Defense Nuclear Enterprise:
Processes to Monitor Progress on Implementing Recommendations and Managing Risks Could Be Improved
GAO-18-144: Published: Oct 5, 2017. Publicly Released: Oct 5, 2017.
What GAO Found
The Department of Defense (DOD) has made progress in implementing the recommendations from the 2014 nuclear enterprise reviews and the 2015 nuclear command, control, and communications (NC3) systems report.
- In December 2016, the Office of Cost Assessment and Program Evaluation (CAPE) provided the military services with guidance that emphasizes using performance measures and milestones to evaluate progress to aid them in tracking and analyzing their implementation of the recommendations from the 2014 nuclear enterprise reviews. However, CAPE's guidance does not require the military services and other DOD components to identify and document risks as part of its recommendation tracking processes. As a result, DOD does not consistently identify and document risks, and it may not be identifying and communicating potential risks related to the nuclear enterprise. One of the 2014 nuclear enterprise reviews found that the avoidance of managing risks by many leaders within the enterprise adversely affected the mission. Developing additional guidance on identifying and documenting risks could enhance DOD's ability to provide oversight of its efforts to monitor progress and make informed responses to address any identified risks.
- For recommendations made in the 2015 NC3 report, DOD's Office of the Chief Information Officer (DOD CIO) uses an internal spreadsheet to track implementation but has not yet identified performance measures, milestones, or risks. DOD CIO has drafted a template that, once it has been approved and implemented, will provide a form that could be used for documenting performance measures, milestones, and risks. By identifying and communicating this information, DOD CIO could improve its efforts to track the progress of DOD's actions, evaluate their effects, and formulate responses to risks.
DOD and the military services have implemented changes to their personnel reliability assurance programs in response to recommendations from the 2014 nuclear enterprise reviews. These programs are intended to ensure that DOD personnel who work with nuclear weapons and nuclear weapons systems, NC3 systems and equipment, and special nuclear material are trustworthy, reliable, and capable of performing their assigned nuclear weapons-related mission. The 2014 nuclear enterprise reviews found that these personnel reliability assurance programs were overly complex and administratively burdensome and that frequent and intrusive inspections left nuclear units more focused on preparing for and responding to inspections than on ensuring personnel reliability. DOD and the services have updated their guidance for personnel reliability assurance programs, including focusing on nine essential elements of reliability. For example, the Air Force has incorporated these elements into the standards it uses for its security forces. Additionally, the Air Force has centralized some of its administrative processes, and the Joint Staff has updated inspection procedures in a way that may ease the burden on personnel being inspected.
Why GAO Did This Study
In 2014, the Secretary of Defense directed two reviews of DOD's nuclear enterprise. These reviews identified problems with leadership, organization, investment, morale, policy, and procedures, as well as other shortcomings that adversely affected the nuclear deterrence mission. The reviews also made recommendations to address these problems. In 2015, DOD conducted a review focused on NC3 systems, which resulted in additional recommendations.
The National Defense Authorization Act for Fiscal Year 2017 includes a provision for GAO to review DOD's processes for addressing these recommendations, and House Report 114-537 includes a provision for GAO to review changes to DOD's nuclear personnel reliability assurance programs. This report addresses the extent to which DOD and the military services have (1) made progress in implementing recommendations to improve the nuclear enterprise and (2) made changes to their personnel reliability assurance programs. GAO reviewed relevant documents and interviewed agency officials from DOD and the military services. This is a public version of a classified report GAO issued in August 2017. It omits information DOD deemed classified.
What GAO Recommends
DOD should develop additional guidance on identifying and documenting risks, and should identify and communicate performance measures and risks. DOD concurred and provided information about planned actions to implement them.
For more information, contact Joseph W. Kirschbaum at (202) 512-9971 or firstname.lastname@example.org.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: In written comments included with GAO's report, DOD concurred with this recommendation. In January 2018, the Office of Cost Assessment and Program Evaluation (CAPE) issued additional guidance to improve the identification, assessment, and documentation of risks related to implementing the 2014 nuclear enterprise review recommendations. Specifically, the guidance instructs the responsible components to identify any key risks associated with the open recommendations and to document those key risks in the CAPE centralized tracking tool. Additionally, the guidance states that risks that do not rise to the level of being a key risk should also be tracked according to the component's own assessment methodology and, if a component's approach to a recommendation does not carry any key risks, this should be documented. This action implements our recommendation. With the inclusion of risk identification, assessment, and documentation, CAPE has strengthened the framework for monitoring the department's efforts to address the many issues identified in 2014-including those enduring issues that must be vigilantly watched for years to come.
Recommendation: CAPE, in coordination with the military departments and other DOD entities serving as offices of primary responsibility for implementing the recommendations, should develop additional guidance for these offices to identify associated risks and document information about these risks in the centralized tracking tool. (Recommendation 1)
Agency Affected: Department of Defense
Comments: In written comments included with GAO's report, DOD concurred with this recommendation. In July 2018, in response to our October 2017 recommendation, DOD CIO issued guidance to improve the tracking and evaluation of DOD's progress in implementing the recommendations of the 2015 NC3 report. This guidance provides instructions to the military departments and DOD components with responsibility for implementation of the 2015 NC3 report recommendations to identify and provide key milestones, metrics utilized to track progress, and information about recent progress-including an assessment of progress, required decisions and guidance, and key risks and other issues.
Recommendation: DOD CIO--in coordination with CAPE, the military departments, Joint Staff, and U.S. Strategic Command--as the draft template and any other additional tools to aid in their approach are finalized, should identify and communicate to NC3 stakeholders performance measures and milestones to assist in tracking the progress of implementation of the recommendations from the 2015 NC3 report and evaluating the outcomes of implementation actions, and risks associated with the implementation of the recommendations from the 2015 NC3 report. (Recommendation 2)
Agency Affected: Department of Defense