GAO faults some DOD IT assessments

Related Links

GAO Report

The Defense Department needs to improve how it assesses if efforts to modernize the department’s thousands of business systems comply with its overarching information technology architecture, according to government auditors.

The Government Accountability Office concluded that DOD’s internal process for assessing whether efforts to comply with the department’s federated Business Enterprise Architecture (BEA) is insufficient. In a report issued today, GAO makes several recommendations for how DOD should improve its guidance, assessment tool and approval processes to ensure that business system investments comply with the department’s overall IT design.

According to the findings, GAO examined two Navy programs, and found that, although the programs largely followed DOD’s compliance guidance, used DOD's  compliance assessment tool, and were certified, it remains unclear whether the modernization investments satisfy the department’s BEA, GAO said.
 
The assessments did not include all relevant information and were not required to do so by DOD guidance, the auditors found.  For example, the assessments did not examine how the systems complied with certain technical standards useful for system interoperability, potential areas where the programs duplicated other efforts, or assess whether the systems complied with aspects of the Navy’s enterprise architecture.

According to the report, DOD does not require assessments to cover these areas and the assessment tools are not configured to do so.

In addition, even though the assessments were certified as compliant with DOD’s BEA, each program’s compliance assessment was not validated by  certification entities. GAO said.

To ensure that business system modernization investments comply with DOD’s BEA, the department should:

• Revise the compliance assessment guidance to include data about relevant architecture data and to ensure that assessments are conducted to have a timely effect on the program.

• Use the program-specific data in the compliance assessment tool to check for potential overlaps and duplication of other programs.

•Explicitly assign responsibility for validating BEA compliance assertions.

DOD said it agreed with GAO’s recommendations and it will meet the intent of the recommendations in future versions of its compliance guidance, policies and methodologies as architectures mature.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.