oversight

Business Systems Modernization: Summary of GAO's Assessment of the Department of Defense's Initial Business Enterprise Architecture

Published by the Government Accountability Office on 2003-07-07.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States General Accounting Office
Washington, DC 20548



          July 7, 2003

          Congressional Committees

          Subject: Business Systems Modernization: Summary of GAO’s Assessment of the
          Department of Defense’s Initial Business Enterprise Architecture (GAO-03-877R)

          The Department of Defense (DOD) faces financial and related management problems that are
          pervasive, complex, long-standing, and deeply rooted in virtually all business operations
          throughout the department. These problems have impeded the department’s ability to
          provide complete, reliable, and timely business information to the Congress, DOD managers,
          and other decision makers. Of the 25 areas on our governmentwide “high-risk” list, 6 are
          DOD program areas, and the department shares responsibility for 3 other high-risk areas that
          are governmentwide in scope.1 DOD’s problems in each of these areas hinder the efficiency
          of operations, and leave the department vulnerable to fraud, waste, and abuse.

          For fiscal year 2003, DOD’s information technology (IT) budget request was over $26
          billion. More specifically, to support its business operations, DOD reports that it currently
          relies on about 2,300 systems, including accounting, acquisition, logistics, and personnel
          systems that will cost about $18 billion—nearly $5.2 billion for business systems2 and $12.8
          billion primarily for business systems infrastructure—in fiscal year 2003 to operate,
          maintain, and modernize. As we have previously reported,3 this environment was not
          designed to be, but rather has evolved into, an overly complex and error-prone environment,
          including (1) little standardization across DOD, (2) multiple systems performing the same
          tasks, (3) the same data stored in multiple systems, and (4) manual data entry into multiple
          systems.

          One of the seven key elements we have reported4 as necessary to successfully reform DOD’s
          financial and related management challenges is establishing and implementing an enterprise
          1
           U.S. General Accounting Office, High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: January
          2003). The nine interrelated high-risk areas that represent the greatest challenge to DOD’s development of
          world-class business operations to support its forces are contract management, financial management, support
          infrastructure management, inventory management, systems modernization, weapon system acquisition, human
          capital, information security, and real property. The last three areas are governmentwide in scope.
          2
           Business systems include financial and nonfinancial systems, such as civilian personnel, finance, health,
          logistics, military personnel, procurement, and transportation, with the common element being the generation or
          use of financial data to support DOD’s business operations.
          3
           U.S. General Accounting Office, DOD Financial Management: Important Steps Underway But Reform Will
          Require a Long-term Commitment, GAO-02-784T (Washington, D.C.: June 4, 2002).
          4
          GAO-02-784T.


                                                                GAO-03-877R DOD Business Enterprise Architecture
architecture, or modernization blueprint. In May 2001,5 we recommended that DOD
develop, maintain, and implement an enterprise architecture to modernize its financial
management operations and systems across the department. Subsequently, in its fiscal year
2002 Performance and Accountability Report, DOD acknowledged that deficiencies in its
business systems hindered the department’s ability to collect and report financial and
performance information that is accurate, reliable, and timely. The report noted that to
address its systemic problems and assist in the transformation of the department’s business
operations, the department had undertaken the development and implementation of a
business enterprise architecture.

An enterprise architecture provides a clear and comprehensive picture of an entity, whether it
is an organization (e.g., federal department or agency) or a functional or mission area that
cuts across more than one organization (e.g., financial management). This picture consists of
snapshots of both the enterprise’s current or “As Is” operational and technological
environment and its target or “To Be” environment, as well as a capital investment road map
for transitioning from the current to the target environment. These snapshots further consist
of “views,” which are basically one or more architecture products that provide conceptual or
logical representations of the enterprise.

The National Defense Authorization Act for Fiscal Year 20036 required DOD to develop, by
May 1, 2003, a financial management enterprise architecture7 and a transition plan for
implementing the architecture to meet certain requirements. The act also requires DOD to
control expenditures for financial system improvements while the architecture and transition
plan are being developed and after they are completed. The act states that the enterprise
architecture shall describe an information infrastructure that, at a minimum, would enable
DOD to achieve certain capabilities, such as complying with all federal accounting, financial
management, and reporting requirements. The act also requires development of a transition
plan for implementing the enterprise architecture that includes, among other things, a
schedule for phasing out existing financial management systems that will not become part of
the “To Be” environment. Finally, before the architecture and transition plan are approved,
the act requires DOD to review proposed obligations of funds in amounts exceeding $1
million for financial system improvements to determine if they meet specific conditions
called for in the act. Once the architecture and transition plan are approved, the act requires
DOD to ensure that financial system investments are consistent with the architecture and the
transition plan.



5
U.S. General Accounting Office, Information Technology: Architecture Needed to Guide Modernization of
DOD’s Financial Operations, GAO-01-525 (Washington, D.C.: May 17, 2001).
6
 Bob Stump National Defense Authorization Act for Fiscal Year 2003, Pub. L. No. 107-314, § 1004, 116 Stat.
2458, 2629, Dec. 2, 2002.
7
 In May 2003, the DOD Comptroller changed the architecture name from the Financial Management Enterprise
Architecture to the Business Enterprise Architecture to reflect the transformation of departmentwide business
operations and supporting systems, including accounting and finance, budget formulation, acquisition,
inventory management, logistics, personnel, and property management systems.


Page 2                                               GAO-03-877R DOD Business Enterprise Architecture
The act directs us to submit to congressional defense committees, within 60 days of DOD’s
approval of its enterprise architecture and its transition plan, an assessment of DOD’s actions
taken to comply with these requirements. (See enc. I for a copy of section 1004 of the act.)
As agreed with your offices, our objectives were to determine (1) the extent to which DOD’s
actions complied with the requirements of the act and (2) DOD’s plans for further
development and implementation of its enterprise architecture. This report transmits a
summary of the results of our assessment as well as a brief discussion of our key
observations. (See enc. II for a summary of our assessment approach.) We plan to issue a
more detailed report of our assessment results, including conclusions and specific
recommendations. We performed our work from March 2003 through June 2003 in
accordance with U.S. generally accepted government auditing standards. On June 30, 2003,
DOD provided us with written comments on a draft of this report, which are addressed in the
“Agency Comments and our Evaluation” section and are reprinted in enclosure III.

Summary of Observations

As we reported in February 2003,8 DOD undertook a challenging and ambitious task—to
develop within 1 year a departmentwide architecture for modernizing its current financial and
business operations and systems. Thus far, DOD has expended tremendous effort and
resources and made important progress in complying with the legislative requirements aimed
at developing and effectively implementing a well-defined enterprise architecture. Further,
DOD’s initial version of its business enterprise architecture provides a foundation from
which to build and ultimately produce a well-defined business enterprise architecture.
However, the initial version does not adequately address the act's requirements
and other relevant architectural requirements.9 For example, the architecture does not
adequately describe the accounting and financial management requirements and the logical
database model, which includes data standards and is used to guide the creation of the
physical databases where information will be stored. Moreover, DOD has yet to implement
an effective investment management process for controlling ongoing and planned business
system improvements, including one that meets the act’s requirements for ensuring that
obligations in excess of $1 million are consistent with the architecture and the transition plan.
Collectively, this means that DOD has taken a positive first step, but much remains to be
accomplished before DOD will have the kind of blueprint and associated investment controls
to successfully modernize its business operations and supporting systems.



8
 U.S. General Accounting Office: DOD Business Systems Modernization: Improvements to Enterprise
Architecture Development and Implementation Efforts Needed, GAO-03-458 (Washington, D.C.: Feb. 28,
2003).
9
 See for example, Office of Management and Budget, Federal Enterprise Architecture Business Reference
Model, Version 1.0 (2002); Chief Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget Circular No. A-130,
Management of Federal Information Resources (Nov. 28, 2000); M.A.Cook, Building Enterprise Information
Architectures: Reengineering Information Systems (Upper Saddle River, N.J.: Prentice Hall, 1996); and
National Institute of Standards and Technology, Information Management Directions: The Integration
Challenge, Special Publication 500-167 (September 1989).



Page 3                                             GAO-03-877R DOD Business Enterprise Architecture
DOD's position is that, to varying degrees, the initial version of its architecture fully satisfies
the act's requirements, but it also recognizes that the architecture needs to be expanded and
extended to provide a sufficient basis for guiding and constraining investment decisions.
DOD's position is also that it has taken steps to implement the act's requirements regarding
approving system investments but that it needs to do more to effectively select and control
system investments. DOD attributes the current state of its architecture and investment
management processes to the limited time it has had to define and implement each, in part
because it was overly optimistic in estimating what it could deliver by May 1, 2003. Until
DOD develops and provides for effective implementation of a well-defined enterprise
architecture, its ability to modernize its business and systems environments in a way that
minimizes risk and maximizes return on investment will be severely hindered.

Key Observations on Compliance with
Enterprise Architecture Requirements

The department has established some of the architecture management capabilities advocated
by best practices and federal guidance.10 Among these are having a program office staffed
with representatives from across the DOD components, designating a chief architect, and
using an architecture development methodology and automated tool. Further, it has adopted
an incremental approach to developing its architecture and, according to DOD, has approved
an initial version of its architecture that it intends to use as a foundation upon which to build.
The initial version includes a suite of diagrams, tables, and other representations that
describe, to varying degrees, its “As Is” and “To Be” architectural environments. For
example, the “As Is” descriptions include an inventory of about 2,300 systems in operation or
under development, and their characteristics, that support DOD’s current business operations.
The “To Be” descriptions address, to at least some degree, how DOD intends to operate in
the future, what information will be needed to support these future operations, and what
technology standards should govern the design of future systems.

DOD has also incorporated many relevant federal accounting, financial management, and
reporting requirements from 152 federal sources in its “To Be” architecture products. Of the
total 4,000 external requirements included in the initial architecture, our review of 1,767
Joint Financial Management Improvement Program (JFMIP)11 requirements, identified 340
(about 19 percent) that are not included or adequately addressed. For example, federal
accounting requirements for recording revenue are not included. According to program
officials, critical external requirements are not included or adequately addressed primarily
because a fully functioning quality assurance process to validate the requirements was not in
place when the requirements were elicited. As a result, the architecture’s descriptions of

10
 U.S. General Accounting Office, Information Technology: A Framework for Assessing and Improving
Enterprise Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.: April 2003).
11
  JFMIP is a joint undertaking of the Department of the Treasury, GAO, the Office of Management and Budget,
and the Office of Personnel Management, working with each other, other agencies, and the private sector to
improve financial management in the federal government. JFMIP requirements arise from various public laws,
regulations, bulletins, circulars, federal accounting standards, and leading practices and are applicable
governmentwide. Agencies must use these requirements, in addition to agency-unique mission requirements, in
planning and implementing their financial management improvement projects.


Page 4                                              GAO-03-877R DOD Business Enterprise Architecture
certain business processes, such as those associated with revenue accounting and reporting,
which include over $70 billion earned annually by DOD working capital fund activities, are
not yet sufficiently complete for making informed decisions on systems. Department and
contractor officials agreed that these system requirements were either excluded or not
adequately addressed and stated that a subsequent version of the architecture would include
or modify the requirements.

Additionally, the “As Is” and “To Be” architecture products and the transition plan do not
include a number of items recommended by relevant architectural guidance.12 Program
officials agreed that the initial version of the architecture does not contain the scope and
detail needed to acquire business system solutions for its “To Be” environment. Program
officials attribute this to DOD’s being overly optimistic in determining what it could develop
by May 1, 2003. In an effort to manage this expectation gap, DOD officials are using an
incremental approach for developing and implementing the architecture.

Specifically, the “As Is” view of the current architecture does not include the following
items:
    • descriptions of current business operations in terms of the entities/people that perform
       the functions, processes, and activities, and the locations where the functions,
       processes, and activities are performed;
    • data/information being used by the functions, processes, and activities;
    • technology standards being employed;
    • security standards and tools being used; and
    • performance metrics being used.

As a result, DOD does not have a sufficiently described picture of its “As Is” environment to
permit development of a meaningful and useful transition plan that either identifies the
proper sequence of changes needed to move from its current operating environment to its
future target environment, or effectively provides for guiding and constraining investments in
modernized systems.

Additionally, the “To Be” view of the current architecture version does not include the
following items:
    • specific organization and location information, which defines the entities/people that
       will perform the functions, processes, and activities, and specifies where the
       functions, processes, and activities will be performed;
    • physical descriptions of systems or applications to be developed or acquired;

12
 See for example, Office of Management and Budget, Federal Enterprise Architecture Business Reference
Model, Version 1.0 (2002); Chief Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget Circular No. A-130,
Management of Federal Information Resources (Nov. 28, 2000); M.A.Cook, Building Enterprise Information
Architectures: Reengineering Information Systems (Upper Saddle River, N.J.: Prentice Hall, 1996); and
National Institute of Standards and Technology, Information Management Directions: The Integration
Challenge, Special Publication 500-167 (September 1989).




Page 5                                             GAO-03-877R DOD Business Enterprise Architecture
     •   the physical infrastructure (e.g., hardware and systems software) that will be needed
         to support the business systems; and
     •   the organizations that will be accountable for security and their roles and
         responsibilities.

Further, we found that the logical database model, which includes data standards and is used
to guide the creation of the physical databases where information will be stored, is not linked
to a conceptual data model. This raises concern regarding the utility of the logical model in
supporting information flows for business operations and systems.

As a result, the “To Be” environment lacks the details needed to identify and plan for system
solutions and operational change, and enable DOD to routinely provide timely, accurate, and
reliable information for management decision making. In addition, the “To Be” environment
precludes the department from making informed system investment decisions.

Aside from the “To Be” architecture’s lack of detail, its structure is difficult to navigate, thus
constraining its ease of use and understandability. For example, the architecture does not
include user instructions or guidance, and certain artifacts (e.g., diagrams) could not be read
on-line because there was no “zoom” capability enabling enlargement. Further, specific
content, such as the applicability of security standards to specific security services, were
difficult to locate. While we were able to read certain artifacts and locate specific content
after extraordinary effort, it is reasonable to expect that other users would also encounter
difficulty navigating through the architecture products. As a result, users may not have a
good understanding of the architecture’s content for use in making informed decisions.

The transition plan is also missing important items, such as
   • a gap analysis identifying the needed changes to current business processes and
       systems;
   • an identification of which of the 2,300 current business systems will not become part
       of the “To Be” architecture as well as the time frames for phasing out these systems;
   • a time-based strategy for replacing legacy systems, including identification of
       intermediate (i.e., migration) systems that may be temporarily needed; and
   • a statement of resources (e.g., funding and staff) needed to transition to the target
       environment.

As a result, DOD does not yet have a meaningful and reliable basis for managing the
disposition of its existing inventory of about 2,300 systems or for sequencing the introduction
of modernized business operations and supporting systems.

In June 2003,13 DOD’s verification and validation contractor also assessed the initial
architecture against relevant best practices to determine its quality. Consistent with our
assessment, this contractor reported that while DOD’s architecture contained significant
content, it lacked the depth and detail needed to begin building and implementing

13
  MITRE Technical Report: Review of Financial Management Enterprise Architecture (FMEA), Version 1.0,
June 2003.


Page 6                                            GAO-03-877R DOD Business Enterprise Architecture
modernized systems and making operational changes. Further, the contractor reported that
the architecture was not easily understandable and that its utility to stakeholders in system
acquisition planning was limited.

With regard to DOD’s actions to control ongoing and planned business systems investments,
DOD has not yet defined and implemented an effective approach to select and control
business system investments exceeding $1 million while the architecture is being developed
and after it is completed. Program officials stated that the department’s current approach to
selecting and controlling business system investments depends on the system owners coming
forward with the request for approval, and that it has not established the means to determine
which systems should be submitted for review. Program officials acknowledge that the
department, at a minimum, could use DOD’s IT budget documentation to proactively fulfill
the act’s requirements and strengthen the investment management process. Since enactment
of the National Defense Authorization Act for Fiscal Year 2003, DOD has approved one
business system improvement that met this $1 million threshold and is currently reviewing
four others. Our analysis of DOD’s fiscal years 2003 and 2004 IT budget requests shows
that over 200 systems in each year’s budget, totaling about $4 billion per year, could have
resulted in obligations of funds that meet the $1 million threshold. As a result, the vast
majority of the billions of dollars that DOD invests in business system improvements
annually have not been subject to the specific investment control process called for in the act.

Key Observations on DOD’s Plans for Evolving and Extending Its
Enterprise Architecture and for Improving Business System
Investment Decision Making

According to program officials and the initial version of the transition plan, DOD intends to
extend and evolve the architecture to include missing scope and detail. However, it has not
defined specific plans outlining how this will be accomplished. Rather, DOD’s current plan
is to develop a strategy for producing the next version of its architecture and managing
ongoing and planned investments. Among other things, this strategy is to provide for
     • determining the resources needed to further develop the architecture;
     • developing a methodology for integrating the architecture with other internal and
        external architectures;
     • establishing an approach for maintaining its existing systems inventory; and
     • evaluating the architecture for completeness, accuracy, and integration of end-to-end
        business processes and system functions.

In addition, DOD program documentation provides for initiating pilot projects in the near
term that are to demonstrate and implement a portion of the architecture and be usable across
the department. However, DOD officials stated that the pilot projects are intended to validate
departmentwide business processes and not to implement production systems. Because of
these differing views of what the pilot projects are intended to achieve, the purpose and scope
of these projects remain unclear and specific projects have yet to be selected. If DOD
intends for these projects to demonstrate or validate an enterprisewide business process to
address a current deficiency in DOD’s business operations and systems, such as the lack of
common data standards, these projects could help DOD improve its architecture and thus



Page 7                                         GAO-03-877R DOD Business Enterprise Architecture
may represent reasonable investments. However, if the pilot projects are to be used to
acquire and implement system solutions and place them into production to achieve an
operational capability, it is unclear how DOD will ensure architecture alignment and manage
the risk associated with investing in even more systems before it has a well-defined blueprint
and an effective investment management process to guide and control them.

With regard to DOD’s plans for improving investment management controls, DOD has a
proposed governance concept that describes how and by whom business transformation
requirements identified by the architecture will be implemented in the department. This
proposal vests domain owners (DOD business line representatives, such as those in logistics,
human resource management, and acquisition/procurement) with the authority,
responsibility, and accountability for business transformation, extension and implementation
of the architecture, development and execution of the transition plan, and investment
portfolio management for their domains. However, it is not clear how the proposed
approach, including the act’s requirements, will be implemented. Further, it is not clear,
given the incomplete state of version 1.0 of the architecture (1) how the domain owners will
ensure consistency across domains for architecture extensions and changes and (2) how the
proposed approach will address our prior recommendations for establishing a hierarchy of
investment review boards that use an explicit and common set of criteria for selecting,
controlling, and evaluating IT projects as a portfolio of competing investment options. One
criterion we recommended was to ensure consistency and compliance with ongoing
architecture development efforts.14 As a result, the department does not have a critical
structure in place to effectively select and control its IT investments, and runs the risk of
continuing to invest in systems that perpetuate its existing incompatible, duplicative, overly
costly environment of about 2,300 business systems that do not optimally support mission
performance.

Agency Comments and Our Evaluation

In commenting on a draft of this report (reprinted in enc. III), DOD generally agreed with our
assessment of the department’s initial business enterprise architecture and recognized that
“much work remains to be done.” It then described this work as beginning the transition
from its “As Is” environment to the “To Be” as defined in the architecture. DOD stated that
its approach for transitioning focuses on reengineering its business processes incrementally
and then selecting business system solutions to implement the new methods and practices.
However, as we reported, the initial version of the architecture lacks the scope and content
needed to provide a sufficient frame of reference for moving the department from its current
operating environment to its future target environment. Moreover, we stated in the report
that DOD’s plans for extending and evolving the architecture have yet to be adequately
defined. While reengineering business processes is a logical component of what needs to be
done to evolve the architecture, our report identifies many other aspects of the architecture,
and the transition, that need to be further defined before DOD will have a sufficient basis for
evaluating and selecting business system solutions.


14
  GAO-03-458.



Page 8                                        GAO-03-877R DOD Business Enterprise Architecture
DOD’s comments also recognized the need to manage and control its ongoing and planned
business system investments, and stated that it has defined an approach for doing so in draft
guidance and would use its transformation governance structure to implement the investment
management process. This guidance is still in draft and DOD has not provided it to us.
Therefore, we could not determine whether it addresses the limitations in the department’s
existing approach to select and control its business system investments or the uncertainties
associated with its proposed investment governance approach, both of which are discussed in
this report.

Last, DOD’s comments noted that the cost to operate, maintain, and modernize its
approximately 2,300 systems is about $5 billion and that $13 billion provides infrastructure
for all DOD systems and includes spending on nonbusiness (e.g., command and control or
intelligence) systems. We do not agree. Specifically, our analysis of DOD’s total IT budget
request for fiscal year 2003 shows approximately $26 billion, of which $5 billion relates to
the operation, maintenance, and modernization of DOD’s business systems; about $13 billion
relates primarily to the infrastructure to support these business systems; and the remaining $8
billion relates primarily to command and control systems, including the infrastructure to
support these systems.

                                            -----

We will be sending copies of this report to interested congressional committees; the Director,
Office of Management and Budget; the Secretary of Defense; the Under Secretary of Defense
(Comptroller); the Assistant Secretary of Defense (Networks and Information Integration)/
Chief Information Officer; the Under Secretary of Defense (Acquisition, Technology, and
Logistics); the Under Secretary of Defense (Personnel and Readiness); and the Director,
Defense Finance and Accounting Service. This report will also be available at no charge on
our Web site at http://www.gao.gov.




Page 9                                        GAO-03-877R DOD Business Enterprise Architecture
If you have any questions concerning this information, please contact Gregory Kutz at (202)
512-9095 or kutzg@gao.gov or Randolph Hite at (202) 512-3439 or hiter@gao.gov. GAO
contacts and key contributors to this report are listed in enclosure IV.




Gregory D. Kutz
Director, Financial Management and Assurance




Randolph C. Hite
Director, Information Technology Architecture
 and Systems Issues

Enclosures




Page 10                                      GAO-03-877R DOD Business Enterprise Architecture
List of Committees

The Honorable Ted Stevens
Chairman
The Honorable Robert C. Byrd
Ranking Minority Member
Committee on Appropriations
United States Senate

The Honorable John W. Warner
Chairman
The Honorable Carl Levin
Ranking Minority Member
Committee on Armed Services
United States Senate

The Honorable C.W. Bill Young
Chairman
The Honorable David R. Obey
Ranking Minority Member
Committee on Appropriations
House of Representatives

The Honorable Duncan Hunter
Chairman
The Honorable Ike Skelton
Ranking Minority Member
Committee on Armed Services
House of Representatives

The Honorable Jim Saxton
Chairman
The Honorable Martin T. Meehan
Ranking Minority Member
Subcommittee on Terrorism, Unconventional Threats and Capabilities
Committee on Armed Services
House of Representatives




Page 11                                   GAO-03-877R DOD Business Enterprise Architecture
Enclosure I


SEC. 1004. [of Public Law 107-314] DEVELOPMENT AND IMPLEMENTATION OF
         FINANCIAL MANAGEMENT ENTERPRISE ARCHITECTURE

(a) REQUIREMENT FOR ENTERPRISE ARCHITECTURE AND FOR TRANSITION
PLAN—
Not later than May 1, 2003, the Secretary of Defense shall develop—
(1) a financial management enterprise architecture for all budgetary, accounting,
finance, enterprise resource planning, and mixed information systems of the
Department of Defense; and
(2) a transition plan for implementing that financial management enterprise
architecture.
(b) COMPOSITION OF ENTERPRISE ARCHITECTURE—
(1) The financial management enterprise architecture developed under subsection (a)(1) shall
describe an information infrastructure that, at a minimum, would enable the Department of
Defense to—
    (A) comply with all Federal accounting, financial management, and reporting
    requirements;
    (B) routinely produce timely, accurate, and reliable financial information for
    management purposes;
    (C) integrate budget, accounting, and program information and systems; and
    (D) provide for the systematic measurement of performance, including the ability to
    produce timely, relevant, and reliable cost information.
(2) That enterprise architecture shall also include policies, procedures, data standards, and
system interface requirements that are to apply uniformly throughout the Department of
Defense.
(c) COMPOSITION OF TRANSITION PLAN—The transition plan developed under
subsection (a)(2) shall include the following:
(1) The acquisition strategy for the enterprise architecture, including specific time-phased
milestones, performance metrics, and financial and nonfinancial resource needs.
(2) A listing of the mission critical or mission essential operational and
developmental financial and nonfinancial management systems of the Department of
Defense, as defined by the Under Secretary of Defense (Comptroller), consistent with budget
justification documentation, together with
    (A) the costs to operate and maintain each of those systems during fiscal year
    2002; and
    (B) the estimated cost to operate and maintain each of those systems during
    fiscal year 2003.
(3) A listing of the operational and developmental financial management systems of the
Department of Defense as of the date of the enactment of this Act (known as ‘legacy
systems’) that will not be part of the objective financial and nonfinancial management
system, together with the schedule for terminating those legacy systems that provides for
reducing the use of those legacy systems in phases.




Page 12                                      GAO-03-877R DOD Business Enterprise Architecture
(d) CONDITIONS FOR OBLIGATION OF SIGNIFICANT AMOUNTS FOR FINANCIAL
SYSTEM IMPROVEMENTS—An amount in excess of $1,000,000 may be obligated for a
defense financial system improvement only if the Under Secretary of Defense (Comptroller)
makes a determination regarding that improvement as follows:
(1) Before the date of an approval specified in paragraph (2), a determination that
the defense financial system improvement is necessary for either of the following reasons:
     (A) To achieve a critical national security capability or address a critical requirement in
     an area such as safety or security.
     (B) To prevent a significant adverse effect (in terms of a technical matter, cost, or
     schedule) on a project that is needed to achieve an essential capability, taking into
     consideration in the determination the alternative solutions for preventing the adverse
     effect.
(2) On and after the date of any approval by the Secretary of Defense of a financial
management enterprise architecture and a transition plan that satisfy the requirements of this
section, a determination that the defense financial system improvement is consistent with
both the enterprise architecture and the transition plan.
(e) CONGRESSIONAL REPORTS—Not later than March 15 of each year from 2004
through 2007, the Secretary of Defense shall submit to the congressional defense committees
a report on the progress of the Department of Defense in implementing the enterprise
architecture and transition plan required by this section. Each report shall include, at a
minimum—
(1) a description of the actions taken during the preceding fiscal year to implement the
enterprise architecture and transition plan (together with the estimated costs of such actions);
(2) an explanation of any action planned in the enterprise architecture and transition plan to
be taken during the preceding fiscal year that was not taken during that fiscal year;
(3) a description of the actions taken and planned to be taken during the current fiscal year to
implement the enterprise architecture and transition plan (together with the estimated costs of
such actions); and
(4) a description of the actions taken and planned to be taken during the next fiscal year to
implement the enterprise architecture and transition plan (together with the estimated costs of
such actions).
(f) COMPTROLLER GENERAL REVIEW—Not later than 60 days after the approval of an
enterprise architecture and transition plan in accordance with the requirements of subsection
(a), and not later than 60 days after the submission of an annual report required by subsection
(e), the Comptroller General shall submit to the congressional defense committees an
assessment of the extent to which the actions taken by the Department comply with the
requirements of this section.
(g) DEFINITIONS—In this section:
(1) The term ‘defense financial system improvement’ means the acquisition of a new
budgetary, accounting, finance, enterprise resource planning, or mixed information system
for the Department of Defense or a modification of an existing budgetary, accounting,
finance, enterprise resource planning, or mixed information system of the Department of
Defense. Such term does not include routine maintenance and operation of any such system.
(2) The term ‘mixed information system’ means an information system that supports
financial and non-financial functions of the Federal Government as defined in Office of
Management and Budget Circular A-127 (Financial management Systems).



Page 13                                        GAO-03-877R DOD Business Enterprise Architecture
(h) REPEAL—(1) Section 2222 of title 10, United States Code, is repealed. The table of
sections at the beginning of chapter 131 of such title is amended by striking the item relating
to such section.
(2) Section 185(d) of such title is amended by striking ‘has the meaning given that term in
section 2222(c)(2) of this title’ and inserting ‘means an automated or manual system from
which information is derived for a financial management system or an accounting system’.




Page 14                                       GAO-03-877R DOD Business Enterprise Architecture
Enclosure II

                                  Summary of Assessment Approach


To accomplish our objectives for determining (1) the extent to which DOD’s actions
complied with the requirements of section 1004 of Public Law 107-314 and (2) DOD’s plans
for further development and implementation of the architecture, we assessed DOD’s initial
architecture, which the DOD Comptroller transmitted to the Comptroller General on May 8,
2003. Consistent with the act and as agreed with congressional defense committees’ staffs,
this assessment focused on compliance with all federal accounting, financial management,
and reporting requirements; the content of the “As Is” and “To Be” environments; the content
of the transition plan to include time-phased milestones for phasing out existing systems,
resource needs for implementing the “To Be” environment, and information on the systems
inventory; and the extent to which DOD is controlling its business system investments.

We also used our Enterprise Architecture Management Maturity Framework15 that describes
the five stages of management maturity to determine the extent to which DOD has adopted
key elements of architecture management best practices. To make this determination, we
reviewed program documentation, such as program policies and procedures and architecture
products, and compared them to the elements in the framework.

Specific to our review of federal requirements, we could not determine whether the
architecture contained all federal accounting, financial management and reporting
requirements because a central repository of all such requirements does not exist.
Nevertheless, to assess the completeness of the federal requirements, we compared the about
4,000 external16 requirements contained in the architecture to those listed in selected JFMIP17
federal systems requirements publications. The JFMIP requirements consisted of about 45
percent of the total external requirements. We performed a detailed review of 1,767 of the
JFMIP requirements.

To review the “As Is” and “To Be” environments and the transition plan, we decomposed
version 1.0 of the architecture into various parts and components and made a comparison
against relevant benchmarks. More specifically, we first divided the architecture into the
three primary component parts specified in the act and recognized in best practices and
federal guidance: the “As Is” architecture, the “To Be” architecture, and the transition plan.
We then divided the “As Is” and the “To Be” architectures into the six architectural



15
  GAO-03-584G.
16
  External requirements are those that are obtained from authoritative sources and constrain various aspects of
the architecture.
17
 We used nine JFMIP systems requirements documents: revenue, acquisition, core financial, human resources
and payroll, managerial cost accounting, inventory, travel, property management, and benefits.



Page 15                                                GAO-03-877R DOD Business Enterprise Architecture
components. We then compared version 1.0 to (1) relevant criteria18 governing the content of
key architectural elements for the transition plan and (2) the six components of the “As Is”
and “To Be” architectures. In addition, we reviewed comments from DOD’s verification and
validation contractor (MITRE).

To review DOD’s actions to comply with the $1 million obligation threshold for financial
system improvements, we obtained and reviewed memorandums and other documentation
regarding the approval of expenditures for system investments in excess of $1 million. We
also reviewed and analyzed the DOD IT budget requests for fiscal years 2003 and 2004 to
identify systems that met the $1 million threshold and compared this to the total number of
systems DOD reviewed and approved to measure the extent of systems that potentially
should be reviewed.

To determine DOD’s plans for further development and implementation of the architecture,
we reviewed the performance work statement; DOD’s proposed governance concept,
including domain owner roles and responsibilities; and program documentation pertaining to
plans for implementing pilot projects. We also reviewed the status of DOD’s response to our
prior recommendations pertaining to controlling ongoing and planned IT systems
investments.

To augment our document reviews and analyses, we interviewed officials from various DOD
organizations and contractors, including the Office of the Under Secretary of Defense
(Comptroller); Office of the Under Secretary of Defense (Acquisition, Technology, and
Logistics); Office of the Under Secretary of Defense (Personnel and Readiness); IBM; and
MITRE Corporation.

We conducted our work primarily at DOD headquarters offices in Washington, D.C., and
Arlington, Virginia, from March 2003 through June 2003 in accordance with U.S. generally
accepted government auditing standards. On June 30, 2003, DOD provided us with written
comments on a draft of this report, which are addressed in the “Agency Comments and Our
Evaluation” section and are reprinted in enclosure III.




18
 See for example, Office of Management and Budget, Federal Enterprise Architecture Business Reference
Model, Version 1.0 (2002); Chief Information Officer Council, A Practical Guide to Federal Enterprise
Architecture, Version 1.0 (February 2001); Office of Management and Budget Circular No. A-130,
Management of Federal Information Resources (Nov. 28, 2000); M.A.Cook, Building Enterprise Information
Architectures: Reengineering Information Systems (Upper Saddle River, N.J.: Prentice Hall, 1996); and
National Institute of Standards and Technology, Information Management Directions: The Integration
Challenge, Special Publication 500-167 (September 1989).



Page 16                                            GAO-03-877R DOD Business Enterprise Architecture
Enclosure III

                Comments from the Department of Defense




Page 17                           GAO-03-877R DOD Business Enterprise Architecture
Page 18   GAO-03-877R DOD Business Enterprise Architecture
Enclosure IV

                   GAO Contacts and Staff Acknowledgments

GAO Contacts      Jenniffer Wilson, (202) 512-9192
                  Cynthia Jackson, (202) 512-5086

Acknowledgments   In addition to the individuals named above, key
                  contributors to this report included Beatrice Alff, Nabajyoti Barkakati,
                  Justin Booth, Francine DelVecchio, Francis Dymond, Neelaxi
                  Lakhmani, Anh Le, Evelyn Logue, Mai Nguyen, Darby Smith, Stacey
                  Smith, Alan Steiner, Randolph Tekeley, and William Wadsworth.




(192086)




Page 19                                  GAO-03-877R DOD Business Enterprise Architecture
                         The General Accounting Office, the audit, evaluation and investigative arm of
GAO’s Mission            Congress, exists to support Congress in meeting its constitutional responsibilities
                         and to help improve the performance and accountability of the federal
                         government for the American people. GAO examines the use of public funds;
                         evaluates federal programs and policies; and provides analyses,
                         recommendations, and other assistance to help Congress make informed
                         oversight, policy, and funding decisions. GAO’s commitment to good government
                         is reflected in its core values of accountability, integrity, and reliability.


                         The fastest and easiest way to obtain copies of GAO documents at no cost is
Obtaining Copies of      through the Internet. GAO’s Web site (www.gao.gov) contains abstracts and full-
GAO Reports and          text files of current reports and testimony and an expanding archive of older
                         products. The Web site features a search engine to help you locate documents
Testimony                using key words and phrases. You can print these documents in their entirety,
                         including charts and other graphics.
                         Each day, GAO issues a list of newly released reports, testimony, and
                         correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site
                         daily. The list contains links to the full-text document files. To have GAO e-mail
                         this list to you every afternoon, go to www.gao.gov and select “Subscribe to e-mail
                         alerts” under the “Order GAO Products” heading.


Order by Mail or Phone   The first copy of each printed report is free. Additional copies are $2 each. A
                         check or money order should be made out to the Superintendent of Documents.
                         GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a
                         single address are discounted 25 percent. Orders should be sent to:
                         U.S. General Accounting Office
                         441 G Street NW, Room LM
                         Washington, D.C. 20548
                         To order by Phone:     Voice:    (202) 512-6000
                                                TDD:      (202) 512-2537
                                                Fax:      (202) 512-6061


                         Contact:
To Report Fraud,
                         Web site: www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in      E-mail: fraudnet@gao.gov
Federal Programs         Automated answering system: (800) 424-5454 or (202) 512-7470


                         Jeff Nelligan, Managing Director, NelliganJ@gao.gov (202) 512-4800
Public Affairs           U.S. General Accounting Office, 441 G Street NW, Room 7149
                         Washington, D.C. 20548
This is a work of the U.S. government and is not subject to copyright protection in the
United States. It may be reproduced and distributed in its entirety without further
permission from GAO. However, because this work may contain copyrighted images or
other material, permission from the copyright holder may be necessary if you wish to
reproduce this material separately.