DOD Business Systems Modernization
View the 2019 Report
DOD spends billions of dollars each year to acquire modernized systems, including ones that address key areas such as personnel, financial management, health care, and logistics. While DOD’s capacity for modernizing its business systems has improved over time, significant challenges remain. We first added this area to our High-Risk List in 1995.
This high-risk area includes three critical challenges facing DOD: (1) improving business system acquisition management, (2) improving business system investment management, and (3) leveraging DOD’s federated business enterprise architecture.
Improving business system acquisition management would contribute to better cost, schedule, and performance outcomes for DOD systems. Improving business system investment management would allow DOD to more effectively and efficiently manage its portfolios of business system investments. Enhanced use of its federated business enterprise architecture would help DOD identify and address potential duplication and overlap across its business systems environment.
Since our 2017 High-Risk Report, DOD has made improvements in this high-risk area by moving from a not met rating on the action plan criterion to a partially met rating. The department accomplished this by developing a plan for making improvements to its business enterprise architecture. However, DOD lacks a plan to address both the business system acquisition management and investment management process segments of this high-risk area.
Our assessment of the leadership, capacity, monitoring, and demonstrated progress criteria remains partially met.
DOD’s Business System Acquisition Management
Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2017, with DOD partially meeting three criteria elements and not meeting the remaining two.
Leadership commitment: partially met. Since our 2017 High-Risk Report, DOD has developed updated policy and guidance for managing business system investments that reflects changes called for by the National Defense Authorization Act for Fiscal Year 2016.
In addition, DOD’s April 2018 National Defense Business Operations Plan included a commitment that it would establish quantifiable measures for improvements to the business system environment by the end of fiscal year 2018, but DOD did not demonstrate that it established such metrics as planned. DOD has also faced frequent turnover in leadership positions associated with managing its business system investments and has not yet demonstrated how it intends to implement legislative provisions designating the chief management officer (CMO) as the chief information officer (CIO) for all DOD business systems. Regarding the legislative provisions, in November 2018, the acting CMO stated that she has a collaborative relationship with the DOD CIO and they are working to define their respective responsibilities
Capacity: not met. The Office of the CMO, which establishes policy and guidance for business system investments and oversees a subset of business system investments, has not demonstrated that it has conducted a human capital analysis, as we recommended in May 2013. In addition, the Office of the CMO does not have a plan to analyze and address skill gaps, thus limiting its capacity to lead improvement initiatives in these areas.
In August 2018, we reported that the DOD CIO had only partially addressed roles and responsibilities associated with its information technology (IT) workforce, such as (1) annually assessing the extent to which DOD personnel meet IT management knowledge and skill requirements, and (2) developing strategies for hiring and training to rectify any knowledge and skill deficiencies.
Action plan: not met. DOD continues to lack a plan that includes specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated timeframes.
Monitoring: partially met. DOD has begun to leverage the federal IT Dashboard to document progress in improving its business system acquisition outcomes. However, without an approved action plan for addressing gaps described in this segment of the high-risk area, DOD lacks the means to monitor broader progress in making improvements to its business system acquisition management efforts.
Demonstrated progress: partially met. Since our 2017 High-Risk Report, DOD has had mixed success in delivering business system investments that meet cost, schedule, and performance commitments. For example, we reported in May 2018 that the Global Combat Support System–Army met all six of its performance targets but was delayed by 10 months. We also reported that the Defense Enterprise Accounting and Management System Increment 1 met three out of four performance targets but increased in cost by 60 percent.
In addition, DOD has made progress in addressing certain of our recommendations associated with making improvements in this area. For example, since February 2017, DOD has implemented recommendations aimed at addressing best practices in risk management, project monitoring, and IT acquisition for a subset of its business system investments. DOD has also made progress in addressing recommendations associated with implementing incremental development.
However, DOD still needs to address our long-standing recommendations associated with the establishment of timelines and issue monitoring that impact efficient and effective use of other specific systems, and another recommendation aimed at making further improvements associated with its use of incremental development.
DOD’s Business System Investment Management Process
Ratings for this segment remain unchanged since our 2017 High-Risk Report, with DOD partially meeting three criteria and not meeting the remaining two.
Leadership commitment: partially met. DOD has made progress complying with legislative provisions for managing business system investments in the National Defense Authorization Act for Fiscal Year 2016, but more remains to be done.
In addition, DOD has faced frequent turnover in leadership positions associated with managing its business system investments, and it has not yet demonstrated how it intends to implement legislative provisions designating the CMO as the CIO for all DOD business systems.
Capacity: partially met. DOD has established an investment review board and guidance for overseeing its largest business system investments. However, as we reported in April 2018, required guidance has yet to be developed at all levels throughout the agency. In addition, the Office of the CMO has not demonstrated that it has conducted a human capital analysis as we recommended in May 2013, and does not have a plan to analyze and address skill gaps.
Action plan: not met. DOD continues to lack a plan with specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated timeframes.
Monitoring: not met. Without an approved action plan for addressing this segment of the high-risk area, DOD lacks a means to monitor progress in making improvements to its business system investment management process.
Demonstrated progress: partially met. Since our 2017 High-Risk Report, DOD has taken steps to improve its business system investment management process by addressing some associated recommendations. For example, DOD has defined criteria for reviewing defense business systems at an appropriate level based on factors such as cost and risk, in support of the business system certification and approval process. However, DOD needs to show continued progress in addressing our remaining associated recommendations, such as developing improved investment management guidance and functional strategies, including measurable targets over the next 3 to 5 years.
DOD’s Federated Business Enterprise Architecture
Ratings for this segment have improved for two of the five high-risk criteria elements since our 2017 High-Risk Report.
Leadership commitment: partially met. Since our 2017 High-Risk Report, DOD’s assistant deputy CMO approved an improvement plan for DOD’s business enterprise architecture (i.e., description of DOD’s current and future business environment and plans for transitioning to the future environment).This plan is intended to improve DOD’s ability to achieve architecture-related outcomes, including identifying and reusing existing systems across the department. The plan demonstrates that DOD leadership is committed to making needed improvements. However, DOD has faced frequent turnover in leadership positions associated with managing its business system investments, and has not yet demonstrated how it will implement legislative provisions designating the CMO as the CIO for all DOD business systems.
Capacity: met. As reported in our 2017 High-Risk Report, DOD has met the criterion for capacity. In particular, it has established tools and processes that are intended to improve its efforts to identify potentially duplicative systems.
Action plan: partially met. DOD has developed a project plan for how it will make improvements to its business enterprise architecture. However, it has not revised its plan to reflect updated milestones.
Monitoring: partially met. DOD has developed a plan for making needed improvements to its business enterprise architecture and receives monthly contractor status reports. However, monthly reports do not discuss progress relative to the plan and the plan has not been revised to reflect updated milestones.
Demonstrated progress: partially met. DOD has established the capacity to identify potentially duplicative investments and has developed a plan to further improve its capacity. DOD has also provided examples of benefits attributed, at least in part, to its business enterprise architecture. Nevertheless, DOD has not yet demonstrated that it is actively and consistently using assessments of potential duplication and overlap to eliminate duplicative systems. DOD’s business architecture improvement plan acknowledges this gap and identifies steps it intends to take to improve its ability to use the business enterprise architecture to achieve its intended goals.
DOD’s Business System Acquisition Management
- developing an action plan for addressing this high-risk area;
- following through with its commitment to develop measures to demonstrate improvements in its business systems environment;
- demonstrating improved success in meeting business system cost, schedule, and performance expectations; and
- addressing our various open recommendations associated with this high-risk area, including recommendations aimed at improving human capital management, CIO oversight of IT, incremental development, and recommendations associated with specific business systems.
DOD’s Business System Investment Management Process
- taking a strategic approach to human capital management for the Office of the CMO,
- improving investment management policy and guidance at all levels of the organization, and
- ensuring that functional strategies include all of the critical elements identified in DOD investment management guidance.
DOD’s Federated Business Enterprise Architecture
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this high-risk issue, 10 of which were made since the last high-risk update in February 2017. As of December 2018, 27 recommendations are open. DOD needs to continue to execute its plan for making needed improvements to its business enterprise architecture and demonstrate that it is actively and consistently using assessments of potential duplication and overlap to identify and eliminate duplicative systems.
-
- Carol C. Harris
- Director, Information Technology
- harriscc@gao.gov
- (202) 512-4456
