Defense Business Transformation: Sustaining Progress Requires	 
Continuity of Leadership and an Integrated Approach (07-FEB-08,  
GAO-08-462T).							 
                                                                 
The Department of Defense (DOD) has stewardship over an 	 
unprecedented amount of taxpayer money--with about $546 billion  
in discretionary budget authority provided thus far in fiscal	 
year 2008, and total reported obligations of about $492 billion  
to support ongoing operations and activities related to the	 
Global War on Terrorism from September 11, 2001, through	 
September 2007. Meanwhile, DOD is solely responsible for 8	 
high-risk areas identified by GAO and shares responsibility for  
another 7 high-risk areas. GAO designated DOD's approach to	 
business transformation as high risk in 2005. DOD's business	 
systems modernization and financial management have appeared on  
the list since 1995. Deficiencies in these areas adversely affect
DOD's ability, among other things, to assess resource		 
requirements; control costs; ensure accountability; measure	 
performance; prevent waste, fraud, and abuse; and address	 
pressing management issues. Based on previously issued GAO	 
reports and testimonies, this testimony focuses on the progress  
DOD has made and the challenges that remain with respect to	 
overall business transformation, business systems modernization, 
and financial management capabilities improvements. GAO has made 
recommendations to improve DOD's business transformation efforts 
and DOD's institutional and program-specific management controls.
DOD has largely agreed with these recommendations.		 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-462T					        
    ACCNO:   A80550						        
  TITLE:     Defense Business Transformation: Sustaining Progress     
Requires Continuity of Leadership and an Integrated Approach	 
     DATE:   02/07/2008 
  SUBJECT:   Accountability					 
	     Defense budgets					 
	     Defense capabilities				 
	     Defense cost control				 
	     Enterprise architecture				 
	     Financial management				 
	     Internal controls					 
	     Organizational change				 
	     Performance measures				 
	     Policy evaluation					 
	     Program evaluation 				 
	     Program management 				 
	     Reporting requirements				 
	     Strategic planning 				 
	     Systems conversions				 
	     Systems evaluation 				 
	     Business planning					 
	     Business transformation				 
	     Program goals or objectives			 
	     DOD Enterprise Transition Plan			 
	     DOD Financial Improvement and Audit		 
	     Readiness Plan					 
                                                                 
	     GAO High Risk Series				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-462T

   

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Testimony: 

Before the Subcommittee on Readiness and Management Support, Committee 
on Armed Services, U.S. Senate: 

For Release on Delivery: 
Expected at 2:30 p.m. EST: 
Thursday, February 7, 2008: 

Defense Business Transformation: 

Sustaining Progress Requires Continuity of Leadership and an Integrated 
Approach: 

Statement of David M. Walker: 
Comptroller General of the United States: 

GAO-08-462T: 

GAO Highlights: 

Highlights of GAO-08-462T, a testimony before the Subcommittee on 
Readiness and Management Support, Committee on Armed Services, U.S. 
Senate. 

Why GAO Did This Study: 

The Department of Defense (DOD) has stewardship over an unprecedented 
amount of taxpayer money--with about $546 billion in discretionary 
budget authority provided thus far in fiscal year 2008, and total 
reported obligations of about $492 billion to support ongoing 
operations and activities related to the Global War on Terrorism from 
September 11, 2001, through September 2007. Meanwhile, DOD is solely 
responsible for 8 high-risk areas identified by GAO and shares 
responsibility for another 7 high-risk areas. GAO designated DODï¿½s 
approach to business transformation as high risk in 2005. DODï¿½s 
business systems modernization and financial management have appeared 
on the list since 1995. Deficiencies in these areas adversely affect 
DODï¿½s ability, among other things, to assess resource requirements; 
control costs; ensure accountability; measure performance; prevent 
waste, fraud, and abuse; and address pressing management issues. 

Based on previously issued GAO reports and testimonies, this testimony 
focuses on the progress DOD has made and the challenges that remain 
with respect to overall business transformation, business systems 
modernization, and financial management capabilities improvements. GAO 
has made recommendations to improve DODï¿½s business transformation 
efforts and DODï¿½s institutional and program-specific management 
controls. DOD has largely agreed with these recommendations. 

What GAO Found: 

DODï¿½s senior leadership has shown a commitment to transforming DODï¿½s 
business operations and taken steps that have yielded progress in many 
respects, especially during the past two years. To sustain its efforts, 
DOD still needs (1) a strategic planning process and a comprehensive, 
integrated, and enterprisewide plan or set of plans to guide 
transformation and (2) a full-time, term-based, senior management 
official to provide focused and sustained leadership. Congress has 
clearly recognized the need for executive-level attention and, through 
the National Defense Authorization Act for fiscal year 2008, has 
designated the Deputy Secretary of Defense as DODï¿½s Chief Management 
Officer (CMO), created a Deputy CMO position, and designated a CMO for 
each military department. Among other things, DOD will need to clearly 
define roles and responsibilities, accountability, and performance 
expectations. However, DOD still faces the challenge of ensuring that 
its CMO can give the position full-time focus and continuity of 
leadership. In that respect, GAO continues to believe the CMO should be 
codified in statute as a separate position with the appropriate term to 
span administrations. 

To comply with legislative requirements aimed at improving business 
systems modernization, DOD continues to update its business enterprise 
architecture and has established and begun to implement corporate 
investment review structures and processes. However, DOD has not 
achieved the full intent of the legislative requirements. The business 
enterprise architecture updates are not complete enough to effectively 
and efficiently guide and constrain business system investments across 
all levels of DOD. Although DOD issued a strategy for ï¿½federatingï¿½ or 
extending its architecture to the DOD components, the componentsï¿½ 
architecture programs are not fully mature to support this. With 
respect to investment review structures and processes, DOD lacks 
policies and procedures for aligning investment selection decisions and 
relevant corporate- and component-level guidance. For example, DODï¿½s 
business systems investment policies and procedures do not link 
investment selection decisions with investment funding decisions. 
Meanwhile, DOD components continue to invest billions of dollars in 
thousands of new and existing business system programs. 

DOD has taken steps towards developing and implementing a framework for 
improving its capability to provide timely, reliable, and relevant 
financial information for analysis, decision making, and reporting. 
Specifically, DOD is defining and implementing a standard DOD-wide 
financial management data structure and enterprise-level capabilities 
to facilitate reporting and comparison of financial data across DOD. In 
2007, DOD refined its strategy for achieving auditable financial 
statements, emphasizing verification and validation of sustained 
improvements and assessments of new systems to identify risks that, if 
not mitigated, may impede the achievement of clean financial statement 
audit opinions. While these efforts may improve the consistency and 
comparability of DOD's financial reports, a great deal of work to 
ensure the reliability of the data itself remains before financial 
management transformation will be achieved. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.GAO-08-462T]. For more information, contact 
Sharon Pickup at (202) 512-9619 or [email protected]. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss the status of the Department 
of Defense's (DOD) efforts to transform DOD's business operations and 
the actions that DOD needs to take to maintain continuity of effort, 
change the status quo, and achieve sustainable success, both at the 
enterprisewide level and within DOD's many components. Before I go 
further, I also want to commend the Subcommittee for its continued 
focus, oversight, and legislative initiatives to address these critical 
issues. 

Since the first financial statement audit of a major DOD component was 
attempted almost 20 years ago, we have reported that weaknesses in 
business operations not only adversely affect the reliability of 
reported financial data, but also the economy, efficiency, and 
effectiveness of these operations. DOD continues to dominate our list 
of high-risk programs designated as vulnerable to waste, fraud, abuse, 
and mismanagement, bearing responsibility, in whole or in part, for 15 
of 27 high-risk areas.[Footnote 1] Eight of these areas are specific to 
DOD and include DOD's overall approach to business transformation, as 
well as business systems modernization and financial management, which 
are the focus of this hearing. Collectively, these high-risk areas 
relate to DOD's major business operations that directly support the 
warfighters, including how they are paid, the benefits provided to 
their families, and the availability and condition of equipment they 
use both on and off the battlefield. 

Given the current security environment and growing long-range fiscal 
imbalance facing our nation, DOD, like other federal agencies, will 
need to ensure prudent and proper stewardship of the resources it is 
provided to perform its mission. Commitments are clearly growing both 
abroad, with our involvement in ongoing operations in Iraq and 
Afghanistan, as well as at home, with efforts to provide homeland 
security. However, our nation is threatened not only by external 
security threats, but also from within by large and growing fiscal 
imbalances, due primarily to our aging population and rising health 
care costs. Absent policy changes to cope with rising health care costs 
and known demographic trends, a growing imbalance between expected 
federal spending and revenues will mean escalating and ultimately 
unsustainable federal deficits and debt levels. As I have stated 
previously, our nation is on an imprudent and unsustainable fiscal 
path. Given this scenario, DOD cannot afford to continue to rely on 
ineffective and inefficient business processes, controls, and 
technology to support its mission. With about $546 billion in 
discretionary budget authority provided thus far in fiscal year 2008, 
along with total reported obligations of about $492 billion to support 
ongoing operations and activities related to the Global War on 
Terrorism since the September 11, 2001, attacks through September 2007, 
the department has been given stewardship of unprecedented amounts of 
taxpayer money. DOD must do more to ensure proper stewardship and 
accountability of the resources it is given. 

Transforming business operations in any organization is a long-term, 
difficult process, especially in an organization as large and complex 
as DOD. Congress, under the leadership of this Subcommittee and others, 
has been instrumental in transforming DOD through oversight and through 
legislation that has codified many of our prior recommendations, 
particularly with respect to the modernization of DOD's business 
systems.[Footnote 2] While transformation will never be easy, our work 
shows that DOD will certainly continue to face difficulty in achieving 
better outcomes in its business operations and, ultimately, optimizing 
support to the warfighters until it adopts a better leadership approach 
to guide its business transformation efforts. My testimony today will 
provide perspectives on the progress DOD has made and the challenges it 
faces in its approaches to overall business transformation, business 
systems modernization, and financial management capabilities 
improvements. In particular, I will focus on the progress DOD has made 
in developing its business enterprise architecture (BEA), enterprise 
transition plan (ETP), and Financial Improvement and Audit Readiness 
(FIAR) Plan; DOD's investment controls for new business systems; the 
extent to which DOD is complying with applicable legislation; and the 
degree to which the department has integrated the roles of the military 
services in these efforts. My statement is based largely on previous 
reports and testimonies; however, some portions are based upon ongoing 
work. All of this work was performed in accordance with generally 
accepted government auditing standards. 

Summary: 

DOD's senior leadership has demonstrated a commitment to transforming 
the department's business operations, and has taken many steps in the 
last few years to further this effort. For example, DOD has made 
progress in creating transformational entities to guide its efforts, 
such as the Defense Business Systems Management Committee and the 
Business Transformation Agency[Footnote 3], as well in developing plans 
and other tools. However, two critical actions, among others, are still 
needed to put DOD on a sustainable path to success. DOD has yet to 
establish (1) a strategic planning process that results in a 
comprehensive, integrated, and enterprisewide plan or set of plans to 
help guide transformation and (2) a senior official who can provide 
full-time attention and sustained leadership to the overall business 
transformation effort. 

Congress has clearly recognized the need for executive-level attention 
to these matters as well as sound planning, and has taken important 
action to codify key responsibilities. Specifically, the National 
Defense Authorization Act for Fiscal Year 2008 designates the Deputy 
Secretary of Defense as the department's Chief Management Officer 
(CMO), creates a Deputy CMO position, and designates the 
undersecretaries of each military department as CMOs for their 
respective departments. The act also requires the Secretary of Defense, 
acting through the CMO, to develop a strategic management plan that 
among other things is to include a detailed description of performance 
goals and measures for improving and evaluating the overall efficiency 
and effectiveness of the business operations of the department. 

In light of this legislation, it will be important for DOD to define 
the specific roles and responsibilities for the CMO, Deputy CMO, and 
the service CMOs; ensure clearly delineated reporting relationships 
among them and other department and service officials; foster good 
executive-level working relationships for maximum effectiveness; 
establish appropriate integration and transformation structures and 
processes; promote individual accountability and performance; and 
provide for continuity. With less than a year before a change in 
administrations, DOD should focus significant effort in the months 
ahead to institutionalize as many of these actions as possible. 
However, in the absence of more permanence, DOD will still face 
challenges in sustaining continuity of leadership. In that respect, we 
continue to believe the CMO should be codified in statute as a separate 
position with an appropriate term to span administrations. 

With regard to business systems modernization, which is a critical 
enabler to enhancing overall business transformation, DOD continues to 
take steps to comply with legislative requirements. However, much 
remains to be accomplished before the full intent of this legislation 
is achieved. In particular, DOD continues to update its BEA, which 
while addressing several issues previously reported by us, is still not 
sufficiently complete to effectively and efficiently guide and 
constrain business system investments across all levels of the 
department. Most notably, the architecture does not yet include well- 
defined architectures for DOD's component architectures. In addition, 
the scope and content of the department's ETP do not address DOD's 
complete portfolio of information technology (IT) investments. As part 
of its approach to incrementally improving its BEA, DOD issued a 
strategy for "federating" or extending its architecture to the military 
departments and defense agencies. In our view, much remains to be 
accomplished before a well-defined federated architecture is in place, 
particularly given the limitations in the federation strategy (e.g., 
including information on how the component architectures are to align 
with the latest version of the BEA) and the immature state of the 
military department architecture programs. DOD has since developed an 
updated version of its federation strategy, which according to DOD 
officials, addresses some of our recommendations. 

The department has also established and has begun to implement 
legislatively directed corporate investment review structures and 
processes needed to effectively manage its business systems 
investments, but neither DOD nor the military departments have done so 
in a manner that is fully consistent with relevant guidance. For 
example, the department has not yet established business system 
investment policies and procedures for ensuring that investment 
selection decisions are aligned with investment funding decisions, 
which increases the chance of inconsistent and uninformed decision 
making. Nevertheless, DOD components are continuing to invest billions 
of dollars in thousands of new and existing business system programs. 
As we previously stated, the risks associated with investing in systems 
ahead of having a well-defined architecture and investment management 
practices are profound and must be managed carefully, as must the wide 
assortment of other risks that we have reported relative to specific 
DOD business systems investments. Our work and research has shown that 
establishing effective systems modernization management controls, such 
as an architecture-centric approach to investment decision making, 
while not a guarantee, can increase the chances of delivering cost- 
effective business capabilities on time and within budget. As such, we 
have made recommendations aimed at improving these institutional and 
program-specific controls, and DOD has largely agreed with these 
recommendations. 

Regarding financial management, DOD has taken steps toward developing 
and implementing a framework for addressing the department's long- 
standing financial management weaknesses and improving its capability 
to provide timely, reliable, and relevant financial information for 
analysis, decision making, and reporting, a key defense transformation 
priority.[Footnote 4] Specifically, this framework, which is discussed 
in both the department's ETP and the FIAR Plan,[Footnote 5] is intended 
to define and put into practice a standard DOD-wide financial 
management data structure as well as enterprise-level capabilities to 
facilitate reporting and comparison of financial data across the 
department. While these efforts should improve the consistency and 
comparability of DOD's financial reports, a great deal of work remains 
before the financial management capabilities of DOD and its components 
are transformed and the department achieves financial 
visibility.[Footnote 6] Examples of work remaining that must be 
completed as part of DOD component efforts to support the FIAR and ETP 
include data cleansing; improvements in current policies, processes, 
procedures, and controls; and implementation of integrated systems. 
Further, in 2007, DOD introduced refinements to its approach for 
achieving financial statement auditability. While these refinements 
reflect a clearer understanding of the importance of the sustainability 
of financial management improvements and the department's reliance on 
the successful completion of component (including military services and 
defense agencies) and subordinate initiatives, they are not without 
risks, which I will discuss later. 

Background: 

DOD is one of the largest and most complex organizations in the world. 
Overhauling its business operations will take many years to accomplish 
and represents a huge and possibly unprecedented management challenge. 
Execution of DOD's operations spans a wide range of defense 
organizations, including the military departments and their respective 
major commands and functional activities, numerous large defense 
agencies and field activities, and various combatant and joint 
operational commands that are responsible for military operations in 
specific geographic regions or theaters of operation. To support DOD's 
operations, the department performs an assortment of interrelated and 
interdependent business functions--using thousands of business systems--
related to major business areas such as weapon systems management, 
supply chain management, procurement, health care management, and 
financial management. The ability of these systems to operate as 
intended affects the lives of our warfighters both on and off the 
battlefield. 

To address long-standing management problems, we began our high-risk 
series in 1990 to identify and help resolve serious weaknesses in areas 
that involve substantial resources and provide critical services to the 
public.[Footnote 7] Historically, high-risk areas have been designated 
because of traditional vulnerabilities related to their greater 
susceptibility to fraud, waste, abuse, and mismanagement. As our high- 
risk program has evolved, we have increasingly used the high-risk 
designation to draw attention to areas associated with broad-based 
transformation needed to achieve greater economy, efficiency, 
effectiveness, accountability, and sustainability of selected key 
government programs and operations. DOD has continued to dominate the 
high-risk list, bearing responsibility, in whole or in part, for 15 of 
our 27 high-risk areas. Of the 15 high-risk areas, the 8 DOD-specific 
high-risk areas cut across all of DOD's major business areas. Table 1 
lists the 8 DOD-specific high-risk areas and the year in which each 
area was designated as high risk. In addition, DOD shares 
responsibility for 7 governmentwide high-risk areas.[Footnote 8] 

Table 1: Years When Specific DOD Areas on GAO's 2007 High-Risk List 
Were First Designated as High Risk: 

DOD area: DOD approach to business transformation; 
Year designated as high risk: 2005. 

DOD area: DOD personnel security clearance program; 
Year designated as high risk: 2005. 

DOD area: DOD support infrastructure management; 
Year designated as high risk: 1997. 

DOD area: DOD business systems modernization; 
Year designated as high risk: 1995. 

DOD area: DOD financial management; 
Year designated as high risk: 1995. 

DOD area: DOD contract management; 
Year designated as high risk: 1992. 

DOD area: DOD supply chain management; 
Year designated as high risk: 1990. 

DOD area: DOD weapon systems acquisition; 
Year designated as high risk: 1990. 

Source: GAO. 

[End of table] 

GAO designated DOD's approach to business transformation as high risk 
in 2005 because (1) DOD's improvement efforts were fragmented, (2) DOD 
lacked an enterprisewide and integrated business transformation plan, 
and (3) DOD had not appointed a senior official at the right level with 
an adequate amount of time and appropriate authority to be responsible 
for overall business transformation efforts. Collectively, these high- 
risk areas relate to DOD's major business operations, which directly 
support the warfighter, including how servicemembers get paid, the 
benefits provided to their families, and the availability of and 
condition of the equipment they use both on and off the battlefield. 

DOD's pervasive business systems and related financial management 
deficiencies adversely affect its ability to assess resource 
requirements; control costs; ensure basic accountability; anticipate 
future costs and claims on the budget; measure performance; maintain 
funds control; prevent and detect fraud, waste, and abuse; and address 
pressing management issues. Over the years, DOD initiated numerous 
efforts to improve its capabilities to efficiently and effectively 
support management decision making and reporting, with little success. 
Therefore, we first designated DOD's business systems modernization and 
financial management as high-risk areas in 1995, followed by its 
approach to business transformation in 2005. 

Overview of DOD Business Systems Modernization High-Risk Area: 

The business systems modernization high-risk area is large, complex, 
and integral to each of the other high-risk areas, as modernized 
systems are pivotal enablers to addressing longstanding transformation, 
financial, and other management challenges. DOD reportedly relies on 
approximately 3,000 business systems to support its business functions. 
For fiscal year 2007, Congress appropriated approximately $15.7 billion 
to DOD, and for fiscal year 2008, DOD has requested about $15.9 billion 
in appropriated funds to operate, maintain, and modernize these 
business systems and the associated infrastructures, of which 
approximately $11 billion was requested for the military departments. 
For years, DOD has attempted to modernize its many systems, and we have 
provided numerous recommendations to help it do so. For example, in 
2001, we provided the department with a set of recommendations to help 
in developing and using an enterprise architecture (modernization 
blueprint) and establishing effective investment management controls to 
guide and constrain how the billions of dollars each year are spent on 
business systems. We also made numerous project-specific and DOD-wide 
recommendations aimed at ensuring that the department follows proven 
best practices when it acquires IT systems and services. 

Enterprise Architecture and IT Investment Management Are Two Keys to 
Successfully Modernizing Systems: 

Effective use of an enterprise architecture, or modernization 
blueprint, is a hallmark of successful public and private 
organizations. For more than a decade, we have promoted the use of 
architectures to guide and constrain systems modernization, recognizing 
them as a crucial means to a challenging goal: agency operational 
structures that are optimally defined in both the business and 
technological environments. Congress has also recognized the importance 
of an architecture-centric approach to modernization: the E-Government 
Act of 2002,[Footnote 9] for example, requires the Office of Management 
and Budget (OMB) to oversee the development of enterprise architectures 
within and across agencies. 

In brief, an enterprise architecture provides a clear and comprehensive 
picture of an entity, whether it is an organization (e.g., a federal 
department) or a functional or mission area that cuts across more than 
one organization (e.g., financial management). This picture consists of 
snapshots of both the enterprise's current or "As Is" environment and 
its target or "To Be" environment. These snapshots consist of "views," 
which are one or more architecture products (models, diagrams, 
matrices, text, etc.) that provide logical or technical representations 
of the enterprise. The architecture also includes a transition or 
sequencing plan, based on an analysis of the gaps between the "As Is" 
and "To Be" environments; this plan provides a temporal road map for 
moving between the two that incorporates such considerations as 
technology opportunities, marketplace trends, fiscal and budgetary 
constraints, institutional system development and acquisition 
capabilities, the dependencies and life expectancies of both new and 
"legacy" (existing) systems, and the projected value of competing 
investments. Our experience with federal agencies has shown that 
investing in IT without defining these investments in the context of an 
architecture often results in systems that are duplicative, not well 
integrated, and unnecessarily costly to maintain and interface. 
[Footnote 10] 

A corporate approach to IT investment management is also characteristic 
of successful public and private organizations. Recognizing this, 
Congress developed and enacted the Clinger-Cohen Act in 1996,[Footnote 
11] which requires OMB to establish processes to analyze, track, and 
evaluate the risks and results of major capital investments in 
information systems made by executive agencies.[Footnote 12] In 
response to the Clinger-Cohen Act and other statutes, OMB developed 
policy for planning, budgeting, acquisition, and management of federal 
capital assets and issued guidance.[Footnote 13] We have also issued 
guidance in this area,[Footnote 14] in the form of a framework that 
lays out a coherent collection of key practices that when implemented 
in a coordinated manner, can lead an agency through a robust set of 
analyses and decision points that support effective IT investment 
management. This framework defines institutional structures, such as 
investment review boards, and associated processes, such as common 
investment criteria. Further, our investment management framework 
recognizes the importance of an enterprise architecture as a critical 
frame of reference for organizations making IT investment decisions. 
Specifically, it states that only investments that move the 
organization toward its target architecture, as defined by its 
sequencing plan, should be approved (unless a waiver is provided or a 
decision is made to modify the architecture). Moreover, it states that 
an organization's policies and procedures should describe the 
relationship between its architecture and its investment decision- 
making authority. Our experience has shown that mature and effective 
management of IT investments can vastly improve government performance 
and accountability, and can help to avoid wasteful IT spending and lost 
opportunities for improvements. 

Financial Management: 

A major component of DOD's business transformation strategy is its FIAR 
Plan, issued in December 2005 and updated annually in June and 
September. The FIAR Plan was issued pursuant to section 376 of the 
National Defense Authorization Act for Fiscal Year 2006.[Footnote 15] 
Section 376 limited DOD's ability to obligate or expend funds for 
fiscal year 2006 on financial improvement activities until the 
department submitted a comprehensive and integrated financial 
management improvement plan to congressional defense committees. 
Section 376 required the plan to (1) describe specific actions to be 
taken to correct deficiencies that impair the department's ability to 
prepare timely, reliable, and complete financial management information 
and (2) systematically tie such actions to process and control 
improvements and business systems modernization efforts described in 
the business enterprise architecture and transition plan. The John 
Warner National Defense Authorization Act for Fiscal Year 2007 
continued to limit DOD's ability to obligate or expend funds for 
financial improvement until the Secretary of Defense submits a 
determination to the committees that the activities are consistent with 
the plan required by section 376.[Footnote 16] 

DOD intends for the FIAR Plan to provide DOD components with a road map 
for resolving problems affecting the accuracy, reliability, and 
timeliness of financial information, and obtaining clean financial 
statement audit opinions. As such, the FIAR Plan greatly depends on the 
actions taken by DOD components, including efforts to (1) develop and 
implement systems that are in compliance with DOD's BEA, (2) implement 
sustained improvements in business processes and controls to address 
material weaknesses, and (3) achieve clean financial statement audit 
opinions. The FIAR Plan uses an incremental approach to structure its 
process for examining operations, diagnosing problems, planning 
corrective actions, and preparing for audit. Although the FIAR Plan 
provides estimated timeframes for achieving auditability in specific 
areas or components, it does not provide a specific target date for 
achieving a clean audit opinion on the departmentwide financial 
statements. Rather, the FIAR Plan recognizes that its ability to fully 
address DOD's financial management weaknesses and ultimately achieve 
clean audit opinions will depend largely on the efforts of its 
components to successfully implement new business systems on time, 
within budget, and with the intended capability. 

DOD Has Made Progress in Addressing Its Business Transformation 
Efforts, but Critical Actions Are Needed to Provide Comprehensive, 
Integrated, and Strategic Planning and Focused, Sustained Leadership: 

DOD's leaders have demonstrated a commitment to making the department's 
business transformation a priority and made progress in establishing a 
management framework for these efforts. For example, the Deputy 
Secretary of Defense has overseen the establishment of various 
management entities and the creation of plans and tools to help guide 
business transformation at DOD. However, our analysis has shown that 
these efforts are largely focused on business systems modernization and 
that ongoing efforts across the department's business areas are not 
adequately integrated. In addition, DOD lacks two crucial features that 
are integral to successful organizational transformation: (1) a 
strategic planning process that results in a comprehensive, integrated, 
and enterprisewide plan or interconnected plans and (2) a senior leader 
who is responsible and accountable for business transformation and who 
can provide full-time focus and sustained leadership.[Footnote 17] 

DOD Has Made Progress in Addressing Its Business Transformation 
Challenges: 

DOD's senior leadership has shown commitment to transforming the 
department's business operations, and DOD has taken a number of 
positive steps to begin this effort. Because of the impact of the 
department's business operations on its warfighters, DOD recognizes the 
need to continue working toward transforming its business operations 
and providing transparency in this process. The department has devoted 
substantial resources and made important progress toward establishing 
key management structures and processes to guide business systems 
investment activities, particularly at the departmentwide level, in 
response to legislation that codified many of our prior recommendations 
related to DOD business systems modernization and financial 
management.[Footnote 18] 

Specifically, in the past few years, DOD has established the Defense 
Business Systems Management Committee, investment review boards, and 
the Business Transformation Agency to manage and guide business systems 
modernization. The Defense Business Systems Management Committee and 
investment review boards were statutorily required by the Ronald W. 
Reagan National Defense Authorization Act for Fiscal Year 2005 to 
review and approve the obligation of funds for defense business systems 
modernization, depending on the cost and scope of the system in review. 
The Business Transformation Agency was created to support the top-level 
management body, the Defense Business Systems Management Committee, and 
to advance DOD-wide business transformation efforts. 

Additionally, DOD has developed a number of tools and plans to enable 
these management entities to help guide business systems modernization 
efforts. The tools and plans include the BEA and the ETP. The ETP is 
currently considered the highest-level plan for DOD business 
transformation. According to DOD, the ETP is intended to summarize all 
levels of transition planning information (milestones, metrics, 
resource needs, and system migrations) as an integrated product for 
communicating and monitoring progress, resulting in a consistent 
framework for setting priorities and evaluating plans, programs, and 
investments. 

Our analysis of these tools, plans, and meeting minutes of the various 
transformational management entities shows that these efforts are 
largely focused on business systems modernization, and that this 
framework has yet to be expanded to encompass all of the elements of 
overall business transformation. Furthermore, DOD has not clearly 
defined or institutionalized in directives the interrelationships, 
roles and responsibilities, or accountability for the various entities 
that make up its management framework for overall business 
transformation. For example, opinions differ within DOD as to which 
senior governance body will serve as the primary body responsible for 
overall business transformation. Some officials stated that the Defense 
Business Systems Management Committee would serve as the senior-most 
governance entity, while others stated that the Deputy's Advisory 
Working Group, a group that provides departmentwide strategic direction 
on various issues, should function as the primary decision-making body 
for business transformation. 

Additionally, opinions differ between the two entities regarding the 
definition of DOD's key business areas, with the Defense Business 
Systems Management Committee and the Business Transformation Agency 
using a broader definition of business processes than that of the 
Deputy's Advisory Working Group and its supporting organizations. Until 
such differences are resolved and the department institutionalizes a 
management framework that spans all aspects of business transformation, 
DOD will not be able to integrate related initiatives into a 
sustainable, enterprisewide approach and to resolve weaknesses in 
business operations. 

Critical Actions Are Needed to Provide Comprehensive, Integrated, and 
Strategic Planning and Focused, Sustained Leadership for DOD's Overall 
Business Transformation Efforts: 

As we have testified and reported for years, a successful, integrated, 
departmentwide approach to addressing DOD's overall business 
transformation requires two critical elements: a comprehensive, 
integrated, and enterprisewide plan and an individual capable of 
providing full-time focus and sustained leadership both within and 
across administrations, dedicated solely to the integration and 
execution of the overall business transformation effort. 

DOD Lacks a Strategic Planning Process That Results in a Comprehensive, 
Integrated, and Enterprisewide Plan or Set of Plans: 

DOD continues to lack a comprehensive, integrated, and enterprisewide 
plan or set of linked plans for business transformation that is 
supported by a comprehensive planning process and guides and unifies 
its business transformation efforts. Our prior work has shown that this 
type of plan should help set strategic direction for overall business 
transformation efforts and all key business functions; prioritize 
initiatives and resources; and monitor progress through the 
establishment of performance goals, objectives, and rewards.[Footnote 
19] Furthermore, an integrated business transformation plan would be 
instrumental in establishing investment priorities and guiding the 
department's key resource decisions. 

While various plans exist for different business areas, DOD's various 
business-related plans are not yet integrated to include consistent 
reporting of goals, measures, and expectations across institutional, 
unit, and individual program levels. Our analysis shows that plan 
alignment and integration currently focus on data consistency among 
plans, meaning that plans are reviewed for errors and inconsistencies 
in reported information, but there is a lack of consistency in goals 
and measurements among plans. Other entities such as the Institute for 
Defense Analyses, the Defense Science Board, and the Defense Business 
Board have similarly reported the need for DOD to develop an 
enterprisewide plan to link strategies across the department for 
transforming all business areas and thus report similar findings. 

DOD officials recognize that the department does not have an integrated 
plan in place, although they have stated that their intention is to 
expand the scope of the ETP so that it becomes a more robust 
enterprisewide planning document and to evolve this plan into the 
centerpiece strategic document. DOD updates the ETP twice a year, once 
in March as part of DOD's annual report to Congress and once in 
September, and DOD has stated the department's goal is to evolve the 
plan into a comprehensive, top-level planning document for all business 
functions. DOD released the most recent ETP update on September 28, 
2007, and we will continue to monitor developments in this effort. 

The National Defense Authorization Act for Fiscal Year 2008 requires 
the Secretary of Defense, acting through the CMO, to develop a 
strategic management plan to include detailed descriptions of such 
things as performance goals and measures for improving and evaluating 
the overall efficiency and effectiveness of the business operations of 
the department, key initiatives to achieve these performance goals, 
procedures to monitor progress, procedures to review and approve plans 
and budgets for changes in business operations, and procedures to 
oversee the development, review, and approval of all budget requests 
for defense business systems. While these provisions are extremely 
positive, their impact will depend on DOD's implementation. We continue 
to believe that the key to success of any planning process is the 
extent to which key stakeholders participate, and whether the ultimate 
plan or set of plans is linked to the department's overall strategic 
plan, reflects an integrated approach across the department, identifies 
performance goals and measures, shows clear linkage to budgets, and 
ultimately is used to guide business transformation. 

Recent Legislation Takes Important Step to Provide Executive-Level 
Attention to Business Transformation Matters: 

We have long advocated the importance of establishing CMO positions in 
government agencies, including DOD, and have previously reported and 
testified on the key characteristics of the position necessary for 
success.[Footnote 20] In our view, transforming DOD's business 
operations is necessary for DOD to resolve its weaknesses in the 
designated high-risk areas and to ensure that the department has 
sustained leadership to guide its business transformation efforts. 
Specifically, because of the complexity and long-term nature of 
business transformation, DOD needs a CMO with significant authority, 
experience, and a term that would provide sustained leadership and the 
time to integrate its overall business transformation efforts. Without 
formally designating responsibility and accountability for results, DOD 
will face difficulties reconciling competing priorities among various 
organizations, and prioritizing investments will be difficult and could 
impede the department's progress in addressing deficiencies in key 
business areas. 

Clearly, Congress has recognized the need for executive-level attention 
to business transformation matters and has taken specific action in the 
National Defense Authorization Act for Fiscal Year 2008 to codify CMO 
responsibilities at a high level in the department--assigning them to 
the Deputy Secretary of Defense--as well as other provisions, such as 
establishing a full-time Deputy CMO and designating CMO 
responsibilities within the military departments.[Footnote 21] From a 
historical perspective, this action is unprecedented and represents 
significant steps toward giving business transformation high-level 
management attention. Now that this legislation has been enacted, it 
will be important for DOD to define the specific roles and 
responsibilities for the CMO, Deputy CMO, and the service CMOs; ensure 
clearly delineated reporting relationships among them and other 
department and service officials; foster good executive-level working 
relationships for maximum effectiveness; establish appropriate 
integration and transformation structures and processes; promote 
individual accountability and performance; and provide for continuity. 
[Footnote 22] 

Further, in less than 1 year, our government will undergo a change in 
administrations, which raises questions about continuity of effort and 
the sustainability of the progress that DOD has made to date. As we 
have said before, business transformation is a long-term process, and 
continuity is key to achieving true transformation. One of the 
challenges now facing DOD, therefore, is establishing this continuity 
in leadership to sustain progress that has been made to date. In the 
interest of the department and the American taxpayers, we continue to 
believe the department needs a full-time CMO over the long term in 
order to devote the needed focus and continuity of effort to transform 
its key business operations and avoid billions more in waste each year. 
As such, we believe the CMO position should be codified as a separate 
position from the Deputy Secretary of Defense in order to provide full- 
time attention to business transformation and subject to an extended 
term appointment. The CMO's appointment should span administrations to 
ensure that transformation efforts are sustained across 
administrations. Because business transformation is a long-term and 
complex process, a term of at least 5 to 7 years is recommended to 
provide sustained leadership and accountability. 

Moreover, the fact that the National Defense Authorization Act for 
Fiscal Year 2008 modifies politically appointed positions by codifying 
a new designation for the Deputy Secretary of Defense, creating a new 
Deputy Chief Management Officer of DOD, and adding a new designation to 
the military departments' under secretary positions to serve as the 
military departments' CMOs raises larger questions about succession 
planning and how the executive branch fills appointed positions, not 
only within DOD, but throughout the government. Currently, there is no 
distinction in the political appointment process among the different 
types of responsibilities inherent in the appointed positions. Further, 
the positions generally do not require any particular set of management 
qualifications, even though the appointees may be responsible for non- 
policy-related functions. For example, appointees could be categorized 
by the differences in their roles and responsibilities, such as by the 
following categories: 

* those appointees who have responsibility for various policy issues; 

* those appointees who have leadership responsibility for various 
operational and management matters; and: 

* those appointees who require an appropriate degree of technical 
competence or professional certification, as well as objectivity and 
independence (for example, judges, the Comptroller General, and 
inspectors general). 

We have asked for a reexamination of the political appointment process 
to assess these distinctions as well as which appointee positions 
should be presidentially appointed and Senate confirmed versus 
presidentially appointed with advance notification to 
Congress.[Footnote 23] For example, those appointees who have policy 
leadership responsibility could be presidentially appointed and Senate 
confirmed, while many of those with operational and management 
responsibility could be presidentially appointed, with a requirement 
for appropriate congressional notification in advance of appointment. 
In addition, appropriate qualifications for selected positions, 
including the possibility of establishing specific statutory 
qualifications criteria for certain categories of appointees, could be 
articulated. Finally, the use of term appointments and different 
compensation schemes for these appointees should be reviewed. 

DOD Is Continuing to Improve Its Approach to Modernizing Business 
Systems, but Challenges Remain: 

Despite noteworthy progress in establishing institutional business 
system and management controls, DOD is still not where it needs to be 
in managing its departmentwide business systems modernization. Until 
DOD fully defines and consistently implements the full range of 
business systems modernization management controls (institutional and 
program-specific), it will not be positioned to effectively and 
efficiently ensure that its business systems and IT services 
investments are the right solutions for addressing its business needs, 
that they are being managed to produce expected capabilities 
efficiently and cost effectively, and that business stakeholders are 
satisfied. 

For decades, DOD has been attempting to modernize its business systems. 
We designated DOD's business systems modernization program as high risk 
in 1995. Since then, we have made scores of recommendations aimed at 
strengthening DOD's institutional approach to modernizing its business 
systems, and reducing the risks associated with key business system 
investments. In addition, in recent legislation, Congress included 
provisions that are consistent with our recommendations, such as in the 
Ronald W. Reagan National Defense Authorization Act for Fiscal Year 
2005. In response, the department has taken, or is taking, important 
actions to implement both our recommendations and the legislative 
requirements and as a result has made noteworthy progress on some 
fronts in establishing corporate management controls, such as 
developing a corporate-level BEA, including an ETP, establishing 
corporate investment management structures and processes, increasing 
business system life cycle management discipline and leveraging highly 
skilled staff on its largest business system investments. 

However, much more remains to be accomplished to address this high-risk 
area, particularly with respect to ensuring that effective corporate 
approaches and controls are extended to and employed within each of 
DOD's component organizations (military departments and defense 
agencies). To this end, our recent work has highlighted challenges that 
the department still faces in "federating" (i.e., extending) its 
corporate BEA to its component organizations' architectures, ensuring 
that the scope and content of the department's business systems 
transition plan addresses DOD's complete portfolio of IT investments, 
as well as establishing institutional structures and processes for 
selecting, controlling, and evaluating business systems investments 
within each component organization.[Footnote 24] Beyond this, ensuring 
that effective system acquisition management controls are actually 
implemented on each business system investment also remains a 
formidable challenge, as our recent reports on management weaknesses 
associated with individual programs have disclosed.[Footnote 25] Among 
other things, these reports have identified program-level weaknesses 
relative to architecture alignment, economic justification, performance 
management, requirements management, and testing. 

DOD Continues to Improve Its Corporate BEA and ETP, but Component 
Architectures Remain a Challenge: 

In May 2007,[Footnote 26] we reported on DOD's efforts to address a 
number of provisions in the Fiscal Year 2005 National Defense 
Authorization Act.[Footnote 27] Among other things, we stated that the 
department had adopted an incremental strategy for developing and 
implementing its architecture, including the transition plan, which was 
consistent with our prior recommendation and a best practice. We 
further stated that DOD had addressed a number of the limitations in 
prior versions of its architecture. However, we also reported that 
additional steps were needed. Examples of these improvements and 
remaining issues with the BEA and the ETP are summarized below: 

* The latest version of the BEA contained enterprise-level information 
about DOD's "As Is" architectural environment to support business 
capability gap analyses. As we previously reported,[Footnote 28] such 
gap analyses between the "As Is" and the "To Be" environments are 
essential for the development of a well-defined transition plan. 

* The latest version included performance metrics for the business 
capabilities within enterprise priority areas, including actual 
performance relative to performance targets that are to be met. For 
example, currently 26 percent of DOD assets are reported by using 
formats that comply with the Department of the Treasury's United States 
Standard General Ledger,[Footnote 29] as compared to a target of 100 
percent. However, the architecture did not describe the actual baseline 
performance for operational activities, such as for the "Manage Audit 
and Oversight of Contractor" operational activity. As we have 
previously reported,[Footnote 30] performance models are an essential 
part of any architecture and having defined performance baselines to 
measure actual performance provides the means for knowing whether the 
intended mission value to be delivered by each business process is 
actually being realized. 

* The latest version identified activities performed at each location/ 
organization and indicates which organizations are or will be involved 
in each activity. We previously reported that prior versions did not 
address the locations where specified activities are to occur and that 
doing so is important because the cost and performance of implemented 
business operations and technology solutions are affected by the 
location and therefore need to be examined, assessed, and decided on in 
an enterprise context rather than in a piecemeal, systems-specific 
fashion.[Footnote 31] 

* The March 2007 ETP continued to identify more systems and initiatives 
that are to fill business capability gaps and address DOD-wide and 
component business priorities, and it continues to provide a range of 
information for each system and initiative in the plan (e.g., budget 
information, performance metrics, and milestones). However, this 
version still does not include system investment information for all 
the defense agencies and combatant commands. Moreover, the plan does 
not sequence the planned investments based on a range of relevant 
factors, such as technology opportunities, marketplace trends, 
institutional system development and acquisition capabilities, legacy 
and new system dependencies and life expectancies, and the projected 
value of competing investments. According to DOD officials, they intend 
to address such limitations in future versions of the transition plan 
as part of their plans for addressing our prior 
recommendations.[Footnote 32] In September 2007, DOD released an 
updated version of the plan which, according to DOD, continues to 
provide time-phased milestones, performance metrics, and statement of 
resource needs for new and existing systems that are part of the BEA 
and component architectures, and includes a schedule for terminating 
old systems and replacing them with newer, improved enterprise 
solutions. 

As we have also reported, the latest version of the BEA continues to 
represent the thin layer of DOD-wide corporate architectural policies, 
capabilities, rules, and standards. Having this layer is essential to a 
well-defined federated architecture, but it alone does not provide the 
total federated family of DOD parent and subsidiary architectures for 
the business mission area that are needed to comply with the act. The 
latest version had yet to be augmented by the DOD component 
organizations' subsidiary architectures, which are necessary to meeting 
statutory requirements and the department's goal of having a federated 
family of architectures. Under the department's tiered accountability 
approach, the corporate BEA focuses on providing tangible outcomes for 
a limited set of enterprise-level (DOD-wide) priorities, while the 
components are to define and implement their respective component-level 
architectures that are aligned with the corporate BEA. 

However, we previously reported that well-defined architectures did not 
yet exist for the military departments, which constitute the largest 
members of the federation, and the strategy that the department had 
developed for federating its BEA needed more definition to be 
executable.[Footnote 33] In particular, we reported in 2006,[Footnote 
34] that none of the three military departments had fully developed 
architecture products that describe their respective target 
architectural environments and developed transition plans for migrating 
to a target environment, and none was employing the full range of 
architecture management structures, processes, and controls provided 
for in relevant guidance. Also, we reported that the federation 
strategy did not address, among other things, how the component 
architectures will be aligned with the latest version of the BEA and 
how it will identify and provide for reuse of common applications and 
systems across the department. 

According to DOD, subsequent releases of the BEA will continue to 
reflect this federated approach and will define enforceable interfaces 
to ensure interoperability and information flow to support decision 
making at the appropriate level. To help ensure this, the BTA plans to 
have its BEA independent verification and validation contractor examine 
architecture federation when evaluating subsequent BEA releases. Use of 
an independent verification and validation agent is an architecture 
management best practice for identifying architecture strengths and 
weaknesses. Through the use of such an agent, department and 
congressional oversight bodies can gain information that they need to 
better ensure that DOD's family of architectures and associated 
transition plan(s) satisfy key quality parameters, such as 
completeness, consistency, understandability, and usability, which the 
department's annual reports have yet to include. 

We made recommendations aimed at improving the management and content 
of the military departments' respective architectures; ensuring that 
DOD's federated BEA provides a more sufficient frame of reference to 
guide and constrain DOD-wide system investments; and facilitating 
congressional oversight and promoting departmental accountability 
through the assessment of the completeness, consistency, 
understandability, and usability of its federated family business 
mission area architectures. DOD agreed with these recommendations and 
has since taken some actions, such as developing an updated version of 
its federation strategy, which according to DOD officials, addresses 
some of our recommendations. We have ongoing work for this Subcommittee 
on the military departments' architecture programs, and plan to issue a 
report in early May 2008. 

DOD Has Largely Established Key Investment Management Structures, but 
Related Policies and Procedures at Both the Corporate and Component 
Levels Are Missing: 

The department has established and has begun to implement legislatively 
directed corporate investment review structures and processes needed to 
effectively manage its business system investments, but it has yet to 
do so in a manner that is fully consistent with relevant guidance, both 
at a corporate and component level.[Footnote 35] To its credit, the 
department has, for example, established an enterprisewide investment 
board (Defense Business Systems Management Committee (DBSMC)) and 
subordinate boards (investment review boards (IRB)) that are 
responsible for business systems investment governance, documented 
policies and procedures for ensuring that systems support ongoing and 
future business needs through alignment with the BEA, and assigned 
responsibility for ensuring that the information collected about 
projects meets the needs of DOD's investment review structures and 
processes. 

However, the department has not developed the full range of project-and 
portfolio-level policies and procedures needed for effective investment 
management. For example, policies and procedures do not outline how the 
DBSMC and IRB investment review processes are to be coordinated with 
other decision-support processes used at DOD, such as the Joint 
Capabilities Integration and Development System; the Planning, 
Programming, Budgeting, and Execution system; and the Defense 
Acquisition System.[Footnote 36] Without clear linkages among these 
processes, inconsistent and uninformed decision making may result. 
Furthermore, without considering component and corporate budget 
constraints and opportunities, the IRBs risk making investment 
decisions that do not effectively consider the relative merits of 
various projects and systems when funding limitations exist. 

Examples of other limitations include not having policies and 
procedures for (1) specifying how the full range of cost, schedule, and 
benefit data accessible by the IRBs are to be used in making selection 
decisions; (2) providing sufficient oversight and visibility into 
component-level investment management activities, including component 
reviews of systems in operations and maintenance; (3) defining the 
criteria to be used for making portfolio selection decisions; (4) 
creating the portfolio of business system investments; (5) evaluating 
the performance of portfolio investments; and (6) conducting post 
implementation reviews of these investments. According to best 
practices, adequately documenting both the policies and the associated 
procedures that govern how an organization manages its IT investment 
portfolio(s) is important because doing so provides the basis for 
having rigor, discipline, and repeatability in how investments are 
selected and controlled across the entire organization. Accordingly, we 
made recommendations aimed at improving the department's ability to 
better manage the billions of dollars it invests annually in its 
business systems and DOD largely agreed with these recommendations but 
added that while it intends to improve departmental policies and 
procedures for business system investments, each component is 
responsible for developing and executing investment management policies 
and procedures needed to manage the business systems under its tier of 
responsibility. 

According to DOD's tiered accountability approach, responsibility and 
accountability for business investment management is tiered, meaning 
that it is allocated between the DOD corporate level (i.e., Office of 
the Secretary of Defense) and the components based on the amount of 
development/modernization funding involved and the investment's 
designated tier.[Footnote 37] 

However, as our recent reports show[Footnote 38] the military 
departments also have yet to fully develop many of the related policies 
and procedures needed to execute both project-level and portfolio-level 
practices called for in relevant guidance for their tier of 
responsibility. For example, they have developed procedures for 
identifying and collecting information about their business systems to 
support investment selection and control, and assigned responsibility 
for ensuring that the information collected during project 
identification meets the needs of the investment management process. 
However, they have yet, for example, to fully document business systems 
investment policies and procedures for overseeing the management of IT 
projects and systems and for developing and maintaining complete 
business systems investment portfolio(s). Specifically, policies and 
procedures do not specify the processes for decision making during 
project oversight and do not describe how corrective actions should be 
taken when the project deviates or varies from the project management 
plan. Without such policies and procedures, the agency risks investing 
in systems that are duplicative, stovepiped, nonintegrated, and 
unnecessarily costly to manage, maintain, and operate. Accordingly, we 
made recommendations aimed at strengthening the military departments' 
business systems management capability, and they largely agreed with 
these recommendations. Department officials stated that they are aware 
of the absence of documented policies and procedures in certain areas 
of project and portfolio-level management, and are currently working on 
new guidance to address these areas. 

Until DOD fully defines departmentwide and component-level policies and 
procedures for both individual projects and portfolios of projects, it 
risks selecting and controlling these business systems investments in 
an inconsistent, incomplete, and ad hoc manner, which in turn reduces 
the chances that these investments will meet mission needs in the most 
cost-effective manner. 

The department has recently undertaken several initiatives to 
strengthen business system investment management. For example, it has 
drafted and intends to shortly begin implementing a new Business 
Capability Lifecycle approach that is to consolidate management of 
business system requirements, acquisition, and compliance with 
architecture disciplines into a single governance process. Further, it 
has established an Enterprise Integration Directorate in the Business 
Transformation Agency to support the implementation of enterprise 
resource planning systems[Footnote 39] by ensuring that best practices 
are leveraged and BEA-related business rules and standards are adopted. 

Implementing Effective Modernization Management Controls on All 
Business System Investments Remains a Key Challenge: 

Beyond establishing the above discussed institutional modernization 
management controls, such as the BEA, portfolio-based investment 
management, and system life cycle discipline, the more formidable 
challenge facing DOD is how well it can implement these and other 
management controls on each and every business system investment and 
information technology services outsourcing program. In this regard, we 
have continued to identify program-specific weaknesses as summarized 
below. 

* With respect to taking an architecture-centric and portfolio-based 
approach to investing in programs, for example, we recently reported 
that the Army's approach for investing about $5 billion over the next 
several years in its General Fund Enterprise Business System, Global 
Combat Support System-Army Field/Tactical,[Footnote 40] and Logistics 
Modernization Program (LMP) did not include alignment with Army 
enterprise architecture or use of a portfolio-based business system 
investment review process.[Footnote 41] Moreover, we reported that the 
Army did not have reliable processes, such as an independent 
verification and validation function, or analyses, such as economic 
analyses, to support its management of these programs. We concluded 
that until the Army adopts a business system investment management 
approach that provides for reviewing groups of systems and making 
enterprise decisions on how these groups will collectively interoperate 
to provide a desired capability, it runs the risk of investing 
significant resources in business systems that do not provide the 
desired functionality and efficiency. 

* With respect to providing DOD oversight organizations with reliable 
program performance and progress information, we recently reported that 
the Navy's approach for investing in both system and information 
technology services, such as the Naval Tactical Command Support System 
(NTCSS)[Footnote 42] and Navy Marine Corps Intranet (NMCI),[Footnote 
43] had not always met this goal. For NTCSS, we reported that, for 
example, earned value management, which is a means for determining and 
disclosing actual performance against budget and schedule estimates, 
and revising estimates based on performance to date, had not been 
implemented effectively. We also reported that complete and current 
reporting of NTCSS progress and problems in meeting cost, schedule, and 
performance goals had not occurred, leaving oversight entities without 
the information needed to mitigate risks, address problems, and take 
corrective action. We concluded that without this information, the Navy 
cannot determine whether NTCSS, as it was defined and was being 
developed, was the right solution to meet its strategic business and 
technological needs. For NMCI, we reported that performance management 
practices, to include measurement of progress against strategic program 
goals and reporting to key decision makers on performance against 
strategic goals and other important program aspects, such as examining 
service-level agreement satisfaction from multiple vantage points and 
ensuring customer satisfaction, had not been adequate. We concluded 
that without a full and accurate picture of program performance, the 
risk of inadequately informing important NMCI investment management 
decisions was increased. 

Given the program-specific weaknesses that our work has and continues 
to reveal, it is important for DOD leadership and the Congress to have 
clear visibility into the performance and progress of the department's 
major business system investments. Accordingly, we support the 
provisions in section 816 of the John Warner National Defense 
Authorization Act for Fiscal Year 2007 that provide for greater 
disclosure of business system investment performance to both department 
and congressional oversight entities, and thus increased accountability 
for results. More specifically, the legislation establishes certain 
reporting and oversight requirements for the acquisition of major 
automated information systems (MAIS) that fail to meet cost, schedule, 
or performance criteria. In general, a MAIS is a major DOD IT program 
that is not embedded in a weapon system (e.g., a business system 
investment). Going forward, the challenge facing the department will be 
to ensure that these legislative provisions are effectively 
implemented. To the extent that they are, DOD business systems 
modernization transparency, oversight, accountability, and results 
should improve. 

We currently have ongoing work for this subcommittee looking at the 
military departments implementation of a broad range of acquisition 
management controls, such as architectural alignment, economic 
justification, and requirements management, on selected business 
systems at the Departments of the Air Force and Navy. 

DOD Has Made Progress in Establishing a Framework for Improving 
Financial Management Capabilities, but More Work Remains: 

DOD has taken steps toward developing and implementing a framework for 
addressing the department's long-standing financial management 
weaknesses and improving its capability to provide timely, reliable, 
and relevant financial information for analysis, decision making, and 
reporting, a key defense transformation priority. Specifically, this 
framework, which is discussed in both the department's ETP and the FIAR 
Plan is intended to define and put into practice a standard DOD-wide 
financial management data structure as well as enterprise-level 
capabilities to facilitate reporting and comparison of financial data 
across the department. While these efforts should improve the 
consistency and comparability of DOD's financial reports, a great deal 
of work remains before the financial management capabilities of DOD and 
its components are transformed and the department achieves financial 
visibility. Examples of work remaining that must be completed as part 
of DOD component efforts to support the FIAR Plan and ETP include data 
cleansing; improvements in current policies, processes, procedures, and 
controls; and implementation of integrated systems. We also note DOD 
has other financial management initiatives underway, including efforts 
to move toward performance-based budgeting and to continually improve 
the reliability of Global War on Terrorism cost reporting. 

In 2007, DOD also introduced refinements to its approach for achieving 
financial statement auditability. While these refinements reflect a 
clearer understanding of the importance of the sustainability of 
financial management improvements and the department's reliance on the 
successful completion of component (including military services and 
defense agencies) and subordinate initiatives, they are not without 
risk. Given the department's dependency on the efforts of its 
components to address DOD's financial management weaknesses, it is 
imperative that DOD ensure the sufficiency and reliability of (1) 
corrective actions taken by DOD components to support management 
attestations as to the reliability of reported financial information; 
(2) activities taken by DOD components and other initiatives to ensure 
that corrective actions are directed at supporting improved financial 
visibility capabilities, beyond providing information primarily for 
financial statement reporting, and are sustained until a financial 
statement audit can be performed; and (3) accomplishments and progress 
reported by DOD components and initiatives. 

Key DOD Financial Management Transformation Efforts Recognize the Need 
for an Integrated Approach: 

Successful financial transformation of DOD's financial operations will 
require a multifaceted, cross-organizational approach that addresses 
the contribution and alignment of key elements, including strategic 
plans, people, processes, and technology. DOD uses two key plans, the 
DOD ETP and the FIAR Plan, to guide transformation of its financial 
management operations. The ETP focuses on delivering improved 
capabilities, including financial management, through the deployment of 
system solutions that comply with DOD and component enterprise 
architectures. The FIAR Plan focuses on implementing audit-ready 
financial processes and practices through ongoing and planned efforts 
to address policy issues, modify financial and business processes, 
strengthen internal controls, and ensure that new system solutions 
support the preparation and reporting of auditable financial 
statements. Both plans recognize that while successful enterprise 
resource planning system implementations are catalysts for changing 
organizational structures, improving workflow through business process 
reengineering, strengthening internal controls, and resolving material 
weaknesses, improvements can only be achieved through the involvement 
of business process owners, including financial managers, in defining 
and articulating their operational needs and requirements and 
incorporating them, as appropriate, into DOD and component business 
enterprise architectures. DOD officials have acknowledged that 
integration between the two initiatives is a continually evolving 
process. For example, the June 2006 FIAR Plan update stated that some 
of the department's initial subordinate plans included only limited 
integration with Business Transformation Agency initiatives and 
solutions. According to DOD officials, the use of end-to-end business 
processes (as provided by its segment approach) to identify and address 
financial management deficiencies will lead to further integration 
between the FIAR Plan and ETP. 

Two key transformation efforts that reflect an integrated approach 
toward improving DOD's financial management capabilities are the 
Standard Financial Information Structure (SFIS) and the Business 
Enterprise Information System (BEIS), both of which are discussed in 
DOD's ETP and FIAR Plan. 

* SFIS. Key limitations in the department's ability to consistently 
provide timely, reliable, accurate, and relevant information for 
analysis, decision making, and reporting are (1) its lack of a standard 
financial management data structure and (2) a reliance on numerous 
nonautomated data transfers (manual data calls) to accumulate and 
report financial transactions. In fiscal year 2006, DOD took an 
important first step toward addressing these weaknesses through 
publication of its SFIS Phase I data elements and their subsequent 
incorporation into the DOD BEA. In March 2007, the department issued a 
checklist for use by DOD components in evaluating their systems for 
SFIS compliance.[Footnote 44] SFIS is intended to provide uniformity 
throughout DOD in reporting on the results of operations, allowing for 
greater comparability of information. While the first phase of SFIS was 
focused on financial statement generation, subsequent SFIS phases are 
intended to provide a standardized financial information structure to 
facilitate improved cost accounting, analysis, and reporting. According 
to DOD officials, the department has adopted a two-tiered approach to 
implement the SFIS data structure. Furthermore, they stated that SFIS 
is a mandatory data structure that will be embedded into every new 
financial management system, including enterprise resource planning 
systems, such as the Army's General Fund Enterprise Business System and 
the Air Force's Defense Enterprise Accounting and Management System 
(DEAMS). Further, recognizing that many of the current accounting 
systems will be replaced in the future, the department will utilize a 
common crosswalk to standardize the data reported by the legacy 
systems. 

* BEIS. A second important step that the department took toward 
improving its capability to provide consistent and reliable financial 
information for decision making and reporting was to initiate efforts 
to develop a DOD-level suite of services to provide financial reporting 
services, cash reporting, and reconciliation services. As an interim 
solution, financial information obtained from legacy component systems 
will be cross-walked from a component's data structure into the SFIS 
format within BEIS. Newer or target systems, such as DEAMS, will have 
SFIS imbedded so that the data provided to BEIS will already be in the 
SFIS format. 

According to DOD's September 2007 FIAR Plan update, the department 
prepared financial statement reports using SFIS data standards for the 
Marine Corps general and working capital funds, the Air Force general 
and working capital funds, and the Navy working capital funds. The 
department plans to implement SFIS-compliant reporting for the Army 
working capital funds, the Navy general funds, and its defense agencies 
in fiscal year 2008. The development and implementation of SFIS and 
BEIS are positive steps toward standardizing the department's data 
structure and expanding its capability to access and utilize data for 
analysis, management decision making, and reporting, including special 
reports related to the Global War on Terrorism. 

However, it is important to keep in mind that a great deal of work 
remains. In particular, data cleansing; improvements in policies, 
processes, procedures, and controls; as well as successful enterprise 
resource planning system implementations are needed before DOD 
components and the department fully achieve financial visibility. Our 
previous reviews of DOD system development efforts have identified 
instances in which the department faced difficulty in implementing 
systems on time, within budget, and with the intended 
capability.[Footnote 45] For example, as previously noted, the Army 
continues to struggle in its efforts to ensure that LMP will provide 
its intended capabilities. In particular, we reported that LMP would 
not provide the intended capabilities and benefits because of 
inadequate requirements management and system testing. Further, we 
found that the Army had not put into place an effective management 
process to help ensure that the problems with the system were resolved. 
Until the Army has completed action on our recommendations, it will 
continue to risk investing billions of dollars in business systems that 
do not provide the desired functionality or efficiency. 

DOD Refines Its Audit Strategy: 

In fiscal year 2007, DOD introduced key refinements to its strategy for 
achieving financial statement auditability. These refinements include 
the following: 

* Requesting audits of entire financial statements rather than 
attempting to build upon audits of individual financial statement line 
items. 

* Focusing on improvements in end-to-end business processes, or 
segments[Footnote 46] that underlie the amounts reported on the 
financial statements. 

* Using audit readiness validations and annual verification reviews of 
segment improvements rather than financial statement line item audits 
to ensure sustainability of corrective actions and improvements. 

* Forming a working group to begin auditability risk assessments of new 
financial and mixed systems, such as enterprise resource planning 
systems, at key decision points in their development and deployment 
life cycle to ensure that the systems include the processes and 
internal controls necessary to support repeatable production of 
auditable financial statements. 

To begin implementing its refined strategy for achieving financial 
statement auditability, DOD modified its business rules for achieving 
audit readiness to reflect the new approach.[Footnote 47] Recognizing 
that a period of time may pass before an entity's financial statements 
are ready for audit, the revised business rules provide for an 
independent validation of improvements with an emphasis on sustaining 
improvements made through corrective actions. Sustainability of 
improvements will be verified by DOD components through annual internal 
control reviews, using OMB's Circular No. A-123, Appendix A,[Footnote 
48] as guidance. 

The department's move to a segment approach provides greater 
flexibility in assessing its business processes and in taking 
corrective actions, if necessary, within defined areas or end-to-end 
business processes that individually or collectively supports financial 
accounting and reporting. However, DOD officials recognize that 
additional guidance is needed in several key areas. For example, DOD 
has acknowledged that it needs to establish a process to ensure the 
sufficiency of segment work in providing, individually or collectively, 
a basis for asserting the reliability of reported financial statement 
information. DOD officials indicated that they intend to provide 
additional guidance in this area by March 2008. Additionally, DOD 
officials acknowledged that a process is needed to ensure that DOD's 
annual internal control reviews, including its OMB No. A-123, Appendix 
A reviews, are properly identifying and reporting on issues, and that 
appropriate corrective actions are taken when issues are identified 
during these reviews. To its credit, the department initiated the Check 
It Campaign in July 2006 to raise awareness throughout the department 
on the importance on effective internal controls. 

Ultimately, DOD's success in addressing its financial management 
deficiencies, resolving the long-standing weaknesses that have kept it 
on GAO's high-risk list for financial management, and finally achieving 
financial visibility will depend largely on how well its transformation 
efforts are integrated throughout the department. Both the ETP and FIAR 
Plan recognize that successful transformation of DOD's business 
operations, including financial management, largely depends on 
successful implementation of enterprise resource planning systems and 
processes and other improvements occurring within DOD components. Such 
dependency, however, is not without risk. To its credit, DOD recently 
established a working group to begin auditability risk assessments of 
new financial and mixed systems, such as enterprise resource planning 
systems. The purpose of these planned assessments is to identify 
auditability risks that, if not mitigated during the development of the 
system, may impede the component's ability to achieve clean audit 
opinions on its financial statements. 

Furthermore, the department has implemented and continually expands its 
use of a Web-based tool, referred to as the FIAR Planning Tool, to 
facilitate management, oversight, and reporting of departmental and 
component efforts. According to DOD officials, the tool is used to 
monitor progress toward achieving critical milestones identified for 
each focus area in component initiatives, such as financial improvement 
plans or accountability improvement plans, or departmentwide 
initiatives. Given that the FIAR Planning Tool is used to report 
results to OMB through quarterly update reports to the President's 
Management Agenda and to update accomplishments in the FIAR Plan, it is 
critical that the FIAR Directorate ensure the reliability of reported 
progress. During a recent meeting with DOD officials, we discussed 
several areas where FIAR Plan reporting appeared incomplete. Our 
observations included the following. 

* FIAR Plan updates, including the 2007 update, do not mention or 
include the results of audit reports and studies that may have occurred 
within an update period and how, if at all, any issues identified were 
addressed. For example, the DOD Inspector General has issued reports in 
recent years that raise concerns regarding the reliability of the 
military equipment valuation methodology and the usefulness of the 
valuation results for purposes beyond financial statement 
reporting.[Footnote 49] In 2007, the Air Force Audit Agency also issued 
reports expressing concerns regarding the reliability of reported 
military equipment values at Air Force.[Footnote 50] These audit 
reports and actions, if any, taken in response to them have not been 
mentioned to date in updates to the FIAR Plan. Further, although both 
the June and September 2006 FIAR Plan updates report that an internal 
verification and validation (IV&V) study was completed to test the 
military equipment valuation methodology, including completeness and 
existence of military equipment assets, neither of these reports 
disclosed the results of the review or corrective actions taken, if 
any. The absence of relevant audit reports or study results may mislead 
a reader into believing that no issues have been identified that if not 
addressed, may adversely affect the results of a particular effort, 
such as the department's military equipment valuation initiative. For 
example, the IV&V study[Footnote 51] identified several improvements 
that were needed, in varying degrees, at all the military services and 
the Special Operations Command in the following areas: (1) 
documentation of waivers;[Footnote 52] (2) documentation of support for 
authorization, receipt, and payment; (3) estimated useful life; and (4) 
existence of the asset. In its conclusion statement, the IV&V study 
reported that if the weaknesses identified by the IV&V review are 
pervasive throughout DOD, the department will have a significant 
challenge to establish control over its resources and get its military 
equipment assets properly recorded for a financial statement audit. 
Recognition of audits and other reviews in the FIAR and subordinate 
plans would add integrity to reported accomplishments and further 
demonstrate the department's commitment to transforming its financial 
management capabilities and achieving financial visibility. 

* While the FIAR Plan clearly identifies its dependency on component 
efforts to achieve financial management improvements and clean 
financial statement audit opinions, it does not provide a clear 
understanding of further links or dependency between its subordinate 
plans, such as between the financial improvement plans, accountability 
improvement plans, and departmentwide initiatives, such as the military 
equipment valuation effort. For example, while the 2007 FIAR Plan 
updates indicate that Army, Navy, and Air Force developed 
accountability improvement plans that detail steps required for 
asserting audit readiness on military equipment, they do not clearly 
articulate the relationship of these plans to other plans, such as 
component financial improvement plans or the department's plan to value 
military equipment. Clear linking of individual plans and initiatives 
is important to ensuring that efforts occurring at all levels within 
the department are directed at achieving improved financial visibility 
in the most efficient and effective manner. 

While we are encouraged by DOD's efforts to implement capabilities that 
improve comparability of reported financial information, a significant 
amount of work remains before the department or its components have the 
capability to provide timely, reliable, and relevant information for 
all management operations and reporting. We caution the department that 
going forward it will be important to ensure that its financial 
management modernization efforts do not become compliance-driven 
activities resulting in little to no benefit to DOD managers. It is 
critical that the department ensure that its oversight, management, 
implementation, and reporting of transformation efforts and 
accomplishments are focused on the implementation of sustained 
improvements in DOD's capability to provide immediate access to 
accurate and reliable financial information (planning, programming, 
budgeting, accounting, and cost information) in support of financial 
accountability and efficient and effective decision making throughout 
the department. 

Mr. Chairman and Members of the Subcommittee, this concludes my 
statement. I would be happy to answer any questions you may have at 
this time. 

GAO Contact: 

For questions regarding this testimony, please contact Sharon L. Pickup 
at (202) 512-9619 or [email protected]. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. 

[End of section] 

Related GAO Products: 

Organizational Transformation: Implementing Chief Operating Officer/ 
Chief Management Officer Positions in Federal Agencies. GAO-08-322T. 
Washington, D.C.: December 13, 2007. 

Business Systems Modernization: Air Force Needs to Fully Define 
Policies and Procedures for Institutionally Managing Investments. GAO- 
08-52. Washington, D.C.: October 31, 2007. 

Business Systems Modernization: Department of the Navy Needs to 
Establish Management Structure and Fully Define Policies and Procedures 
for Institutionally Managing Investments. GAO-08-53. Washington, D.C.: 
October 31, 2007. 

Defense Business Transformation: A Full-time Chief Management Officer 
with a Term Appointment Is Needed at DOD to Maintain Continuity of 
Effort and Achieve Sustainable Success. GAO-08-132T. Washington, D.C.: 
October 16, 2007. 

Defense Business Transformation: Achieving Success Requires a Chief 
Management Officer to Provide Focus and Sustained Leadership. GAO-07- 
1072. Washington, D.C.: September 5, 2007. 

DOD Business Transformation: Lack of an Integrated Strategy Puts the 
Army's Asset Visibility System Investments at Risk. GAO-07-860 
Washington, D.C.: July 27, 2007. 

DOD Business Systems Modernization: Progress Continues to Be Made in 
Establishing Corporate Management Controls, but Further Steps Are 
Needed. GAO-07-733. Washington, D.C.: May 14, 2007. 

Business Systems Modernization: DOD Needs to Fully Define Policies and 
Procedures for Institutionally Managing Investments. GAO-07-538. 
Washington, D.C.: May 11, 2007. 

High-Risk Series: An Update. GAO-07-310. Washington, D.C.: January 
2007. 

Information Technology: DOD Needs to Ensure That Navy Marine Corps 
Intranet Program Is Meeting Goals and Satisfying Customers. GAO-07-51. 
Washington, D.C.: December 8, 2006. 

Defense Business Transformation: A Comprehensive Plan, Integrated 
Efforts, and Sustained Leadership Are Needed to Assure Success. GAO-07- 
229T. Washington, D.C.: November 16, 2006. 

Enterprise Architecture: Leadership Remains Key to Establishing and 
Leveraging Architectures for Organizational Transformation. GAO-06- 
831. Washington, D.C.: August 14, 2006. 

Department of Defense: Sustained Leadership Is Critical to Effective 
Financial and Business Management Transformation. GAO-06-1006T. 
Washington, D.C.: August 3, 2006. 

Business Systems Modernization: DOD Continues to Improve Institutional 
Approach, but Further Steps Needed. GAO-06-658. Washington, D.C.: May 
15, 2006. 

DOD Systems Modernization: Planned Investment in the Navy Tactical 
Command Support System Needs to be Reassessed. GAO-06-215. Washington, 
D.C.: December 5, 2005. 

DOD Business Systems Modernization: Important Progress Made in 
Establishing Foundational Architecture Products and Investment 
Management Practices, but Much Work Remains. GAO-06-219. Washington, 
D.C.: November 23, 2005. 

Defense Management: Additional Actions Needed to Enhance DOD's Risk- 
Based Approach for Making Resource Decisions. GAO-06-13. Washington, 
D.C.: November 15, 2005. 

Defense Management: Foundational Steps Being Taken to Manage DOD 
Business Systems Modernization, but Much Remains to be Accomplished to 
Effect True Business Transformation. GAO-06-234T. Washington, D.C.: 
November 9, 2005. 

21st Century Challenges: Transforming Government to Meet Current and 
Emerging Challenges. GAO-05-830T. Washington, D.C.: July 13, 2005. 

DOD Business Transformation: Sustained Leadership Needed to Address 
Long-standing Financial and Business Management Problems. GAO-05-723T. 
Washington, D.C.: June 8, 2005. 

Defense Management: Key Elements Needed to Successfully Transform DOD 
Business Operations. GAO-05-629T. Washington, D.C.: April 28, 2005. 

Information Technology Investment Management: A Framework for Assessing 
and Improving Process Maturity. GAO-04-394G. Washington, D.C.: March 
2004. 

Information Technology: A Framework for Assessing and Improving 
Enterprise Architecture Management (Version 1.1). GAO-03-584G. 
Washington, D.C.: April 2003. 

[End of section] 

Footnotes: 

[1] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: 
January 2007). 

[2] Ronald W. Reagan National Defense Authorization Act for Fiscal Year 
2005, Pub. L. No. 108-375, ï¿½ 332 (2004) (codified in part at 10 U.S.C. 
ï¿½ï¿½ 186 and 2222). 

[3] The Business Transformation Agency is the DOD agency responsible 
for DOD's business transformation and the development and 
implementation of the ETP. 

[4] DOD has identified six business enterprise priorities for 
transforming the department: personnel visibility, acquisition 
visibility, common supplier engagement, materiel visibility, real 
property accountability, and financial visibility. 

[5] DOD's FIAR Plan was issued in December 2005 and had been updated 
periodically is intended to provide DOD components with a framework for 
resolving problems affecting the accuracy, reliability, and timeliness 
of financial information and obtaining clean financial statement audit 
opinions. 

[6] DOD defines financial visibility as providing immediate access to 
accurate and reliable financial information (planning, programming, 
budgeting, accounting, and cost information) in support of financial 
accountability and efficient and effective decision making through the 
department in support of the warfighters. 

[7] See GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: 
January 2007). 

[8] DOD shares responsibility for the following seven governmentwide 
high-risk areas: (1) disability programs, (2) ensuring the effective 
protection of technologies critical to U.S. national security 
interests, (3) interagency contracting, (4) information systems and 
critical infrastructure, (5) information-sharing for homeland security, 
(6) human capital management, and (7) real property management. 

[9] E-Government Act of 2002, Pub. L. No. 107-347 (2002). 

[10] See, for example, GAO, Homeland Security: Efforts Under Way to 
Develop Enterprise Architecture, but Much Work Remains, GAO-04-777 
(Washington, D.C.: Aug. 6, 2004); DOD Business Systems Modernization: 
Limited Progress in Development of Business Enterprise Architecture and 
Oversight of Information Technology Investments, GAO-04-731R 
(Washington, D.C.: May 17, 2004); and Information Technology: 
Architecture Needed to Guide NASA's Financial Management Modernization, 
GAO-04-43 (Washington, D.C.: Nov. 21, 2003). 

[11] The Clinger-Cohen Act of 1996, 40 U.S.C. ï¿½ï¿½ 11101-11704. This act 
expanded the responsibilities of OMB and the agencies that had been set 
under the Paperwork Reduction Act, which requires that agencies engage 
in capital planning and performance and results-based management. 44 
U.S.C. ï¿½ 3504(a)(1)(B)(vi) (OMB); 44 U.S.C. ï¿½ 3506(h)(5) (agencies). 

[12] We have made recommendations to improve OMB's process for 
monitoring high-risk IT investments; see GAO, Information Technology: 
OMB Can Make More Effective Use of Its Investment Reviews, GAO-05-276 
(Washington, D.C.: Apr. 15, 2005). 

[13] This policy is set forth and guidance is provided in OMB Circular 
No. A-11 (section 300) and in OMB's Capital Programming Guide, which 
directs agencies to develop, implement, and use a capital programming 
process to build their capital asset portfolios. 

[14] GAO, Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, GAO-04-394G (Washington, 
D.C.: March 2004). 

[15] Pub. L. No. 109-163, ï¿½ 376 (2006). 

[16] Pub. L. No. 109-364, ï¿½321 (2006). 

[17] See GAO, Defense Business Transformation: Achieving Success 
Requires a Chief Management Officer to Provide Focus and Sustained 
Leadership, GAO-07-1072 (Washington, D.C.: September 5, 2007). 

[18] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375, ï¿½ 332 (2004) (codified in part at 10 
U.S.C. ï¿½ï¿½ 186 and 2222). 

[19] See for example, GAO-07-1072; GAO, Defense Business 
Transformation: A Comprehensive Plan, Integrated Efforts, and Sustained 
Leadership Are Needed to Assure Success, GAO-07-229T (Washington, D.C.: 
Nov. 16, 2006); Department of Defense: Sustained Leadership Is Critical 
to Effective Financial and Business Management Transformation, GAO-06-
1006T (Washington, D.C.: Aug. 3, 2006); and DOD's High-Risk Areas: 
Successful Business Transformation Requires Sound Strategic Planning 
and Sustained Leadership, GAO-05-520T (Washington, D.C.: Apr. 13, 
2005). 

[20] See, for example, GAO-07-1072, GAO-07-310, GAO-07-229T, and GAO-06-
1006T. 

[21] Pub. L. No. 110-181, ï¿½ 904 (2008). 

[22] See GAO, Organizational Transformation: Implementing Chief 
Operating Officer/Chief Management Officer Positions in Federal 
Agencies, GAO-08-322T (Washington, D.C: Dec. 13, 2007). 

[23] GAO, A Call for Stewardship: Enhancing the Federal Government's 
Ability to Address Key Fiscal and Other 21st Century Challenges, GAO-08-
93SP (Washington, D.C.: December 2007), and Suggested Areas for 
Oversight for the 110th Congress, GAO-07-235R (Washington, D.C.: Nov. 
17, 2006). 

[24] DOD Business Systems Modernization: Progress Continues to Be Made 
in Establishing Corporate Management Controls, but Further Steps Are 
Needed, GAO-07-733 (Washington, D.C.: May 14, 2007). 

[25] See, for example, GAO, DOD Business Transformation: Lack of an 
Integrated Strategy Puts the Army's Asset Visibility System Investments 
at Risk, GAO-07-860 (Washington, D.C.: July 27, 2007); Information 
Technology: DOD Needs to Ensure That Navy Marine Corps Intranet Program 
Is Meeting Goals and Satisfying Customers, GAO-07-51 (Washington, D.C.: 
Dec. 8, 2006); Defense Travel System: Reported Savings Questionable and 
Implementation Challenges Remain, GAO-06-980 (Washington, D.C.: Sept. 
26, 2006); DOD Systems Modernization: Uncertain Joint Use and Marginal 
Expected Value of Military Asset Deployment System Warrant Reassessment 
of Planned Investment, GAO-06-171 (Washington, D.C.: Dec. 15, 2005); 
and DOD Systems Modernization: Planned Investment in the Navy Tactical 
Command Support System Needs to Be Reassessed, GAO-06-215 (Washington, 
D.C.: Dec. 5, 2005). 

[26] GAO-07-733. 

[27] Ronald W. Reagan National Defense Authorization Act for Fiscal 
Year 2005, Pub. L. No. 108-375, ï¿½ 332 (2004) (codified in part at 10 
U.S.C. ï¿½ 2222). 

[28] GAO, DOD Business Systems Modernization: Important Progress Made 
in Establishing Foundational Architecture Products and Investment 
Management Practices, but Much Work Remains, GAO-06-219 (Washington, 
D.C.: Nov. 23, 2005). 

[29] The United States Standard General Ledger provides a uniform chart 
of accounts and technical guidance used in standardizing federal agency 
accounting. 

[30] GAO, Information Technology: A Framework for Assessing and 
Improving Enterprise Architecture Management (Version 1.1), GAO-03-584G 
(Washington, D.C.: April 2003), and GAO-04-777. 

[31] Business Systems Modernization: DOD Continues to Improve 
Institutional Approach, but Further Steps Needed, GAO-06-658 
(Washington, D.C.: May 15, 2006). 

[32] See GAO-07-733. 

[33] GAO, Business Systems Modernization: Strategy for Evolving DOD's 
Business Enterprise Architecture Offers a Conceptual Approach, but 
Execution Details Are Needed, GAO-07-451 (Washington, D.C.: Apr. 16, 
2007); and Enterprise Architecture: Leadership Remains Key to 
Establishing and Leveraging Architectures for Organizational 
Transformation, GAO-06-831 (Washington, D.C.: Aug. 14, 2006). 

[34] GAO-06-831. 

[35] GAO, Business Systems Modernization: DOD Needs to Fully Define 
Policies and Procedures for Institutionally Managing Investments, GAO-
07-538 (Washington, D.C.: May 11, 2007). 

[36] The Joint Capabilities Integration and Development System is a 
need-driven management system used to identify future capabilities for 
DOD. The Planning, Programming, Budgeting, and Execution process is a 
calendar-driven management system for allocating resources and 
comprises four phases--planning, programming, budgeting, and executing--
that define how budgets for each DOD component and the department as a 
whole are created, vetted, and executed. The Defense Acquisition System 
is an event-driven system for managing product development and 
procurement that guides the acquisition process for DOD. 

[37] More specifically, DOD corporate is responsible for ensuring that 
all business systems with a development/modernization investment in 
excess of $1 million are reviewed by the IRBs for compliance with the 
BEA, certified by the principal staff assistants, and approved by 
DBSMC. Components are responsible for certifying development/ 
modernization investments with total costs of $1 million or less. All 
DOD development and modernization efforts are also assigned a tier 
based on acquisition category, the size of the financial investment, or 
both. 

[38] GAO, Business Systems Modernization: Air Force Needs to Fully 
Define Policies and Procedures for Institutionally Managing 
Investments, GAO-08-52 (Washington, D.C.: Oct. 31, 2007), and Business 
Systems Modernization: Department of the Navy Needs to Establish 
Management Structure and Fully Define Policies and Procedures for 
Institutionally Managing Investments, GAO-08-53 (Washington, D.C.: Oct. 
31, 2007). 

[39] An enterprise resource planning solution is an automated system 
using commercial off-the-shelf software consisting of multiple, 
integrated functional modules that perform a variety of business- 
related tasks such as payroll, general ledger accounting, and supply 
chain management. 

[40] Field/tactical refers to Army units that are deployable to 
locations around the world, such as Iraq or Afghanistan. 

[41] GAO-07-860. 

[42] GAO-06-215. 

[43] GAO-07-51. 

[44] Department of Defense Business Transformation Agency, 
Transformation Priorities and Requirements Division: Compliance 
Checklist for the Standard Financial Information Structure, (March 15, 
2007). 

[45] GAO, DOD Business Systems Modernization: Billions Continue to Be 
Invested with Inadequate Management Oversight and Accountability, GAO-
04-615 (Washington, D.C.: May 27, 2004), and Army Depot Maintenance: 
Ineffective Oversight of Depot Maintenance Operations and System 
Implementation Efforts, GAO-05-441 (Washington, D.C.: June 30, 2005). 

[46] DOD defines a segment as a component of an entity's business and 
financial environment. A segment can include (1) complete or partial 
business processes; (2) financial systems, business systems, or both; 
or (3) commands or installations. According to DOD, the environment's 
complexity, materiality, and timing of corrective actions are all 
factors that are taken into consideration when defining a segment. 

[47] Prior to its change in strategy, DOD used five business rules: 
discovery and correction, validation, assertion, assessment, and audit. 

[48] OMB Circular No. A-123, Management's Responsibility for Internal 
Control, Appendix A, "Internal Control over Financial Reporting," 
prescribes a method for federal agencies, including DOD, to assess, 
document, and report on internal control over financial reporting at 
each level. 

[49] Department of Defense Inspector General, Financial Management: 
Report on Development of the DOD Baseline for Military Equipment, D- 
2005-114 (Arlington, Va.: Sept. 30, 2005), and Financial Management: 
Report on the Review of the Development of the DOD Baseline for 
Military Equipment, D-2005-112 (Arlington, Va.: Sept. 30, 2005). 

[50] Air Force Audit Agency, Air Force Military Equipment Baseline 
Valuation, F2007-0009-FB3000 (May 29, 2007), and Military Equipment 
Baseline - Electronic Pods, F2007-0003-FB3000 (Jan. 19, 2007). 

[51] Department of Defense, Property and Equipment Policy, Office of 
Undersecretary of Defense for Acquisition, Technology, and Logistics, 
Internal Validation and Verification Project: Military Equipment 
Valuation (June 13, 2006). 

[52] Waivers refer to military equipment programs that were 
intentionally not valued as part of the military equipment valuation 
initiative. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***