Defense Department Needs to Clean Up Last of Longstanding Business IT Issues, Watchdog Says

The Defense Department has made significant progress improving management of the IT used for its business processes but work on key areas remains, according to the latest roundup report from the Government Accountability Office.

The department is the largest single organization in government and, per GAO, “one of the most complex organizations in the world.” As such, DOD’s business processes—all of which include an IT component—are similarly vast and complex.

“According to DOD’s information technology investment data, as of April 2019, the department had 1,958 business system investments and planned to spend approximately $8.9 billion on developing, modernizing, operating and maintaining its business systems in fiscal year 2020,” according to the report released Thursday.

Due to this scope and complexity, GAO has included DOD IT business systems on its high-risk list since 1995 and issued 12 separate reports with recommendations to improve the management of these systems.

“As of June 2019, the department had implemented 15 of the 29 recommendations contained in the 12 reports,” GAO auditors said. Of the remaining 14, two were closed and labeled “‘not implemented’ because the actions taken by the department did not sufficiently address the recommendations.” The audit report released Thursday dealt with the other 12 outstanding issues.

Before the auditors wrapped their work in November, DOD had implemented one recommendation with regard to creating guidance for investments in business systems and three ensuring those investments receive the proper oversight, including reviews and certifications.

For instance, “the Office of the [Chief Management Officer] demonstrated that DOD had implemented our recommendation to improve the department’s policy to require full consideration of sustainability and technological refreshment requirements for its defense business systems investments,” according to the report.

However, eight recommendations remain outstanding, including five dealing with the overall business and IT enterprise architecture.

While DOD officials had developed a business enterprise architecture, “it had not implemented our recommendation to integrate its business and IT architectures,” auditors wrote.

Prior to the end of the audit period, defense officials told GAO those systems would be integrated as the department deployed version 3 of its information enterprise architecture rollout by the end of calendar 2019.

The department was also behind on recommendations to help bolster the workforce, including developing “a skills inventory, needs assessment, gap analysis and plan to address identified gaps as part of a strategic approach to human capital planning.”

“Taking further actions to implement all of the recommendations is essential to helping the department achieve compliance with all of the requirements—and, ultimately, further strengthen the management of its defense business system investments as well as its efforts to effectively transform its business operations,” GAO wrote.

DOD management agreed with all of the recommendations and submitted plans at the end of January to address each of the outstanding points within 90 days.

“In the upcoming months, the CMO will execute a reform agenda to strengthen oversight and improve business performance,” CMO Lisa Hershman said in the department’s response.