Business Systems Modernization: Summary of GAO's Assessment of	 
the Department of Defense's Initial Business Enterprise 	 
Architecture (07-JUL-03, GAO-03-877R).				 
                                                                 
The Department of Defense (DOD) faces financial and related	 
management problems that are pervasive, complex, long-standing,  
and deeply rooted in virtually all business operations throughout
the department. These problems have impeded the department's	 
ability to provide complete, reliable, and timely business	 
information to the Congress, DOD managers, and other decision	 
makers. Of the 25 areas on our governmentwide "high-risk" list, 6
are DOD program areas, and the department shares responsibility  
for 3 other high-risk areas that are governmentwide in scope.	 
DOD's problems in each of these areas hinder the efficiency of	 
operations, and leave the department vulnerable to fraud, waste, 
and abuse. For fiscal year 2003, DOD's information technology	 
(IT) budget request was over $26 billion. More specifically, to  
support its business operations, DOD reports that it currently	 
relies on about 2,300 systems, including accounting, acquisition,
logistics, and personnel systems that will cost about $18	 
billion--nearly $5.2 billion for business systems and $12.8	 
billion primarily for business systems infrastructure--in fiscal 
year 2003 to operate, maintain, and modernize. As we have	 
previously reported, this environment was not designed to be, but
rather has evolved into, an overly complex and error-prone	 
environment, including (1) little standardization across DOD, (2)
multiple systems performing the same tasks, (3) the same data	 
stored in multiple systems, and (4) manual data entry into	 
multiple systems.						 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-877R					        
    ACCNO:   A07475						        
  TITLE:     Business Systems Modernization: Summary of GAO's	      
Assessment of the Department of Defense's Initial Business	 
Enterprise Architecture 					 
     DATE:   07/07/2003 
  SUBJECT:   Financial management systems			 
	     Information technology				 
	     Internal controls					 
	     Strategic planning 				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-877R

GAO- 03- 877R DOD Business Enterprise Architecture United States General
Accounting Office Washington, DC 20548

July 7, 2003 Congressional Committees Subject: Business Systems
Modernization: Summary of GAO*s Assessment of the Department of Defense*s
Initial Business Enterprise Architecture (GAO- 03- 877R)

The Department of Defense (DOD) faces financial and related management
problems that are pervasive, complex, long- standing, and deeply rooted in
virtually all business operations throughout the department. These
problems have impeded the department*s ability to provide complete,
reliable, and timely business information to the Congress, DOD managers,
and other decision makers. Of the 25 areas on our governmentwide *high-
risk* list, 6 are DOD program areas, and the department shares
responsibility for 3 other high- risk areas that are governmentwide in
scope. 1 DOD*s problems in each of these areas hinder the efficiency of
operations, and leave the department vulnerable to fraud, waste, and
abuse.

For fiscal year 2003, DOD*s information technology (IT) budget request was
over $26 billion. More specifically, to support its business operations,
DOD reports that it currently relies on about 2,300 systems, including
accounting, acquisition, logistics, and personnel systems that will cost
about $18 billion* nearly $5.2 billion for business systems 2 and $12.8
billion primarily for business systems infrastructure* in fiscal year 2003
to operate, maintain, and modernize. As we have previously reported, 3
this environment was not designed to be, but rather has evolved into, an
overly complex and error- prone environment, including (1) little
standardization across DOD, (2) multiple systems performing the same
tasks, (3) the same data stored in multiple systems, and (4) manual data
entry into multiple

systems. One of the seven key elements we have reported 4 as necessary to
successfully reform DOD*s financial and related management challenges is
establishing and implementing an enterprise

1 U. S. General Accounting Office, High- Risk Series: An Update, GAO- 03-
119 (Washington, D. C.: January 2003). The nine interrelated high- risk
areas that represent the greatest challenge to DOD*s development of world-
class business operations to support its forces are contract management,
financial management, support infrastructure management, inventory
management, systems modernization, weapon system acquisition, human
capital, information security, and real property. The last three areas are
governmentwide in scope. 2 Business systems include financial and
nonfinancial systems, such as civilian personnel, finance, health,
logistics, military personnel, procurement, and transportation, with the
common element being the generation or use of financial data to support
DOD*s business operations.

3 U. S. General Accounting Office, DOD Financial Management: Important
Steps Underway But Reform Will Require a Long- term Commitment, GAO- 02-
784T (Washington, D. C.: June 4, 2002). 4 GAO- 02- 784T.

GAO- 03- 877R DOD Business Enterprise Architecture Page 2

architecture, or modernization blueprint. In May 2001, 5 we recommended
that DOD develop, maintain, and implement an enterprise architecture to
modernize its financial management operations and systems across the
department. Subsequently, in its fiscal year 2002 Performance and
Accountability Report, DOD acknowledged that deficiencies in its business
systems hindered the department*s ability to collect and report financial
and performance information that is accurate, reliable, and timely. The
report noted that to address its systemic problems and assist in the
transformation of the department*s business

operations, the department had undertaken the development and
implementation of a business enterprise architecture.

An enterprise architecture provides a clear and comprehensive picture of
an entity, whether it is an organization (e. g., federal department or
agency) or a functional or mission area that cuts across more than one
organization (e. g., financial management). This picture consists of
snapshots of both the enterprise*s current or *As Is* operational and
technological environment and its target or *To Be* environment, as well
as a capital investment road map for transitioning from the current to the
target environment. These snapshots further consist of *views,* which are
basically one or more architecture products that provide conceptual or
logical representations of the enterprise.

The National Defense Authorization Act for Fiscal Year 2003 6 required DOD
to develop, by May 1, 2003, a financial management enterprise architecture
7 and a transition plan for implementing the architecture to meet certain
requirements. The act also requires DOD to control expenditures for
financial system improvements while the architecture and transition plan
are being developed and after they are completed. The act states that the
enterprise architecture shall describe an information infrastructure that,
at a minimum, would enable DOD to achieve certain capabilities, such as
complying with all federal accounting, financial management, and reporting
requirements. The act also requires development of a transition plan for
implementing the enterprise architecture that includes, among other
things, a schedule for phasing out existing financial management systems
that will not become part of the *To Be* environment. Finally, before the
architecture and transition plan are approved,

the act requires DOD to review proposed obligations of funds in amounts
exceeding $1 million for financial system improvements to determine if
they meet specific conditions called for in the act. Once the architecture
and transition plan are approved, the act requires DOD to ensure that
financial system investments are consistent with the architecture and the
transition plan.

5 U. S. General Accounting Office, Information Technology: Architecture
Needed to Guide Modernization of DOD*s Financial Operations, GAO- 01- 525
(Washington, D. C.: May 17, 2001). 6 Bob Stump National Defense
Authorization Act for Fiscal Year 2003, Pub. L. No. 107- 314, S: 1004, 116
Stat. 2458, 2629, Dec. 2, 2002. 7 In May 2003, the DOD Comptroller changed
the architecture name from the Financial Management Enterprise
Architecture to the Business Enterprise Architecture to reflect the
transformation of departmentwide business operations and supporting
systems, including accounting and finance, budget formulation,
acquisition, inventory management, logistics, personnel, and property
management systems.

GAO- 03- 877R DOD Business Enterprise Architecture Page 3

The act directs us to submit to congressional defense committees, within
60 days of DOD*s approval of its enterprise architecture and its
transition plan, an assessment of DOD*s actions taken to comply with these
requirements. (See enc. I for a copy of section 1004 of the act.) As
agreed with your offices, our objectives were to determine (1) the extent
to which DOD*s actions complied with the requirements of the act and (2)
DOD*s plans for further development and implementation of its enterprise
architecture. This report transmits a summary of the results of our
assessment as well as a brief discussion of our key observations. (See
enc. II for a summary of our assessment approach.) We plan to issue a more
detailed report of our assessment results, including conclusions and
specific recommendations. We performed our work from March 2003 through
June 2003 in accordance with U. S. generally accepted government auditing
standards. On June 30, 2003, DOD provided us with written comments on a
draft of this report, which are addressed in the *Agency Comments and our
Evaluation* section and are reprinted in enclosure III.

Summary of Observations As we reported in February 2003, 8 DOD undertook a
challenging and ambitious task* to develop within 1 year a departmentwide
architecture for modernizing its current financial and business operations
and systems. Thus far, DOD has expended tremendous effort and resources
and made important progress in complying with the legislative requirements
aimed at developing and effectively implementing a well- defined
enterprise architecture. Further, DOD*s initial version of its business
enterprise architecture provides a foundation from which to build and
ultimately produce a well- defined business enterprise architecture.
However, the initial version does not adequately address the act's
requirements and other relevant architectural requirements. 9 For example,
the architecture does not adequately describe the accounting and financial
management requirements and the logical database model, which includes
data standards and is used to guide the creation of the physical databases
where information will be stored. Moreover, DOD has yet to implement an
effective investment management process for controlling ongoing and
planned business system improvements, including one that meets the act*s
requirements for ensuring that obligations in excess of $1 million are
consistent with the architecture and the transition plan. Collectively,
this means that DOD has taken a positive first step, but much remains to
be accomplished before DOD will have the kind of blueprint and associated
investment controls to successfully modernize its business operations and
supporting systems.

8 U. S. General Accounting Office: DOD Business Systems Modernization:
Improvements to Enterprise Architecture Development and Implementation
Efforts Needed, GAO- 03- 458 (Washington, D. C.: Feb. 28, 2003).

9 See for example, Office of Management and Budget, Federal Enterprise
Architecture Business Reference Model, Version 1.0 (2002); Chief
Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget
Circular No. A- 130, Management of Federal Information Resources (Nov. 28,
2000); M. A. Cook, Building Enterprise Information

Architectures: Reengineering Information Systems (Upper Saddle River, N.
J.: Prentice Hall, 1996); and National Institute of Standards and
Technology, Information Management Directions: The Integration Challenge,
Special Publication 500- 167 (September 1989).

GAO- 03- 877R DOD Business Enterprise Architecture Page 4

DOD's position is that, to varying degrees, the initial version of its
architecture fully satisfies the act's requirements, but it also
recognizes that the architecture needs to be expanded and extended to
provide a sufficient basis for guiding and constraining investment
decisions. DOD's position is also that it has taken steps to implement the
act's requirements regarding approving system investments but that it
needs to do more to effectively select and control system investments. DOD
attributes the current state of its architecture and investment management
processes to the limited time it has had to define and implement each, in
part because it was overly optimistic in estimating what it could deliver
by May 1, 2003. Until DOD develops and provides for effective
implementation of a well- defined enterprise architecture, its ability to
modernize its business and systems environments in a way that minimizes
risk and maximizes return on investment will be severely hindered.

Key Observations on Compliance with Enterprise Architecture Requirements
The department has established some of the architecture management
capabilities advocated by best practices and federal guidance. 10 Among
these are having a program office staffed with representatives from across
the DOD components, designating a chief architect, and using an
architecture development methodology and automated tool. Further, it has
adopted an incremental approach to developing its architecture and,
according to DOD, has approved an initial version of its architecture that
it intends to use as a foundation upon which to build. The initial version
includes a suite of diagrams, tables, and other representations that
describe, to varying degrees, its *As Is* and *To Be* architectural
environments. For example, the *As Is* descriptions include an inventory
of about 2,300 systems in operation or under development, and their
characteristics, that support DOD*s current business operations. The *To
Be* descriptions address, to at least some degree, how DOD intends to
operate in the future, what information will be needed to support these
future operations, and what technology standards should govern the design
of future systems.

DOD has also incorporated many relevant federal accounting, financial
management, and reporting requirements from 152 federal sources in its *To
Be* architecture products. Of the total 4,000 external requirements
included in the initial architecture, our review of 1,767 Joint Financial
Management Improvement Program (JFMIP) 11 requirements, identified 340
(about 19 percent) that are not included or adequately addressed. For
example, federal accounting requirements for recording revenue are not
included. According to program officials, critical external requirements
are not included or adequately addressed primarily because a fully
functioning quality assurance process to validate the requirements was not
in place when the requirements were elicited. As a result, the
architecture*s descriptions of 10 U. S. General Accounting Office,
Information Technology: A Framework for Assessing and Improving Enterprise
Architecture Management (Version 1.1), GAO- 03- 584G (Washington, D. C.:
April 2003).

11 JFMIP is a joint undertaking of the Department of the Treasury, GAO,
the Office of Management and Budget, and the Office of Personnel
Management, working with each other, other agencies, and the private
sector to improve financial management in the federal government. JFMIP
requirements arise from various public laws,

regulations, bulletins, circulars, federal accounting standards, and
leading practices and are applicable governmentwide. Agencies must use
these requirements, in addition to agency- unique mission requirements, in
planning and implementing their financial management improvement projects.

GAO- 03- 877R DOD Business Enterprise Architecture Page 5

certain business processes, such as those associated with revenue
accounting and reporting, which include over $70 billion earned annually
by DOD working capital fund activities, are not yet sufficiently complete
for making informed decisions on systems. Department and contractor
officials agreed that these system requirements were either excluded or
not adequately addressed and stated that a subsequent version of the
architecture would include or modify the requirements.

Additionally, the *As Is* and *To Be* architecture products and the
transition plan do not include a number of items recommended by relevant
architectural guidance. 12 Program officials agreed that the initial
version of the architecture does not contain the scope and

detail needed to acquire business system solutions for its *To Be*
environment. Program officials attribute this to DOD*s being overly
optimistic in determining what it could develop by May 1, 2003. In an
effort to manage this expectation gap, DOD officials are using an
incremental approach for developing and implementing the architecture.
Specifically, the *As Is* view of the current architecture does not
include the following

items:

descriptions of current business operations in terms of the entities/
people that perform the functions, processes, and activities, and the
locations where the functions, processes, and activities are performed;

data/ information being used by the functions, processes, and activities;

technology standards being employed;

security standards and tools being used; and

performance metrics being used. As a result, DOD does not have a
sufficiently described picture of its *As Is* environment to permit
development of a meaningful and useful transition plan that either
identifies the proper sequence of changes needed to move from its current
operating environment to its future target environment, or effectively
provides for guiding and constraining investments in modernized systems.

Additionally, the *To Be* view of the current architecture version does
not include the following items:

specific organization and location information, which defines the
entities/ people that will perform the functions, processes, and
activities, and specifies where the functions, processes, and activities
will be performed;

physical descriptions of systems or applications to be developed or
acquired; 12 See for example, Office of Management and Budget, Federal
Enterprise Architecture Business Reference Model, Version 1.0 (2002);
Chief Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget
Circular No. A- 130, Management of Federal Information Resources (Nov. 28,
2000); M. A. Cook, Building Enterprise Information

Architectures: Reengineering Information Systems (Upper Saddle River, N.
J.: Prentice Hall, 1996); and National Institute of Standards and
Technology, Information Management Directions: The Integration Challenge,
Special Publication 500- 167 (September 1989).

GAO- 03- 877R DOD Business Enterprise Architecture Page 6

the physical infrastructure (e. g., hardware and systems software) that
will be needed to support the business systems; and the organizations that
will be accountable for security and their roles and

responsibilities. Further, we found that the logical database model, which
includes data standards and is used to guide the creation of the physical
databases where information will be stored, is not linked to a conceptual
data model. This raises concern regarding the utility of the logical model
in supporting information flows for business operations and systems.

As a result, the *To Be* environment lacks the details needed to identify
and plan for system solutions and operational change, and enable DOD to
routinely provide timely, accurate, and reliable information for
management decision making. In addition, the *To Be* environment precludes
the department from making informed system investment decisions.

Aside from the *To Be* architecture*s lack of detail, its structure is
difficult to navigate, thus constraining its ease of use and
understandability. For example, the architecture does not include user
instructions or guidance, and certain artifacts (e. g., diagrams) could
not be read on- line because there was no *zoom* capability enabling
enlargement. Further, specific content, such as the applicability of
security standards to specific security services, were difficult to
locate. While we were able to read certain artifacts and locate specific
content after extraordinary effort, it is reasonable to expect that other
users would also encounter difficulty navigating through the architecture
products. As a result, users may not have a good understanding of the
architecture*s content for use in making informed decisions.

The transition plan is also missing important items, such as

a gap analysis identifying the needed changes to current business
processes and systems;

an identification of which of the 2,300 current business systems will not
become part of the *To Be* architecture as well as the time frames for
phasing out these systems;

a time- based strategy for replacing legacy systems, including
identification of intermediate (i. e., migration) systems that may be
temporarily needed; and

a statement of resources (e. g., funding and staff) needed to transition
to the target environment.

As a result, DOD does not yet have a meaningful and reliable basis for
managing the disposition of its existing inventory of about 2,300 systems
or for sequencing the introduction of modernized business operations and
supporting systems.

In June 2003, 13 DOD*s verification and validation contractor also
assessed the initial architecture against relevant best practices to
determine its quality. Consistent with our assessment, this contractor
reported that while DOD*s architecture contained significant content, it
lacked the depth and detail needed to begin building and implementing

13 MITRE Technical Report: Review of Financial Management Enterprise
Architecture (FMEA), Version 1.0, June 2003.

GAO- 03- 877R DOD Business Enterprise Architecture Page 7

modernized systems and making operational changes. Further, the contractor
reported that the architecture was not easily understandable and that its
utility to stakeholders in system acquisition planning was limited.

With regard to DOD*s actions to control ongoing and planned business
systems investments, DOD has not yet defined and implemented an effective
approach to select and control business system investments exceeding $1
million while the architecture is being developed and after it is
completed. Program officials stated that the department*s current approach
to selecting and controlling business system investments depends on the
system owners coming forward with the request for approval, and that it
has not established the means to determine which systems should be
submitted for review. Program officials acknowledge that the department,
at a minimum, could use DOD*s IT budget documentation to proactively
fulfill the act*s requirements and strengthen the investment management
process. Since enactment of the National Defense Authorization Act for
Fiscal Year 2003, DOD has approved one business system improvement that
met this $1 million threshold and is currently reviewing four others. Our
analysis of DOD*s fiscal years 2003 and 2004 IT budget requests shows that
over 200 systems in each year*s budget, totaling about $4 billion per
year, could have resulted in obligations of funds that meet the $1 million
threshold. As a result, the vast majority of the billions of dollars that
DOD invests in business system improvements annually have not been subject
to the specific investment control process called for in the act.

Key Observations on DOD*s Plans for Evolving and Extending Its Enterprise
Architecture and for Improving Business System Investment Decision Making
According to program officials and the initial version of the transition
plan, DOD intends to extend and evolve the architecture to include missing
scope and detail. However, it has not defined specific plans outlining how
this will be accomplished. Rather, DOD*s current plan is to develop a
strategy for producing the next version of its architecture and managing
ongoing and planned investments. Among other things, this strategy is to
provide for

determining the resources needed to further develop the architecture;

developing a methodology for integrating the architecture with other
internal and external architectures; establishing an approach for
maintaining its existing systems inventory; and

evaluating the architecture for completeness, accuracy, and integration of
end- to- end business processes and system functions.

In addition, DOD program documentation provides for initiating pilot
projects in the near term that are to demonstrate and implement a portion
of the architecture and be usable across the department. However, DOD
officials stated that the pilot projects are intended to validate
departmentwide business processes and not to implement production systems.
Because of these differing views of what the pilot projects are intended
to achieve, the purpose and scope of these projects remain unclear and
specific projects have yet to be selected. If DOD intends for these
projects to demonstrate or validate an enterprisewide business process to
address a current deficiency in DOD*s business operations and systems,
such as the lack of common data standards, these projects could help DOD
improve its architecture and thus

GAO- 03- 877R DOD Business Enterprise Architecture Page 8

may represent reasonable investments. However, if the pilot projects are
to be used to acquire and implement system solutions and place them into
production to achieve an operational capability, it is unclear how DOD
will ensure architecture alignment and manage the risk associated with
investing in even more systems before it has a well- defined blueprint and
an effective investment management process to guide and control them.

With regard to DOD*s plans for improving investment management controls,
DOD has a proposed governance concept that describes how and by whom
business transformation requirements identified by the architecture will
be implemented in the department. This proposal vests domain owners (DOD
business line representatives, such as those in logistics, human resource
management, and acquisition/ procurement) with the authority,
responsibility, and accountability for business transformation, extension
and implementation of the architecture, development and execution of the
transition plan, and investment portfolio management for their domains.
However, it is not clear how the proposed approach, including the act*s
requirements, will be implemented. Further, it is not clear, given the
incomplete state of version 1.0 of the architecture (1) how the domain
owners will ensure consistency across domains for architecture extensions
and changes and (2) how the proposed approach will address our prior
recommendations for establishing a hierarchy of investment review boards
that use an explicit and common set of criteria for selecting,
controlling, and evaluating IT projects as a portfolio of competing
investment options. One

criterion we recommended was to ensure consistency and compliance with
ongoing architecture development efforts. 14 As a result, the department
does not have a critical structure in place to effectively select and
control its IT investments, and runs the risk of continuing to invest in
systems that perpetuate its existing incompatible, duplicative, overly
costly environment of about 2,300 business systems that do not optimally
support mission performance.

Agency Comments and Our Evaluation In commenting on a draft of this report
(reprinted in enc. III), DOD generally agreed with our assessment of the
department*s initial business enterprise architecture and recognized that
*much work remains to be done.* It then described this work as beginning
the transition from its *As Is* environment to the *To Be* as defined in
the architecture. DOD stated that its approach for transitioning focuses
on reengineering its business processes incrementally and then selecting
business system solutions to implement the new methods and practices.
However, as we reported, the initial version of the architecture lacks the
scope and content needed to provide a sufficient frame of reference for
moving the department from its current operating environment to its future
target environment. Moreover, we stated in the report that DOD*s plans for
extending and evolving the architecture have yet to be adequately defined.
While reengineering business processes is a logical component of what
needs to be done to evolve the architecture, our report identifies many
other aspects of the architecture, and the transition, that need to be
further defined before DOD will have a sufficient basis for evaluating and
selecting business system solutions.

14 GAO- 03- 458.

GAO- 03- 877R DOD Business Enterprise Architecture Page 9

DOD*s comments also recognized the need to manage and control its ongoing
and planned business system investments, and stated that it has defined an
approach for doing so in draft guidance and would use its transformation
governance structure to implement the investment management process. This
guidance is still in draft and DOD has not provided it to us. Therefore,
we could not determine whether it addresses the limitations in the
department*s existing approach to select and control its business system
investments or the uncertainties associated with its proposed investment
governance approach, both of which are discussed in this report.

Last, DOD*s comments noted that the cost to operate, maintain, and
modernize its approximately 2,300 systems is about $5 billion and that $13
billion provides infrastructure for all DOD systems and includes spending
on nonbusiness (e. g., command and control or intelligence) systems. We do
not agree. Specifically, our analysis of DOD*s total IT budget request for
fiscal year 2003 shows approximately $26 billion, of which $5 billion
relates to the operation, maintenance, and modernization of DOD*s business
systems; about $13 billion relates primarily to the infrastructure to
support these business systems; and the remaining $8 billion relates
primarily to command and control systems, including the infrastructure to
support these systems.

- - - - - We will be sending copies of this report to interested
congressional committees; the Director, Office of Management and Budget;
the Secretary of Defense; the Under Secretary of Defense (Comptroller);
the Assistant Secretary of Defense (Networks and Information Integration)/
Chief Information Officer; the Under Secretary of Defense (Acquisition,
Technology, and Logistics); the Under Secretary of Defense (Personnel and
Readiness); and the Director, Defense Finance and Accounting Service. This
report will also be available at no charge on our Web site at http:// www.
gao. gov.

GAO- 03- 877R DOD Business Enterprise Architecture Page 10

If you have any questions concerning this information, please contact
Gregory Kutz at (202) 512- 9095 or kutzg@ gao. gov or Randolph Hite at
(202) 512- 3439 or hiter@ gao. gov. GAO contacts and key contributors to
this report are listed in enclosure IV.

Gregory D. Kutz Director, Financial Management and Assurance

Randolph C. Hite Director, Information Technology Architecture

and Systems Issues Enclosures

GAO- 03- 877R DOD Business Enterprise Architecture Page 11

List of Committees

The Honorable Ted Stevens Chairman The Honorable Robert C. Byrd Ranking
Minority Member Committee on Appropriations United States Senate

The Honorable John W. Warner Chairman The Honorable Carl Levin Ranking
Minority Member Committee on Armed Services United States Senate

The Honorable C. W. Bill Young Chairman The Honorable David R. Obey
Ranking Minority Member Committee on Appropriations House of
Representatives

The Honorable Duncan Hunter Chairman The Honorable Ike Skelton Ranking
Minority Member Committee on Armed Services House of Representatives

The Honorable Jim Saxton Chairman The Honorable Martin T. Meehan Ranking
Minority Member Subcommittee on Terrorism, Unconventional Threats and
Capabilities Committee on Armed Services House of Representatives

GAO- 03- 877R DOD Business Enterprise Architecture Page 12

Enclosure I

SEC. 1004. [of Public Law 107- 314] DEVELOPMENT AND IMPLEMENTATION OF
FINANCIAL MANAGEMENT ENTERPRISE ARCHITECTURE

(a) REQUIREMENT FOR ENTERPRISE ARCHITECTURE AND FOR TRANSITION PLAN* Not
later than May 1, 2003, the Secretary of Defense shall develop*

(1) a financial management enterprise architecture for all budgetary,
accounting, finance, enterprise resource planning, and mixed information
systems of the Department of Defense; and (2) a transition plan for
implementing that financial management enterprise architecture. (b)
COMPOSITION OF ENTERPRISE ARCHITECTURE*

(1) The financial management enterprise architecture developed under
subsection (a)( 1) shall describe an information infrastructure that, at a
minimum, would enable the Department of Defense to*

(A) comply with all Federal accounting, financial management, and
reporting requirements; (B) routinely produce timely, accurate, and
reliable financial information for management purposes; (C) integrate
budget, accounting, and program information and systems; and (D) provide
for the systematic measurement of performance, including the ability to
produce timely, relevant, and reliable cost information. (2) That
enterprise architecture shall also include policies, procedures, data
standards, and system interface requirements that are to apply uniformly
throughout the Department of Defense. (c) COMPOSITION OF TRANSITION PLAN*
The transition plan developed under subsection (a)( 2) shall include the
following: (1) The acquisition strategy for the enterprise architecture,
including specific time- phased milestones, performance metrics, and
financial and nonfinancial resource needs. (2) A listing of the mission
critical or mission essential operational and developmental financial and
nonfinancial management systems of the Department of Defense, as defined
by the Under Secretary of Defense (Comptroller), consistent with budget
justification documentation, together with

(A) the costs to operate and maintain each of those systems during fiscal
year 2002; and (B) the estimated cost to operate and maintain each of
those systems during fiscal year 2003. (3) A listing of the operational
and developmental financial management systems of the Department of
Defense as of the date of the enactment of this Act (known as *legacy
systems*) that will not be part of the objective financial and
nonfinancial management system, together with the schedule for terminating
those legacy systems that provides for

reducing the use of those legacy systems in phases.

GAO- 03- 877R DOD Business Enterprise Architecture Page 13

(d) CONDITIONS FOR OBLIGATION OF SIGNIFICANT AMOUNTS FOR FINANCIAL SYSTEM
IMPROVEMENTS* An amount in excess of $1,000,000 may be obligated for a
defense financial system improvement only if the Under Secretary of
Defense (Comptroller) makes a determination regarding that improvement as
follows: (1) Before the date of an approval specified in paragraph (2), a
determination that the defense financial system improvement is necessary
for either of the following reasons:

(A) To achieve a critical national security capability or address a
critical requirement in an area such as safety or security. (B) To prevent
a significant adverse effect (in terms of a technical matter, cost, or
schedule) on a project that is needed to achieve an essential capability,
taking into consideration in the determination the alternative solutions
for preventing the adverse effect. (2) On and after the date of any
approval by the Secretary of Defense of a financial management enterprise
architecture and a transition plan that satisfy the requirements of this
section, a determination that the defense financial system improvement is
consistent with both the enterprise architecture and the transition plan.
(e) CONGRESSIONAL REPORTS* Not later than March 15 of each year from 2004
through 2007, the Secretary of Defense shall submit to the congressional
defense committees a report on the progress of the Department of Defense
in implementing the enterprise architecture and transition plan required
by this section. Each report shall include, at a minimum* (1) a
description of the actions taken during the preceding fiscal year to
implement the

enterprise architecture and transition plan (together with the estimated
costs of such actions); (2) an explanation of any action planned in the
enterprise architecture and transition plan to be taken during the
preceding fiscal year that was not taken during that fiscal year; (3) a
description of the actions taken and planned to be taken during the
current fiscal year to implement the enterprise architecture and
transition plan (together with the estimated costs of such actions); and
(4) a description of the actions taken and planned to be taken during the
next fiscal year to implement the enterprise architecture and transition
plan (together with the estimated costs of such actions). (f) COMPTROLLER
GENERAL REVIEW* Not later than 60 days after the approval of an enterprise
architecture and transition plan in accordance with the requirements of
subsection (a), and not later than 60 days after the submission of an
annual report required by subsection (e), the Comptroller General shall
submit to the congressional defense committees an assessment of the extent
to which the actions taken by the Department comply with the requirements
of this section. (g) DEFINITIONS* In this section: (1) The term *defense
financial system improvement* means the acquisition of a new budgetary,
accounting, finance, enterprise resource planning, or mixed information
system for the Department of Defense or a modification of an existing
budgetary, accounting,

finance, enterprise resource planning, or mixed information system of the
Department of Defense. Such term does not include routine maintenance and
operation of any such system. (2) The term *mixed information system*
means an information system that supports financial and non- financial
functions of the Federal Government as defined in Office of Management and
Budget Circular A- 127 (Financial management Systems).

GAO- 03- 877R DOD Business Enterprise Architecture Page 14

(h) REPEAL*( 1) Section 2222 of title 10, United States Code, is repealed.
The table of sections at the beginning of chapter 131 of such title is
amended by striking the item relating to such section. (2) Section 185( d)
of such title is amended by striking *has the meaning given that term in
section 2222( c)( 2) of this title* and inserting *means an automated or
manual system from which information is derived for a financial management
system or an accounting system*.

GAO- 03- 877R DOD Business Enterprise Architecture Page 15

Enclosure II

Summary of Assessment Approach To accomplish our objectives for
determining (1) the extent to which DOD*s actions complied with the
requirements of section 1004 of Public Law 107- 314 and (2) DOD*s plans
for further development and implementation of the architecture, we
assessed DOD*s initial architecture, which the DOD Comptroller transmitted
to the Comptroller General on May 8, 2003. Consistent with the act and as
agreed with congressional defense committees* staffs, this assessment
focused on compliance with all federal accounting, financial management,
and reporting requirements; the content of the *As Is* and *To Be*
environments; the content of the transition plan to include time- phased
milestones for phasing out existing systems, resource needs for
implementing the *To Be* environment, and information on the systems
inventory; and the extent to which DOD is controlling its business system
investments.

We also used our Enterprise Architecture Management Maturity Framework 15
that describes the five stages of management maturity to determine the
extent to which DOD has adopted key elements of architecture management
best practices. To make this determination, we reviewed program
documentation, such as program policies and procedures and architecture
products, and compared them to the elements in the framework.

Specific to our review of federal requirements, we could not determine
whether the architecture contained all federal accounting, financial
management and reporting requirements because a central repository of all
such requirements does not exist. Nevertheless, to assess the completeness
of the federal requirements, we compared the about 4,000 external 16
requirements contained in the architecture to those listed in selected
JFMIP 17 federal systems requirements publications. The JFMIP requirements
consisted of about 45

percent of the total external requirements. We performed a detailed review
of 1,767 of the JFMIP requirements.

To review the *As Is* and *To Be* environments and the transition plan, we
decomposed version 1.0 of the architecture into various parts and
components and made a comparison against relevant benchmarks. More
specifically, we first divided the architecture into the three primary
component parts specified in the act and recognized in best practices and
federal guidance: the *As Is* architecture, the *To Be* architecture, and
the transition plan. We then divided the *As Is* and the *To Be*
architectures into the six architectural

15 GAO- 03- 584G. 16 External requirements are those that are obtained
from authoritative sources and constrain various aspects of the
architecture.

17 We used nine JFMIP systems requirements documents: revenue,
acquisition, core financial, human resources and payroll, managerial cost
accounting, inventory, travel, property management, and benefits.

GAO- 03- 877R DOD Business Enterprise Architecture Page 16

components. We then compared version 1.0 to (1) relevant criteria 18
governing the content of key architectural elements for the transition
plan and (2) the six components of the *As Is* and *To Be* architectures.
In addition, we reviewed comments from DOD*s verification and validation
contractor (MITRE).

To review DOD*s actions to comply with the $1 million obligation threshold
for financial system improvements, we obtained and reviewed memorandums
and other documentation regarding the approval of expenditures for system
investments in excess of $1 million. We also reviewed and analyzed the DOD
IT budget requests for fiscal years 2003 and 2004 to

identify systems that met the $1 million threshold and compared this to
the total number of systems DOD reviewed and approved to measure the
extent of systems that potentially should be reviewed. To determine DOD*s
plans for further development and implementation of the architecture, we
reviewed the performance work statement; DOD*s proposed governance
concept, including domain owner roles and responsibilities; and program
documentation pertaining to plans for implementing pilot projects. We also
reviewed the status of DOD*s response to our prior recommendations
pertaining to controlling ongoing and planned IT systems investments.

To augment our document reviews and analyses, we interviewed officials
from various DOD organizations and contractors, including the Office of
the Under Secretary of Defense (Comptroller); Office of the Under
Secretary of Defense (Acquisition, Technology, and Logistics); Office of
the Under Secretary of Defense (Personnel and Readiness); IBM; and MITRE
Corporation.

We conducted our work primarily at DOD headquarters offices in Washington,
D. C., and Arlington, Virginia, from March 2003 through June 2003 in
accordance with U. S. generally accepted government auditing standards. On
June 30, 2003, DOD provided us with written comments on a draft of this
report, which are addressed in the *Agency Comments and Our Evaluation*
section and are reprinted in enclosure III.

18 See for example, Office of Management and Budget, Federal Enterprise
Architecture Business Reference Model, Version 1.0 (2002); Chief
Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget
Circular No. A- 130, Management of Federal Information Resources (Nov. 28,
2000); M. A. Cook, Building Enterprise Information

Architectures: Reengineering Information Systems (Upper Saddle River, N.
J.: Prentice Hall, 1996); and National Institute of Standards and
Technology, Information Management Directions: The Integration Challenge,
Special Publication 500- 167 (September 1989).

GAO- 03- 877R DOD Business Enterprise Architecture Page 17

Enclosure III Comments from the Department of Defense

GAO- 03- 877R DOD Business Enterprise Architecture Page 18

GAO- 03- 877R DOD Business Enterprise Architecture Page 19

Enclosure IV

GAO Contacts and Staff Acknowledgments GAO Contacts Jenniffer Wilson,
(202) 512- 9192 Cynthia Jackson, (202) 512- 5086

Acknowledgments In addition to the individuals named above, key
contributors to this report included Beatrice Alff, Nabajyoti Barkakati,
Justin Booth, Francine DelVecchio, Francis Dymond, Neelaxi Lakhmani, Anh
Le, Evelyn Logue, Mai Nguyen, Darby Smith, Stacey Smith, Alan Steiner,
Randolph Tekeley, and William Wadsworth.

(192086)

GAO*s Mission The General Accounting Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO*s
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO*s Web site (www. gao. gov) contains abstracts
and fulltext files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as *Today*s Reports,* on its
Web site daily. The list contains links to the full- text document files.
To have GAO e- mail

this list to you every afternoon, go to www. gao. gov and select
*Subscribe to e- mail alerts* under the *Order GAO Products* heading.

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to: U. S. General Accounting Office 441 G Street NW, Room LM
Washington, D. C. 20548 To order by Phone: Voice: (202) 512- 6000

TDD: (202) 512- 2537 Fax: (202) 512- 6061

Contact: Web site: www. gao. gov/ fraudnet/ fraudnet. htm E- mail:
fraudnet@ gao. gov Automated answering system: (800) 424- 5454 or (202)
512- 7470 Jeff Nelligan, Managing Director, NelliganJ@ gao. gov (202) 512-
4800

U. S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.
C. 20548 Obtaining Copies of GAO Reports and

Testimony Order by Mail or Phone

To Report Fraud, Waste, and Abuse in Federal Programs Public Affairs

This is a work of the U. S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
*** End of document. ***