Selected Defense Programs Need to Implement Key Acquisition Practices
March 28, 2013
What GAO Found
Of the 14 selected Department of Defense (DOD) major automated information system (MAIS) programs, 9 had stayed within their planned cost estimates, while 5 did not (with cost increases ranging from 3 to 578 percent); 5 programs remained on schedule, while 9 experienced delays (ranging from 6 months to 10 years); and 8 programs met their system performance targets, while 5 did not fully meet their targets, and 1 did not have system performance data available. Looking at these areas collectively, 3 programs stayed within their planned cost and schedule estimates and met their system performance targets, and 2 programs experienced shortcomings in all of the areas--cost, schedule, and performance.
The three selected programs demonstrated mixed results in effectively defining and managing risks of various levels. Specifically, Navy's Consolidated Afloat Networks and Enterprise Services had implemented key practices for risk management, including identifying risks that could negatively affect work efforts. In contrast, the Air Force's Defense Enterprise Accounting and Management System's risk reports were out of date and not regularly updated to include the current status of mitigation actions. To its credit, the program had recently taken steps to improve its risk management process, such as establishing a risk and issues working group. These recent steps should help the program effectively identify and manage program risks going forward. Finally, Global Combat Support System-Army had developed program risks and mitigation plans, but the program was using multiple risk management systems that contained inconsistent data. Until the program establishes a risk management system that includes a comprehensive and up-to-date log of all current threats to the program, it will lack assurance that it is appropriately mitigating all identified risks.