dissatisfied: 3;
Undecided (too early to say): 0.
Tool name (Vendor): Metis (Troux Technologies);
Using tool: 12;
Very satisfied or somewhat satisfied: 8;
Number of departments and agencies: Neither satisfied nor dissatisfied:
1;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 3.
Tool name (Vendor): Rational Rose (IBM Corporation);
Using tool: 8;
Very satisfied or somewhat satisfied: 5;
Number of departments and agencies: Neither satisfied nor dissatisfied:
2;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 1.
Tool name (Vendor): System Architect (Popkin Software/Telelogic AB);
Using tool: 18;
Very satisfied or somewhat satisfied: 10;
Number of departments and agencies: Neither satisfied nor dissatisfied:
4;
Somewhat or very dissatisfied: 1;
Undecided (too early to say): 2.
Tool name (Vendor): Visio (Microsoft Corporation);
Using tool: 17;
Very satisfied or somewhat satisfied: 12;
Number of departments and agencies: Neither satisfied nor dissatisfied:
3;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 1.
Tool name (Vendor): Other;
Using tool: 21;
Very satisfied or somewhat satisfied: 17;
Number of departments and agencies: Neither satisfied nor dissatisfied:
0;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 1.
Source: GAO based on department and agency data.
Note: One agency did not indicate its satisfaction or dissatisfaction
with System Architect and Visio.
[End of table]
Departments and Agencies Reported Using a Variety of Enterprise
Architecture Frameworks with Varying Levels of Satisfaction:
As we have previously stated, an enterprise architecture framework
provides a formal structure for representing the architecture's content
and serves as the basis for the specific architecture products and
artifacts that the department or agency develops and maintains. As
such, a framework helps ensure the consistent representation of
information from across the organization and supports orderly capture
and maintenance of architecture content.
The departments and agencies reported using various frameworks to
develop and maintain their enterprise architectures. The most
frequently cited frameworks were the Federal Enterprise Architecture
Program Management Office (FEAPMO) Reference Models (25 departments and
agencies), the Federal Enterprise Architecture Framework
(FEAF)[Footnote 44] (19 departments and agencies), and the Zachman
Framework (17 departments and agencies), with 24 reporting using more
than one framework. Other, less frequently reported frameworks were the
Department of Defense Architecture Framework (DODAF), the National
Institute of Standards and Technology (NIST) framework, and The Open
Group Architecture Framework (TOGAF). See figure 13 for a summary of
the number of departments and agencies that reported using each
framework.
Figure 13: Frameworks Used by Departments and Agencies:
[See PDF for image]
Source: GAO analysis of department and agency data.
[End of figure]
Departments and agencies also reported varying levels of satisfaction
with their respective architecture. Specifically, about 72 percent of
those using the FEAF indicated that they were either very or somewhat
satisfied, and about 67 and 61 percent of those using the Zachman
framework and the FEAPMO reference models, respectively, reported that
they were similarly satisfied.[Footnote 45] As table 10 shows, few of
the agencies that responded to our survey reported being dissatisfied
with any of the frameworks.[Footnote 46]
Table 10: Department and Agency Framework Satisfaction Levels:
Framework (source): DODAF (Department of Defense);
Using framework: 7;
Very satisfied or somewhat satisfied: 4;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
2;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 0.
Framework (source): FEAF (CIO Council);
Using framework: 19;
Very satisfied or somewhat satisfied: 13;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
3;
Somewhat or very dissatisfied: 1;
Undecided (too early to say): 1.
Framework (source): FEAPMO Reference Models (OMB);
Using framework: 25;
Very satisfied or somewhat satisfied: 14;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
4;
Somewhat or very dissatisfied: 3;
Undecided (too early to say): 2.
Framework (source): NIST Framework (NIST);
Using framework: 2;
Very satisfied or somewhat satisfied: 1;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
0;
Somewhat or very dissatisfied: 1;
Undecided (too early to say): 0.
Framework (source): TOGAF (The Open Group);
Using framework: 1;
Very satisfied or somewhat satisfied: 1;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
0;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 0.
Framework (source): Zachman Framework (The Zachman Institute for
Framework Advancement);
Using framework: 17;
Very satisfied or somewhat satisfied: 10;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
4;
Somewhat or very dissatisfied: 1;
Undecided (too early to say): 0.
Framework (source): Other;
Using framework: 3;
Very satisfied or somewhat satisfied: 3;
Number of Departments and Agencies: Neither satisfied nor dissatisfied:
0;
Somewhat or very dissatisfied: 0;
Undecided (too early to say): 0.
Source: GAO based on department and agency data.
[End of table]
[End of section]
Appendix III: Objective, Scope, and Methodology:
Our objective was to determine the current status of federal department
and agency enterprise architecture efforts. To accomplish this
objective, we focused on 28 enterprise architecture programs relating
to 27 major departments and agencies. These 27 included the 24
departments and agencies included in the Chief Financial Officers
Act.[Footnote 47] In addition, we included the three military services
(the Departments of the Army, Air Force, and Navy) at the request of
Department of Defense (DOD) officials. For the DOD, we also included
both of its departmentwide enterprise architecture programs--the Global
Information Grid and the Business Enterprise Architecture. The U.S.
Agency for International Development (USAID), which is developing a
USAID enterprise architecture and working with the Department of State
(State) to develop a Joint Enterprise Architecture, asked that we
evaluate its efforts to develop the USAID enterprise architecture.
State officials asked that we evaluate their agency's enterprise
architecture effort based the Joint Enterprise Architecture being
developed with USAID. We honored both of these requests.
Table 11 lists the 28 department and agency enterprise architecture
programs that formed the scope of our review.
Table 11: List of Architecture Programs Included in this Report:
Agency: Department of Agriculture.
Agency: Department of the Air Force.
Agency: Department of the Army.
Agency: Department of Commerce.
Agency: Department of Defense - Business Enterprise Architecture.
Agency: Department of Defense - Global Information Grid.
Agency: Department of Education.
Agency: Department of Energy.
Agency: Department of Health and Human Services.
Agency: Department of Homeland Security.
Agency: Department of Housing and Urban Development.
Agency: Department of the Interior.
Agency: Department of Justice.
Agency: Department of Labor.
Agency: Department of the Navy.
Agency: Department of State.
Agency: Department of Transportation.
Agency: Department of the Treasury.
Agency: Department of Veterans Affairs.
Agency: Environmental Protection Agency.
Agency: General Services Administration.
Agency: National Aeronautics and Space Administration.
Agency: National Science Foundation.
Agency: Nuclear Regulatory Commission.
Agency: Office of Personnel Management.
Agency: Small Business Administration.
Agency: Social Security Administration.
Agency: U.S. Agency for International Development.
Source: GAO.
[End of table]
To determine the status of each of these architecture programs, we
developed a data collection instrument based on our Enterprise
Architecture Management Maturity Framework (EAMMF),[Footnote 48] and
related guidance, such as OMB Circular A-130[Footnote 49] and guidance
published by the federal Chief Information Officers (CIO)
Council,[Footnote 50] and our past reports and guidance on the
management and content of enterprise architectures.[Footnote 51] We
pretested this instrument at one department and one agency. Based on
the results of the pretest, we modified our instrument as appropriate
to ensure that our areas of inquiry were complete and clear.
Next, we identified the Chief Architect or comparable official at each
of the 27 departments and agencies, and met with them to discuss our
scope and methodology, share our data collection instrument, and
discuss the type and nature of supporting documentation needed to
verify responses to our instrument questions.[Footnote 52]
On the basis of department and agency provided documentation to support
their respective responses to our data collection instrument, we
analyzed the extent to which each satisfied the 31 core elements in our
architecture maturity framework. To guide our analysis, we defined
detailed evaluation criteria for determining whether a given core
element was fully satisfied, partially satisfied, or not satisfied. The
criteria for the stage 2, 3, 4, and 5 core elements are contained in
tables 12, 13, 14, and 15 respectively. To fully satisfy a core
element, sufficient documentation had to be provided to permit us to
verify that all aspects of the core element were met. To partially
satisfy a core element, sufficient documentation had to be provided to
permit us to verify that at least some aspects of the core element were
met. Core elements that were neither fully nor partially satisfied were
judged to be not satisfied.
Table 12: Stage 2 Evaluation Criteria:
Core element: Adequate resources exist;
Evaluation criteria: Agency responded that "very adequate," "somewhat
adequate," or "neither adequate nor inadequate" resources exist for
funding, personnel, and tools.
Core element: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Evaluation criteria: Agency (1) responded that a committee or group
representing the enterprise is responsible for direction, oversight,
and approval of the enterprise architecture;
(2) provided a charter or other documentation supporting the group's
responsibilities;
and (3) provided sample meeting minutes or other documentation
confirming that meetings have been held.
Core element: Program office responsible for EA development and
maintenance exists;
Evaluation criteria: Agency (1) responded that a program office is
responsible for EA development and maintenance and (2) provided
documentation supporting their assertion.
Core element: Chief architect exists;
Evaluation criteria: Agency (1) responded that chief architect exists
and (2) provided documentation or assertion that the chief architect is
responsible and accountable for EA and serves as the EA program
manager.
Core element: EA being developed using a framework, methodology, and
automated tool;
Evaluation criteria: Agency (1) responded that the enterprise
architecture is being developed using a framework, methodology, and
automated tool;
(2) provided documentation supporting the use of a framework and
automated tool;
and (3) provided a documented methodology that includes steps for
developing, maintaining, and validating the enterprise architecture.
Core element: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Evaluation criteria: Agency (1) responded that EA plans call for
describing the "as-is" and "to-be" environments and a sequencing plan
and (2) provided plans that document this assertion;
or agency (1) responded that the EA describes the "as- is" and "to-be"
environments and a sequencing plan and (2) provided documentation to
support this assertion.
Core element: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Evaluation criteria: Agency (1) responded that EA plans call for
describing the enterprise in terms of business, performance,
information/data, application/service, and technology and (2) provided
plans that document this assertion;
or agency (1) responded that the EA describes the enterprise in terms
of business, performance, information/data, application/service, and
technology and (2) provided documentation to support this assertion.
Core element: EA plans call for business, performance, information/
data, application/service, and technology to address security;
Evaluation criteria: Agency (1) responded that EA plans call for
business, performance, information/data, application/service, and
technology descriptions to address security and (2) provided plans that
document this assertion;
or agency (1) responded that the business, performance,
information/data, application/service, and technology descriptions
address security and (2) provided documentation to support this
assertion.
Core element: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Evaluation criteria: Agency (1) responded that EA plans call for
developing metrics to measure EA progress, quality, compliance, and
return on investment and (2) provided plans to support this assertion;
or responded (1) that EA progress, quality, compliance, and/or return
on investment is measured and reported and (2) provided support for
this assertion.
Source: GAO.
[End of table]
Table 13: Stage 3 Evaluation Criteria:
Core element: Written and approved policy exists for EA development;
Evaluation criteria: Agency (1) responded that a written and approved
organization policy exists for EA development and (2) provided a policy
that supported this assertion.
Core element: EA products are under configuration management;
Evaluation criteria: Agency (1) responded that EA products are under
configuration management and (2) provided their formally documented
configuration management approach.
Core element: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Evaluation criteria: Agency (1) responded that EA plans call for
describing the "as-is" and "to-be" environments and a sequencing plan,
(2) provided plans that document this assertion, and (3) responded that
it is "in the process of developing the EA" or that it "has developed
an EA";
or agency (1) responded that the EA describes the "as-is" and "to-be"
environments and a sequencing plan and (2) provided documentation to
support this assertion.
Core element: Both "as-is" and "to-be" environments are described or
will be described in terms of business, performance, information/data,
application/service, and technology;
Evaluation criteria: Agency (1) responded that EA plans call for
describing the enterprise in terms of business, performance,
information/data, application/service, and technology;
(2) provided plans that document this assertion;
and (3) responded that it is "in the process of developing the EA" or
that it "has developed an EA";
or agency (1) responded that the EA describes the enterprise in terms
of business, performance, information/data, application/service, and
technology and (2) provided documentation to support this assertion.
Core element: These descriptions address or will address security;
Evaluation criteria: Agency (1) responded that EA plans call for
business, performance, information/data, plans that document this
assertion;
and (3) responded that it is "in the process of developing the EA" or
that it "has developed an EA";
or agency (1) responded that the business, performance,
information/data, application/service, and technology descriptions
address security and (2) provided documentation to support this
assertion.
Core element: Progress against EA plans is measured and reported;
Evaluation criteria: Agency (1) responded that it measures and reports
progress against plans;
(2) provided a description of how progress against plans is measured
and reported;
and (3) provided sample reports that include sample measures.
Source: GAO.
[End of table]
Table 14: Stage 4 Evaluation Criteria:
Core element: Written and approved policy exists for EA maintenance;
Evaluation criteria: Agency (1) responded that a written and approved
organization policy exists for EA maintenance and (2) provided a policy
that supported this assertion.
Core element: EA products and management processes undergo independent
verification and validation;
Evaluation criteria: Agency (1) responded that EA products and
management processes undergo independent verification and validation;
(2) provided proof that independent verification and validation
activities were conducted by an independent third party and reported
outside the span of control of the chief architect;
and (3) provided sample independent verification and validation reports
to the audit team. Independence was a critical element for satisfaction
of this item.
Core element: EA products describe "as-is" environment, "to-be"
environment, and sequencing plan;
Evaluation criteria: Agency (1) responded that the EA describes the "as-
is" and "to-be" environments and a sequencing plan;
(2) provided documentation to support this assertion;
and (3) responded that it has developed an EA. In addition, an agency
could not receive full credit for satisfying this element unless it
fully satisfied the element, "Both 'as-is' and 'to-be' environments are
described in terms of business, performance, information/data,
application/service, and technology.".
Core element: Both "as-is" and "to-be" environments are described in
terms of business, performance, information/data, application/service,
and technology;
Evaluation criteria: Agency (1) responded that the EA describes the
enterprise in terms of business, performance, information/data,
application/service, and technology;
(2) provided documentation to support this assertion;
and (3) responded that it has developed an EA. Agencies that completed
four or five required descriptions in both the "as-is" and "to-be"
environments received a yes for this item. Agencies that addressed less
that two of the five required descriptions in both the "as-is" and "to-
be" environments received a no for this element.
Core element: These descriptions address security;
Evaluation criteria: Agency (1) responded that the business,
performance, information/data, application/service, and technology
descriptions address security;
(2) provided documentation to support this assertion;
and (3) responded that it has developed an EA.
Core element: Organization CIO has approved EA;
Evaluation criteria: Agency (1) responded that that CIO has approved
the current version of the EA and (2) provided a signature page or
other proof that the CIO has approved current version of EA.
Core element: Committee or group representing the enterprise or the
investment review board has approved current version of EA;
Evaluation criteria: Agency (1) responded that a committee or group
representing the enterprise or the investment review board has approved
current version of EA and (2) provided meeting minutes or other proof
that a committee or group representing the enterprise or the investment
review board has approved current version of EA.
Core element: Quality of EA products is measured and reported;
Evaluation criteria: Agency (1) responded that it measures and reports
product quality, (2) provided a description of how quality is measured
and reported, and (3) provided sample reports that include sample
measures.
Source: GAO.
[End of table]
Table 15: Stage 5 Evaluation Criteria:
Core element: Written and approved organization policy exists for IT
investment compliance with EA;
Evaluation criteria: Agency (1) responded that a written and approved
organization policy exists for IT investment compliance with EA and (2)
provided a written policy to support this assertion.
Core element: Process exists to formally manage EA change;
Evaluation criteria: Agency (1) responded that a process exists to
formally manage EA change and (2) provided evidence to support this
assertion.
Core element: EA is integral component of IT investment management
process;
Evaluation criteria: Agency (1) responded that EA is an integral
component of IT investment management process; (2) provided
documentation describing how the EA is used when making IT investment
decisions; (3) provided evidence that a sequencing plan exists to guide
IT investments; and (4) partially or fully satisfied at least one of
the following stage 3 elements: (a) EA products describe or will
describe "as-is" environment, "to-be" environment, and sequencing plan,
(b) both "as-is" and "to-be" environments are described or will be
described in terms of business, performance, information/data,
application/service, and technology, or (c) these descriptions address
or will address security.
Core element: EA products are periodically updated;
Evaluation criteria: Agency (1) responded that EA products are
periodically updated and (2) provided a description of the process used
for updating EA products.
Core element: IT investments comply with EA;
Evaluation criteria: Agency (1) responded that IT investments comply
with EA; (2) provided evidence that IT is not selected and approved
under the organization's capital planning and investment control
process unless it is compliant with the EA; and (3) partially or fully
satisfied at least one of the following stage 3 elements: (a) EA
products describe or will describe "as-is" environment, "to-be"
environment, and sequencing plan, (b) both "as-is" and "to-be"
environments are described or will be described in terms of business,
performance, information/data, application/service, and technology, or
(c) these descriptions address or will address security.
Core element: Organization head has approved current version of EA;
Evaluation criteria: Agency (1) responded that the organization head
has approved the current version of the EA; (2) provided a signature
page or other proof that organization head or a deputy organization
head has approved current version of EA or provided proof of formal
delegation of this activity and subsequent approval; and (3) partially
or fully satisfied at least one of the following stage 3 elements: (a)
EA products describe or will describe "as-is" environment, "to-be"
environment, and sequencing plan, (b) both "as-is" and "to-be"
environments are described or will be described in terms given in Stage
2, or (c) these descriptions address or will address security.
Core element: Return on EA investment is measured and reported;
Evaluation criteria: Agency (1) responded that it measures and reports
return on investment;
(2) provided a description of how return on investment is measured and
reported;
and (3) provided sample reports that included sample measures.
Core element: Compliance with EA is measured and reported;
Evaluation criteria: Agency (1) responded that it measures and reports
compliance, (2) provided a description of how compliance is measured
and reported, and (3) provided sample reports that included sample
measures.
Source: GAO.
[End of table]
Our evaluation included first analyzing the extent to which each
department and agency satisfied the core elements in our framework, and
then meeting with department and agency representatives to discuss core
elements that were not fully satisfied and why. As part of this
interaction, we sought, and in some cases were provided, additional
supporting documentation. We then considered this documentation in
arriving at our final determinations about the degree to which each
department and agency satisfied each core element in our framework. In
applying our evaluation criteria, we analyzed the results of our
analysis across different core elements to determine patterns and
issues. Our analysis made use of computer programs that were developed
by an experienced staff; these programs were independently verified.
Through our data collection instrument, we also solicited from each
department and agency information on enterprise architecture challenges
and benefits, including the extent to which they had been or were
expected to be experienced. In addition, we solicited information on
architecture costs, including costs to date and estimated costs to
complete and maintain each architecture. We also solicited other
information, such as use of and satisfaction with architecture tools
and frameworks. We analyzed these additional data to determine relevant
patterns. We did not independently verify these data. The results
presented in this report reflect the state of department and agency
architecture programs as of March 8, 2006.[Footnote 53]
We conducted our work in the Washington, D.C., metropolitan area, from
May 2005 to June 2006, in accordance with generally accepted government
auditing standards.
[End of section]
Appendix IV: Detailed Assessments of Individual Departments and
Agencies against Our EA Management Maturity Framework:
Department of Agriculture:
Table 16 shows USDA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 16: Department of Agriculture Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements:Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure and report
EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: USDA
plans to develop specific steps for configuration management. However,
specific configuration management steps have not been developed.
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USDA
has limited reporting of EA progress. However, progress is not measured
and reported relative to an EA program plan.
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to USDA's EA division, USDA component agencies conduct
reviews of the EA products of other component agencies. However, the
documentation provided did not address verification and validation of
EA management processes and did not provide sufficient assurance that
the EA product reviews were independent.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to USDA's EA division, EA products describe the "as-is"
environment. However, a description of the "to-be" environment and a
sequencing plan have not been developed.
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to USDA's EA division, the "as-is" environment is described
in terms of business and service/application. However, the "as-is"
environment is not described in terms of performance, information/data,
and technology and the "to-be" descriptions have not been developed.
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to USDA's EA division, it has begun developing a security
architecture. However, the security architecture is still under
development and does not address all the requisite descriptions.
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USDA
has a policy that encourages IT investment compliance with the EA.
However, the policy does not explicitly require IT investment
compliance with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USDA
has assigned responsibility for formally managing EA change to a board
and has begun to develop a process to formally manage EA change.
However, evidence of this process was not provided.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USDA
provided documentation indicating that EA is an integral component of
the IT investment management process. However, the EA does not include
a sequencing plan to guide such investments.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to USDA EA officials, IT investments comply with the EA.
However, documentation provided to GAO did not clearly indicate that
all IT investments comply with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to USDA EA officials, they are beginning to measure and
report return on EA investment. However, documentation indicated that
these reports address the integration of applications as a result of
specific initiatives that are independent of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Compliance with USDA component agency architectures, which are segments
of the departmentwide EA, is measured and reported. However, USDA did
not provide documentation that compliance with the department EA as a
whole is measured and reported.
Source: GAO analysis of agency provided data.
[End of table]
Department of the Air Force:
Table 17 shows the Air Force's satisfaction of framework elements in
version 1.1 of GAO's EAMMF.
Table 17: Department of the Air Force Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Air Force has three committees representing the enterprise, each of
which is responsible for directing, overseeing, and approving one of
three segments of the EA. However, the charter for one of these
committees is not approved and no evidence was provided to support that
this committee has conducted any meetings.
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
program office responsible for EA development and maintenance exists.
However, the directive establishing this office has not been approved.
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Air Force uses a framework and automated tool to develop their EA.
However, our analysis of the Department of Defense Architecture
Framework (DODAF), which was cited as the Air Force's EA methodology,
determined that it is not an EA methodology.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Air Force plans to develop metrics to measure EA progress, compliance,
and return on investment. However, plans to develop metrics to measure
EA quality were not provided.
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Air Force Architecture Policy and Guidance Office
officials, EA products are not under configuration management.
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Air Force has limited reporting of EA progress. However, progress is
not measured and reported relative to an EA program plan.
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, EA
products and management processes have not undergone independent
verification and validation.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, EA
products describe the "as-is" environment and "to-be" environment but
do not describe a sequencing plan.
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, the
"as-is" and "to-be" descriptions do not address security.
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, a
committee or group representing the enterprise has not approved the
current version of the EA.
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office,
quality of EA products is not measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, a
process exists to formally manage EA change. However, the process by
which changes are made to the EA is not documented.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, EA
is not currently an integral component of the IT investment management
process.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, IT
investments comply with the EA. However, no documentation of IT
investment compliance with the Air Force EA was provided.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office, the
organization head has not approved the current version of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office,
return on EA investment is not measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Air Force Architecture Policy and Guidance Office,
compliance with the EA is measured and reported. However, compliance
measurement and reporting is with respect to only one segment of the
EA.
Source: GAO analysis of agency provided data.
[End of table]
Department of the Army:
Table 18 shows Army's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 18: Department of the Army Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, adequate tools exist. However, according
to these same officials, personnel resources are somewhat inadequate
and funding resources are very inadequate.
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, committees or groups address architecture
issues. However, no committee or group has specific responsibility for
EA. Further, documentation did not include a charter or other
description of a committee or group representing the enterprise that is
responsible for directing, overseeing, and approving the EA.
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, a program office responsible for EA
development and maintenance exists. However, the program office charter
is not approved.
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA is
being developed using a framework and automated tool. However,
according to Army officials, the EA is not developed using a
methodology.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for describing the "as-is"
environment, "to-be" environment, and sequencing plan. However, these
EA plans are not approved.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for describing the
enterprise in terms of business, performance, information/data,
application/service, and technology. However, these EA plans are not
approved.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/ data,
application/service, and technology to address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for business, performance,
information/data, application/service, and technology to address
security. However, documentation of these plans were not provided.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment.
However, documentation of plans for developing metrics to measure
compliance and return on investment were not provided.
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Army policy for EA development is not approved.
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Some
but not all EA products are under configuration management.
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA products will describe the "as-is"
environment, "to-be" environment, and sequencing plan. However, plans
to develop these EA descriptions are not approved.
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for describing the
enterprise in terms of business, performance, information/data,
application/service, and technology. However, these EA plans are not
approved.
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA plans call for business, performance,
information/data, application/service, and technology to address
security. However, documentation of these plans was not provided.
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Progress against plans is measured and reported for one portion of Army
EA. However, progress against EA plans is not measured and reported for
other EA segments that are under development.
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Army policy for EA maintenance is not approved.
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA products undergo review by engineering
boards and others. However, they did not provide evidence that these
reviews are independent, constitute verification and validation, and
include EA management processes.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, the EA currently consists of a partial
description of the "as-is" environment. These officials stated that a
complete description of the "as-is" environment as well as descriptions
of the "to-be" environment and sequencing plan will be developed in the
future.
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, the "as-is" environment is described in
terms of technology. These officials stated that descriptions of the
"as-is" environment in terms of business, performance, and
information/data as well as descriptions of the "to-be" architecture
will be developed in the future.
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, business, performance, information/data,
application/service, and technology descriptions address security.
However, documentation of these descriptions was not provided.
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, the organization chief information officer
has not approved the EA.
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, a committee or group representing the
enterprise or the investment review board has not approved the current
version of the EA.
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, the quality of EA products is measured and
reported. Further, documentation indicated that a quality evaluation
was performed. However, documentation of the evaluation results was not
provided.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide a written and approved organization policy
that explicitly requires IT investment compliance with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide evidence of a process to formally manage EA
change.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide documentation indicating that EA is an
integral component of the IT investment management process.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, EA products are not periodically updated.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide documentation indicating that IT investments
comply with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to Army officials, the organization head has not approved the
current version of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide documentation indicating that return on EA
investment is measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Army
officials did not provide documentation indicating that compliance with
EA is measured and reported.
Source: GAO analysis of agency provided data.
[End of table]
Department of Commerce:
Table 19 shows Commerce's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 19: Department of Commerce Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Commerce provided evidence that the Enterprise Architecture Advisory
Group and the Enterprise Architecture Review Board are responsible for
directing, overseeing, and approving EA. However, the documentation did
not indicate that either group represents the enterprise.
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Commerce provided evidence that the EA Review Board has approved the
current version of the EA. However, the documentation did not indicate
that the board represents the enterprise.
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Commerce provided evidence that includes general references to IT
investment compliance EA. However, the documentation, including a draft
policy, did not require IT investment compliance with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Commerce provided evidence that some but not all IT investments comply
with the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Defense - Business Enterprise Architecture:
Table 20 shows the BEA's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 20: DOD Business Enterprise Architecture Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to BEA officials, the BEA will address security as evidenced
by the fact that the GIG extends to all DOD missions areas, including
the business mission area. However, documented plans for how and when
this will be accomplished for the business mission were not provided.
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for developing metrics to measure EA progress, quality, and
compliance. However, according to the chief architect, EA plans do not
call for developing metrics to measure return on investment.
Stages and core elements: Stage 3: Developing architecture products:
Written and approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing architecture products: EA
products are under configuration management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to BEA officials, EA products are under configuration
management, consistent with the configuration management plan they
provided. However, no documentation was provided to show that BEA is
complying with this plan.
Stages and core elements: Stage 3: Developing architecture products: EA
products describe or will describe "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing architecture products:
Both "as-is" and "to-be" environments are described or will be
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing architecture products:
These descriptions address or will address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to BEA officials, the BEA will address security as evidenced
by the fact that the GIG extends to all DOD missions areas, including
the business mission area. However, documented plans for how and when
this will be accomplished for the business mission were not provided.
Stages and core elements: Stage 3: Developing architecture products:
Progress against EA plans is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing architecture products:
Written and approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing architecture products: EA
products and management processes undergo independent verification and
validation;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing architecture products: EA
products describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products describe the "to-be" environment and sequencing plan. However,
EA products do not yet describe the "as-is" environment.
Stages and core elements: Stage 4: Completing architecture products:
Both "as-is" and "to-be" environments are described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: The
"to-be" environment is described in the requisite terms. However, the
"as-is" environment is not yet described.
Stages and core elements: Stage 4: Completing architecture products:
These descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, these descriptions do not address
security.
Stages and core elements: Stage 4: Completing architecture products:
Organization CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing architecture products:
Committee or group representing the enterprise or the investment review
board has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing architecture products:
Quality of EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to BEA officials, a process exists to formally manage EA
change. However, BEA officials provided a configuration management
plan, which begins to address EA change management, but did not provide
evidence that EA change management processes are fully documented.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, IT investments comply with the EA to
some or little extent. However, BEA officials provided evidence that
some investments have been assessed for their compliance with the BEA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Defense - Global Information Grid:
Table 21 shows the GIG's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 21: DOD Global Information Grid Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure and report
EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A GIG
official provided plans that call for developing metrics to measure and
report EA progress, quality, and compliance. However, plans that call
for developing metrics to measure and report return on EA investment
were not provided.
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, EA products are under configuration
management and they provided documentation of configuration management
procedures. However, the documentation did not describe detailed steps
to ensure the integrity and consistency of EA products.
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, progress against EA plans is measured and
reported. However, the evidence provided consisted of (1) EA plans but
no reports of progress relative to those plans and (2) contractor
progress reports that did not relate to the EA plans.
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, EA products and management processes
undergo independent verification and validation. However, the evidence
provided consisted of reports on a subset of EA products and processes.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, EA products describe the "as-is"
environment and "to-be" environment. However, only one of six planned
sequencing plans has been completed.
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, EA is an integral component of the IT
investment management process. However, five of six sequencing plans to
guide IT investments have not been completed.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, IT investments comply with the EA.
However, documentation indicated that IT investments comply with the
Information Assurance portion of the GIG.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, return on EA investment is not measured
and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to a GIG official, compliance with the EA is measured and
reported. However, documentation indicated that compliance is measured
and reported relative to a portion of the EA.
Source: GAO analysis of agency provided data.
[End of table]
Department of Education:
Table 22 shows Education's satisfaction of framework elements in
version 1.1 of GAO's EAMMF.
Table 22: Department of Education Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA executive steering committee
is responsible for directing and overseeing the EA and the investment
review board is responsible for approving the EA. However, the
investment review board charter does not discuss approving the EA and
no documentation of investment review board approval was provided.
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure EA
progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-
is" and "to-be" environments are described or will be described in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Some
EA products have undergone independent verification and validation.
However, according to the chief architect, EA management processes have
not undergone independent verification and validation.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the investment review board has
approved the current version of the EA. However, no documentation of
investment review board approval was provided.
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
explicitly approved the current version of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Return on EA investment is measured and reported. However, this
activity is limited to one EA segment.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Energy:
Table 23 shows Energy's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 23: Department of Energy Satisfaction of EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure and report
EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for developing metrics to measure and report EA progress,
quality, and compliance. However, they do not call for developing
metrics to measure and report EA return on investment.
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a written and approved organization
policy for EA development does not exist.
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a written and approved organization
policy for EA maintenance does not exist.
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a process exists to formally manage
EA change. However, the process does not include specific steps to be
followed.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, IT investments comply with the EA to
a "great extent." However, evidence provided to GAO shows that some IT
investments do not meet Energy's EA compliance criteria.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Health and Human Services:
Table 24 shows HHS's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 24: Department of Health and Human Services Satisfaction of
EAMMF:
Stages and core elements: Stage 1: Creating EA awareness: Agency is
aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stages and core elements: Stage 2: Building the EA management
foundation: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Committee or group representing the enterprise is
responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
HHS CIO council is responsible for directing, overseeing, and approving
EA. However, a charter for the council is under development.
Stages and core elements: Stage 2: Building the EA management
foundation: Program office responsible for EA development and
maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA being developed using a framework, methodology, and
automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing "as-is" environment, "to-be"
environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for describing enterprise in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for business, performance, information/data,
application/service, and technology to address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 2: Building the EA management
foundation: EA plans call for developing metrics to measure and report
EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Written and
approved organization policy exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
are under configuration management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: EA products
describe or will describe "as-is" environment, "to-be" environment, and
sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Both "as-is"
and "to-be" environments are described or will be described in terms of
business, performance, information/data, application/service, and
technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: These
descriptions address or will address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 3: Developing EA products: Progress
against EA plans is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Written and
approved organization policy exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: EA products
and management processes undergo independent verification and
validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products and management processes have not undergone independent
verification and validation.
Stages and core elements: Stage 4: Completing EA products: EA products
describe "as-is" environment, "to-be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
products describe the "as-is" environment and "to-be" environment.
However, a sequencing plan has been developed for some EA segments but
has not been completed.
Stages and core elements: Stage 4: Completing EA products: Both "as-is"
and "to-be" environments are described in terms of business,
performance, information/data, application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Both
"as-is" and "to-be" environments are described. However, the chief
architect indicated that HHS plans to develop the descriptions in more
detail.
Stages and core elements: Stage 4: Completing EA products: These
descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 4: Completing EA products: Organization
CIO has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA has not been approved by the
chief information officer.
Stages and core elements: Stage 4: Completing EA products: Committee or
group representing the enterprise or the investment review board has
approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the current EA has not been approved
by a committee or group representing the enterprise.
Stages and core elements: Stage 4: Completing EA products: Quality of
EA products is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Written and approved organization policy exists for IT
investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA is integral component of IT investment management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: HHS
provided evidence that EA is an integral component of the IT investment
management process. However, a sequencing plan to guide IT investments
has not been completed.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Organization head has approved current version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Return on EA investment is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, HHS plans to measure and report
return on EA investment. However, return on EA investment is not
currently measured and reported.
Stages and core elements: Stage 5: Leveraging the EA for managing
change: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Homeland Security:
Table 25 shows DHS's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 25: Department of Homeland Security Satisfaction of EAMMF:
Stage 1:
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2:
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3:
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products are under configuration
management. However, the configuration management guidance documents
are in draft and not approved.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4:
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
undergo independent verification and validation. However, the
contractor that reviewed EA products and processes was not independent
and the reviews did not include verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products describe the "as-is"
environment, "to-be" environment, and sequencing plan. However, the
sequencing plan is in draft and not approved.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5:
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, DHS has a process to formally manage
EA change. However, the policy that describes EA change management is
being revised and is not approved.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: DHS
has an IT investment management process that requires investment
compliance with the EA. However, the IT investment management process
does not include a methodology with detailed compliance criteria.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the agency head has not approved the
current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Housing and Urban Development:
Table 26 shows HUD's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 26: Department of Housing and Urban Development Satisfaction of
EAMMF:
Stage 1:
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2:
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3:
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4:
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
undergo verification and validation. However, the verification and
validation were not independent.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: HUD
provided evidence that it is addressing security in the requisite
descriptions. However, according to HUD officials they recognize the
need to further develop these security descriptions.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5:
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
The Department of the Interior:
Table 27 shows DOI's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 27: Department of the Interior Satisfaction of EAMMF:
Stage 1:
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2:
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure and report EA progress, quality, compliance, and return on
investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3:
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4:
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
undergo independent verification and validation. However, the evidence
provided did not show that EA product and process quality were
assessed.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5:
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Justice:
Table 28 shows DOJ's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 28: Department of Justice Satisfaction of EAMMF:
Stage 1:
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in Stage 1.
Stage 2:
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3:
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4:
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
have not undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a committee or group representing the
enterprise has approved the current version of the EA. However, no
documentation of committee approval was provided.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, DOJ uses the OMB EA assessment tool
to measure and report product quality. However, no report documenting a
quality assessment or results was provided.
Stage 5:
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: DOJ
has an IT investment management process that requires investment
compliance with the EA. However, the IT investment management process
does not include a methodology to determine compliance.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: DOJ
did not provide documentation describing how return on EA investment is
measured and reported and no sample reports were provided.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: DOJ
has begun to measure and report IT investment compliance with the EA.
However, no compliance reports were provided.
[End of table]
Source: GAO analysis of agency provided data.
Department of Labor:
Table 29 shows Labor's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 29: Department of Labor Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/ data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure and report EA progress, quality, compliance, and return on
investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, EA products and management
processes undergo independent verification and validation. However, the
verification and validation were performed by a contractor that had
also performed other EA program activities and therefore were not
independent.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, IT investments comply with the EA.
However, the evidence provided did not verify that IT investments are
not approved unless they comply with the EA.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, compliance with the EA is measured
and reported. However, evidence of EA compliance reporting was not
provided.
Source: GAO analysis of agency provided data.
[End of table]
Department of the Navy:
Table 30 shows Navy's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 30: Department of the Navy Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation.
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, Navy has a committee that is
responsible for directing, overseeing, and approving EA. However, the
Navy did not provide meeting minutes or other documentation to verify
that committee meetings have occurred.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
Navy uses a framework and automated tool to develop their EA. However,
our analysis of the Department of Defense Architecture Framework
(DODAF), which was cited as the Navy's EA methodology, determined that
the DODAF is not an EA methodology.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for describing the "as-is" and "to-be" environments.
However, EA plans do not include describing a sequencing plan.
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans do not include a "to-be" environment description in terms of
technology.
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for developing metrics to measure EA progress, quality, and
compliance. However, no evidence was provided indicating plans to
measure EA return on investment.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Navy
provided evidence of their EA repository tools which Navy officials
said they use to track EA product configuration management. However,
the evidence did not describe detailed steps that would ensure the
integrity and consistency of EA products.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for describing the "as-is" and "to-be" environments.
However, EA plans do not include describing a sequencing plan.
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans do not include a "to-be" environment description in terms of
technology.
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Navy
indicated EA products and management processes are subject to quality,
integration, and verification reviews. However, these reviews are not
performed by independent entities.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products describe the "as-is" environment. However, according to the
Department of the Navy CIO office, their EA products will include
descriptions of the "to-be" environment and sequencing plan in the
future.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: The
"as-is" environment is described in business, information/data,
application/ service, and technology, but not performance terms.
However, according to the Navy CIO office, their "to-be" environment
will be described in the future.
Stages and core elements: These descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, EA descriptions will explicitly
address security in the future.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, EA approvals are rendered by either
the Assistant Secretary for Research and Development or a duly
appointed representative, in addition to the Navy CIO. However, a
committee or group representing the enterprise does not approve the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, quality of EA products is measured
and reported. However, Navy officials provided evidence that quality of
EA products is measured and reported for the Marine Corps portion of
the architecture, but did not provide documentation that quality of
Navy architecture products are measured and reported.
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Navy
policy does not explicitly require IT investment compliance with the
EA.
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: Navy
officials did not provide evidence of a process to formally manage EA
change.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, the department has begun to integrate
EA into its IT investment management process.
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, IT investments comply with the EA.
However, documentation of IT investment compliance with the EA was not
provided.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, the organization head has not
approved the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the Navy CIO office, the department does not currently
measure and report return on EA investment.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Navy
provided documentation indicating that compliance with the EA is
measured. However, sample measurement reports were not provided.
Source: GAO analysis of agency provided data.
Note: This analysis primarily focuses on the FORCEnet architecture
because FORCEnet was identified by the Department of the Navy as the
overall Department of Navy enterprise architecture. Additional
information from the Marine Corps Integrated Architecture Picture
(MCIAP) was incorporated where appropriate.
[End of table]
Department of State:
Table 31 shows State's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 31: Joint Enterprise Architecture Satisfaction of EAMMF:
Stage 1: Creating EA awareness.
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation.
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, State and USAID are developing a
governance plan that will describe management processes for directing,
overseeing, and approving their EA. However, this plan is not approved.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA is being developed using a
framework, methodology, and automated tool. However, the methodology
does not describe specific steps for maintenance.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: State
and USAID have plans to measure and report EA progress, quality, and
compliance. However, no plans for developing metrics to measure EA
return on investment were provided.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
draft configuration management plan for EA products has been developed.
However, this plan has not been approved.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: State
has limited reporting of EA progress. However, progress is not measured
and reported relative to an EA program plan.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
have not undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products describe the "as-is" and "to-be" environments as well as high-
level transition activities. However, a sequencing plan for
transitioning between the "as-is" and "to-be" environments is currently
under development.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a committee or group representing the
enterprise has not approved the current version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a process to formally manage EA
change does not currently exist.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA is an integral component of the IT
investment management process. However, the sequencing plan to guide IT
investments is currently under development.
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with the EA is measured
and reported and officials provided a description of how compliance is
to be measured. However, no documentation demonstrating compliance
reporting was provided.
Source: GAO analysis of agency provided data.
Note: Department of State officials asked that we evaluate their
agency's enterprise architecture based on efforts to develop the Joint
Enterprise Architecture, which is being developed by State and the U.S.
Agency for International Development.
[End of table]
Department of Transportation:
Table 32 shows Transportation's satisfaction of framework elements in
version 1.1 of GAO's EAMMF.
Table 32: Department of Transportation Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Program officials stated that the EA is being developed using a
framework, methodology, and automated tool. However, the methodology
and other documentation did not include steps for EA maintenance.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for developing metrics to measure EA progress and quality.
However, EA plans do not call for developing metrics to measure
compliance and return on investment.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
configuration management plan for EA products is being defined.
However, this plan has not been approved.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
do not undergo independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: The
business, performance, information/data, application/service, and
technology descriptions do not address security.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization CIO has not approved
the EA.
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a committee or group representing the
enterprise or the investment review board has not approved the current
version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change.
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a process exists to formally manage
EA change. However, the department provided evidence that a structure
is in place to manage EA change, but a description of this process for
formally managing EA change was not provided.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with the EA is measured
and reported. However, department officials did not provide evidence
that compliance with the EA is measured and reported.
Source: GAO analysis of agency provided data.
[End of table]
Department of the Treasury:
Table 33 shows the Treasury's satisfaction of framework elements in
version 1.1 of GAO's EAMMF.
Table 33: Department of the Treasury Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Two
committees are responsible for directing and overseeing the EA.
However, the committee charters do not indicate that either committee
is responsible for approving the EA or represent the enterprise (i.e.,
include executive-level representation from each line of business).
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure and report EA progress, quality, compliance, and return on
investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, EA plans call for developing
metrics to measure and report EA progress, quality, and compliance.
However, evidence provided did not include plans for EA compliance or
return on investment metrics.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, progress is measured and reported
against plans, including an EA program management plan. However, the EA
program management plan is in draft.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, EA products and management
processes have not undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: A
committee or group representing the enterprise has not approved the
current version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, the quality of EA products is
measured and reported. Further, evidence showed that a quality
evaluation was performed. However, evidence of the evaluation results
was not provided.
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, IT investments comply with the EA.
However, the documents provided did not demonstrate that the IT
investment management process requires IT investments to comply with
the EA.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, the organization head has
delegated approval of the EA to the CIO, who has approved the current
version. However, the evidence provided did not explicitly show such a
delegation.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the EA program manager, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Department of Veterans Affairs:
Table 34 shows VA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 34: Department of Veterans Affairs Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
committee representing the enterprise is responsible for directing and
overseeing the EA. However, the committee charter does not indicate
that the committee is responsible for approving the EA.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure and report EA progress, quality, compliance, and return on
investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
Metrics to measure and report EA progress and quality have been
developed. However, plans do not include developing metrics to measure
and report EA compliance and return on investment.
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products are under configuration
management, which is accomplished through the version control features
of the EA repository. However, configuration management procedures did
not define specific steps that would ensure the integrity and
consistency of EA products.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved policy exists for EA
maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA version 4.0 has undergone
independent verification and validation. However, no documentation to
support this statement was provided. Further, plans for independent
verification and validation of EA management processes have not been
implemented.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to VA officials, their security architecture addresses all
the requisite descriptions. However, evidence provided to support this
statement shows that the security architecture does not address all of
the requisite descriptions.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the CIO delegated EA approval
authority to the chief architect. However, no evidence to support this
delegation was provided.
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: No
evidence that a committee or group representing the enterprise has
approved the current version of the EA was provided.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA repository is used to manage
EA change. VA provided documentation describing the repository and its
contents. However, evidence provided did not demonstrate that the
repository is used to manage EA change or include detailed steps for
managing EA change.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head delegated EA
approval to the CIO, who delegated this authority to the chief
architect. However, no evidence to support these delegations was
provided.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is measured
and reported. However, no evidence that the return on EA investment is
measured and reported was provided.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with the EA is measured
and reported. However, no evidence that compliance with the EA is
measured and reported was provided.
Source: GAO analysis of agency provided data.
[End of table]
Environmental Protection Agency:
Table 35 shows EPA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 35: Environmental Protection Agency Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA is
being developed using a framework, methodology, and automated tool.
However, the methodology does not include steps for maintaining the
architecture and has not been approved.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing EA products.
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EPA
has limited reporting of EA progress. However, progress is not measured
and reported relative to an EA program plan.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
have not undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a process exists to formally manage
EA change. However, evidence that the process has been implemented was
not provided and the process is not approved.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: An IT
investment management process exists and the process considers
investment compliance with the EA. However, evidence that the process
has been implemented was not provided.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is not
measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with EA is measured and
reported and documentation describes how compliance is to be measured.
However, reports documenting measurement were not provided.
Source: GAO analysis of agency provided data.
[End of table]
General Services Administration:
Table 36 shows GSA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 36: General Services Administration Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief technology officer (CTO), the EA is being
developed using a framework, methodology, and automated tool. However,
the methodology does not include specific steps to maintain the
architecture.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Draft
EA plans call for business, performance, information/data,
application/service, and technology descriptions to address security.
However, these plans are not approved.
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, EA plans call for developing metrics. However,
these plans do not specifically address EA progress, quality,
compliance, and return on investment.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, EA products are under configuration management.
However, the configuration management plan is being defined and has not
been approved.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Draft
EA plans call for business, performance, information/data,
application/service, and technology descriptions to address security.
However, these plans are not approved.
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, progress against EA plans is not measured and
reported.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, EA products and management processes have not
undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
products describe both the "as-is" environment and the "to-be"
environment. However, the sequencing plan has not been approved.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Both
the "as- is" and "to-be" environments are described in terms of
business, application/service, and technology. However, according to
the CTO, descriptions of performance and information/data have not been
completed.
Stages and core elements: These descriptions address security;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, business, performance, information/data,
application/service, and technology descriptions do not address
security.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, no process to formally manage EA change exists.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, EA is an integral component of the IT investment
management process. However, a sequencing plan to guide IT investments
has not been approved.
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, return on EA investment is not measured and
reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the CTO, compliance with the EA is not measured and
reported.
Source: GAO analysis of agency provided data.
[End of table]
National Aeronautics and Space Administration:
Table 37 shows NASA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 37: National Aeronautics and Space Administration Satisfaction of
EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief technology officer, NASA has adequate funding
and tools. However, the chief technology officer also stated that the
EA program has somewhat inadequate EA personnel resources.
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief technology officer, the operations management
council, CIO council, and strategic management council are responsible
for directing, overseeing, and approving the EA. However, the charters
for these groups are awaiting executive approval and the draft charters
provided did not specifically mention EA.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
EA is being developed using a framework and automated tool. However,
documentation did not indicate the EA is being developed using a
methodology that includes specific steps required to develop, maintain,
and validate the EA.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products describe the "as-is" environment. However, EA products do not
fully describe the "to-be" environment and do not include a sequencing
plan.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to NASA's chief technology officer, the "as-is" environment
is described in terms of business, application/service, and technology.
However, the "as-is" environment is not described in terms of
performance and information/data and EA products do not describe the
"to-be" environment.
Stages and core elements: These descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
"as-is" description addresses security. However, the "to-be"
description does not address security.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
NASA's IT investment management process guidance recognizes EA as an
integral component. However, a sequencing plan to guide IT investments
does not exist.
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: NASA
evidence showed that some investments were certified as compliant with
the EA. However, evidence of the certification criteria used to assess
IT investment compliance was not provided.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief technology officer, return on EA investment is
not measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
National Science Foundation:
Table 38 shows NSF's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 38: National Science Foundation Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
committee or group representing the enterprise is responsible for
directing and overseeing the EA. However, no committee or group has
responsibility for approving the EA.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA is being developed using a
framework, methodology, and automated tool. However, the methodology
does not document steps for EA development.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/ data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing architecture products;
Stages and core elements: Written and approved policy exists for EA
development;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a policy exists for EA development.
However, the policy is not approved.
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, progress against EA plans is measured
and reported. However, the plan against which progress is measured is
not approved and no documentation of progress reporting was provided.
Stage 4: Completing architecture products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a policy exists for EA maintenance.
However, the policy is not approved.
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
have not undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products describe the "as-is"
environment, "to-be" environment, and sequencing plan. However, the "as-
is" environment is not fully described in terms of performance and the
"to- be" environment is not fully described in terms of performance and
information/data.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the "as-is" is not fully described in
terms of performance and the "to-be" environment is not fully described
in terms of performance and information/data.
Stages and core elements: These descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
business, information/data, application/service, and technology
descriptions address security. However, the performance description
does not address security.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, no committee or group representing
the enterprise has approved the current version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
chief architect provided an organization policy for IT investment
compliance with the EA. However, the policy is not approved and does
not explicitly require IT investment compliance with the EA.
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, IT investments comply with the EA and
NSF provided evidence of procedures intended to determine compliance.
However, evidence supporting that IT investments are required to be
compliant with the EA before they are approved was not provided.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: NSF
did not provide evidence that the organization head has approved the
current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is measured
and reported. However, evidence to support this statement was not
provided.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with the EA is measured
and reported, and NSF provided evidence describing how compliance is
measured and reported. However, evidence of compliance was not
provided.
Source: GAO analysis of agency provided data.
[End of table]
Nuclear Regulatory Commission:
Table 39 shows NRC's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 39: Nuclear Regulatory Commission Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a committee or group representing the
enterprise is responsible for directing, overseeing, and approving the
EA. However, the charter for this committee does not clearly state that
it is responsible for directing, overseeing, and approving the EA and
the charter is not approved.
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
chief architect has been designated. However, the chief architect's
roles and responsibilities do not include functioning as the EA program
manager.
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
plans call for developing metrics to measure EA progress, quality, and
compliance. However, EA plans do not call for developing metrics to
measure return on investment.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
draft policy exists for EA development. However, this policy has not
been approved.
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
draft policy exists for EA maintenance. However, this policy has not
been approved.
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: EA
products and management processes have not undergone independent
verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a committee or group representing the
enterprise or the investment review board has not approved the current
version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: NRC
provided information on how quality of EA products is to be measured
and reported. However, documentation demonstrating that quality is
actually being measured and reported was not provided.
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: A
draft policy exists for IT investment compliance with EA. However, this
policy has not been approved.
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, a process exists to formally manage
EA change. However, evidence that the process has been implemented was
provided for some EA products but not others.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, IT investments comply with the EA and
evidence demonstrates that EA is considered during the IT investment
management process. However, documentation provided did not demonstrate
IT investment compliance.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to NRC officials, return on EA investment is not measured and
reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with EA is measured and
reported. However, documentation demonstrating that compliance is
actually being measured and reported was not provided.
Source: GAO analysis based on agency provided data.
[End of table]
Office of Personnel Management:
Table 40 shows OPM's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 40: Office of Personnel Management Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/ data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: OPM
has limited reporting of EA progress. However, progress is not measured
and reported relative to an EA program plan.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products and management processes
have not undergone independent verification and validation. The chief
architect stated that the cost of independent verification and
validation is not justified.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
[End of table]
Small Business Administration:
Table 41 shows SBA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 41: Small Business Administration Satisfaction of EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partial or not satisfied determination: No core element
exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Partial;
GAO basis for partial or not satisfied determination: According to SBA
officials, the agency has EA program activities that do not have
adequate resources.
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA plans call for developing metrics to
measure and report EA progress, quality, compliance, and return on
investment;
Satisfied?: Partial;
GAO basis for partial or not satisfied determination: EA plans call for
developing metrics to measure and report EA progress, quality, and
compliance. However, documentation did not include plans for developing
metrics to measure and report EA return on investment.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: No;
GAO basis for partial or not satisfied determination: Configuration
management procedures provided to GAO do not describe steps to ensure
the integrity and consistency of EA products.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: No;
GAO basis for partial or not satisfied determination: SBA officials did
not provide evidence that the agency is measuring and reporting
progress against EA plans.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: No;
GAO basis for partial or not satisfied determination: According to SBA
officials, a committee or group representing the enterprise approved
the current version of the EA. However, documentation indicated
approval of the 2003 EA program policies and procedures, not the
current version of the EA.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: No;
GAO basis for partial or not satisfied determination: According to SBA
officials, the quality of EA products is measured and reported.
However, SBA did not provide documentation that supports this
statement.
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partial or not satisfied determination: [Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partial or not satisfied determination: According to SBA
officials, the organization head has approved the current version of
the EA. However, documentation indicated approval of the 2003 EA
program policies and procedures, not the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partial or not satisfied determination: According to SBA
officials, return on EA investment is not measured and reported.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: No;
GAO basis for partial or not satisfied determination: According to SBA
officials, compliance with EA is measured and reported. However, these
officials did not provide documentation that supports this statement.
Source: GAO analysis of agency provided data.
[End of table]
Social Security Administration:
Table 42 shows SSA's satisfaction of framework elements in version 1.1
of GAO's EAMMF.
Table 42: Social Security Administration Satisfaction of EAMMF:
Stage 1: Creating EA awareness.
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation;
Stages and core elements: Adequate resources exist;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the EA is being developed using a
framework, methodology, and automated tool. However, the methodology
does not include steps for developing, maintaining, and validating the
agency's EA.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are under configuration
management;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 4: Completing EA products.
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stage 5: Leveraging the EA for managing change.
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: SSA
officials stated that CIO approval of the current version of the EA
constitutes approval by the organization head. However, they did not
provide documentation delegating EA approval authority from the
organization head to the CIO.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, return on EA investment is measured
and reported and a description of how return on investment is measured
and reported was provided. However, sample measures and reports were
not provided.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, compliance with the EA is measured
and reported and a description of how compliance is measured and
reported was provided. However, sample measures and reports were not
provided.
Source: GAO analysis of agency provided data.
[End of table]
U.S. Agency for International Development:
Table 43 shows USAID's satisfaction of framework elements in version
1.1 of GAO's EAMMF.
Table 43: U. S. Agency for International Development Satisfaction of
EAMMF:
Stage 1: Creating EA awareness;
Stages and core elements: Agency is aware of EA;
Satisfied?: n/a;
GAO basis for partially satisfied or not satisfied determination: No
core element exists in stage 1.
Stage 2: Building the EA management foundation.
Stages and core elements: Adequate resources exist;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID has "somewhat inadequate" EA
resources.
Stages and core elements: Committee or group representing the
enterprise is responsible for directing, overseeing, and approving EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Program office responsible for EA development
and maintenance exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Chief architect exists;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA being developed using a framework,
methodology, and automated tool;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID is developing their
architecture using a framework, methodology, and automated tool.
However, the methodology does not describe steps required to maintain
and validate the architecture.
Stages and core elements: EA plans call for describing "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for describing enterprise in
terms of business, performance, information/data, application/service,
and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for business, performance,
information/data, application/service, and technology to address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: EA plans call for developing metrics to
measure EA progress, quality, compliance, and return on investment;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID has plans for developing
metrics to measure EA progress, quality, compliance, and return on
investment. USAID provided documentation of its plans to measure and
report EA compliance. However, documentation of plans to develop the
other metrics was not provided.
Stage 3: Developing EA products;
Stages and core elements: Written and approved organization policy
exists for EA development;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID does not have a written and
approved policy for EA development.
Stages and core elements: EA products are under configuration
management;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: USAID
provided evidence that discusses the need for EA products to be under
configuration management. However, the evidence did not describe
detailed steps that would ensure the integrity and consistency of EA
products.
Stages and core elements: EA products describe or will describe "as-is"
environment, "to-be" environment, and sequencing plan;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Both "as-is" and "to-be" environments are
described or will be described in terms of business, performance,
information/data, application/service, and technology;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: These descriptions address or will address
security;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Progress against EA plans is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, progress against EA plans is not
measured and reported.
Stage 4: Completing EA products;
Stages and core elements: Written and approved organization policy
exists for EA maintenance;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID does not have a written and
approved policy for EA maintenance.
Stages and core elements: EA products and management processes undergo
independent verification and validation;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: EA
products and management processes have undergone independent
verification and validation. However, the current EA version has not
undergone independent verification and validation.
Stages and core elements: EA products describe "as-is" environment, "to-
be" environment, and sequencing plan;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, EA products do not fully describe the
"as-is" environment, "to-be" environment, and sequencing plan.
Stages and core elements: Both "as-is" and "to-be" environments are
described in terms of business, performance, information/data,
application/service, and technology;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: Both
"as-is" and "to-be" environment descriptions are being developed.
However, the descriptions currently address only one segment of the
architecture.
Stages and core elements: These descriptions address security;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: The
"as-is" and "to-be" environment descriptions partially address
security. However, the descriptions currently address only one segment
of the architecture and do not address security in each of the required
terms.
Stages and core elements: Organization CIO has approved current version
of EA;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: Committee or group representing the
enterprise or the investment review board has approved current version
of EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, committees representing the
enterprise have approved the current version of the EA. However,
documentation of these approvals was not provided.
Stages and core elements: Quality of EA products is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID has not implemented plans to
measure and report quality of EA products.
Stage 5: Leveraging the EA for managing change;
Stages and core elements: Written and approved organization policy
exists for IT investment compliance with EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination: USAID
has a program plan that encourages IT investment compliance with the
EA. However, the plan does not explicitly require IT investment
compliance with the EA.
Stages and core elements: Process exists to formally manage EA change;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID has chartered a configuration
control board to manage EA change. However, USAID did not provide any
documentation that this board is functioning as chartered.
Stages and core elements: EA is integral component of IT investment
management process;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USAID
provided documentation indicating that EA is an integral component of
its IT investment management process. However, USAID does not have an
enterprisewide sequencing plan to guide IT investments.
Stages and core elements: EA products are periodically updated;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Stages and core elements: IT investments comply with EA;
Satisfied?: Partial;
GAO basis for partially satisfied or not satisfied determination: USAID
provided documentation indicating IT investments comply with the EA.
However, investment compliance is limited to the one segment of the EA
that has been developed.
Stages and core elements: Organization head has approved current
version of EA;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, the organization head has not
approved the current version of the EA.
Stages and core elements: Return on EA investment is measured and
reported;
Satisfied?: No;
GAO basis for partially satisfied or not satisfied determination:
According to the chief architect, USAID is developing metrics for
measuring and reporting return on EA investment, but these metrics have
not been completed.
Stages and core elements: Compliance with EA is measured and reported;
Satisfied?: Yes;
GAO basis for partially satisfied or not satisfied determination:
[Empty].
Source: GAO analysis of agency provided data.
Note: The U.S. Agency for International Development is working with the
Department of State to develop the Joint Enterprise Architecture.
However, USAID asked that we evaluate its agency's enterprise
architecture based on efforts to develop the USAID enterprise
architecture.
[End of table]
[End of section]
Appendix V: Comments from the Department of Commerce:
United States Department Of Commerce:
Chief Information Officer:
Washington, D.C. 20230:
June 15 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
United States Government Accountability Office:
Washington, DC 20548:
Mr. Hite:
Thank you for the Government Accountability Office's draft report
entitled "Enterprise Architecture: Leadership Remains Key to
Establishing and Leveraging Architectures for Organizational
Transformation (GAO-06-831)." We appreciate the thoroughness of your
review, concur with your findings regarding the Department of Commerce,
and will consider actions to address your concerns.
Sincerely,
Signed by:
Barry C. West:
[End of section]
Appendix VI: Comments from the Department of Defense:
Assistant Secretary Of Defense:
6000 Defense Pentagon:
Washington, DC 20301-6000:
June 30, 2006:
Networks And Information Integration:
Mr. Randolph C. Hite:
Director, Information Technology and Systems Issues,
U.S. Government Accountability Office,
441 G Street, NW
Washington, D.C. 20548.
Dear Mr. Hite,
"This is the Department of Defense (DoD) response to the GAO draft
report, 'Enterprise Architecture: Leadership Remains Key to
Establishing and Leveraging Architectures for Organizational
Transformation,' dated May 31, 2006, (GAO Code 310604/GAO-06-831). "
DoD has reviewed the Draft Report and plans to use the GAO Enterprise
Architecture maturity framework as one of the benchmark best practices
as DoD components continuously work to improve enterprise architecture
management maturity. In general, DoD concurs with the GAO
recommendation but with one exception, and that is the criteria for
independent validation and verification as it pertains to the Global
Information Grid architecture. Also we take exception to one of the
technical findings published in Appendix IV of the GAO report as it
pertains to the Business Transformation Agency. Specific comments
regarding these statements are enclosed. My action officer for this
effort is Mr. Roy Mabry, (703) 380-0964, roy.mabry@osd.mil:
Signed by:
George Wauer:
Director, Architecture and Interoperability:
(Office of the Deputy CIO):
Enclosures:
As stated:
cc:
Head, Business Transformation Agency:
Department of the Army, Chief Information Officer:
Department of the Navy, Chief Information Officer:
Department of the Air Force, Chief Information Officer:
GAO Draft Report - Dated May 31, 2006 GAO CODE 310604/GAO-06-831:
"Enterprise Architecture: Leadership Remains Key To Establishing And
Leveraging Architectures For Organizational Transformation"
Department Of Defense Comments On The Recommendation:
Recommendation: The GAO recommended that the Secretary of Defense
ensure that respective enterprise architecture programs develop and
implement plans for fully satisfying each of the conditions in GAO's
Enterprise Architecture Management Maturity Framework. GAO CODE 310604/
GAO-06-83 (p. 41/GAO Draft Report):
DOD Response: The GAO framework will be used as one of the benchmark
best practices as DoD components continuously work to improve
enterprise architecture management maturity. In general DoD concurs
with the GAO recommendation with one exception, and that is the
criteria for independent validation and verification as it pertains to
the Global Information Grid architecture. DoD believes that the
internal DoD process for reviewing and validating is sufficient and
meets the intent of this GAO criteria and therefore will remain the DoD
practice until otherwise changed. However, DoD will revisit this
position as implementation plans for fully satisfying each of the
conditions in the GAO Enterprise Architecture Management Maturity
framework are developed.
Regarding the GAO findings, which are shown in Appendix IV of the GAO
report, it is clear that DoD components do not fully meet the criteria
of the GAO Enterprise Architecture Management Maturity Framework at
this time, although some DoD components are further along than others.
Even after further discussions between GAO and DoD, there are findings
in the report with which DoD continues to disagree. The Business
Transformation Agency (BTA) maintains that the Stage Two and Three
security/information assurance findings, for reasons previously stated
in written technical comments and discussions with the GAO audit team,
do not accurately reflect the situation and therefore DoD must non-
concur with those findings as presented in Appendix IV of the GAO
Report. The DoD view is that the GIG architecture defines how all
members of DoD EA will address security/information assurance and that
its application must be accepted by GAO as sufficient representation in
the DoD EA component parts such as BTA otherwise having each component
adopt security/information assurance other than that of the GIG negates
one of the fundamental tenants of the GIG architecture and therefore
fundamentally works counter to the DoD efforts.
GAO Comments:
1. We do not agree for two reasons. First, DOD's internal processes for
reviewing and validating the Global Information Grid (GIG), while
important and valuable to ensuring architecture quality, are not
independently performed. As we have previously reported, independent
verification and validation is a recognized hallmark of well-managed
programs, including architecture programs.[Footnote 54] To be
effective, it should be performed by an entity that is independent of
the processes and products that are being reviewed to help ensure that
it is done in an unbiased manner and that is based on objective
evidence. Second, the scope of these internal review and validation
efforts only extends to a subset of GIG products and management
processes. According to our framework, independent verification and
validation should address both the architecture products and the
processes used to develop them.
2. While we acknowledge that GIG program plans provide for addressing
security, and our findings relative to the GIG reflect this, this is
not the case for DOD's Business Enterprise Architecture (BEA). More
specifically, how security will be addressed in the BEA performance,
business, information/data, application/service, and technology
products is not addressed in the BEA either by explicit statement or
reference. This finding relative to the BEA is consistent with our
recent report on DOD's Business System Modernization.[Footnote 55]
[End of section]
Appendix VII: Comments from the Department of Education:
United States Department of Education:
Office of Management:
JUN 21 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems:
U. S. Government Accountability Office:
441 G Street, NW Room 4085:
Washington, DC 20548:
Dear Mr. Hite:
Thank you for the opportunity to review the draft report Enterprise
Architecture: Leadership Remains Key To Establishing and Leveraging
Architectures for Organizational Transformation (GAO-06-831). The
Department of Education uses Enterprise Architecture (EA) as a
strategic planning tool to drive the Department's operational
performance and deliver business results. The Department has made
significant progress in improving its EA maturity, and plans to
continue its progress toward greater EA maturity.
Figure 6 of the report reflects that the Department needs to satisfy
five or fewer core elements in order to achieve an. "Optimized" score
of 5 in which all core elements are fully or partially satisfied. With
respect to these remaining core elements, the Department plans to take
the following steps:
* With respect to the "Committed or group representing the enterprise
is responsible for...approving EA" core element, the Department's
investment review board (IRB) charter will be amended to reflect this
responsibility more explicitly, and future IRB minutes will also
reflect this approval more explicitly.
* With respect to the "EA products and management processes undergo
independent verification and validation" core element, the Department
is considering the business need and available alternatives for
independent verification and validation of the Department's Enterprise
Architecture products and management processes.
* With respect to the ".the investment review board has approved
current version of EA" core element, future Department IRB meeting
minutes will more explicitly reflect the IRB's approval.
* With respect to the "Organization head has approved current version
of the EA" core element, the Department's IRB charter will be amended
to more explicitly reflect delegation of EA approval authority to the
Chief Operating Officer as the Chair of the Investment Review Board.
* With respect to the "Return on EA investment is measured and
reported" core element, the Department plans to implement a value
metrics framework to improve Return on Investment (ROI) and Value of
Investment (VOI) measurements in support of capital planning.
Again, thank you for the opportunity to review and comment on the draft
report. The Department is continuing to work to improve its Enterprise
Architecture.
Sincerely,
Signed by:
Michell Clark:
[End of section]
Appendix VIII: Comments from the Department of Energy:
Department of Energy:
Washington, DC 20585:
June 22, 2006:
Michael P. Holland:
Senior Information Technology Analyst:
U.S. Government Accountability Office:
441 G St, NW, Room 4Q26:
Washington, DC 20548:
Dear Mr. Holland:
We have reviewed the draft Government Accountability Office report
entitled, "Enterprise Architecture: Leadership Remains Key to
Establishing and Leveraging Architectures for Organizational
Transformation (GAO-06-831)" and concur with the report with no further
comment.
Thank you for the opportunity to participate in the development of this
report. If you have any questions, please contact Ms. Valerie Young at
(202)586-8853 or via email at valerie.young@hq.doe.gov.
Sincerely,
Signed by:
TheAnne Gordon:
Acting Associate Chief Information Officer for Information Technology
Reform:
[End of section]
Appendix IX: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
June 28, 2006:
Mr. Randolph C. Hite:
Director:
Information Technology Architecture and Systems Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Hite:
RE: Draft Report GAO-06-831, Enterprise Architecture: Leadership
Remains Key to Establishing and Leveraging Architectures for
Organizational Transformation (GAO Job Code 310604):
The Department of Homeland Security (DHS) appreciates the opportunity
to review and comment on the draft report. The Government
Accountability Office (GAO) recommends that DHS and 26 other major
departments and agencies ensure that our "respective enterprise
architecture programs develop and implement plans for fully satisfying
each of the conditions in [GAO's] enterprise architecture management
maturity framework." We have taken and continue to take steps to do so.
DHS is encouraged by GAO's recognition of the significant progress made
since GAO commented on the HLS Enterprise Architecture program in
2004[Footnote 56] and again last year when homeland security
information sharing was first added to the GAO High Risk
Series.[Footnote 57]
We were pleased to see your assessment in Table 5 that found DHS
already satisfies 75% of the Stage 4 elements and half of Stage 5
elements. In our mission to protect the homeland, issues of system
survivability and vulnerability affect information technology
investment choices in a way not necessarily applicable to many
agencies. Priority has been, of necessity, rightly given to our mission
of securing the homeland, during a period of natural disasters and a
very real war on terror.
DHS, as mentioned in prior GAO reports on the subject, has developed a
business process that reviews and evaluates planned investments for
compliance to a formal Enterprise Architecture vision as an integral
step in the annual budget development process. Since the development of
the 2005 High Risk report, DHS has made significant progress in
definition and management of appropriate information sharing
technologies, policies and procedures. Newly implemented initiatives,
[like Homeland Security Operations Center (HSOC), United States Public
and Private Partnership (USP-3), Integrated Public Alert and Warning
System (IPAWS), Emergency Data Exchange Language (EDXL) and National
Information Exchange Model Compliance (NIEM) standards, alongside
assessment efforts in Data Fusion, Screening, and Alerts and Warnings],
capitalize on technology investments with management of resources and
operating practices to improve processes based on previous GAO
findings.
The Department has moved to implement the philosophies of Enterprise
Architecture as a means to assuring mission performance, while
developing the Department and its functional infrastructure. To
continue to make progress in meeting all of its oversight requirements,
DHS would like to recommend that GAO work with the Office of Management
and Budget to coordinate and align their respective definitions of
Enterprise Architecture maturity. As the Department matures, so will
the architectural documents and formal procedures, but the success of
the mission must always be given priority to safeguard our nation.
We agree with GAO's assertion that the key to building upon our current
progress and status is executive leadership. We believe that based on
demonstrated progress to date such leadership exists at the Department
of Homeland Security.
We are providing technical comments to your office under separate
cover.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Liaison Office:
GAO Comments:
1. We acknowledge this recommendation and offer three comments in
response. First, we have taken a number of steps over the last 5 years
to coordinate our framework with OMB. For example, in 2002, we based
version 1.0 of our framework on the OMB-sponsored CIO Council Practical
Guide to Federal Enterprise Architecture,[Footnote 58] and we obtained
concurrence on the framework from the practical guide's principal
authors. Further, we provided a draft of this version to OMB for
comment, and in our 2002 report in which we assessed federal
departments and agencies against this version, we recommended that OMB
use the framework to guide and assess agency architecture
efforts.[Footnote 59] In addition, in developing the second version of
our framework in 2003,[Footnote 60] we solicited comments from OMB as
well as federal departments and agencies. We also reiterated our
recommendation to OMB to use the framework in our 2003 report in which
we assessed federal departments and agencies against the second version
of the framework.[Footnote 61]
Second, we have discussed alignment of our framework and OMB's
architecture assessment tool with OMB officials. For example, after OMB
developed the first version of its architecture assessment tool in
2004, we met with OMB officials to discuss our respective tools and
periodic agency assessments. We also discussed OMB's plans for issuing
the next version of its assessment tool and how this next version would
align with our framework. At that time, we advocated the development of
comprehensive federal standards governing all aspects of architecture
development, maintenance, and use. In our view, neither our framework
nor OMB's assessment tool provide such comprehensive standards, and in
the case of our framework, it is not intended to provide such
standards. Nevertheless, we plan to continue to evolve, refine, and
improve our framework, and will be issuing an updated version that
incorporates lessons learned from the results of this review. In doing
so, we will continue to solicit comments from federal departments and
agencies, including OMB.
Third, we believe that while our framework and OMB's assessment tool
are not identical, they nevertheless consist of a common cadre of best
practices and characteristics, as well as other relevant criteria that,
taken together, are complementary and provide greater direction to, and
visibility into, agency architecture programs than either does alone.
[End of section]
Appendix X: Comments from the Department of Housing and Urban
Development:
U.S. Department Of Housing And Urban Development:
Washington, D.C. 20410-3000:
The Chief Information Officer:
June 21, 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture And System Issue:
United States Government Accountability Office:
Dear Mr. Hite:
The Department of Housing and Urban Development (HUD) would like to
thank you for the opportunity to review and provide comments on the
Draft Enterprise Architecture (EA) Report GAO 310604. We are providing
the following comments on the report findings and recommended actions:
* We agree that our EA practice has been assessed accurately as a Stage
3 practice, and, in accordance with the report recommendations, we are
in the process of developing and implementing as EA program plan to
satisfy each of the core elements in the enterprise architecture
management maturity framework (EAMMF) in 2007.
* We request that information describing the status of HUD's security
architecture on page 27 and pages 35-36 of the draft report be written
to reflect work that is currently underway to develop an enterprise
security architecture. While we agree with a "Partial" assessment for
this Stage 4 core element, we believe that the attached information
(Attachment(s) 1) demonstrates that a security architecture will be
completed by January 2007, and will be reflected thoroughly and
consistently across each element of the Department's enterprise
architecture.
HUD is committed to ensuring the continued development of the
enterprise architecture program by implementing plans for fully
satisfying each of the conditions in GAO's enterprise architecture
management maturity framework.
Thank you again for the opportunity to review and comment on the draft
report. In the interim, if you have any questions regarding the
information provided please contact Beverly Hacker, Chief Architect,
Department of Housing and Urban Development, Office of the Chief
Information Officer on 202-708-0614 x 8338.
Attachment(s):
Sincerely yours,
Signed by:
Lisa Schlosser:
Chief Information Officer:
Attachment 1: Security Architecture Development:
The Department of Housing and Urban Development (HUD) recognizes the
importance of incorporating security into the Enterprise Architecture
(EA). Consequently, the Office of IT Security is in the process of
documenting the integration of security within each applicable element
of HUD's EA. As early as April 7, 2005, HUD initiated a project to
update the Technical Reference Model (TRM) to include security
products. The overall goal of this effort was not only intended to
identify applicable security products within the TRM, but also to begin
the process of fully integrating security within all applicable
elements of HUD's EA. Ultimately, the results of this project
contributed to an improvement in HUD's ability to protect systems and
the information that directly support the business needs of HUD.
The process included:
* Identification and integration of relevant security standards and
products into the HUD Technical Reference Model (TRM),
* Expansion of HUD's EA version 1.0's TRM to include recommended
security product upgrades, and:
* Identification and mapping of applicable TRM security products with
components, applications, and/or technologies within HUD's EA version
1.0's Business Reference Model (BRM) and Service Reference Model (SRM).
A follow-on project was initiated on Jan. 30, 2006 and is scheduled to
be completed by January 2007. This effort is intended to:
* Develop,a security architecture that supports the achievement of
HUD's business objectives, and:
* Incorporate IT security throughout the HUD EA.
This project further emphasizes the need to integrate security within
HUD's EA using principles that directly correlate to HUD's business
functions, recommended standards, applicable policies, best practices,
and technology trends. The principles and recommendations and work
being performed are driven by HUD's IT security policies and
procedures. The outcome of this project will produce the following:
* HUD's Baseline for Network Infrastructure Security Architecture,
* Security requirements within the components of the BRM,
* Identification of the security requirements for the SRM component,
* Security requirements for the TRM component,
* A process to continuously integrate security into HUD's EA, and:
* Formal HUD EA Security Architecture documentation.
To date, this project has yielded the following results:
* Identified Federal mandates, policies and guidelines and industry
best practices that are applicable for inclusion into HUD's Network
Infrastructure Security Architecture,
* Developed a preliminary list of legislation, regulations, guidelines,
and policies related to HUD EA/Security integration,
* Created an approach for EA/Security integration, and:
* Developed a list of potential EA/Security requirements from the BRM.
Lastly, HUD is dedicated to ensuring that the integration of security
into EA is a continuous process. This will enable refinement of the EA
as necessary to keep it aligned with federally mandated initiatives,
business strategy requirements, emerging standards, and changing
technology pertaining to security.
The results of this ongoing project, as well as any future integration
efforts, shall be fully in HUD's enterprise architecture commencing in
2007.
[End of section]
Appendix XI: Comments from the Department of the Interior:
United States Department of the Interior:
Office Of The Assistant Secretary:
Policy, Management And Budget:
Washington, DC 20240:
Jun 20 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems:
U.S. Government Accountability Office:
Washington, D.C. 20548:
Dear Mr. Hite:
Thank you for the opportunity to review and provide comments on the
U.S. Government Accountability Office's (GAO) draft report GAO-06-831
titled Enterprise Architecture - Leadership Remains Key to Establishing
and Leveraging Architecture for Organizational Transformation. The
Department of the Interior (DOI) has reviewed the report and considers
it reflective of the current state of maturity of its enterprise
architecture (EA) program with respect to the GAO's EA Management
Maturity Framework (EAMMF) Version l. l. The draft report identifies
that DOI has met 97% of all criteria within the maturity framework and
needs only to complete one criterion: "EA products and management
processes undergo Independent Verification and Validation" to achieve a
stage 5 maturity and satisfy 100% of all elements. To that end, DOI has
recently awarded a contract to conduct an independent verification and
validation (IV&V) of its EA program which will satisfy this remaining
element.
DOI takes the results of independent assessments and reviews of its EA
program seriously and incorporates recommendations for improvement to
continually mature its EA program. DOI is committed to utilizing its EA
to guide the overall management and maturation of its IT portfolio and
infrastructure to improve its overall mission performance.
If you have any questions, please contact W. Hord Tipton, DOI CIO, at
202-208-6194. Staff may contact Ms. Colleen Coggins, DOI Chief
Architect, at 202-208-5911.
Sincerely,
Signed by:
R. Thomas Weimer:
Assistant Secretary:
[End of section]
Appendix XII: Comments from the Department of Justice:
U.S. Department of Justice:
Washington, D.C. 20530:
Jun 21 2006:
Randolph C. Hite:
Director:
Information Technology Architecture and Systems Issues:
Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Hite:
Thank you for the opportunity to review and comment on the Government
Accountability Office's (GAO) draft report entitled "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation (GAO-06-831/310604).
The Department believes that your draft report accurately reflects the
state of our enterprise architecture (EA) program and our needed focus
areas for the future.
Overall, the feedback and analysis in this report is beneficial to our
program, and will help guide our efforts going forward. Of the seven
Core Elements in Stages 4 and 5 identified as partially or not
satisfied in the assessment, all are being analyzed and incorporated
into our plans for the program. In particular, the elements relating to
EA compliance and utilizing the EA in the investment process are a key
near-term focus of our program and we are making significant strides in
these areas. Also, we are establishing processes to capture and report
the impact of the EA program to allow us to demonstrate the return on
investment for the program.
We would also like to take this opportunity to address some potential
improvements for GAO's EA evaluation and oversight process from our
perspective. There are several areas that would assist us in
streamlining our responses and improve our EA program, including the
following:
* Align the GAO assessment criteria with the OMB framework - Although
there are many common themes between the two frameworks, the focus is
different many areas requiring us to develop separate submission
packages for evaluation. We also feel that there are some key areas in
the latest OMB framework, particularly relating to the use of the EA,
which could enhance the GAO framework.
* Incorporate the principles of federated and segmented architecture
development - this is a key principle of our program, as it is for most
large department level programs. This approach addresses the need to
collaborate with component or bureau-level EA programs to capture
mission specific requirements and institutionalize the program.
* Provide a mechanism to share best practices - The DOJ EA could
benefit from the insights that GAO gains through its evaluations of
programs across the federal government. Although programs need to be
tailored to the particular agencies, there are many foundational
elements that are common, and could be leveraged across multiple
agencies for greater efficiency.
Again, we appreciate the assessment and feedback of our EA program, and
we look forward to additional collaboration to assist us in further
improving our implementation of EA at DOJ. The DOJ EA program has made
significant strides over the past year, and we plan to continue with
this momentum and leverage the work to make a significant impact across
the Department.
If you have any questions regarding our comments, please contact
Richard P. Theis, Assistant Director, Audit Liaison Group on (202) 514-
0469.
Sincerely,
Signed by:
Vance E. Hitch:
Chief Information Officer:
GAO Comments:
1. See DHS comment 1 in appendix IX. Also, while we do not have a basis
for commenting on the content of the department's OMB evaluation
submission package because we did not receive it, we would note that
the information that we solicit to evaluate a department or agency
against our framework includes only information that should be readily
available as part of any well-managed architecture program.
2. We understand the principles of federated and segmented
architectures, but would emphasize that our framework is intentionally
neutral with respect to these and other architecture approaches (e.g.,
service-oriented). That is, the scope of the framework, by design, does
not extend to defining how various architecture approaches should
specifically be pursued, although we recognize that supplemental
guidance on this approach would be useful. Our framework was created to
organize fundamental (core) architecture management practices and
characteristics (elements) into a logical progression. As such, it was
intended to fill an architecture management void that existed in 2001
and thereby provide the context for more detailed standards and
guidance in a variety of areas. It was not intended to be the single
source of all relevant architecture guidance.
3. We agree, and believe that this report, by clearly identifying those
departments and agencies that have fully satisfied each core element,
serves as the only readily available reference tool of which we are
aware for gaining such best practice insights.
[End of section]
Appendix XIII: Comments from the Department of State:
United States Department of State:
Assistant Secretary for Resource Management and Chief Financial
Officer:
Washington, D.C. 20520:
Ms. Jacquelyn Williams-Bridgers:
Managing Director:
International Affairs and Trade:
Government Accountability Office:
441 G Street, N. W.
Washington, D.C. 20548-0001:
Jun 9 2006:
Dear Ms. Williams-Bridgers:
We appreciate the opportunity to review your draft report, "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation," GAO Job Code 310604.
The enclosed Department of State comments are provided for
incorporation with this letter as an appendix to the final report.
If you have any questions concerning this response, please contact Chan
Kim, IT Specialist, Bureau of Information Resource Management, at (202)
663-1066.
Sincerely,
Signed by:
Bradford R. Higgins:
cc: GAO - Mark Bird:
IRM - James Vanderhoff:
State/OIG - Mark Duda:
Department of State Comments on GAO Draft Report:
Enterprise Architecture: Leadership Remains Kev to Establishing and
Leveraging Architectures for Organizational Transformation, (GAO-06-
831, GAO Code 310604):
Thank you for the opportunity to comment on the GAO's report on
Enterprise Architecture: Leadership Remains Key to Establishing and
Leveraging Architectures for Organizational Transformation. The
Department of State agrees with the GAO findings and recommendations.
The Department is engaged in a unique Joint Enterprise Architecture
(JEA) effort to identify common areas of collaboration with the U.S.
Agency for International Development (USAID). This fact makes senior
management involvement essential in making Enterprise Architecture
decisions affecting the two agencies. This joint relationship adds
overall complexity to the effort as well. The Department's
Undersecretary for Management and USAID's Deputy Administrator chair
the Joint Management Council (JMC) executive committee. They have
endorsed the use of Enterprise Architecture methodology and have made
it a critical component of their evolving governance process.
We are providing comments to address the partially satisfied or
negative criteria in Table 1: Joint Enterprise Architecture
Satisfaction of EAMMF under Appendix IV: Detailed Assessments of
Individual Departments and Agencies.
Stage 2: Building the Enterprise Architecture (EA) management
foundation:
a. Committee or group representing the enterprise is responsible for
directing, overseeing, and approving EA:
GAO Comment: According to the chief architect, State, and USAID are
developing a governance plan that will describe management processes
for directing overseeing, and approving their EA. However, this plan is
not approved.
Dept EA Comment: The Joint Management Council (JMC) will approve the
Joint Enterprise Architecture (JEA) Governance plan as part of the JMC
Governance Plan.
b. EA being developed using a framework, methodology, and automated
tool:
GAO Comment: According to the chief architect, the EA is being
developed using a framework, methodology, and automated tool. However,
the methodology does not describe specific steps for the maintenance.
Dept EA Comment: The JEA Governance plan will support this function.
c. EA Plans call for developing metrics to measure EA progress,
quality, compliance, and return on investment:
GAO Comment: State and USAID have plans to measure and report EA
progress, quality and compliance. However, no plans for developing
metrics to measure EA return on investment were provided.
Dept EA Comment: The new JMC Governance process will provide an
opportunity to incorporate appropriate metrics to show EA return on
investment.
Stage 3: Developing EA products:
a. EA products are under configuration management:
GAO Comment: A draft configuration management plan for EA products has
been developed. However this plan has not been approved.
Dept EA Comment: The draft JEA configuration plan was submitted to OMB
in February 2006. It was approved by both State's and USAID's CIOs.
b. Progress against EA plans is measured and reported:
GAO Comment: State has limited reporting of EA progress. However,
progress is not measured and reported relative to an EA program plan.
Dept EA Comment: The Joint State/USAID EA Team reports its progress to
OMB on a quarterly basis. The JEA Team is also developing future EA
metrics to comply with GAO and OMB recommendations as part of its EA
Program Plan revision.
Stage 4: Completing EA products:
a. EA products and management processes undergo independent
verification and validation:
GAO Comment: According to the chief architect, EA products and
management processes have not undergone independent verification and
validation.
Dept EA Comment: Independent verification and validation will be
included as part of the JEA's new governance process. To our knowledge,
no federal agency EA products currently enjoy such scrutiny.
b. EA Products describe "as-is" environment, "to-be" environment, and
sequencing plan:
GAO Comment: EA products describe the "as-is" and "to-be" environments
as well as high level transition activities. However, a sequencing plan
for transitioning between the "as-is" and "to-be" environments is
currently under development.
Dept EA Comment: The revised JEA Transition Strategy will meet this
requirement.
c. Committee or group representing the enterprise or the investment
review board has approved the current version of EA:
GAO Comment: According to the chief architect, a committee or group
representing the enterprise has not approved the current version of the
EA.
Dept EA Comment: All previous and current versions of the JEA have been
approved by the executive offices of both State and USAID.
Stage 5: Leveraging the EA for management change:
a. Process exists to formally manage EA change.
GAO Comment: According to the chief architect, a process to formally
manage EA change does not exist.
Dept EA Comment: The draft JMC JEA Governance process will address this
requirement.
b. EA is an integral component of IT investment management process:
GAO Comment: According to the chief architect, EA is an integral
component of the IT investment management process. However, the
sequencing plan to guide investments is currently under development.
Dept EA Comment: The revised JEA Transition Strategy will meet this
requirement.
c. Organization head has approved current version of EA:
GAO Comment: According to the chief architect, the organization head
has not approved the current version of the EA.
Dept EA Comment: Both State's and USAID's CIOs have approved the
current version of the JEA. The new JMC Governance process will address
the issue of gaining Organization Head approval for future versions of
the JEA.
d. Return on EA investment is measured and reported:
GAO Comment: According to the chief architect, return on EA investment
is not measured and reported.
Dept EA Comment: The new JMC Governance process will provide an
opportunity to incorporate appropriate metrics to show EA return on
investment.
e. Compliance with EA is measured and reported:
GAO Comment: According to the chief architect, compliance with EA is
measured and reported and officials provided a description of how
compliance is to be measured. However, no documentation demonstrating
compliance reporting was provided.
Dept EA Comment: EA is an integral part of the CPIC process at State,
including providing project management training, evaluating and scoring
project proposals against EA alignment. EA IT Investment score-sheets
were provided to GAO as examples of EA/CPIC compliance.
GAO Comments:
1. We acknowledge the comment that both CIOs approved the configuration
management plan. However, the department did not provide us with any
documentation to support this statement.
2. We acknowledge the comment that the architecture has been approved
by State and USAID executive offices. However, the department did not
provide any documentation describing to which executive offices the
department is referring to allow a determination of whether they were
collectively representative of the enterprise. Moreover, as we state in
the report, the chief architect told us that a body representative of
the enterprise has not approved the current version of the
architecture, and according to documentation provided, the Joint
Management Council is to be responsible for approving the architecture.
3. We acknowledge that steps have been taken and are planned to treat
the enterprise architecture as an integral part of the investment
management process, as our report findings reflect. However, our point
with respect to this core element is whether the department's
investment portfolio compliance with the architecture is being measured
and reported to senior leadership. In this regard, State did not
provide the score sheets referred to in its comments, nor did it
provide any other evidence that such reporting is occurring.
[End of section]
Appendix XIV: Comments from the Department of the Treasury:
Department Of The Treasury:
Washington, D.C. 20220:
JUN 23 2006:
Mr. Michael P. Holland:
Senior Information Technology Analyst:
U.S. Government Accountability Office:
General Accounting Office:
441 G Street, N.W.
Washington, D.C. 20548:
Dear Mr. Holland:
Thank you for the opportunity to review and comment on the General
Accounting Office (GAO) draft report, "Leadership Remains Key to
Establishing and Leveraging Architectures for Organizational
Transformation (GAO Report # 06-831). Overall, our review of the
"Draft" report found the report to be consistent with our own
assessment of the Treasury Department's Enterprise Architecture at the
time of the GAO review.
The Department of Treasury recognized the need to take proactive steps
to mature its Enterprise Architecture program and took the following
affirmative steps in FY2005:
-Hired Executive (Associate Chief Information Officer for Electronic
Government) to develop and lead the Department's Enterprise
Architecture Program.
-Adopted the enterprise-wide repository toolset (Metis) to normalize
data collection and streamline the EA Department's Data Capture
requirements.
The above actions, in conjunction with effective leadership and
collaboration across the Department, resulted in Treasury receiving a
score of three out of a possible five on its Federal Enterprise
Architecture (FEA) Assessment. The score of three raised the
Department's rating from "Red" to "Yellow" in Enterprise Architecture
in the October 2005, President's Management Agenda, E-Government
Scorecard. The GAO report confirms and highlights the Department's need
to continue to provide executive leadership to the developing
Enterprise Architecture program, and to codify the program into
Departmental policy. The Department is committed to continuing the
Enterprise Architecture maturation process and, subsequently,
identified a vendor to perform an Independent Verification and
Validation of the Departments Enterprise Architecture \program. A key
deliverable from the IV&V is a comprehensive "Gap Analysis". The Chief
Enterprise Architect utilizing the "Gap Analysis" will identify Program
deficiencies, and formulate appropriate mitigation strategies to
continue maturing the Treasury "One Enterprise Architecture".
Thank you again for the opportunity to review the "Draft" GAO report.
If you have any questions regarding these comments, please contact me
at (202) 622-1200 or via e-mail at Lawrence.Gross@do.Treas.gov.
Signed by:
Lawrence Gross:
Associate CIO E-Government:
Office of the Chief Information Officer:
U.S. Department of the Treasury:
[End of section]
Appendix XV: Comments from the Department Veterans Affairs:
The Deputy Secretary Of Veterans Affairs:
Washington:
June 21, 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
Information Technology Team:
U. S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Hite:
The Department of Veterans Affairs (VA) has reviewed your draft report,
Enterprise Architecture: Leadership Remains Key to Establishing and
Leveraging Architectures for Organizational Transformation (GAO-06
831). VA concurs with your recommendation that VA's enterprise
architecture programs develop and implement plans for fully satisfying
each of the conditions in the Government Accountability Office's (GAO)
enterprise architecture management maturity framework. The Department
will provide a detailed plan to implement GAO's recommendation when
commenting on your final report.
VA appreciates the opportunity to comment on your draft report.
Sincerely yours,
Signed by:
Gordon H. Mansfield:
[End of section]
Appendix XVI: Comments from the Environmental Protection Agency:
United States Environmental Protection Agency:
Washington, D.C. 20460:
Jun 20 2006:
Office Of Environmental Information:
Mr. Randolph C. Hite, Director:
Information Technology Architecture and Systems Issues:
U.S. General Accountability Office:
441 G Street, NW:
Washington, D.C. 20548:
Dear Mr. Hite:
Thank you for the opportunity to respond to the U.S. General Accounting
Office (GAO) draft Report to Congressional Requesters "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation" GAO-06-831). The U.S.
Environmental Protection Agency (EPA) is pleased to note that the
reviewers acknowledge the Agency's significant efforts to mature the
management of its Enterprise Architecture (EA) Program. The Agency
agrees with the reviewers' findings on most of the EA Management
Maturity Framework (EAMMF) core elements. However, the current
assessment of some core elements does not accurately reflect our true
status. EPA formally requests that GAO reconsider its assessment before
issuance of the final Report. We recognize the complexity of GAO's
task, and provide the following evidence and rationale for changing
EPA's assessment from the current Stage 1 to Stage 3.
EA Committee (2.2) - EPA's Quality Information Council (QIC) is the
Agency oversight committee for the Enterprise Architecture and is
responsible for directing, overseeing, and approving the EA. The QIC
operates a formal integrated process for all quality and information
management responsibilities as a corporate board of Agency senior
executives, including the Chief Financial Officer and the CIO. All EA
management decisions are brought to QIC and I, as CIO and QIC Chair,
have the authority to approve the QIC's direction and oversight of the
Enterprise Architecture. The `CIO Delegation of authority' and the `QIC
Charter' formally document this statement.
EA Methodology (2.5) - EPA's EA methodology does include steps for
maintaining the architecture, which were documented and approved within
the official 2002 release of the EPA EA as the EPA EA Practice and
Proposed Policy, and the EPA EA Approach. EPA has since established
formal 'EA Policy' and 'EA Governance Procedure' which further
authorizes and requires the use of a standardized EA methodology,
framework, and automated toolset for the update and maintenance of the
EA.
EA Progress Measurement (3.6) - EPA's EA Transition Strategy and
Sequencing Plan illustrates how EPA's progress in building out the
target architecture is documented arid measured. The principle metric
used was the rate of incorporation of EPA's shared service components
in the individual business cases within the IT Portfolio. This metric
was reported to the Chief Architect, the CIO, and to OMB. Additionally,
progress against EPA's EA Project Plan is tracked and reported to Chief
Architect and CIO representatives on a monthly basis.
Also, EPA's EA management is more mature on two Stage 5 core elements
than this report reflects: EPA's IT investments do comply with EPA's
EA, and the EA change management process is more mature than stated.
However, we recognize that there is one Stage 4 core element that has
not yet been achieved, and thus our maturity assessment is
appropriately a `3' on this scale.
EPA requests that GAO revise the assessment to reflect EPA's EA
maturity at Stage 3 before issuing the final report. All of the above
referenced supportive materials have been provided to GAO in previous
responses to this assessment inquiry. We would be happy to guide GAO to
some specific language in the documentation we have provided that
substantiates the above rationale.
Again, thank you for the opportunity to respond to this important
report. EPA is proud of our successful Enterprise Architecture as
recognized by OMB's "green" EA maturity assessment in 2006. We consider
this GAO assessment to be a valuable benchmarking exercise that will
help us improve our performance. If you have any questions relating to
this information, please contact Steve Tiber, EPA-GAO Liaison, at 202-
564-5184.
Sincerely,
Signed by:
Linda A. Travers:
Acting Assistant Administrator and Chief Information Officer:
cc: Maryann Froehlich, Acting CFO:
GAO Comments:
1. We agree and have modified our report to recognize evidence
contained in the documents.
2. We do not agree. The 2002 documents do not contain steps for
architecture maintenance. Further, evidence was not provided
demonstrating that the recently prepared methodology documents were
approved prior to the completion of our evaluation.
3. We do not agree. While we do not question whether EPA's EA
Transition Strategy and Sequencing Plan illustrates how annual progress
in achieving the target architectural environment is measured and
reported, this is not the focus of this core element. Rather, this core
element addresses whether progress against the architecture program
management plan is tracked and reported. While we acknowledge EPA's
comment that it tracks and reports such progress against plans on a
monthly basis, neither a program plan nor reports of progress against
this plan were provided as documentary evidence to support this
statement.
4. We do not agree. First, while EPA's IT investment management process
provides for consideration of the enterprise architecture in investment
selection and control activities, no evidence was provided
demonstrating that the process has been implemented. Second, while EPA
provided a description of its architecture change management process,
no evidence was provided that this process has been approved and
implemented.
[End of section]
Appendix XVII: Comments from the General Services Administration:
GSA:
GSA Administrator:
July 14, 2006:
The Honorable David M. Walker:
Comptroller General of the United States:
Government Accountability Office:
Washington, DC 20548:
Dear Mr. Walker:
Thank you for the opportunity to respond to the Government
Accountability Office (GAO) draft report entitled: "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation" (GAO-06-831). We are
proud that GSA has achieved significant progress in implementing an
agency wide enterprise architecture and anticipate realizing
significant benefits from this effort. We have reviewed the draft
report and we concur with the recommendation contained in the report
that each agency "ensure that their respective enterprise architecture
programs develop and implement plans for fully satisfying each of the
conditions in the GAO enterprise architecture management maturity
framework."
In particular, the table 1, in Appendix IV, indicating GSA's
satisfaction of framework elements, will be critical as we work in
fiscal year 2007 to further implement core elements of the Enterprise
Architecture Framework.
Should you have any questions regarding this matter, please feel free
to contact me. Staff inquiries may be directed to Mrs. Viola Hubbard,
Audits, Office of the Chief Information Officer, on (202) 208-6155.
Sincerely,
Signed by:
Lurita Doan:
Administrator:
U.S. General Services Administration:
1800 F Street, NW:
Washington, DC 20405-0002
Telephone: (202) 501-0800:
Fax: (202) 219-1243:
www.gsa.gov:
[End of section]
Appendix XVIII: Comments from the National Aeronautics and Space
Administration:
National Aeronautics and Space Administration:
Office of the Administrator:
Washington, DC 20546-0001:
June 15, 2006:
Mr. Randolph C. Hite Director:
Information Technology Architecture and Systems Issues:
United States Government Accountability Office:
Washington, DC 20548:
Dear Mr. Hite:
NASA has reviewed the draft Government Accountability Office (GAO)
report "Enterprise Architecture: Leadership Remains Key to Establishing
and Leveraging Architectures for Organizational Transformation" (GAO-
06-831). Thank you for the opportunity to provide comments on the
recommendations in the draft report.
The draft report contains one recommendation addressed to several
Government entities, including NASA, that recommends these agencies,
"ensure that their respective enterprise architecture programs develop
and implement plans for fully satisfying each of the conditions in
[GAO's] enterprise architecture management maturity framework."
NASA concurs with this recommendation. The NASA Administrator continues
to fully support the efforts of the NASA Chief Enterprise Architect to
develop and implement the NASA Enterprise Architecture. NASA remains
committed to achieving Stage 5 of GAO's Enterprise Architecture
management maturity framework.
If you have any questions, or require additional information, please
contact Dr. John McManus, NASA Chief Enterprise Architect, at (202) 358-
1802 or Mr. Ken Griffey, NASA Deputy Chief Enterprise Architect,
located at the Marshall Space Flight Center, at (228) 813-6209.
Sincerely,
Signed by:
Shana Dale:
Deputy Administrator:
[End of Section]
Appendix XIX: Comments from the Social Security Administration:
Social Security Administration:
The Commissioner:
June 20, 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, D.C. 20548:
Dear Mr. Hite:
Thank you for the opportunity to review the draft report, "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation" (GAO-06-831). Our
comments are enclosed.
If you have any questions, please have your staff contact Candace
Skurnik, Director, Audit Management and Liaison Staff, at (410) 965-
4636.
Sincerely,
Signed by:
JoAnne B. Barnhart:
Enclosure:
Social Security Administration Baltimore MD 21235-0001:
Comments Of The Social Security Administration (SSA) On The Government
Accountability Office (GAO) Draft Report, "Enterprise Architecture:
Leadership Remains Key To Establishing And Leveraging Architectures For
Organizational Transformation (GAO-06-831):
Thank you for the opportunity to review and provide comments on this
GAO draft report. We appreciate GAO's effort to evaluate the state of
enterprise architecture (EA) within the major federal government
departments and agencies. This information is both informative and
useful in the strategic planning of our EA program. We agree with GAO's
conclusions and recommendation for executive action contained in this
GAO report.
GAO Recommendation:
To assist departments and agencies in addressing enterprise
architecture challenges, managing their architecture programs, and
realizing architecture benefits, GAO recommends that SSA ensure that
its enterprise architecture program develop and implement plans for
fully satisfying each of the conditions of GAO's enterprise
architecture management maturity framework.
SSA Comment:
We agree. We have formed an Enterprise Architecture Governance
Committee and have dedicated EA staff to ensure continued development
and maturity of our EA program in accordance with GAO's Enterprise
Architecture Management Maturity Framework (EAMMF) and the Federal
Enterprise Architecture Program Management Office EA Assessment
Framework 2.0 requirements.
Since the time this GAO effort was completed, we have improved and
documented our EA framework, models, documentation and implementation.
As a result, the Office of Management and Budget (OMB) scored SSA's
Framework 2.0 assessment as Green in all categories (Completion, Use
and Results) during OMB's March 2006 review.
Other Comments:
We have the following comments on the Appendix IV table pertaining to
SSA with regard to SSA satisfaction of core elements of the noted EAMMF
stages.
Satisfaction of Stage 2 Core Element - "EA is being developed using a
framework methodology, and automated tool"
The GAO report states in the Appendix IV table (and also on page 24)
that the SSA EA methodology does not describe the steps for developing,
maintaining and validating the Agency's EA. We disagree. The Enterprise
Architecture Governance Committee charter and the formal Configuration
Management Plans previously submitted to GAO follow full Systems
Development Life Cycle practices and thus adequately describe the steps
for developing, maintaining and validating the Agency's EA.
Satisfaction of Stage 5 Core Element - " Organization head has approved
current version of EA"
The GAO report states SSA did not provide documentation delegating EA
approval authority from the organization head to the Chief Information
Officer (CIO). We believe the Clinger-Cohen Act of 1996, and
specifically 40 U.S.C. 11315, vests the Agency CIO with that authority
and therefore, no formal delegation in writing from the Agency head to
the CIO is required.
In consideration of the above comments concerning Stages 2 and 5, it
appears from GAO's evaluation and comments that if the Stage 2 core
element discussed above is satisfied by the referenced documents, then
SSA's EA Maturity level would rise from a "1" to a "4" for the stage
where all elements are fully satisfied.
It also follows that if the Stage 5 core element discussed above is
satisfactory, then SSA's EA Maturity level would rise from "4" to "5"
in the stage where all elements are at least partially satisfied.
GAO Comments:
1. We do not agree. Neither the governance committee charter nor the
configuration management plan explicitly describe a methodology that
includes detailed steps to be followed for developing, maintaining, and
validating the architecture. Rather, these documents describe, for
example, the responsibilities of the architecture governance committee
and architecture configuration management procedures.
2. We do not agree. The core element in our framework concerning
enterprise architecture approval by the agency head is derived from
federal guidance and best practices upon which our framework is based.
This guidance and related practices, and thus our framework, recognize
that an enterprise architecture is a corporate asset that is to be
owned and implemented by senior management across the enterprise, and
that a key characteristic of a mature architecture program is having
the architecture approved by the department or agency head. Because the
Clinger-Cohen Act does not address approval of an enterprise
architecture, our framework's core element for agency head approval of
an enterprise architecture is not inconsistent with, and is not
superseded by, that act.
[End of section]
Appendix XX: Comments from the U.S. Agency for International
Development:
USAID:
From The American People:
June 22, 2006:
Randolph C. Hite, Director:
Information Technology Architecture and Systems Issues:
U.S. Government Accountability Office:
441 G Street, N.W.
Washington, D.C. 20548:
Dear Mr. Hite:
I am pleased to provide the U.S. Agency for International Development's
(USAID) formal response on the draft GAO report entitled "Enterprise
Architecture: Leadership Remains Key to Establishing and Leveraging
Architectures for Organizational Transformation (GAO-06-831)" (August
2006).
By OMB direction, the Agency is focusing most of its resources in
developing a Joint Department of State and USAID Enterprise
Architecture. As both agencies now receive a combined Annual EA
Assessment, we will work together to implement the recommendations from
this report.
Thank you for the opportunity to respond to the GAO draft report and
for the courtesies extended by your staff in the conduct of this
review.
Sincerely,
Signed by:
David Ostermeyer:
Acting Chief Financial Officer:
U.S. Agency for International Development:
U.S. Agency for International Development:
1300 Pennsylvania Avenue, NW:
Washington, DC 20523:
www.usaid.gov:
[End of section]
Appendix XXI GAO Contact and Staff Acknowledgements:
GAO Contact:
Randolph C. Hite, (202) 512-3439:
Staff Acknowledgments:
In addition to the person named above, Edward Ballard, Naba Barkakati,
Mark Bird, Jeremy Canfield, Jamey Collins, Ed Derocher, Neil Doherty,
Mary J. Dorsey, Marianna J. Dunn, Joshua Eisenberg, Michael Holland,
Valerie Hopkins, James Houtz, Ashfaq Huda, Cathy Hurley, Cynthia
Jackson, Donna Wagner Jones, Ruby Jones, Stu Kaufman, Sandra Kerr,
George Kovachick, Neela Lakhmani, Anh Le, Stephanie Lee, Jayne
Litzinger, Teresa M. Neven, Freda Paintsil, Altony Rice, Keith Rhodes,
Teresa Smith, Mark Stefan, Dr. Rona Stillman, Amos Tevelow, and
Jennifer Vitalbo made key contributions to this report.
(310604):
FOOTNOTES
[1] An enterprise architecture is a blueprint for organizational change
defined in models that describe (in both business and technology terms)
how the entity operates today and how it intends to operate in the
future; it also includes a plan for transitioning to this future state.
[2] GAO, Information Technology: A Framework for Assessing and
Improving Enterprise Architecture Management (Version 1.1), GAO-03-
584G (Washington, D.C.: April 2003).
[3] Our analysis reflects the state of department and agency
architecture efforts as of March 2006.
[4] GAO-03-584G.
[5] The Department of Defense submitted a single letter that included
comments from the Departments of the Air Force, Army, and Navy.
Representatives of the Departments of Health and Human Services and
Transportation stated that they did not have comments.
[6] See, for example, GAO, Homeland Security: Efforts Under Way to
Develop Enterprise Architecture, but Much Work Remains, GAO-04-777
(Washington, D.C.: Aug. 6, 2004);
DOD Business Systems Modernization: Limited Progress in Development of
Business Enterprise Architecture and Oversight of Information
Technology Investments, GAO-04-731R (Washington, D.C.: May 17, 2004);
Information Technology: Architecture Needed to Guide NASA's Financial
Management Modernization, GAO-04-43 (Washington, D.C.: Nov. 21, 2003);
DOD Business Systems Modernization: Important Progress Made to Develop
Business Enterprise Architecture, but Much Work Remains, GAO-03-1018
(Washington, D.C.: Sept. 19, 2003);
and Information Technology: DLA Should Strengthen Business Systems
Modernization Architecture and Investment Activities, GAO-01-631
(Washington, D.C.: June 29, 2001).
[7] J. A. Zachman, "A Framework for Information Systems Architecture,"
IBM Systems Journal vol. 26, no. 3 (1987).
[8] The windows include (1) the strategic planner, (2) the system user,
(3) the system designer, (4) the system developer, (5) the
subcontractor, and (6) the system itself.
[9] The models cover (1) how the entity operates, (2) what the entity
uses to operate, (3) where the entity operates, (4) who operates the
entity, (5) when entity operations occur, and (6) why the entity
operates.
[10] Similar to the Zachman framework, FEAF's proposed models describe
an entity's business, data necessary to conduct the business,
applications to manage the data, and technology to support the
applications.
[11] 40 U.S.C. sections 11101-11703.
[12] GAO, Weather Forecasting: Systems Architecture Needed for National
Weather Service Modernization, GAO/AIMD-94-28 (Washington, D.C.: Mar.
11, 1994).
[13] GAO, Air Traffic Control: Complete and Enforced Architecture
Needed for FAA Systems Modernization, GAO/AIMD-97-30 (Washington, D.C.:
Feb. 3, 1997).
[14] GAO, Tax Systems Modernization: Blueprint Is a Good Start but Not
Yet Sufficiently Complete to Build or Acquire Systems, GAO/AIMD/GGD-98-
54 (Washington, D.C.: Feb. 24, 1998).
[15] GAO, Student Financial Aid Information: Systems Architecture
Needed to Improve Programs' Efficiency, GAO/AIMD-97-122 (Washington,
D.C.: July 29, 1997).
[16] GAO, Customs Service Modernization: Architecture Must Be Complete
and Enforced to Effectively Build and Maintain Systems, GAO/AIMD-98-70
(Washington, D.C.: May 5, 1998).
[17] GAO, Information Technology: INS Needs to Better Manage the
Development of Its Enterprise Architecture, GAO/AIMD-00-212
(Washington, D.C.: Aug. 2000).
[18] GAO, Medicare: Information Systems Modernization Needs Stronger
Management and Support, GAO-01-824 (Washington, D.C.: Sept. 20, 2001).
[19] GAO, Federal Aviation Administration: Stronger Architecture
Program Needed to Guide Systems Modernization Efforts, GAO-05-266
(Washington, D.C.: April 2005).
[20] GAO, Information Technology: FBI is Taking Steps to Develop an
Enterprise Architecture, but Much Remains to Be Accomplished, GAO-05-
363 (Washington, D.C.: Sept. 9, 2005).
[21] GAO, Information Technology: Terrorist Watch Lists Should Be
Consolidated to Promote Better Integration and Sharing, GAO-03-322
(Washington, D.C.: April 15, 2003).
[22] GAO, Information Technology: Architecture Needed to Guide
Modernization of DOD's Financial Operations, GAO-01-525 (Washington,
D.C.: May 17, 2001).
[23] GAO-01-631.
[24] GAO, Combat Identification Systems: Strengthened Management
Efforts Needed to Ensure Required Capabilities, GAO-01-632 (Washington,
D.C.: June 25, 2001).
[25] GAO, DOD Business Systems Modernization: Improvements to
Enterprise Architecture Development and Implementation Efforts Needed,
GAO-03-458 (Washington, D.C.: Feb. 28, 2003);
Information Technology: Observations on Department of Defense's Draft
Enterprise Architecture, GAO-03-571R (Washington, D.C.: Mar. 28, 2003);
DOD Business Systems Modernization: Longstanding Management and
Oversight Weaknesses Continue to Put Investments at Risk, GAO-03-553T
(Washington, D.C.: Mar. 31, 2003);
Business Systems Modernization: Summary of GAO's Assessment of the
Department of Defense's Initial Business Enterprise Architecture, GAO-
03-877R (Washington, D.C.: July 7, 2003);
DOD Business Systems Modernization: Long-Standing Weaknesses in
Enterprise Architecture Development Need to Be Addressed, GAO-05-702
(Washington, D.C.: July 22, 2005).
[26] GAO, Information Technology: Enterprise Architecture Use across
the Federal Government Can Be Improved, GAO-02-6 (Washington, D.C.:
Feb. 19, 2002).
[27] GAO, Information Technology: Leadership Remains Key to Agencies
Making Progress on Enterprise Architecture Efforts, GAO-04-40
(Washington, D.C.: Nov. 17, 2003).
[28] A score of 0 means undefined, 1 means initial, 2 means managed, 3
means utilized, 4 means results-oriented, and 5 means optimized.
[29] GAO-03-584G.
[30] CIO Council, A Practical Guide to Federal Enterprise Architecture,
Version 1.0 (February 2001).
[31] This set of products is consistent with OMB's federal enterprise
architecture reference models.
[32] See, for example, GAO-01-525, GAO-03-458, GAO-04-731R, GAO-05-702,
and GAO, DOD Business Systems Modernization: Important Progress Made in
Establishing Foundational Architecture Products and Investment
Management Practices, but Much Work Remains, GAO-06-219 (Washington,
D.C.: Nov. 23, 2005).
[33] GAO-05-702.
[34] Partially satisfied means that a department or agency has
addressed some, but not all, aspects of the core element.
[35] GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity. GAO-04-394G. (Washington,
D.C.: Mar. 2004).
[36] GAO, High Risk Series: An Update. GAO-05-207. (Washington, D.C.:
Jan. 2005).
[37] Representatives from the Departments of Health and Human Services
and Transportation stated that they did not have comments.
[38] The Departments of the Army and Justice did not provide cost data.
[39] The "other" cost category includes costs that cannot be allocated
to the other categories.
[40] The "other" cost category is intended to include costs that cannot
be allocated to the categories we specified.
[41] GAO-03-584G.
[42] The "other" tool category is intended to include various tools
that were not listed on our survey.
[43] Other tools reported by the departments and agencies include:
Adaptive Information Technology Portfolio Manager, Adaptive-USDA EA
Repository, Caliber-RM, Catalyze by SteelTrace, Defense Architecture
Repository System (DARS), DARS MS Office, Embarcadero-ER Studio, Erwin,
FRA Portal, MS Word, OMG Component Collaborative Architecture
(Component X Tool), ProSight, Serena Tracker and Version Manager.
[44] This framework was issued in September 1999 by the federal CIO
Council.
[45] Some agencies and departments did not indicate their level of
satisfaction or dissatisfaction with the framework(s) they reported
using.
[46] The number of responses regarding frameworks is larger than the
number of agencies surveyed because some agencies reported using more
than one framework.
[47] This Act requires 24 departments and agencies to establish chief
financial officers. See 31 U.S.C. section 901.
[48] GAO-03-584G.
[49] Office of Management and Budget, Management of Federal Information
Resources, Circular A-130 (Nov. 28, 2000).
[50] Chief Information Officers Council, Federal Enterprise
Architecture Framework, Version 1.1 (September 1999) and Chief
Information Officers Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001).
[51] GAO-02-6;
GAO-04-40;
and, for example, GAO-03-1018, GAO-04-777, GAO-05-702, GAO-06-219.
[52] The Social Security Administration was the only agency to decline
such an initial meeting.
[53] The Department of Defense submitted updated information to
Congress about its Business Enterprise Architecture on March 15, 2006.
This information was also considered as part of our evaluation.
[54] GAO-03-584G
[55] GAO. Business Systems Modernization: DOD Continues to Improve
Institutional Approach, but Further Steps Needed, GAO-06-658. (May 15,
2006).
[56] GAO, Homeland Security: Efforts Under Way to Develop Enterprise
Architecture but Much Work Remains, GAO-04-777.
[57] GAO, High Risk Series: An Update, GAO-05-207.
[58] CIO Council, A Practical Guide to Federal Enterprise Architecture,
Version 1.0 (February 2001).
[59] GAO-02-6
[60] GAO-03-584G
[61] GAO-04-40
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548: