oversight

Defense Information Management: Continuing Implementation Challenges Highlight the Need for Improvement

Published by the Government Accountability Office on 1999-02-25.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Subcommittee on Military Readiness,
                          Committee on Armed Services, House of Representatives




For Release on Delivery
Expected at
2 p.m.
                          DEFENSE INFORMATION
Thursday,
February 25, 1999         MANAGEMENT

                          Continuing
                          Implementation Challenges
                          Highlight the Need for
                          Improvement
                          Statement of Jack L. Brock, Jr.
                          Director, Governmentwide and Defense Information
                          Systems
                          Accounting and Information Management Division




GAO/T-AIMD-99-93
Mr. Chairman and Members of the Subcommittee:

Thank you for inviting me to participate in today’s hearing on the
Department of Defense’s (DOD) effort to strengthen its information
technology management processes. Defense invests about $11 billion
annually in technology to support a wide range of activities, including
military operations and maintenance, personnel management, health
services, and routine business and financial management functions--and
tens of billions more on technology supporting sophisticated weaponry.
This reliance will only grow as the Department moves to modernize and
respond to technological advances that are changing the traditional
concepts of warfighting through improved intelligence and improved
command and control.

However, DOD faces a number of serious management challenges to
ensure that technology-driven processes and business systems provide an
adequate level of service and an appropriate rate of return on investments.
Namely, it has lacked effective fundamental management and oversight
controls for assessing the costs and risks of proposed information
technology projects; ensuring that projects follow departmentwide
technical and data standards; measuring performance; and discontinuing
projects shown to be technically flawed or not cost effective. Moreover,
Defense faces a major challenge in removing long-standing organizational
and cultural barriers to effective investment processes. This environment
has consistently resulted in expensive system failures as well as systems
that have not lived up to expectations.

In view of these problems, we designated Defense’s management of
information technology as a high-risk federal program in 1995. The House
National Security Committee (now called the Armed Services Committee)
subsequently required DOD to report on its efforts to address these
weaknesses and implement the Clinger-Cohen Act, which was enacted in
1996 to strengthen agency information technology (IT) investment
processes. My testimony today will focus on Defense’s effort to respond to
this requirement and strengthen its information technology management
processes. In short, DOD’s planned IT management reforms represent
positive first steps toward strengthening the Department’s decision-making
and oversight environment for information technology projects. However,
for this effort to succeed where others have failed, DOD will need
substantial follow through to translate these plans into concrete
improvements. This will require unwavering top-level commitment to




Page 1                                                      GAO/T-AIMD-99-93
                        overcome both organizational resistance and to institute meaningful
                        controls.



DOD’s Management of     In 1995,1 we designated DOD’s effort2 to streamline its business operations
                        and deploy more efficient and less redundant standard information systems
Information             as a high-risk area, indicating that it was especially vulnerable to waste and
Technology Is at High   mismanagement. At the time, Defense was spending some $3 billion
                        annually to develop and modernize information systems, while major
Risk                    business processes supported by these systems--such as personnel, payroll,
                        inventory management, supply distribution, and contract management—
                        were not being examined for business process reengineering opportunities.
                        Since then, we have continually reported that Defense has lacked
                        management and oversight controls fundamental to ensuring the success of
                        its IT investments. These include controls and processes for ensuring that
                        the costs and risks of multimillion dollar projects are justified; monitoring
                        progress and performance; and stopping projects shown to be cost
                        ineffective or technically flawed.

                        Not surprisingly, DOD cannot show whether it has achieved significant
                        results from its major technology investments. For example, in July 1998,
                        we reported3 that, because it failed to implement basic
                        telecommunications management policies and develop objective
                        performance measures, DOD was unable to eliminate costly duplication of
                        its telecommunications networks and improve the effectiveness and
                        efficiency of its communication services. In 1997, we reported4 that,
                        because Defense lacked an effective decision-making framework for
                        consolidating, modernizing, and outsourcing computer center operations,
                        its components had developed inconsistent and contradictory computer
                        center strategies and the Department was foregoing opportunities to
                        further reduce computer center expenditures.




                        1
                            High Risk Series: An Overview (GAO/HR-95-1, February 1995).
                        2
                            This was previously known as the Corporate Information Management (CIM) initiative.

                        3Defense Networks: Management Information Shortfalls Hinder Defense Efforts to Meet DISN Goals
                        (GAO/AIMD-98-202, July 30, 1998).

                        4
                            Defense IRM: Investments at Risk for DOD Computer Centers (GAO/AIMD-97-39, April 4, 1997).




                        Page 2                                                                           GAO/T-AIMD-99-93
Moreover, in a comprehensive review5 of DOD’s $18 billion effort to replace
functionally duplicative and inefficient automated information systems
with the best existing systems (known as the migration strategy), we found
that Defense consistently failed to adhere to sound IT decision-making and
oversight processes. For example, at the oversight level, systems that
clearly lacked key pieces of technical, programmatic, and economic
justification were allowed to go forward. At the decision-making level,
many functional areas did not even bother to submit their systems or
analyses that supported their decisions to department-level oversight
controls. For instance, one functional area spent over $700 million
pursuing a substantially flawed effort to develop a standard suite of
materiel management systems—which was later abandoned—without
rigorous department-level oversight. Our review also found that DOD
lacked key cost, performance, and scheduling data that would enable
Defense to convincingly demonstrate whether this decade-long effort had
been successful or not.

This review, as well as many others, showed that perhaps the biggest
impediment to successful IT projects is DOD’s organizational environment,
which has resisted departmentwide efforts to standardize business
processes and information systems and to increase oversight and visibility
over information resources. For example, the Department’s Corporate
Information Management initiative largely failed in meeting its original
goals of bringing widespread efficiencies to its business processes because
the Department could not overcome initial resistance to new ways of doing
business. More recently, Defense civilian personnel management officials
reported to us6 that they did not consider several options that would
radically change personnel management operations because the military
services had a vested interest in maintaining the status quo even if those
options offered opportunities for cost savings and increased operating
efficiencies.

Many of Defense’s fundamental IT management weaknesses were
manifested in early efforts to solve the Year 2000 computing problem.
When first confronted with the problem, Defense did not establish strong
centralized oversight and management mechanisms, such as a Year 2000


5DefenseIRM: Poor Implementation of Management Controls Has Put Migration Strategy at Risk
(GAO/AIMD-98-5, October 20, 1997).

6
  Defense IRM: Alternatives Should Be Considered in Developing the New Civilian Personnel System
(GAO/AIMD-99-20, January 27, 1999).




Page 3                                                                        GAO/T-AIMD-99-93
                         Program Office and a full-time Year 2000 executive and processes for
                         validating information on component progress. And, initially, it did not
                         develop a much needed detailed Year 2000 plan or guidance for developing
                         interface agreements, conducting testing, remediating systems, and
                         reporting on progress. Instead, Defense delegated responsibility for
                         addressing the problem to its components. In turn, the components
                         delegated this responsibility to subcomponents and likewise neglected to
                         implement strong management and oversight controls. As a result we
                         reported7 that Defense was making inadequate progress in fixing its
                         mission-critical systems and in mitigating Year 2000 risks, thus threatening
                         its ability to carry out critical operations.

                         DOD has since implemented better controls and processes to strengthen its
                         management over the Year 2000 problem and improved its progress in
                         renovating systems. This has, however, taken extraordinary effort and
                         serious Year 2000 risks remain. While major challenges still face the
                         Department in addressing the problem, some of the hard lessons learned
                         with respect to the Year 2000 project now offer avenues for longer term
                         benefits to IT management.



Legislative Reforms      Several recent management reforms, including revisions to the Paperwork
                         Reduction Act, the Clinger-Cohen Act of 1996, the Government
Aimed at Addressing IT   Performance and Results Act of 1993, the Federal Acquisition Streamlining
Management               Act of 1994, and the Chief Financial Officers Act of 1990, have introduced
                         requirements emphasizing the need for federal agencies to significantly
Weaknesses               improve their management processes, including how they select and
                         manage IT resources. For instance, a key goal of the Clinger-Cohen Act is
                         that agencies should have processes and information in place to help
                         ensure that IT projects are being implemented at acceptable costs, within
                         reasonable and expected time frames, and are contributing to tangible,
                         observable improvements in mission performance. Moreover, these agency
                         processes should be institutionalized throughout the organization, and
                         should be used for all IT-related decisions. The ultimate goal of these
                         various legislative reforms is for DOD and other agencies to make better
                         decisions that will measurably increase the performance of the
                         organization.



                         7
                          Defense Computers: Year 2000 Computer Problems Threaten DOD Operations (GAO/AIMD-98-72,
                         April 30, 1998).




                         Page 4                                                                  GAO/T-AIMD-99-93
DOD’s Required Report   In view of Defense’s long-standing information technology management
                        weaknesses and reforms called for by Clinger-Cohen and related
Shows Progress, But     legislation, the Committee required DOD, by December 1, 1998, to review
Concerns Remain         and report on its efforts to improve IT management. The Committee
                        specifically asked that DOD’s report include a review of the following.

                        1. DOD’s overall information technology management strategic plan,
                        including any service and agency subsets.

                        2. Performance measures and plans for implementing them.

                        3. Barriers to achieving the goals of the information management strategic
                        plan and performance measures.

                        4. Policies and directives for implementing IT management reforms
                        required by the Clinger-Cohen Act.

                        5. Actions taken to integrate the Clinger-Cohen Act reforms into DOD’s
                        existing Planning, Programming, and Budgeting System (PPBS).

                        6. Actions taken on the GAO recommendations contained in its report on
                        DOD’s system migration strategy for improving DOD’s management
                        controls over investments in national security systems and combat support
                        (administrative) systems.

                        7. DOD’s plans to perform vulnerability assessment and operational testing
                        for Year 2000 compliance or contingency plans.

                        DOD’s subsequent report to the Committee responded to the first six areas
                        of concern and outlined the Department’s plans to improve IT management
                        in most of these areas. According to Defense, plans for testing of Year 2000
                        compliance and contingency plans will be discussed in a separate report to
                        the Committee.8

                        Our analysis of these plans and initial actions taken by the Department
                        shows that, for the most part, they represent good first steps toward
                        strengthening decision-making and oversight processes for IT. However, it


                        8
                          See Defense Computers: DOD’s Plan for Execution of Simulated Year 2000 Exercises (GAO/AIMD-99-
                        52R, January 29, 1999) for more information about the Committee’s requirement with respect to Year
                        2000 vulnerability assessments and operational testing.




                        Page 5                                                                        GAO/T-AIMD-99-93
                      is still very premature to determine whether Defense can overcome its
                      cultural inertia and go beyond these first steps. Also, important
                      management areas have not been adequately addressed, particularly with
                      respect to performance measurement and capital planning and investment
                      control.


DOD’s IT Management   Almost every organization has mission and information planning processes
Strategic Plan        and plans. But the most effective strategic business and information
                      management planning processes are both tightly linked and anchored, not
                      to bureaucratic requirements, but to explicit goals that meet external
                      needs. For this reason, the Paperwork Reduction Act requires each agency
                      to develop and maintain a strategic information management plan on how
                      information management activities help accomplish agency missions.

                      DOD’s report states that the Department (1) developed an information
                      management strategic plan in March 1997 to ensure that IT investments
                      maintain a strategic business and mission focus and (2) completed its first
                      information management strategic planning cycle. Among other things,
                      DOD indicates that the strategic plan represents the DOD Chief
                      Information Officer's (CIO) “high-level vision and direction for the
                      Department as a whole, with cross-cutting [CIO] goals, objectives,
                      strategies, and performance measures that support all missions, functions,
                      and organizations.” The new DOD-wide information management strategic
                      planning process and the issuance of the DOD CIO strategic plan should
                      facilitate coordination and integration of IT-related efforts among the
                      military services and Defense agencies.

                      DOD’s report stated that a revised draft of the strategic plan, which is due
                      to be approved for issuance around the end of this month, is better linked
                      to the strategies of, among other things, DOD’s overall strategic plan—the
                      May 1997 Report of the Quadrennial Defense Review. CIO office officials
                      also stated that their IT strategic planning has been broadly inclusive of
                      other DOD organizations and components. These are positive
                      developments addressing concerns we have raised in the past.

                      Nevertheless, DOD CIO officials deleted from the revised draft of the
                      strategic plan the “outcome” and “outcome performance indicators”
                      subsections that were included under each of the four goals in the March
                      1997 strategic plan. The specific and trackable information previously
                      provided has been replaced by an appendix discussing IT performance




                      Page 6                                                       GAO/T-AIMD-99-93
                          measures in much more general, and less useful, terms. DOD CIO officials
                          were unresponsive to our inquiries about their reasons for this change.

                          Moreover, the plan does not identify the DOD resources needed to achieve
                          DOD’s goals and objectives. Rather, it makes clear that it is up to the DOD
                          components and the PPBS process to provide for the resources needed to
                          achieve the DOD-wide plan’s goals and objectives. Our review of four
                          components’ information management strategic or implementation plans--
                          those of the three military departments and the Defense Information
                          Systems Agency (DISA)—also showed that none of these plans identified
                          the resources needed to carry out the DOD-wide plans. The Army’s plan
                          predates the DOD-wide strategic plan and, therefore, did not make any
                          specific reference to it. Based on our best practices research in this area,
                          we know that successful IT planning depends on keeping a mission and
                          strategic business focus and integrating needs across functional areas and
                          missions. Thus, it is critical that DOD’s component strategic plans link to
                          the overall plan and that components provide adequate resources to fund
                          IT efforts.


DOD’s IT Investment and   Many of the problems we identified in our earlier reviews of DOD’s IT
Performance Measurement   efforts are rooted in the fact that DOD’s management and oversight
                          processes over IT projects are not effectively integrated to enable the
Approach
                          Department to manage from a portfolio perspective. Considering
                          investments as a total package of possible projects is important because it
                          forces an agency to decide which projects are the most critical to meeting
                          mission needs and thus should receive the most resources and attention.
                          Moreover, we have found that because DOD lacked IT performance
                          measures, senior managers could not begin to compare results being
                          achieved against projected costs, benefits, and risks.

                          DOD’s December 1, 1998, report recognizes these problems and, toward
                          this end, states that the department has been “significantly reorganized to
                          more effectively measure DOD information technology performance within
                          the context of functional mission outcomes." A single Directorate, under
                          the DOD Deputy CIO, for example, has been established to (1) promulgate
                          performance measurement guidance and (2) incorporate performance
                          measurement as the cornerstone for IT investment portfolio oversight and
                          outcome-based programming and budget assessments for the CIO and the
                          Chief Financial Officer.




                          Page 7                                                      GAO/T-AIMD-99-93
                            The Office of the DOD CIO is also developing an IT investment portfolio
                            (ITIP) oversight approach that is intended to (1) provide the DOD CIO with
                            better information to support management and investment decisions and
                            fully implement IT performance measurement in the Department, (2) assist
                            functional managers in building and managing IT portfolios consistent with
                            strategic visions, goals, and measures of performance, and (3) assist
                            program managers in effectively managing performance, cost, and
                            schedule risks in the acquisition of IT that supports functional mission
                            needs and strategic plans.

                            According to DOD, a DOD team has developed a draft ITIP template, which
                            will be validated during 1999 through pilot programs, with the eventual goal
                            of adopting it for departmental use. According to DOD CIO officials, the
                            Department is about to establish a DOD-wide working-level integrated
                            process team to implement the ITIP oversight approach.

                            We believe that these efforts have the potential to improve the allocation of
                            IT resources and visibility over IT investments. They can also put DOD in a
                            better position to effectively implement requirements of the reform
                            legislation. Nevertheless, Defense has been slow to implement these
                            changes-- it has been almost 3 years since the Clinger-Cohen Act was
                            enacted and the approach is still being designed and pilot tested.
                            Moreover, because effective portfolio management will require DOD to
                            overcome cultural barriers to change, it remains uncertain whether DOD
                            can achieve the support needed to institute this new program.


Barriers to Achieving the   DOD’s December report contained only a single paragraph addressing
Goals of the IT Strategic   cultural barriers to change and did not provide any specifics on how these
                            impediments will be overcome. Although they cited “many” DOD reform
Plan
                            initiatives which should help address this problem, DOD officials offered
                            little more in the way of specifics of how these barriers will be removed or
                            how DOD’s progress with respect to doing so will be measured.

                            As noted in our previous reports, the biggest challenge to effective IT
                            management in DOD is the prevailing organizational structure and
                            embedded culture found throughout the Department. Specifically, the
                            three military services have clearly defined roles and responsibilities and
                            separate budget authority, program execution, and functional authority for
                            the enforcement of national defense policy and objectives. This
                            environment has promoted stovepipe systems solutions in each component
                            and made it difficult to implement departmentwide oversight or visibility



                            Page 8                                                       GAO/T-AIMD-99-93
                            over information resources. Until DOD can specifically address how these
                            barriers will be overcome, successful implementation of its IT management
                            reforms will remain in doubt.


Department Directives and   Policies and procedures are essential to executing management reform.
Policies Issued to          They provide essential clarity, purpose, direction, and instill authority and
                            accountability for managing an organization in an effective manner. The
Implement IT Reforms
                            DOD report calls attention to a June 2, 1997, memorandum, in which the
                            Secretary of Defense clarified the DOD CIO’s responsibilities for
                            implementing the IT-related requirements of the Clinger-Cohen Act. It
                            directed that the CIO promote improvements to work processes and
                            supporting information resources.

                            The DOD report states that (1) its recent reorganization created an
                            Information Policy Directorate within the Office of the Deputy CIO/Deputy
                            Assistant Secretary of Defense (Implementation and Policy), which, since
                            its creation in mid-1998, has focused on ways to quickly issue new policies
                            and purge old ones, (2) the CIO has developed a common framework for
                            updating IT management policies around the achievement of information
                            superiority (a Joint Vision 2010 goal), more directly linking IT with the
                            mission, and (3) policies are being reviewed and updated or eliminated and
                            directive-type memoranda are being used to issue policy guidance more
                            quickly, working with those who must apply these reformed policies.

                            DOD CIO officials emphasized that DOD’s new approach is to more quickly
                            coordinate and issue shorter guidance and policy memorandum (that is,
                            within 6 to 8 weeks, 3 months at most). A memoranda describing the
                            general approach to issuing timely guidance over the next several months
                            was issued by the DOD CIO on November 9, 1998. And, Defense is in the
                            process of developing guidance for electronic commerce, the Defense
                            Messaging System and Information Interoperability and Integration. It also
                            expects to issue a memorandum to replace the “capstone” IT management
                            directive (Directive 8000.1) by August 1, 1999. CIO officials told us that
                            various offices and study groups are planning to develop numerous other
                            directives including ones that address IT investment portfolio
                            implementation, architectures, and enterprise software. However, they
                            could not estimate how many of these would be issued this year.

                            Defense’s plans do not yet call for guidance in some key areas. For
                            example, it does not plan to issue guidance on preparing economic
                            analyses even though DOD itself has acknowledged the need for consistent



                            Page 9                                                        GAO/T-AIMD-99-93
                          and standard techniques in preparing economic analyses to support a
                          portfolio management approach to IT.

                          Our analysis indicates that, within the past year, the DOD CIO has initiated
                          a major collaborative effort with various military services and defense
                          agencies to improve written IT management policies. These policy
                          improvement steps, and their collaborative nature, are encouraging.
                          However, few results have accrued from this collaborative effort. This
                          opinion is buttressed by a statement made last November by the CIO that
                          many of DOD’s IT management policies “have not kept pace” with
                          legislative and technological changes or DOD’s priorities and needlessly
                          complicate DOD’s achievement of its goals.


Integrating IT Capital    Our best practices research,9 which helped form the basis for many of the
Planning and Investment   Clinger-Cohen IT management reforms, emphasized the need for integrated
                          planning, budgeting, and performance measurement. This helps
Control Processes into
                          organizations to never lose sight of critical information systems projects
PPBS                      and to treat them consistently throughout sometimes disparate
                          management processes.

                          At DOD, the Planning, Programming, and Budgeting System (PPBS), along
                          with DOD requirements and acquisition processes, is intended to integrate,
                          among other things, budgeting and IT investment management. Over the
                          past year, DOD and its component processes have been reviewed and
                          changes have been made in PPBS to ensure full participation of the DOD
                          CIO in the Department's decision-making process. For example, the DOD
                          CIO now participates as a full member on two important DOD management
                          bodies--the Defense Resources Board (DRB) and the Defense Planning
                          Advisory Group (DPAG). The DRB, chaired by the Deputy Secretary of
                          Defense, is the senior DOD group that advises the Secretary and Deputy
                          Secretary on major programming decisions which provide the basis for the
                          military services’ and defense agencies’ budget estimates. The DPAG is
                          responsible for the developing the guidance that supports and facilitates
                          budget preparation. DOD’s report stated that the DOD CIO’s membership
                          on the DRB should ensure that the CIO’s position is heard in all budget
                          deliberations.



                          9
                           Executive Guide: Improving Mission Performance Through Strategic Information Management and
                          Technology (GAO/AIMD-94-115, May 1994).




                          Page 10                                                                   GAO/T-AIMD-99-93
                           These changes should help to elevate top management visibility into IT
                           management in the Department. However, DOD CIO officials we spoke
                           with indicated that the PPBS processes do not fully meet the Clinger-Cohen
                           Act requirements. For example, PPBS decision-making processes are not
                           based on consideration of defined selection criteria nor do they provide the
                           quantifiable measurements of progress, timeliness, and results to senior
                           executives required by the Clinger-Cohen Act.


Actions Taken to Improve   In our report on DOD’s migration strategy, we made a number of
Management Controls Over   recommendations aimed at ensuring that DOD’s continued investment in
                           migration systems provided measurable improvements in mission-related
IT Investments
                           and administrative processes. For example, we recommended that
                           Defense require its components to rank development/modernization
                           systems justifications and complete them on an expedited basis. We also
                           recommended that the CIO certify that these justifications include (1) an
                           analysis of operational alternatives that clearly demonstrates that
                           continuing with migration is the best solution for improving performance
                           and reducing costs in the functional area, (2) an economic analysis
                           showing a return on investment or other mission benefits that justify
                           further investment, and (3) documentation showing that the system
                           currently complies with applicable Defense technical standards and uses
                           standard data. Additionally, we made recommendations aimed at
                           correcting weaknesses within the current life-cycle management
                           environment and ensuring the successful reengineering of processes and
                           implementing of corporate information systems for functional areas.
                           Defense generally concurred with these recommendations and agreed to
                           implement corrective actions.

                           However, Defense has made little progress in addressing our
                           recommendations. While Defense’s plans to reform IT management have
                           potential for addressing some of the weaknesses we identified in our
                           report, nothing has actually been fully implemented to address our
                           concerns. Furthermore, in December 1998, DOD indicated that it no longer
                           concurred with the recommendations aimed at improving the quality of
                           data in the Defense Integration Support Tools (DIST)--a system which
                           served as the department’s inventory for information systems--because it
                           stopped using this system and undertook other efforts to improve
                           inventory-related data. The lack of complete and accurate system
                           inventory data was a major problem impeding Defense’s early Year 2000
                           efforts to complete assessments and estimate costs.




                           Page 11                                                     GAO/T-AIMD-99-93
                     Our recommendations were aimed not only at bringing meaningful change
                     to the current decision-making and oversight environment for migration,
                     but to facilitate DOD’s implementation of the Clinger-Cohen Act and to
                     rectify the weaknesses that pervade a broad spectrum of DOD’s IT efforts,
                     including management of telecommunications networks, computer
                     systems, and the Year 2000 program. The Department’s failure to
                     implement our recommendations serves to limit its ability to comply with
                     basic tenets of good information management practices and the specific
                     requirements of the Clinger-Cohen Act.



Year 2000 Offers     As mentioned earlier, when first confronted with the Year 2000 problem,
                     Defense’s long-standing IT management weaknesses made it difficult for
Another Avenue for   the Department to lay the groundwork for effective planning and oversight.
Making Long-Term     Nevertheless, out of necessity, the Department has learned that a business-
                     as-usual approach will not work for a problem as pervasive as Year 2000. In
Improvements         turn, Defense has had to implement new mechanisms and management
                     approaches that could well be applied to longer term technology
                     management efforts. For example:

                     • Defense has learned that Year 2000 efforts cannot succeed without the
                       involvement of top-level managers, including the Deputy Secretary,
                       senior information management officials, the Comptroller, the principal
                       staff assistants, and decisionmakers at Defense components. Best
                       practices have shown that top executives need to be similarly engaged
                       in periodic assessments of major information technology investments in
                       order to prioritize projects and make sound funding decisions.
                     • Defense has realized that having a complete and accurate
                       enterprisewide information systems inventory can facilitate
                       remediation, testing, and validation efforts. Having a reliable system
                       inventory is also fundamental to well-managed information technology
                       programs since it can provide senior managers with timely and accurate
                       information on system costs, schedule, and performance.
                     • Defense has spent 3 years identifying system interfaces and
                       implementing interface controls at the system level to prevent
                       proliferation of Year 2000 problems between systems. This effort should
                       help Defense prevent future data exchange problems in its systems and
                       resolve conflicts between interface partners.
                     • Defense has made some progress in identifying and prioritizing its
                       mission-critical systems and is expected to further prioritize as
                       operational and functional evaluations highlight the “thin line” systems
                       that are truly critical to Defense operations. Once the Year 2000 effort is



                     Page 12                                                      GAO/T-AIMD-99-93
                         completed, Defense can use this information to further identify and
                         retire duplicative or unproductive systems.

                      In short, it is clear that DOD has a significant opportunity to institutionalize
                      some valuable lessons learned from its Year 2000 experience—namely,
                      involving top managers in IT decisions and establishing good visibility over
                      systems. By applying these lessons learned to its overall IT efforts, DOD
                      will be better positioned to acquire and deploy high performing, cost-
                      effective systems; avoid repeating costly mistakes; and ensure an adequate
                      return from its multibillion dollar IT investments.



Conclusions           DOD is making progress in its attempts to improve its IT management
                      processes in concert with recent governmentwide IT management reforms.
                      However, it is unlikely that these initial steps will develop into meaningful,
                      tangible reform of DOD’s information management processes and achieve
                      real impact over the selection and control of its technology investments
                      without confronting fundamental management issues that continue to
                      plague the Department. These issues center around the very real cultural
                      barriers that limit effective management initiatives within the Department
                      and the lack of well-defined processes, disciplined management, and
                      sustained top management attention required to overcome those barriers.
                      The Department’s recent experiences with its Year 2000 efforts should
                      serve as an example that consistent—and persistent—attention by top
                      management can make a significant difference. If these lessons can be
                      applied to other aspects of IT management and backed by good processes
                      and reasonable controls, then the Department will be poised to harvest
                      significant returns from its investment dollars.

                      Mr. Chairman, this concludes my testimony. I will be happy to answer any
                      questions you or Members of the Subcommittee may have.




(511052)      Leter   Page 13                                                        GAO/T-AIMD-99-93
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order made
out to the Superintendent of Documents, when necessary, VISA and
MasterCard credit cards are accepted, also.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any list
from the past 30 days, please call (202) 512-6000 using a touchtone
phone. A recorded menu will provide information on how to obtain
these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. GI00
Official Business
Penalty for Private Use $300

Address Correction Requested