Business Systems Modernization: Department of the NavyNeeds to Establish Management Structure...

GAO-08-53 October 31, 2007

In 1995, GAO first designated the Department of Defense's (DOD) business systems modernization program as "high-risk," and continues to do so today. In 2004, Congress passed legislation reflecting prior GAO recommendations that DOD adopt a corporate

approach to information technology (IT) business systems investment management, including tiered accountability for business systems at the department and component levels. To support GAO's legislative mandate to review DOD's efforts, GAO assessed whether the investment management approach of one of DOD's components--the Department of the Navy--is consistent with leading investment management best practices. In doing so, GAO applied its IT Investment Management (ITIM) framework and associated methodology, focusing on the stages related to the investment management provisions of the Clinger-Cohen Act of 1996.

The Department of the Navy has yet to establish the management structures needed to effectively manage its business systems investments or to fully develop many of the related policies and procedures outlined in GAO's ITIM framework. The department has implemented two of the nine key practices that call for project-level management structures, policies, and procedures, and none of the five practices that call for portfolio-level policies and procedures. Specifically, it has developed procedures for identifying and collecting information about its business systems to support investment selection and control, and assigned responsibility for ensuring that the information collected during project identification meets the needs of the investment management process. However, the department has not established the management structures needed to support effective investment oversight. It also has not fully documented business system investment policies and procedures for directing Investment Review Board operations, selecting new investments, reselecting ongoing investments, integrating the investment funding and investment selection processes, and developing and maintaining complete business system investment portfolio(s). Department officials stated that they are aware of the lack of an Investment Review Board and the absence of documented policies and procedures in certain areas of project and portfolio-level management, and are currently working on new guidance to address these areas. According to these officials, the new policies and procedures are expected to be approved by March 2008. However, until the department assigns responsibility for overseeing project-level management and portfolio management to a departmentwide review board and fully defines policies and procedures for both individual projects and portfolios of projects, it risks selecting and controlling these business system investments in a way that is inconsistent, incomplete, and ad hoc, which in turn reduces the chances that these investments will meet mission needs in the most effective manner.

Categories: National Defense, Accountability, Best practices, Data collection, Information management, Information systems investments, Information technology, Investment planning, Investment Review Board, IT investment management, GAO High Risk Series, GAO Information Technology Investment Management Framework