GAO urges DOD to adopt more commercial best practices

The U.S. Government Accountability Office (GAO) has issued a call for the U.S. Department of Defense to reform its business-system procurement policies and align them with the project management practices used in the corporate world.

In a report sent to Congress last Friday, the GAO made 14 recommendations aimed at strengthening the Pentagon’s acquisition policies for business systems, as well as its controls for ensuring that proper procedures are followed. The GAO warned that if its recommendations aren’t heeded, the successful implementation of future IT investments by the DOD will be put at risk.

The financial consequences could be huge if the DOD doesn’t follow the report’s advice, the GAO claimed. Of the $28 billion in IT funding that the Pentagon requested for the government’s current fiscal year, $19 billion will go toward operations, maintenance and modernization of business systems, as opposed to military command and control systems, according to the GAO.

The GAO was asked late last year by the U.S. Senate’s subcommittee on military readiness and management support to evaluate the Pentagon’s latest guidelines to see if they are consistent with private-sector best practices and include sufficient controls on DOD units.

In its report, the GAO said recent revisions by the DOD do incorporate many of the procedures followed by corporate users, such as the need to economically justify systems investments and to continually measure projects against predefined financial baselines. But it added that the Pentagon left out other best practices, most notably ones related to rollouts of packaged applications.

Officials responsible for revising the DOD’s policies told the GAO that by Sept. 30, more best practices will be added to the procurement guidelines, which are officially called the 5000 series of documents. But there are no documented plans for doing so, the GAO said, and the resources needed to complete the work haven’t been assigned yet “due to higher-priority needs.”

Among the specific recommendations made by the GAO is a suggestion that the DOD create a formal plan to incorporate the missing best practices identified in the report. The report also calls for the Pentagon to discourage modification of third-party applications and develop plans to evaluate systems integrators on their ability to install commercial applications.

Another remaining hole involves risk management processes for identifying potential problems and creating contingency plans to deal with them, the GAO said. It added that the 5000 series guidelines don’t include methods for reviewing the risk status of IT projects. Without such oversight capabilities, it’s “likely that acquisition risks will become cost, schedule and performance problems,” the GAO said.

The DOD had yet to respond to requests for comment on the report by Computerworld’s publication deadline. In a letter to the GAO that was included in the report, the Pentagon said it agreed with some of the recommendations. But it disagreed or only partially concurred with others. For example, the GAO’s call for a detailed plan for beefing up the business-system policies is unnecessary and “inappropriate,” the DOD said in its letter, which was signed by Deputy Assistant Secretary of Defense John R. Landon.

In his letter, Landon also said Pentagon officials agree that proper risk management is a desired best practice. But he added that the DOD doesn’t see the need to incorporate such processes in the 5000 series documents at this time because it already has risk management procedures in place.

The GAO prefaced its findings by saying that the way in which the DOD has historically acquired IT systems “has been cited as a root cause of these systems failing to deliver promised capabilities and benefits on time and within budget.” Lack of proper oversight has meant that the Pentagon has had limited success in replacing outdated business systems and weak controls over procurement activities, the GAO said. It noted that last year, the defense agency was unable to show financial justifications for four finance and accounting systems that totaled $1 billion in costs.

In addition, the GAO claimed that although the DOD had largely agreed with prior recommendations for improving its IT policies, its progress in “implementing them across the department has been uneven.”