GAO finds management flaws in Navy modernization efforts

The Navy has managed two major business system modernization efforts poorly, leading to cost overruns, schedule delays and potential information security risks, the Government Accountability Office concluded in new reports.

Comment on this article in The Forum.The two efforts -- the Enterprise Resource Planning program initiated in 2003 to standardize business processes, and the Navy Cash program started in 2001 to eliminate the need for currency on ships by issuing sailors smart cards for retail purchases and banking transactions -- are part of a broader ongoing business systems modernization initiative at the Defense Department. GAO has designated the initiative as high risk, largely due to a lack of key information technology management controls.

Enterprise Resource Planning

The first stage of the ERP program is expected to cost about $2.4 billion and be completed in fiscal 2013. Despite some progress in justifying investments in the effort, and managing risks and system requirements, GAO said, weaknesses in controls have contributed to a more than two-year schedule delay and almost $600 million in cost overruns. They "will likely contribute to future delays and overruns if they are not corrected," the watchdog agency said in a report (GAO-08-896) released on Monday.

GAO pointed to problems implementing earned value management, a tool that allows contracting officers to compare actual cost, planned cost and tangible return over the duration of a project to ensure efficiency. The Navy did not develop an effective master schedule for meeting program milestones and failed to perform a baseline review of the first stage's system releases, the report said.

Also, program administrators have not established acceptable processes for mitigating risks associated with converting data from the Naval Air Systems Command's legacy computer systems to ERP and positioning NAVAIR for adopting the new business processes embedded in ERP software.

GAO recommended that Defense officials ensure the Navy follow proper earned value management standards and assign an independent organization to oversee progress. It also recommended that the secretary of Defense direct the secretary of the Navy on plans for mitigating risks associated with converting data from legacy systems to Navy ERP and moving business processes to the new system, and that the secretary of the Navy provide frequent progress reports.

"The department has already taken steps to address some of GAO's recommendations and the Navy [ERP] program office is committed to implementing recommendations that will contribute to the program's success," wrote Paul Brinkley, deputy undersecretary of Defense for business transformation, in response to the report.

Navy Cash

Navy Cash is expected to cost about $320 million, with $220 funded by Navy and $100 million by the Treasury Department's Financial Management Service. The Navy is responsible for managing the acquisition of the system components, while FMS develops and maintains the system and manages its funding.

GAO found that a number of key IT management controls to ensure that system investments and processes for deployment are cost effective have not been implemented fully. "As a result, investment in the system has not been justified," the agency said in a separate report published on Monday.

Navy officials failed to properly analyze whether they were duplicating programs already available through the Air Force and the Army, which both provide smart card technology for electronic retail transactions, the report (GAO-08-922) stated.

The Navy also failed to accurately compare costs of the program, said to be $133 million, with potential benefits, according to GAO. For example, Navy estimates its share of program costs to be $100 million over six years, but the program's life cycle is now estimated to be at least 14 years. Also, expected cost savings include $40 million that will be shifted to another group and do not constitute actual savings.

Additionally, GAO cited inadequate documentation; failure to develop procedures for identifying and mitigating risks; and poor management of security for shipboard devices, applications and data. The program office has not fully implemented a patch management process, enforced processes for responding to known information security weaknesses, ensured that Treasury's FMS has effective security controls in place, or developed an adequate contingency plan in case of security breach, the report stated.

"As a result, the confidentiality, integrity and availability of deployed and operating Navy Cash shipboard devices, applications and financial data are at increased risk of being compromised," the report noted.

GAO recommended that future investment in Navy Cash be limited to deployment of already developed and tested capabilities, correction of information security vulnerabilities and weaknesses on ships, and analysis for deciding whether continuation of the program is in Defense's best interest.

In a written response, Brinkley agreed that an updated economic analysis of Navy Cash was necessary and that noted system weaknesses must be addressed, but he emphasized the need to continue funding the program.

"Navy Cash must remain operational while corrective actions to address GAO's recommendations are under way," Brinkley said. "The earliest installed systems are nearing the end of their expected operational life due to aging hardware and technology obsolescence. These must be replaced through a planned technical refresh in order to maintain already developed and tested capabilities.