US auditors urge Pentagon to adopt private sector best practices

The US Government Accountability Office (GAO) has called for the Department of Defense to reform its business-system procurement...

The US Government Accountability Office (GAO) has called for the Department of Defense to reform its business-system procurement policies and align them with corporate project management practices.

In a report for Congress, the auditing agency made 14 recommendations aimed at strengthening the Pentagon's acquisition policies for business systems and procedure controls.

The GAO warned that if its recommendations are not heeded, the successful implementation of future IT investments by the defence department will be put at risk. 

The financial consequences could be huge, the auditors claimed. Of the $28bn (£15bn) in IT funding that the Pentagon requested for this year, $19bn will go toward operations, maintenance and modernisation of business systems, according to the GAO. 

The GAO was asked late last year by the Senate's subcommittee on military readiness and management support to evaluate the Pentagon's latest guidelines to see if they are consistent with private-sector best practices and include sufficient controls. 

In its report, the GAO said recent revisions by the defence department incorporate many of the procedures followed by corporate users, such as the need to economically justify systems investments and to continually measure projects against predefined financial baselines.

But it added that the Pentagon left out other best practices, most notably ones related to roll-outs of packaged applications. 

Officials responsible for revising the department's policies told the GAO that by 30 September, more best practices will be added to the procurement guidelines, which are officially called the 5000 series of documents.

The GAO report calls for the Pentagon to discourage modification of third-party applications and develop plans to evaluate systems integrators on their ability to install commercial applications. 

Another hole involves risk management processes for identifying potential problems and creating contingency plans to deal with them, the GAO said. It added that the 5000 series guidelines do not include methods for reviewing the risk status of IT projects.

Without such oversight capabilities, it is "likely that acquisition risks will become cost, schedule and performance problems", the GAO said. 

In a letter to the GAO that was included in the report, the Pentagon said it agreed with some of the recommendations. But it disagreed or only partially concurred with others. 

The GAO prefaced its findings by saying that the way in which the Department of Defense has historically acquired IT systems "has been cited as a root cause of these systems failing to deliver promised capabilities and benefits on time and within budget".

Lack of proper oversight has meant that the Pentagon has had limited success in replacing outdated business systems and weak controls over procurement activities, the GAO said. It noted that last year, the defence agency was unable to show financial justifications for four finance and accounting systems that totaled $1bn in costs. 

In addition, the GAO claimed that although the DOD had largely agreed with prior recommendations for improving its IT policies, its progress in "implementing them across the department has been uneven".

Marc L Songini writes for Computerworld

Read more on IT for government and public sector