GAO report finds mixed results on DOD compliance with fiscal requirements related to business systems

A recent Government Accountability Office (GAO) report found that the Department of Defense (DOD) has made progress in complying with provisions for managing its defense business systems but still needs to take additional actions.

The National Defense Authorization Act (NDAA) for Fiscal Year 2016 directs DOD to take steps to ensure efficient and effective management of business system investments, including limiting their complexity and cost. The NDAA directs GAO to report every two years on DOD compliance with these provisions.

In the report, GAO evaluated, among other things, DOD’s guidance for managing defense business system investments and its business and IT enterprise architecture. GAO compared the department’s system certification guidance and architectures to the NDAA requirements and interviewed DOD officials.

The NDAA requires DOD to issue guidance to address requirements for reviewing and certifying the department’s business systems. GAO found that while DOD had issued the required guidance, the military departments had made varying amounts of progress in addressing them. Military department officials, GAO said, described plans to address gaps in their guidance but had not defined when the planned actions would be completed.

GAO also found that while DOD is taking steps to improve its business enterprise architecture, its information technology (IT) architecture is not yet complete. DOD is also updating its IT enterprise architecture but does not have a well-defined plan for improving its IT and computing infrastructure for each of the major business processes.

The business and IT enterprise architectures are also still not yet integrated, and the department has not established a time frame for doing so.

GAO made six recommendations in the report, including that DOD and the military departments define time frames for and issue required guidance, that DOD develops a complete IT architecture, and that it integrates its business and IT architectures.

DOD concurred with three recommendations and partially concurred with three recommendations. GAO has said it “continues to believe all of the recommendations are warranted.”