Defense Management: Foundational Steps Being Taken to Manage DOD 
Business Systems Modernization, but Much Remains to be		 
Accomplished to Effect True Business Transformation (09-NOV-05,  
GAO-06-234T).							 
                                                                 
For years, the Department of Defense (DOD) has embarked on a	 
series of efforts to transform its business operations, including
modernizing underlying information technology (business) systems.
GAO has reported on inefficiencies and inadequate accountability 
across DOD's major business areas, resulting in billions of	 
dollars of wasted resources annually. Of the 25 areas on GAO's	 
2005 list of high-risk federal programs and operations that are  
vulnerable to fraud, waste, abuse or mismanagement and in need of
reform, 8 are DOD programs or operations, and 6 are		 
government-wide high risk areas for which DOD shares		 
responsibility. The Ronald W. Reagan National Defense		 
Authorization Act for Fiscal Year 2005 required DOD to satisfy	 
several conditions relative to its approach to managing its	 
business system modernization program, including developing an	 
enterprise transition plan, which GAO is currently assessing. DOD
also recently established a Business Transformation Agency	 
intended to advance defense-wide business transformation. GAO was
asked to testify on DOD's business transformation, including its 
preliminary observations on 1) DOD's efforts to satisfy fiscal	 
year 2005 defense authorization act requirements; 2) the Business
Transformation Agency; and 3) DOD's efforts to provide the	 
leadership, structures, and plans needed to effect		 
transformation. 						 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-234T					        
    ACCNO:   A41217						        
  TITLE:     Defense Management: Foundational Steps Being Taken to    
Manage DOD Business Systems Modernization, but Much Remains to be
Accomplished to Effect True Business Transformation		 
     DATE:   11/09/2005 
  SUBJECT:   Accountability					 
	     Enterprise architecture				 
	     Information technology				 
	     Internal controls					 
	     Planning						 
	     Strategic planning 				 
	     Systems conversions				 
	     Technology modernization programs			 
	     Business operations				 
	     Business planning					 
	     DOD Business Management Modernization		 
	     Program						 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-234T

     

     * Summary
     * Background
          * Enterprise Architecture and Information Technology Investmen
          * Recent Reviews of DOD's Business System Modernization Effort
          * Successful Business Transformation Requires Sound Strategic
     * DOD's Efforts to Comply with National Defense Authorization
          * Business Enterprise Architecture Requirements
          * Enterprise Transition Plan
          * Fiscal Year 2006 IT Budget Submission
          * Investment Review and Approval Requirements
     * DOD's Business Transformation Agency Could Help Strengthen S
     * Effective DOD Business Transformation Will Require Broader F
     * PDF6-Ordering Information.pdf
          * Order by Mail or Phone

Mr. Chairman and Members of the Subcommittee:

I appreciate the opportunity to be here today to discuss business systems
modernization and overall business transformation at the Department of
Defense (DOD)-two areas that are on our high-risk list of federal programs
and activities that are at risk of waste, fraud, abuse, or mismanagement
and in need of broad-based transformation.1 At the onset, I would like to
pass on Comptroller General Walker's gratitude to this Subcommittee for
your continued oversight of key government operations and management
issues, including DOD's business transformation activities. The active
role of this Subcommittee is essential to ultimately assuring DOD's
continued progress in business transformation, while enhancing public
confidence in DOD's stewardship of the hundreds of billions of taxpayer
funds it receives each year.

Given its size and mission, DOD is one of the largest and most complex
organizations to effectively manage in the world. While DOD maintains
military forces with significant capabilities, it continues to confront
pervasive, decades-old management problems related to its business
operations, including outdated and ineffective systems and processes that
support these forces. At a time when DOD is challenged to maintain a high
level of military operations while competing for resources in an
increasingly fiscally constrained environment, DOD's business area
weaknesses continue to result in reduced efficiencies and effectiveness
that waste billions of dollars every year. Of the 25 areas on our 2005
high-risk list, 8 are DOD programs or operations and 6 are governmentwide
high-risk areas for which DOD shares some responsibility. These areas
touch on all of DOD's major business operations. In some cases, such as
DOD's financial management, weapons acquisition, and business systems
modernization areas, we have been highlighting high-risk challenges for a
decade or more.

This year we added DOD's overall approach to business transformation to
our list of high-risk areas because (1) DOD's business improvement
initiatives and control over resources are fragmented; (2) DOD lacks a
clear and integrated business transformation plan and investment strategy;
and (3) DOD has not designated an appropriate level senior management
official-such as a chief management official (CMO)--with the authority to
be responsible and accountable for overall business transformation reform
and related resources. In particular, GAO has suggested the need for a
chief management official2 to provide the sustained top-level leadership
and accountability needed by DOD to better leverage plans, processes,
systems, people, and tools to achieve the needed transformation.

1 GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January
2005).

Many past administrations have tried to address the deficiencies we have
identified at DOD, with the latest attempt being launched in 2001 when
Secretary Rumsfeld outlined a vision for transforming the department that
called for dramatic changes in management, technology, and business
practices. At that time, the Secretary established the Business Management
Modernization Program, or BMMP, to effect this change. Since then, we have
reported a litany of program weaknesses and made scores of
recommendations. Our latest reports on this program, which were issued
about the same time as this Subcommittee's last oversight hearing in April
2005 on DOD business transformation and financial accountability, were
quite critical of the program, observing that after investing about 4
years and $318 million on the BMMP, the department had made very little
progress.

To its credit, the Congress, and this Subcommittee in particular, has
become increasingly focused on improving DOD's business operations by
holding several oversight hearings, such as this one, and enacting
legislation. The recent requirements in the Ronald W. Reagan National
Defense Authorization Act for Fiscal Year 2005 aimed at strengthening
DOD's management of its business systems modernization efforts-developing
a business enterprise architecture and transition plan, and establishing
system investment management structures and processes-are particularly
important ingredients to addressing DOD's business systems modernization
high-risk area. The act requires GAO to review and report on this
transition plan within 60 days of its approval by the Secretary of
Defense.

2 S.780, 109th Cong., 1st Sess. introduced in the U.S. Senate on April 15,
2005, would create a statutory Chief Management Officer.

Senior administration leaders and advisors-including the Secretary of
Defense, the Acting Deputy Secretary of Defense, the Deputy Director of
the Office of Management and Budget (OMB), various senior level officials,
and members of the Defense Business Board-have demonstrated a commitment
to addressing DOD's business management weaknesses. OMB and DOD are
working together to develop a plan to improve supply chain management that
could place the department on the path toward removal of this area from
our high-risk list. For example, OMB and DOD are also consulting GAO as
they develop action plans for other high-risk areas as well as a business
architecture and related enterprise transition plan. Further, DOD has
taken actions intended to comply with the Act by establishing system
investment review structures and processes, and it has also established a
Business Transformation Agency to bring increased management focus to its
business systems modernization area.

Today, I would like to provide our preliminary perspectives on (1) DOD's
efforts to satisfy the business systems modernization requirements in the
fiscal year 2005 National Defense Authorization Act; (2) the Business
Transformation Agency's potential to help strengthen business systems
modernization; and (3) whether DOD efforts to establish management
structures and its business enterprise transition plan provide the
leadership and planning needed to effect business transformation.

My statement is based upon our ongoing assessment of DOD's efforts to
comply with the 2005 defense authorization act, as required under the act.
As such, the statement provides our preliminary views on DOD's efforts. It
is also based on our analysis of DOD's enterprise transition plan relative
to our published work on successful organizational transformation efforts
and each of DOD's high risk areas, as well as analysis of DOD's directives
establishing the Defense Business Transformation Agency, our previous
reports and testimonies, and discussions with DOD senior executives. Our
work was performed in accordance with U.S. generally accepted government
auditing standards.

                                    Summary

In summary, let me reiterate what Comptroller General Walker has stated on
many occasions transforming the department's business operations is an
absolute necessity given the long-term fiscal outlook, and accomplishing
this transformation will require sustained and persistent leadership for
at least 5 to 7 years. The department, under the leadership of Acting
Deputy Secretary England, recently began taking some positive steps in
this direction, particularly with respect to the business systems
modernization management changes called for in the fiscal year 2005
National Defense Authorization Act, as well as with certain other DOD
high-risk areas. As of today, our preliminary work suggests that progress
has been made in complying with the provisions in the act, but more needs
to be done. DOD agrees, and it intends to do more. With respect to DOD's
compliance with the authorization act's requirements, we will be issuing a
full report to this and other defense congressional committees by November
25, 2005.

In addition, DOD's Business Transformation Agency offers potential
benefits relative to the department's business systems modernization
efforts if the agency can be properly organized, resourced, and empowered
to effectively execute its roles and responsibilities and is held
accountable for doing so. The agency faces several challenges, including
standing up a functioning acquisition organization within a short period
of time. As DOD moves forward with implementing this agency, it will be
important for it to address these issues.

Furthermore, DOD has taken several actions intended to advance
transformation, such as establishing management structures like the
Business Transformation Agency, and developing the enterprise transition
plan. While these steps are positive, their primary focus appears to be on
business system modernization. Business transformation is much broader and
encompasses planning, management, structures, and processes related to all
key business areas. As DOD continues to evolve its transformation efforts,
critical to successful reform are sustained leadership, structures, and a
clear strategic and integrated plan that encompass all major business
areas. We, therefore, continue to believe that a CMO position, along with
an integrated strategic plan for the overall business transformation
effort, remain essential ingredients for better ensuring that overall
business transformation is successfully implemented and sustained.

                                   Background

DOD is one of the largest and most complex organizations in the world to
manage effectively. While DOD maintains military forces with unparalleled
capabilities, it continues to confront pervasive, decades-old management
problems related to its business operations-which include outdated systems
and processes-that support these forces. These management weaknesses cut
across all of DOD's major business areas, such as human capital
management; the personnel security clearance program; support
infrastructure management; financial management; weapon systems
acquisition; contract management; supply chain management; and last, but
not least, business systems modernization. All of these DOD areas are on
our high-risk list.

For years, DOD has attempted to modernize its business systems, and we
have provided numerous recommendations to help guide its efforts,
including a set of recommendations to help DOD develop and implement an
enterprise architecture (or modernization blueprint) and establish
effective management controls. To achieve successful transformation, we
have also recommended the need for a CMO, and a strategic integrated
action plan for the overall business transformation effort.

Enterprise Architecture and Information Technology Investment Management Are
Critical to Achieving Successful Systems Modernization

Effective use of an enterprise architecture, or modernization blueprint,
is a hallmark of successful public and private organizations. For more
than a decade, we have promoted the use of architectures to guide and
constrain systems modernization, recognizing them as a crucial means to a
challenging goal: agency operational structures that are optimally defined
in both the business and technological environments. The Congress has also
recognized the importance of an architecture-centric approach to
modernization: the E-Government Act of 2002,3 for example, requires OMB to
oversee the development of enterprise architectures within and across
agencies.

In brief, an enterprise architecture provides a clear and comprehensive
picture of an entity, whether it is an organization (e.g., a federal
department) or a functional or mission area that cuts across more than one
organization (e.g., financial management). This picture consists of
snapshots of both the enterprise's current or "As Is" environment and its
target or "To Be" environment. These snapshots consist of "views," which
are one or more architecture products (models, diagrams, matrices, text,
etc.) that provide logical or technical representations of the enterprise.
The architecture also includes a transition or sequencing plan, based on
an analysis of the gaps between the "As Is" and "To Be" environments; this
plan provides a temporal roadmap for moving between the two that
incorporates such considerations as technology opportunities, marketplace
trends, fiscal and budgetary constraints, institutional system development
and acquisition capabilities, the dependencies and life expectancies of
both new and "legacy" (existing) systems, and the projected value of
competing investments. Our experience with federal agencies has shown that
investing in information technology (IT) without defining these
investments in the context of an architecture often results in systems
that are duplicative, not well integrated, and unnecessarily costly to
maintain and interface.4

A corporate approach to IT investment management is also characteristic of
successful public and private organizations. Recognizing this, the
Congress developed and enacted the Clinger-Cohen Act in 1996,5 which
requires OMB to establish processes to analyze, track, and evaluate the
risks and results of major capital investments in information systems made
by executive agencies.6 In response to the Clinger-Cohen Act and other
statutes, OMB developed policy for planning, budgeting, acquisition, and
management of federal capital assets and issued guidance.7 We have also
issued guidance in this area,8 in the form of a framework that lays out a
coherent collection of key practices that, when implemented in a
coordinated manner, can lead an agency through a robust set of analyses
and decision points that support effective IT investment management. This
framework defines institutional structures, such as investment review
boards, and associated processes, such as common investment criteria.
Further, our investment management framework recognizes the importance of
an enterprise architecture as a critical frame of reference for
organizations making IT investment decisions: specifically, it states that
only investments that move the organization toward its target
architecture, as defined by its sequencing plan, should be approved
(unless a waiver is provided or a decision is made to modify the
architecture). Moreover, it states that an organization's policies and
procedures should describe the relationship between its architecture and
its investment decision-making authority. Our experience has shown that
mature and effective management of IT investments can vastly improve
government performance and accountability, and can help to avoid wasteful
IT spending and lost opportunities for improvements.

3 The E-Government Act of 2002, Pub. L. No. 107-347, S: 101(a), 116 Stat.
2899, 2903-05, (Dec. 17, 2002), Sec 44 U.S.C. S: 3602 (e), (f).

4 See, for example, GAO, Homeland Security: Efforts Under Way to Develop
Enterprise Architecture, but Much Work Remains, GAO-04-777 (Washington,
D.C.: Aug. 6, 2004); DOD Business Systems Modernization: Limited Progress
in Development of Business Enterprise Architecture and Oversight of
Information Technology Investments, GAO-04-731R (Washington, D.C.: May 17,
2004); and Information Technology: Architecture Needed to Guide NASA's
Financial Management Modernization, GAO-04-43 (Washington, D.C.: Nov. 21,
2003).

5 The Clinger-Cohen Act of 1996, 40 U.S.C. sections 11101-11704. This act
expanded the responsibilities of OMB and the agencies that had been set
under the Paperwork Reduction Act, which requires that agencies engage in
capital planning and performance and results-based management. 44 U.S.C.
S: 3504(a)(1)(B)(vi) (OMB); 44 U.S.C. S: 3506(h)(5) (agencies)

6 We have made recommendations to improve OMB's process for monitoring
high-risk IT investments; see GAO, Information Technology: OMB Can Make
More Effective Use of Its Investment Reviews, GAO-05-276 (Washington,
D.C.: Apr. 15, 2005).

7 This policy is set forth and guidance is provided in OMB Circular No.
A-11 (section 300) and in OMB's Capital Programming Guide, which directs
agencies to develop, implement, and use a capital programming process to
build their capital asset portfolios.

8 GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity, GAO-04-394G (Washington, D.C.:
March 2004).

Recent Reviews of DOD's Business System Modernization Efforts Have Raised
Concerns

Since 2001, we have regularly reported9 on DOD's efforts to (among other
things) develop an architecture and to establish and implement effective
investment management structures and processes. Our reports have continued
to raise concerns about the department's architecture program, the quality
of the architecture and the transition plan, and the lack of an investment
management structure and controls to implement the architecture. Our most
recent reports, which were issued in the third and fourth quarters of
fiscal year 2005,10 made the following points:

           o  DOD had not established effective structures and processes for
           managing the development of its architecture.
           o  DOD had not developed a well-defined architecture. The products
           that it had produced did not provide sufficient content and
           utility to effectively guide and constrain ongoing and planned
           system investments.
           o  DOD had not developed a plan for transitioning from the "As Is"
           to the "To Be" architectures.
           o  DOD did not have an effective departmentwide management
           structure for controlling its business investments.
           o  DOD had not established common investment criteria for system
           reviews.
           o  DOD had not included all reported systems in its fiscal year
           2005 IT budget request.
           o  The Under Secretary of Defense (Comptroller) had not certified
           all systems investments with reported obligations exceeding $1
           million, as required by the fiscal year 2003 National Defense
           Authorization Act.11

9 GAO, Information Technology: Architecture Needed to Guide Modernization
of DOD's Financial Operations, GAO-01-525 (Washington, D.C.: May 17,
2001);  DOD Business Systems Modernization: Improvements to Enterprise
Architecture Development and Implementation Efforts Needed, GAO-03-458
(Washington, D.C.: Feb. 28, 2003); Information Technology: Observations on
Department of Defense's Draft Enterprise Architecture, GAO-03-571R
(Washington, D.C.: Mar. 28, 2003); Business Systems Modernization: Summary
of GAO's Assessment of the Department of Defense's Initial Business
Enterprise Architecture, GAO-03-877R (Washington, D.C.: July 7, 2003); DOD
Business Systems Modernization: Important Progress Made to Develop
Business Enterprise Architecture, but Much Work Remains, GAO-03-1018
(Washington, D.C.: Sept. 19, 2003); DOD Business Systems Modernization:
Limited Progress in Development of Business Enterprise Architecture and
Oversight of Information Technology Investments, GAO-04-731R (Washington,
D.C.: May 17, 2004).

10 GAO, DOD Business Systems Modernization: Billions Being Invested
without Adequate Oversight, GAO-05-381 (Washington, D.C.: Apr. 29, 2005);
DOD Business Systems Modernization: Long-standing Weaknesses in Enterprise
Architecture Development Need to Be Addressed, GAO-05-702 (Washington,
D.C.: July 22, 2005).

Our recommendations to DOD provide a comprehensive roadmap for addressing
these problems. DOD has largely agreed with the recommendations and as we
recently reported, has defined a framework intended to do so.

Successful Business Transformation Requires Sound Strategic Planning and
Sustained Leadership

In testimony before this Subcommittee earlier this year, Comptroller
General Walker emphasized that there are three key elements that DOD must
incorporate into its business transformation efforts to successfully
address its systemic business challenges. 12 First, these efforts must
include an integrated strategic business transformation plan, including an
enterprise architecture to guide and constrain implementation of such a
plan. Second, control of system investments is crucial for successful
business transformation. Finally, a CMO is essential for providing the
sustained leadership needed to achieve a successful and lasting
transformation effort. The CMO would not assume the day-to-day management
responsibilities of other DOD officials nor represent an additional
hierarchical layer of management but would lead DOD's overall business
transformation efforts. Additionally, a 7-year term would also enable the
CMO to work with DOD leadership across administrations to sustain the
overall business transformation effort.

11 Bob Stump National Defense Authorization Act for Fiscal Year 2003, Pub.
L. No. 107-314, S: 1004, 116 Stat. 2458, 2629-2631 (Dec. 2, 2002).

12 See GAO, Defense Management: Key Elements Needed to Successfully
Transform DOD Business Operations, GAO-05-629T (Washington, D.C.: Apr. 28,
2005).

DOD's Efforts to Comply with National Defense Authorization Act for Fiscal Year
          2005 Indicate Progress and a Foundation Upon Which to Build

As defined in Section 332 of the defense authorization act for fiscal year
2005,13 DOD is required to satisfy several conditions relative to its
approach to managing its business systems modernization program. Generally
speaking, DOD is required to do the following:

           1. By September 30, 2005, develop a business enterprise
           architecture that meets certain requirements.
           2. By September 30, 2005, develop a transition plan for
           implementing the architecture that meets certain requirements.
           3. Identify each defense business system proposed for funding in
           the budget submissions for fiscal year 2006 and subsequent years,
           and for each system, among other things, identify whether funding
           is for current services or business systems modernization.
           4. Take a number of actions regarding the review and approval of
           investments, including delegating responsibility for business
           system review and decision making to designated approval
           authorities,14 establishing investment review boards and
           supporting process that employ common steps and criteria, and
           obligating funds for Defense Business System Modernizations after
           October 1, 2005, only for systems that have been certified and
           approved.

The act also requires us to assess DOD's efforts to comply with the act
within 60 days after approval of the business enterprise architecture and
transition plan. On September 28, 2005, the Acting Deputy Secretary of
Defense approved Version 3.0 of the business enterprise architecture and
approved the associated enterprise transition plan. Accordingly, we are
currently in the process of conducting our assessment, and we plan, by
November 25, 2005, to issue a report containing the results of our
assessment to defense congressional committees, as specified in the act.
As agreed, this statement contains only preliminary observations based on
our ongoing work, meaning that these observations may change as we
conclude our ongoing assessment.

13 Ronald W. Reagan National Defense Authorization Act for Fiscal Year
2005, Pub. L. No. 108-375, S: 332, 118 Stat. 1811, 1851-1856 (Oct. 28,
2004) (codified in part at 10 U.S.C. S: 2222).

14 Approval authorities include the Under Secretary of Defense for
Acquisition, Technology, and Logistics; the Under Secretary of Defense
(Comptroller); the Under Secretary of Defense for Personnel and Readiness;
and the Assistant Secretary of Defense for Networks and Information
Integration/Chief Information Officer of the Department of Defense. These
approval authorities are responsible for the review, approval, and
oversight of business systems and must establish investment review
processes for systems under their cognizance.

For purposes of this statement, we have grouped the act's requirements,
and our preliminary observations, into four categories: business
enterprise architecture, enterprise transition plan, fiscal year 2006
budget submission, and investment review and approval.

Business Enterprise Architecture Requirements

The act requires that DOD develop, by September 30, 2005,15 a business
enterprise architecture. According to the act, this architecture must
satisfy three major requirements:

           1. Include an information infrastructure that, at a minimum, would
           enable DOD to

                        o  comply with all federal accounting, financial
                        management, and reporting requirements;
                        o  routinely produce timely, accurate, and reliable
                        financial information for management purposes;
                        o  integrate budget, accounting, and program
                        information and systems; and
                        o  provide for the systematic measurement of
                        performance, including the ability to produce timely,
                        relevant, and reliable cost information.

           2. Include policies, procedures, data standards, and system
           interface requirements that are to be applied uniformly throughout
           the department.
           3. Be consistent with OMB policies and procedures.

15 Ronald W. Reagan National Defense Authorization Act for Fiscal Year
2005, Pub. L. No. 108-375, S: 332, 118 Stat. 1811, 1851-1856 (Oct. 28,
2004) (codified in part at 10 U.S.C. S: 2222).

According to DOD, this version is intended to provide a blueprint to help
ensure near-term delivery of needed capabilities, resources, and materiel
to the warfighter. To do so, this version focused on six Business
Enterprise Priorities (see table 1), which DOD states are short-term
objectives to achieve immediate results. According to the department,
these priorities will evolve and expand in future versions of the
architecture.

Table 1: Business Enterprise Priorities

Business Enterprise Priority Description                                   
Personnel Visibility         Providing access to reliable, timely, and     
                                accurate personnel information for warfighter 
                                mission planning.                             
Acquisition Visibility       Providing transparency and access to          
                                acquisition information that is critical to   
                                supporting life-cycle management of the       
                                department's processes for delivering weapon  
                                systems and automated information systems.    
Common Supplier Engagement   Aligning and integrating policies, processes, 
                                data, technology, and people to simplify and  
                                standardize the methods that DOD uses to      
                                interact with commercial and government       
                                suppliers.                                    
Materiel Visibility          Improving supply chain performance.           
Real Property Accountability Acquiring access to real-time information on  
                                DOD real property assets.                     
Financial Visibility         Providing immediate access to accurate and    
                                reliable financial information that will      
                                enhance efficient and effective decision      
                                making.                                       

Source: DOD.

In addition to focusing version 3.0 on these priorities, according to DOD,
the department also limited the extent to which the architecture was to
address each priority, focusing on four questions:

           o  Who are our people, what are their skills, and where are they
           located?
           o  Who are our industry partners, and what is the state of our
           relationship with them?
           o  What assets are we providing to support the warfighter, and
           where are these assets deployed?
           o  How are we investing our funds to best enable the warfighting
           mission?

To produce a version of the architecture within the above scope, DOD
created 12 of the 23 recommended products included in the DOD Architecture
Framework-the structural guide that the department has established for
developing an architecture.16 These 12 products included all 7 products
that the framework designates as essential.17 For example, one essential
product is the Operational Node Connectivity Description, which is a
graphic showing "operational nodes" (organizations) and including a
depiction of each node's information exchange needs.

Our preliminary work suggests that Version 3.0 of DOD's business
enterprise architecture may partially satisfy the major conditions
specified in the act. For example, Version 3.0 could enable DOD's
compliance with many but not all federal accounting, financial management,
and reporting requirements. To this end, the architecture includes the
Standard Financial Information Structure (SFIS) and the Standard
Accounting Classification Structure (SACS), which together could allow DOD
to standardize financial data elements necessary to support budgeting,
accounting, cost/performance management, and external reporting. Both SFIS
and SACS are based upon mandated requirements defined by external
regulatory entities, such as the Treasury, OMB, the Federal Accounting
Standards Advisory Board, and the Joint Financial Management Improvement
Program.18 Moreover, SFIS has in turn been used to develop and incorporate
business rules in the architecture for such areas as managerial cost
accounting, general ledger, and federally owned property. Business rules
are important because they explicitly translate important business
policies and procedures into specific and unambiguous rules that govern
what can and cannot be done.

16 The Department of Defense Architecture Framework recommends that the
architecture include 23 of the 26 possible architecture products to meet
the department's stated intention to use the architecture as the basis for
departmentwide business and systems modernization.

17 DOD, Department of Defense Architecture Framework, Version 1.0, Volume
1 (August 2003) and Volume 2 (February 2004).

18 JFMIP was a joint and cooperative undertaking of the Department of the
Treasury, GAO, the Office of Management and Budget (OMB), and the Office
of Personnel Management (OPM), working in cooperation with each other and
other federal agencies to improve financial management practices in the
federal government. Leadership and program guidance were provided by the
four Principals of JFMIP-the Secretary of the Treasury, the Comptroller
General of the United States, and the Directors of OMB and OPM. Although
JFMIP ceased to exist as a stand-alone organization as of December 1,
2004, the JFMIP Principals will continue to meet at their discretion.

However, it is not apparent that the architecture provides for compliance
with all federal accounting, financial, and reporting requirements. For
example, it may not contain the information needed to achieve compliance
with the Treasury's United States Standard General Ledger19 or a strategy
for achieving this compliance.

As another example, Version 3.0 may partially enable DOD to produce
timely, accurate, and reliable financial information for management
purposes. Specifically, according to the architecture, financial
information is to be produced through (1) SFIS, which can support data
accuracy, reliability, and integrity requirements for budgeting, financial
accounting, cost and performance management, and external reporting across
DOD, and (2) a "Manage Business Enterprise Reporting" system function,
which is intended to support the reporting of financial management and
program performance information, including agency financial statements.

However, timely, accurate and reliable information depends, in part, on
using standard definitions of key terms, which the architecture does not
appear to include in all cases. For example, in Version 3.0 of the
architecture, terms such as "balance forwarded" and "receipt balances"
were not defined in the integrated dictionary although these terms were
used in process descriptions. In the absence of standardized definitions,
components (military services, defense agencies, and field activities) may
use terms and definitions that are locally meaningful but which cannot be
reliably and accurately aggregated to permit DOD-wide visibility, which is
critical to achieving DOD's stated business enterprise priorities. This
inability to aggregate has historically required DOD to create information
for management purposes using inefficient methods, such as data calls and
data conversions, that have limited the information's reliability and
timeliness.

Our preliminary work also suggests that Version 3.0 may partially satisfy
the act's requirement that it be consistent with OMB policies and
procedures. For example, Version 3.0 appears to include information flows
and relationships, as required by OMB guidance. OMB guidance also requires
the architecture to describe the "As Is" and "To Be" environments and a
transition plan; however, Version 3.0 does not include an "As Is"
environment. Without this element, DOD would not be able to develop a gap
analysis identifying performance shortfalls, which as discussed in the
next section, is a critical input to a comprehensive transition plan. In
addition, OMB guidance requires that the architecture include, among other
things, a description of the technology infrastructure; such a description
is not apparent in Version 3.0, in that it does not identify such needed
technology components as wide-area networks, databases, and
telecommunications. Similarly, Version 3.0 does not appear to include a
security architecture, although OMB guidance requires agencies to
incorporate security into the architecture of their information and
systems to ensure the security of agency business operations.

19 The United States Standard General Ledger provides a uniform Chart of
Accounts and technical guidance to be used in standardizing federal agency
accounting.

Version 3.0 may also contain other limitations. For example, it may not
yet be fully integrated with the enterprise transition plan. In
particular, we are currently attempting to determine why 21 systems
identified in the architecture are not included in the "Master List of
Systems and Initiatives" in the transition plan (the master list serves as
the baseline of currently planned-"To Be"-systems that begin to address
the transformational objectives of the program). In addition, DOD has
itself disclosed certain limitations. For example, it reported that the
architecture is not adequately linked to the component20 architectures and
transition plans. This omission is particularly important given the
department's newly adopted federated approach to developing and
implementing the architecture. In addition, according to DOD, the
architecture must be improved to better designate enterprise data sources,
business services, and IT infrastructure services, such as enterprise data
storage. This is important because each of these greatly affects the scope
and design of specific systems.

According to DOD officials, the department is taking an incremental
approach to developing the architecture and meeting the act's
requirements. Accordingly, they said that Version 3.0 was appropriately
scoped to provide for that content which could be produced in the time
available to both lay the foundation for fully meeting the act's
requirements and provide a blueprint for delivering near-term capabilities
and systems to meet near-term business enterprise priorities. Based on
these considerations, they asserted that Version 3.0 fully satisfies the
intent of the act.

20 DOD components include the military services, defense agencies, and
field activities.

We support DOD's taking an incremental approach to developing the business
enterprise architecture, as we recognize that adopting such an approach is
both a best practice and a prior GAO recommendation. In addition, our
preliminary work suggests that Version 3.0 may provide a foundation upon
which to build a more complete architecture. Nevertheless, the real
question that remains is whether this version contains sufficient scope,
detail, integration, and consistency to serve as a sufficient frame of
reference for defining a common vision and transition plan to guide and
constrain system investments.

Enterprise Transition Plan

The act requires that DOD develop, by September 30, 2005, a transition
plan for implementing its business enterprise architecture. According to
the act, this plan must meet three conditions:

           1. Include an acquisition strategy for new systems that are
           expected to be needed to complete the defense business enterprise
           architecture.
           2. Include listings of the legacy systems that will and will not
           be part of the target business systems environment, and a strategy
           for making modifications to those systems that will be included.
           3. Include specific time-phased milestones, performance metrics,
           and a statement of the financial and nonfinancial resource needs.

On September 28, 2005, the Acting Deputy Secretary of Defense approved the
transition plan. Our preliminary work on this plan suggests that it may
partially satisfy each condition. For example, the plan appears to include
elements of an acquisition strategy for new systems and describe a
high-level approach for modernizing the department's business operations
and systems. Further, it includes detailed information on about 60
business systems (ongoing programs) that are to be part of the "To Be"
architectural environment, as well as an acquisition strategy for each
system. However, the plan does not appear to be based on a top-down
capability gap analysis between the "As Is" and "To Be" architectures that
describes capability and performance shortfalls and clearly identifies
which system investments (such as the 60 identified programs) are to
address these shortfalls. This is important because a transition plan is
to be an acquisition strategy that recognizes timing and technological
dependencies among planned systems investments, as well as such other
considerations as market trends and return on investment.

Similarly, our preliminary work suggests that the plan identifies some of
the legacy systems that are to be replaced by ongoing programs (for
example, it identifies the Defense Cash Accountability System as a target
system and lists several legacy systems that it would replace), and it
provides a list of legacy systems that will be modified to provide
capabilities associated with the target architecture environment. However,
the plan's listings of legacy systems that will and will not be part of
the target architecture do not appear to be complete. For example, the
plan  identified 145 legacy systems that would be migrating to one target
system (the Expeditionary Combat Support System), but other DOD
documentation21 shows that this target system includes over 659 legacy
systems, suggesting that 514 systems may not be accounted for.

Finally, the plan appears to include some of the required information on
milestones, performance metrics, and resource needs. The plan includes key
milestone dates for the 60 systems/programs identified (such as the
Defense Travel System), but it does not show specific dates for
terminating or migrating many legacy systems (such as the Cash
Reconciliation System), and it does not include milestone dates for some
ongoing programs (such as the Navy Tactical Command Support System).
Similarly, although the plan includes performance metrics for some
systems,22 it does not include for each system measures and metrics,
focused on benefits or mission outcomes that can be linked to the plan's
strategic goals. In addition, according to program officials, the resource
needs in the transition plan for some programs are not current, as these
needs are reflective of the fiscal year 2006 budget, which was developed
before a recent reevaluation of how these programs will fit into the "To
Be" environment.

21 DOD, Expeditionary Combat Support System Sources Sought Synopsis (May
10, 2004).

22 For example, for DOD's military personnel and pay system, the Defense
Integrated Military Human Resources System (DIMHRS), the plan cites a goal
of reducing manual workarounds for military pay by 9 percent.

Our preliminary work also suggests that in addition to the limitations
just described, the plan may be missing relevant context and be
inconsistent with the architecture in various ways. For example, it
identifies 60 systems as target systems (for example, the Defense Cash
Accountability System), but the "To Be" architecture appears to include
only 23 of these. In addition, the plan includes a list of 66 systems that
are characterized as nonpriority enterprise or component programs that
will be part of the target architecture, but the target architecture does
not appear to identify all these systems.

According to DOD officials, the transition plan is evolving, and any
limitations will be addressed in future iterations of the plan. They also
stated that the department has taken an incremental approach to developing
a transition plan, and that the plan, as constrained by the scope of
Version 3.0 of the architecture, satisfies the intent of the act's
requirements.

As with the architecture, we support an incremental development approach.
Moreover, this plan represents DOD's first ever enterprise transition
plan, and thus constitutes progress. However, questions remain as to
whether it is of sufficient scope and content to effectively and
efficiently manage the disposition of the department's existing inventory
of systems or to sequence the introduction of modernized business
operations and supporting systems.

Fiscal Year 2006 IT Budget Submission

The fiscal year 2005 defense authorization act specifies information that
the department is to incorporate in its IT budget request for fiscal year
2006 and each fiscal year thereafter. Generally, the act states that each
budget request for business systems must:

           1. Identify each defense business system for which funding is
           being requested.
           2. Provide information on all funds, by appropriation, for each
           business system, including funds by appropriation specifically for
           current services (Operation and Maintenance) and systems
           modernization (Procurement; Research, Development, Test and
           Evaluation; and Defense Working Capital Fund).
           3. Identify the designated approval authority for each business
           system.

On the basis of our preliminary work, it appears that DOD's fiscal year
2006 IT budget submission may partially satisfy these conditions. For
example, although the fiscal year 2006 budget may not identify each
business system for which funding is requested, DOD is taking steps to
ensure that subsequent fiscal year budget requests are more comprehensive.
This situation arose because DOD's fiscal year 2006 budget submission was
submitted in February 2005, when the department did not yet have a single
inventory of all of its business systems. As a result, DOD officials could
not guarantee that all business systems were included in the submission.
Currently, the department is updating its single database for its
inventory of business systems, as we had recommended,23 which is scheduled
to be completed by September 30, 2006. Finally, DOD officials stated that
the fiscal year 2007 IT budget submission will be derived from a separate
DOD authoritative IT budget database.

There may be additional areas of uncertainty regarding the completeness of
DOD's IT budget submission. One source of uncertainty is inconsistencies
in the way that DOD classifies systems: as business systems or as national
security systems.24 For example, as we previously reported,25 DOD
reclassified 56 systems in its fiscal year 2005 budget request from
business systems to national security systems, resulting in a decrease of
approximately $6 billion in the fiscal year 2005 budget request for
business systems and related infrastructure. Similarly, in the fiscal year
2006 submission, 13 systems previously classified as business systems were
reclassified as national security systems, and 10 systems previously
classified as national security systems were reclassified as business
systems. We understand that DOD is currently reviewing its
reclassifications.

23 GAO, DOD Business Systems Modernization: Billions Continue to Be
Invested with Inadequate Management Oversight and Accountability,
GAO-04-615 (Washington, D.C.: May 27, 2004).

24 National security systems are intelligence systems, cryptologic
activities related to national security, military command and control
systems, and equipment that is an integral part of a weapon or weapons
system or is critical to the direct fulfillment of military or
intelligence missions.

25 GAO-05-381.

Our preliminary work also indicates that DOD may not have ensured that
budget requests for all business systems identify the type of funding-by
appropriation-being requested and whether the funding was for current
services or modernization. In the fiscal year 2006 budget submission,
systems identified are categorized by the type of funding (appropriation)
being requested and whether the funding is for current services or
modernization; however, not all systems may be identifiable. In
particular, it is not clear what is covered by one funding type or
category referred to as "All Other." For fiscal year 2006, this category
totaled about $1.2 billion and included, for example, about $22.6 million
specifically for financial management. According to DOD officials,26 this
category in the IT budget includes system projects that do not have to be
identified by name because they fall below the $2 million reporting
threshold for budgetary purposes.

Finally, our preliminary work indicates that DOD's fiscal year 2006 IT
budget submission identifies the designated approval authority for most
systems, but not all. In particular, the approval authorities for 57
systems in the submission were not apparent. For example, the Navy's C2
On-the-Move Network Digital Over-the-Horizon Relay system and the Defense
Commissary Agency's Enterprise Business System have a designated approval
authority of "Other."

Full compliance with the act's conditions relative to budgetary disclosure
is an important enabler of informed budgetary decision making and
oversight. Without such disclosure, whether incorrect system
classification, or mere oversights, the department's efforts to improve
its control and accountability over its business systems investments are
hindered, and the department and the Congress are constrained in their
ability to effectively monitor and oversee the billions of dollars spent
annually to maintain, operate, and modernize DOD's business systems.

Investment Review and Approval Requirements

The fiscal year 2005 defense authorization act specifies actions that the
department is to take regarding the review and approval of investments in
business systems. Generally, the act sets up three requirements for the
department:

26 GAO-04-615.

           o  Delegate the authority and accountability for defense business
           systems to designated approval authorities within the Office of
           the Secretary of Defense.
           o  By March 15, 2005, require each approval authority to establish
           an investment review process to review the planning, design,
           acquisition, development, deployment, operation, maintenance,
           modernization, and project cost benefits and risks of all defense
           business systems for which the approval authority is responsible.
           o  Effective October 1, 2005, obligate funds for a defense
           business system modernization project with total cost exceeding $1
           million after the approval authority designated for that system
           certifies to the Defense Business Systems Management Committee
           (DBMSC) that the system project meets specific conditions that are
           called for in the act, and the certification by the approval
           authority is approved by the DBSMC.

On the basis of our preliminary work, it appears that DOD has satisfied
some aspects of these conditions, and is potentially in the process of
satisfying other aspects. First, on March 19, 2005, the Acting Deputy
Secretary of Defense issued a memorandum that delegated the authority for
the review, approval, and oversight of planning, design, acquisition,
deployment, operation, maintenance, and modernization of the department's
business systems. Designation of these approval authorities is consistent
with the act. Further, our research and evaluations, as reflected in the
guidance that we have issued, shows that clear assignment of senior
executive investment management responsibilities and accountabilities are
key aspects of having an effective institutional approach to IT investment
management.

Second, DOD has established investment review structures and processes,
including a hierarchy of investment review boards with representation from
across the department, as well as a standard set of investment review and
decision-making criteria for these boards to use to ensure compliance and
consistency with the business enterprise architecture. Further, the DBSMC
was chartered in February 2005 as the highest ranking system modernization
governance body, as required by the act.27 Further, DOD has designated the
chair and membership of the boards consistent with the act, and all but
one of designated approval authorities have established investment review
boards for their areas of responsibility, which the act requires each to
do. The one approval authority that does not appear to have established a
review process is the Assistant Secretary of Defense (Networks and
Information Integration)/Chief Information Officer.

To support its investment review structures, DOD has also established
investment review processes that include, among other things, the use of
business enterprise architecture compliance procedures, common decision
criteria, and threshold criteria to ensure appropriate levels of review
and accountability. Notwithstanding these investment review structures and
processes, it remains uncertain to what extent DOD components have
established similar investment review bodies and will adopt common
investment review and decision-making processes. DOD components are
expected to establish their own structures and processes. Under the
department's concept of "tiered accountability," significant
responsibility and accountability for business system investments is to
reside with the military services and defense agencies. The extent to
which the components establish and consistently implement common
investment management structures and processes is important, because doing
so is a best practice. Without such structures and processes, investment
decisions could potentially perpetuate the existence of overly complex,
error-prone, nonintegrated system environments and limit introduction of
corporate solutions to long-standing business problems.

Finally, our preliminary work indicates that the department is in the
process of ensuring that defense business system modernizations28 costing
greater than $1 million are certified and approved in accordance with the
act. Specifically, the department has identified 210 systems with costs
greater than $1 million, thus requiring certification and approval. Of
these 210, DOD reports that 166 were certified and approved in accordance
with the act before September 30, 2005. This means that 44 were not, and
according to the act, the department cannot make further obligations for
any of these other than with funding left over from previous fiscal years,
until they are certified and approved.

27 See 10 U.S.C. S: 186.

28 The term `defense business system modernization' is defined in 10
U.S.C. S: 2222(j) (3) as "(A) the acquisition or development of a new
defense business system; or (B) any significant modification or
enhancement of an existing defense business system (other than necessary
to maintain current services)."

One potential issue with regard to the department's system certification
and approval efforts to date is whether it has identified all business
system modernizations with costs greater than $1 million. Doing this
requires, among other things, proper classification of systems as national
security systems or as business systems. If a business system is
improperly classified, it may not be reviewed, certified, and approved in
accordance with the act. As stated earlier, questions persist regarding
whether the department has properly classified all business systems as
such.

Another potential issue is whether DOD has followed the act's criteria for
DBSMC review and approval in all of the aforementioned 166 systems.
Specifically, it appears that the DBSMC approved the certification of at
least six business systems in August 2005 that had been previously
reviewed in accordance with earlier criteria;29 however, the current
criteria under the act do not provide for the DBSMC to approve a
certification based upon such previous certification. According to DOD
officials, these six systems will go through the current review process no
later than February 2006. In addition to these six, DOD officials told us
that several other systems investments, which were certified and approved
on the grounds that they were mission essential,30 will also be
resubmitted for DBSMC approval.

29 The six systems were reviewed under the criteria set forth in the
fiscal year 2003 defense authorization act.

30 See 10 U.S.C. S: 2222 (a)(1)(C).

DOD's Business Transformation Agency Could Help Strengthen Systems Modernization
           Management and Oversight if it is Effectively Implemented

On October 7, 2005, DOD established the Business Transformation Agency
(BTA) to advance defense-wide business transformation efforts in general
but particularly with regard to business systems modernization. BTA
reports directly to the vice chair of the DBMSC.31 Among other things, BTA
includes an acquisition executive who is to be responsible for 28 DOD-wide
business projects, programs, systems, and initiatives. In addition, the
BTA is to be responsible for integrating and supporting the work of the
Office of the Secretary of Defense (OSD) principal staff assistants, who
include the approval authorities that chair the business system investment
review boards.

In our view, BTA offers potential benefits relative to the department's
business systems modernization efforts, if the agency can be properly
organized, resourced, and empowered to effectively execute its roles and
responsibilities, and if it is held accountable for doing so. In this
regard, the agency faces a number of challenges as described below.

According to DOD, this agency is expected to have a functioning
acquisition organization by November 21, 2005. While such a timeline is
daunting in and of itself, it is particularly challenging given that DOD
is estimating up to 12 months to establish a permanent director. Moreover,
there are numerous key acquisition functions that would need to
established and made operational to effectively assume 28 DOD-wide
projects, programs, systems, and initiatives, and our experience across
the government shows that these functions can take considerable time to
establish.

Among other things, the agency is to be responsible for ensuring
consistency and continuity across the department's core business missions
with respect to, for example, business process re-engineering and related
business system matters. While the agency should be able to accomplish
this relative to the DOD-wide efforts that it can control, it does not
appear to have the requisite authority to carry out this responsibility
relative to DOD component system investments, which it does not have
investment control over. At best, the agency will be able to support the
DBMSC in its efforts to ensure such consistency and continuity.

31 The vice chair of the DBSMC is the Under Secretary of Defense for
Acquisition, Technology and Logistics.

As currently structured, the agency does not include support to an OSD
principal staff assistant and approval authority-the Assistant Secretary
of Defense for Networks Integration and Infrastructure, who is responsible
for DOD information technology infrastructure, such as wide-area networks,
local-area networks, telecommunications, and security services. In
addition, the agency's relationship to the Defense Information Systems
Agency, which is also responsible for certain DOD-wide system capabilities
and services, is not specified. As the department moves forward with
implementing this new agency, it will important for it to address these
issues.

 Effective DOD Business Transformation Will Require Broader Focus than Recently
  Launched Business Systems Modernization Management Structures and Activities

For DOD to successfully transform its overall business operations, it will
need senior level management accountability, a comprehensive and
integrated business transformation plan that covers all of its key
business functions; people with needed skills, knowledge, experience,
responsibility, and authority to implement the plan; an effective process
and related tools; and results-oriented performance measures that link
institutional, unit, and individual performance goals and expectations to
promote accountability for results. Over the last 3 years, GAO has made
several recommendations that if implemented successfully could help DOD
move forward in establishing the means to successfully address the
challenges it faces in transforming its business operations. For example,
as the Comptroller General testified before this subcommittee earlier this
year, DOD needs a full-time CMO position, created through legislation,
with responsibility and authority for DOD's overall business
transformation efforts.32 The CMO must be a person with significant
authority and experience who would report directly to the Secretary of
Defense. Given the nature and complexity of the overall business
transformation effort, and the need for sustained attention over a
significant period of time, this position should be a term appointment and
the person should be subject to a performance contract.

The Secretary of Defense, Acting Deputy Secretary of Defense, and other
senior leaders have clearly shown commitment to business transformation
and addressing deficiencies in the Department's business operations. As I
discussed earlier, DOD has taken several actions, including setting up the
DBSMC, publishing a business enterprise transition plan and most recently,
establishing the Business Transformation Agency. Moreover, DOD is
examining various aspects of its business operations as part of the
ongoing Quadrennial Defense Review. While these management structures and
plan are positive steps, their primary focus, at this point, appears to be
on business systems modernization. Clearly, maintaining effective and
modern business systems is a key enabler to transformation. However,
business transformation is much broader and encompasses not only the
supporting systems, but also the planning, management, organizational
structures, and processes related to all DOD's major business areas. Such
areas include support infrastructure management, human capital management,
financial management, weapon systems acquisition, contract management,
planning and budgeting, and supply chain management. Recognizing that DOD
is continuing to evolve its efforts to plan and organize itself to achieve
business transformation, critical to the success of these efforts will be
management attention and structures that focus on transformation from a
broad perspective and a clear strategic and integrated plan that, at a
summary level, addresses all of the department's major business areas.
This strategic plan should contain results-oriented performance measures
that link institutional, unit, and individual goals, measures and
expectations, and would be instrumental in establishing investment
priorities and guiding the department's resource decisions.

32 S.780, 109th Cong., 1st Sess. introduced in the U.S. Senate on April
15, 2005, would create a statutory Chief Management Officer.

Finally, the lynchpin to ensure successful business transformation is the
presence of strong and sustained executive leadership with appropriate
responsibility, authority, and accountability. The central authority we
had envisioned to allow for strong and sustained executive leadership over
DOD's business management reform efforts is a full-time, executive-level
II position for a CMO, who would serve as the Deputy Secretary of Defense
for Management. This position would divide and institutionalize the
functions of the Deputy Secretary of Defense by creating a separate Deputy
Secretary of Defense for Management. As we envision it, the CMO would
feature a term of office that spans administrations, which would serve to
underscore the importance of taking a professional, nonpartisan,
institutional, and sustainable approach to the overall business
transformation effort. As I understand it, DOD's position is that the
Acting Deputy Secretary of Defense, who also serves as the chair of the
DBSMC, has the requisite position, authority, and purview to perform the
functions of a CMO. Under the Acting Deputy's leadership, DOD expects to
be able to demonstrate progress towards achieving business reform.
Comptroller General Walker continues to believe a CMO is necessary to
provide the sustained leadership needed to achieve true business
transformation. In light of DOD's position, we would encourage the
Subcommittee to require DOD to periodically report on its efforts,
including describing the specific goals and measures against which it is
measuring its progress in achieving business reform.

                                   - - - - -

In closing, the department as made important progress in the last 6 months
in establishing the kind of business systems modernization management
capabilities that our research and evaluations show are essential to a
successful modernization program-namely, an architecture, a transition
plan, and system investment decision-making structures and processes. But
more needs to be done to complete each of these areas, and most
importantly, to ensure that they are reflected in how each and every
business system investment is managed. While the new business
transformation agency can help get this done, much remains to be
accomplished before this agency is functioning as intended. Beyond systems
modernization, overall business transformation remains a major challenge.
The creation of a CMO position, and the development of a strategic
transformation plan to integrate and guide the department's people,
process, and technology change initiatives, would go a long way in helping
the department meet this challenge.

Mr. Chairman and Members of the Subcommittee, this concludes my prepared
statement. I would be happy to answer any questions you may have at this
time.

350777

United States Government Accountability Office

GAO

Testimony

Before the Subcommittee on Readiness and Management Support, Committee on
Armed Services, U.S. Senate

For Release on Delivery

Expected at 2:00 p.m. EST Wednesday, November 9, 2005

DEFENSE MANAGEMENT

Foundational Steps Being Taken to Manage DOD Business Systems
Modernization, but Much Remains to be Accomplished to Effect True Business
Transformation

Statement of Randolph C. Hite

Director Information Technology Architecture and Systems

GAO-06-234T

transparent illustrator graphic

www.gao.gov/cgi-bin/getrpt? GAO-06-234T .

To view the full product, including the scope

and methodology, click on the link above.

For more information, contact Randy Hite at (202) 512-3429 or
[email protected].

Highlights of GAO-06-234T , a testimony before the Subcommittee on
Readiness and Management Support, Committee on Armed Services, U.S. Senate

November 9, 2005

DEFENSE MANAGEMENT

Foundational Steps Being Taken to Manage DOD Business Systems
Modernization, but Much Remains to be Accomplished to Effect True Business
Transformation

For years, the Department of Defense (DOD) has embarked on a series of
efforts to transform its business operations, including modernizing
underlying information technology (business) systems. GAO has reported on
inefficiencies and inadequate accountability across DOD's major business
areas, resulting in billions of dollars of wasted resources annually. Of
the 25 areas on GAO's 2005 list of high-risk federal programs and
operations that are vulnerable to fraud, waste, abuse or mismanagement and
in need of reform, 8 are DOD programs or operations, and 6 are
government-wide high risk areas for which DOD shares responsibility.

The Ronald W. Reagan National Defense Authorization Act for Fiscal Year
2005 required DOD to satisfy several conditions relative to its approach
to managing its business system modernization program, including
developing an enterprise transition plan, which GAO is currently
assessing. DOD also recently established a Business Transformation Agency
intended to advance defense-wide business transformation.

GAO was asked to testify on DOD's business transformation, including its
preliminary observations on 1) DOD's efforts to satisfy fiscal year 2005
defense authorization act requrements; 2) the Business Transformation
Agency; and 3) DOD's efforts to provide the leadership, structures, and
plans needed to effect transformation.

GAO's preliminary observation based on its ongoing work is that DOD has
made progress in establishing needed business system modernization
management capabilities and appears to have complied with some of the
act's provisions, but more needs to be done. To comply with the act's
requirement that it develop a business enterprise architecture and
transition plan meeting certain requirements, DOD approved Version 3.0 of
its architecture and associated transition plan on September 28, 2005.
GAO's work so far suggests that this version of the architecture may
satisfy the conditions of the act to some extent, but not entirely. For
example, while Version 3.0 includes a target architecture, as required, it
does not include a current architecture. Without this element, DOD could
not analyze the gaps between the two architectures-critical input to a
comprehensive transition plan. In addition, the transition plan appears to
include certain required information (such as milestones for major
projects), but it appears to be inconsistent with the architecture in
various ways, such as including some systems that are not in the target
architecture and vice versa, and it does not include system performance
metrics aligned with the plan's strategic goals and objectives. Finally,
GAO's preliminary work suggests that DOD may have satisfied some of the
act's requirements regarding the review and approval of investments in
business systems, but it either has not satisfied or is still in the
process of satisfying others. For example, it has delegated authority and
largely established review structures and processes as required. However,
some of these structures do not yet appear to be in place, and some
reviews and approvals to date may not have followed the criteria in the
act. GAO expects to report on these issues shortly.

DOD's Business Transformation Agency offers potential benefits relative to
the department's business systems modernization efforts if the agency can
be properly organized, resourced, and empowered to effectively execute its
roles and responsibilities and is held accountable for doing so. The
agency faces several challenges, including standing up a functioning
acquisition organization within a short period of time. As DOD moves
forward with implementing this agency, it will be important for it to
address these issues.

DOD has taken several actions intended to advance transformation, such as
establishing management structures like the Business Transformation
Agency, and developing the enterprise transition plan. While these steps
are positive, their primary focus appears to be on business system
modernization. Business transformation is much broader and encompasses
planning, management, structures, and processes related to all key
business areas. As DOD continues to evolve its transformation efforts,
critical to successful reform are sustained leadership, structures, and a
clear strategic and integrated plan that encompass all major business
areas. GAO believes a chief management official, responsible for business
transformation, could provide the strong and sustained executive
leadership needed in this area.

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548
*** End of document. ***