Nov 23, 2005 (09:11 AM EST)
GAO: DoD's Business Systems Modernization Needs More Work

Read the Original Article at InformationWeek

Good isn't good enough, not for Congressional auditors.

The Government Accounting Office, the investigative arm of Congress, says that despite progress, the Defense Department's business systems modernization program needs much more work. "If these improvements do not occur, DoD's business systems modernization will continue to be a high-risk program," McCoy Williams, GAO director of financial management assurance, wrote in a 72-page report issued Wednesday.

Defense's IT operation is massive, with the department relying on some 4,200 business systems. Lawmakers appropriated $15.5 billion for the current fiscal year to operate, maintain, and modernize departmental business systems, up nearly 17% from $13.3 billion in fiscal 2005.

Among the report's highlights:

* The latest version of the business enterprise architecture, version 3.0, doesn't entirely satisfy requirements set down by Congress. While version 3.0—approved by the department on Sept. 28—includes a target architecture, it fails to include a current architecture. "Without this element, DoD could not analyze the gaps between the two architectures—critical input to a comprehensive transition plan," Williams says. Still, Williams is hopeful, saying the latest version of the architecture represents significant progress and provides a foundation upon which the department can build.

* Although the transition plan to the new architecture includes certain required information such as milestones for major projects, it's inconsistent with the architecture itself in various ways. For instance, GAO says, it identifies target systems in the new architecture, but these aren't always the same as those identified in the architecture itself. The transition plan also fails to include system performance metrics aligned with the plan's strategic goals and objectives.

* The department's fiscal year 2006 budget discloses some but not all required information. It doesn't, for instance, identify the approval authority for all business systems investments.

* Defense hasn't satisfied or is in the process of satisfying some of the requirements regarding its business systems investments as required by law. GAO said the department has fulfilled the requirement for delegating IT system responsibility and accountability to designated approval authorities as specified, as well as establishing certain structures and define certain processes to review and approve IT investments. Yet, GAO reports, some of these structures aren't in place, and some reviews and approvals to date have not followed the criteria in the act.

In response, Defense didn't specifically comment on most of GAO's findings, but said it disagreed with two points: the level of development for its current architecture and instances of non-integration within the architecture and transition plan. But Defense assured GAO that it's committed to addressing what Congressional auditors view to be the underlying basis of both points.