GAO faults some DOD IT assessments

Related Links

GAO Report

The Defense Department needs to improve how it assesses if efforts to modernize the department’s thousands of business systems comply with its overarching information technology architecture, according to government auditors.

The Government Accountability Office concluded that DOD’s internal process for assessing whether efforts to comply with the department’s federated Business Enterprise Architecture (BEA) is insufficient. In a report issued today, GAO makes several recommendations for how DOD should improve its guidance, assessment tool and approval processes to ensure that business system investments comply with the department’s overall IT design.

According to the findings, GAO examined two Navy programs, and found that, although the programs largely followed DOD’s compliance guidance, used DOD's  compliance assessment tool, and were certified, it remains unclear whether the modernization investments satisfy the department’s BEA, GAO said.
 
The assessments did not include all relevant information and were not required to do so by DOD guidance, the auditors found.  For example, the assessments did not examine how the systems complied with certain technical standards useful for system interoperability, potential areas where the programs duplicated other efforts, or assess whether the systems complied with aspects of the Navy’s enterprise architecture.

According to the report, DOD does not require assessments to cover these areas and the assessment tools are not configured to do so.

In addition, even though the assessments were certified as compliant with DOD’s BEA, each program’s compliance assessment was not validated by  certification entities. GAO said.

To ensure that business system modernization investments comply with DOD’s BEA, the department should:

• Revise the compliance assessment guidance to include data about relevant architecture data and to ensure that assessments are conducted to have a timely effect on the program.

• Use the program-specific data in the compliance assessment tool to check for potential overlaps and duplication of other programs.

•Explicitly assign responsibility for validating BEA compliance assertions.

DOD said it agreed with GAO’s recommendations and it will meet the intent of the recommendations in future versions of its compliance guidance, policies and methodologies as architectures mature.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.