DOD Business Systems Modernization
The Department of Defense (DOD) spends billions of dollars each year to acquire modernized systems that are fundamental to achieving its business transformation goals, including systems that address key areas such as personnel, financial management, health care, and logistics. While DOD’s capacity for modernizing its business systems has improved over time, significant challenges remain. These challenges include fully defining and establishing management controls for business systems modernization. Such controls are vital to ensuring that DOD can effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization, and minimize the associated risks. DOD’s effort to modernize its business systems environment has been designated as high risk since 1995.
DOD has demonstrated elements of leadership commitment and has made progress in this area by taking steps to manage the modernization of its business systems more effectively and efficiently. For example, the department has begun to implement an improved investment management framework and processes, and has established the capacity to use its federated architecture to identify potentially duplicative investments. However, more needs to be done to leverage DOD's capacity to identify potentially duplicative investments, and to ensure that, among other things, systems are reviewed at appropriate levels as part of the department's improved investment management framework.
In addition, DOD's business systems modernization efforts continue to fall short of cost, schedule, and performance expectations, and the department has not yet established an action plan (or plans) highlighting how it intends to improve its use of its business architecture, improve its business system investment management process, or improve its business system acquisition outcomes. The department can leverage the federal information technology (IT) dashboard as a mechanism for beginning to monitor progress in improving its business system acquisition outcomes. Nevertheless, without an action plan, DOD lacks a baseline against which it can monitor broader progress in its business systems modernization efforts.
Further, the National Defense Authorization Act for Fiscal Year 2017 and its accompanying conference report include provisions that might impact how the department will manage its business systems. Specifically, the act establishes a Chief Management Officer and the accompanying conference report calls for the department to develop a plan by June 2017 to implement a more optimized organizational structure and processes to support information management and cyber operations, including the policy, direction, oversight, and acquisition functions associated with, among other things, business systems. The impact of these provisions on the department's business systems modernization efforts remains to be seen.
Although more needs to be done to address this high-risk issue, DOD has achieved important benefits by implementing our recommendations. For example, fiscal years 2013 and 2014 saw total financial savings of $970 million due to the department cancelling the Air Force's Expeditionary Combat Support System because of significant cost and schedule overages discovered as a result of increased oversight.
DOD must more fully demonstrate leadership commitment and progress in implementing critical IT modernization management controls. For example, the department needs to address the provisions of the conference report accompanying the Fiscal Year 2017 National Defense Authorization Act that call for DOD to develop a plan by June 2017 to implement a more optimized organizational structure and processes to support, among other things, business systems. DOD also needs to ensure that its business system investments are managed with the kind of rigor and discipline embodied in relevant acquisition management guidance and best practices so that each investment will deliver expected benefits and capabilities on time and within budget. In addition, DOD should ensure that its information reported on the Office of Management and Budget's IT Dashboard is reliable and, over time, demonstrates improved achievement of cost, schedule, and performance expectations.1 DOD should also demonstrate that it is improving its guidance on incrementally developing IT systems to help ensure a timely delivery of needed capabilities, consistent with the Federal IT Acquisition Reform provisions of the Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for 2015.2
In addition, DOD needs to take steps to address key portfolio management practices documented in our IT Investment Management Framework. For example, DOD has not yet defined criteria for reviewing defense business systems at an appropriate DOD level based on factors such as complexity, scope, cost, and risk in support of the certification and approval process. DOD also needs to develop plans defining how it will ensure that it is using its federated business architecture to identify and address potentially duplicative investments within its business systems environment.
Further, DOD should demonstrate that plans exist for addressing these various actions and associated recommendations, and that it is monitoring progress against these plans and demonstrating progress and related outcomes. DOD also needs to ensure that it has the appropriate capacity in place by conducting needed human capital analyses.
 The dashboard aims to provide transparency for these investments to aid public monitoring of government operations. It is to do so by reporting, among other things, how agency chief information officers rate investment risk.
 The Federal IT Acquisition Reform provisions of the Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for Fiscal Year 2015 require that OMB capital planning guidance require that the chief information officer of each covered agency, including DOD, certify that IT investments are adequately implementing incremental development, as defined in the guidance.
GAO-16-469: Published: Aug 16, 2016. Publicly Released: Sep 15, 2016.
For fiscal year 2016, 22 agencies reported 64 percent of their software development projects would deliver useable functionality every 6 months on the Information Technology (IT) Dashboard, as required by the Office of Management and Budget (OMB). However, shortcomings with OMB's guidance—the lack of clarity regarding the types of projects where incremental development would not apply and how th...
GAO-16-494: Published: Jun 2, 2016. Publicly Released: Jun 2, 2016.
Agencies determined investments' Chief Information Officer (CIO) ratings using a variety of processes, which included the Office of Management and Budget's (OMB) six suggested factors (including risk management, requirements management, and historical performance). Specifically, all 17 selected agencies incorporated at least two of OMB's factors into their risk rating processes and 9 used all of t...
GAO-16-336: Published: Mar 30, 2016. Publicly Released: Mar 30, 2016.
All 18 major automated information system (MAIS) programs that experienced a critical change to program cost, schedule, or system performance targets submitted complete reports to Congress that contained all four statutory elements, but 16 programs did not meet the requirement to report to Congress within 60 days of the program manager's submission to the senior Department of Defense (DOD) officia...
GAO-15-627: Published: Jul 16, 2015. Publicly Released: Jul 16, 2015.
The Department of Defense (DOD) has implemented 5 of the 16 recommendations made by GAO since June 2011 to address each of the overarching provisions for improving business systems management in the Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 , as amended (NDAA) (10 U.S.C. § 2222) (see table). For example, it has implemented the recommendation to improve the data avai...
GAO-15-282: Published: Feb 26, 2015. Publicly Released: Feb 26, 2015.
A majority of the 20 selected Department of Defense (DOD) major automated information systems (MAIS) programs had not established their first baselines (which consist of a life cycle cost estimate, a schedule estimate, and performance targets) within 2 years from program start; over half met or planned to meet a statutorily established time frame for deploying capabilities. While the Defense Scien...