GAO faults some DOD IT assessments

Related Links

GAO Report

The Defense Department needs to improve how it assesses if efforts to modernize the department’s thousands of business systems comply with its overarching information technology architecture, according to government auditors.

The Government Accountability Office concluded that DOD’s internal process for assessing whether efforts to comply with the department’s federated Business Enterprise Architecture (BEA) is insufficient. In a report issued today, GAO makes several recommendations for how DOD should improve its guidance, assessment tool and approval processes to ensure that business system investments comply with the department’s overall IT design.

According to the findings, GAO examined two Navy programs, and found that, although the programs largely followed DOD’s compliance guidance, used DOD's  compliance assessment tool, and were certified, it remains unclear whether the modernization investments satisfy the department’s BEA, GAO said.
 
The assessments did not include all relevant information and were not required to do so by DOD guidance, the auditors found.  For example, the assessments did not examine how the systems complied with certain technical standards useful for system interoperability, potential areas where the programs duplicated other efforts, or assess whether the systems complied with aspects of the Navy’s enterprise architecture.

According to the report, DOD does not require assessments to cover these areas and the assessment tools are not configured to do so.

In addition, even though the assessments were certified as compliant with DOD’s BEA, each program’s compliance assessment was not validated by  certification entities. GAO said.

To ensure that business system modernization investments comply with DOD’s BEA, the department should:

• Revise the compliance assessment guidance to include data about relevant architecture data and to ensure that assessments are conducted to have a timely effect on the program.

• Use the program-specific data in the compliance assessment tool to check for potential overlaps and duplication of other programs.

•Explicitly assign responsibility for validating BEA compliance assertions.

DOD said it agreed with GAO’s recommendations and it will meet the intent of the recommendations in future versions of its compliance guidance, policies and methodologies as architectures mature.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.