The Federal Government of the United States, along with its many citizens, depend on the Department of Defense for national defense, security, privacy, and so much more. 


The DoD's three main prioritized values include building a more lethal defense force, creating partnerships and alliances, and constantly reforming the department. American citizens can rest easy at night knowing that DoD personnel are committed to holding the security and defense of our nation safely in their hands.


The department contains nearly three million people operating in more than 160 countries on all seven continents, making it the largest organization within the U.S. Government.


With such great size comes great responsibility -- arguably the largest responsibility in our nation. This is undoubtedly a tough burden to bear for the DoD’s leadership and management personnel.


From an outsider’s perspective, the DoD’s strict, hierarchical management structure seems effective, well-organized, and acceptable for bearing its responsibility and fulfilling the department’s duties.

However, in their 2018 report about risk in the Department of Defense, the Government Accountability Office, or GAO, discussed five key areas that contributed toward labeling the DoD as an organization of “high risk.”

This means that the DoD as a business entity is potentially vulnerable to fraud, waste, abuse, or mismanagement.

But there is still hope for the DoD's infrastructure, particularly through following an Agile approach to management and operations.


The benefits of practicing Agile as a discipline are numerous, from quick identification and resolution of issues through clear communication between team members to rapid modernization through streamlined processes. Following this type of approach could allow the DoD to fulfill its duties with maximized efficiency and simplicity; saving millions of dollars and invaluable time.

Below are the five key issues of the management structure of the DoD that were pointed out in the GAO report.



“Critical actions are needed to address shortcomings and challenges in implementing responsibilities.”

This problem statement refers primarily to the role of Chief Information Officer (CIO) in DoD agencies, specifically problems addressing responsibilities and requirements in the following key areas:

1. Information Technology leadership and accountability
2. IT budgeting
3. Information security
4. IT investment management
5. IT strategic planning
6. IT workforce



These six information technology (IT) management areas are the most important areas of responsibility for someone with the role of CIO. However, many CIOs from the DoD that were interviewed by the GAO have admitted that they have not been very effective in performing these six duties.


In fact, officials of several of the agencies that did not have these duties properly addressed have claimed that their CIOs have attempted to implement other responsibilities that were not required according to policy, instead of focusing on the more important areas in which they were lacking.

So, what’s holding them back? 

Put simply, the GAO has determined that many agencies in the DoD have not fully addressed the roles of their CIOs “consistent with federal laws and guidance.” Without clear guidelines for addressing the role of CIOs and the extent of their responsibilities within their agencies, CIOs are not positioned to effectively acquire, maintain, and secure their IT systems.

Unfortunately, there are two weaknesses within the Office of Management and Budget (OMB), an entity responsible for providing guidance for the CIOs.

First, the OMB does not comprehensively outline the responsibilities of the CIO, leaving it up to others to make their best guesses.

Second, OMB guidance does not ensure that CIOs have a significant role in:
(1) IT planning, programming, and budgeting decisions and
(2) the management, governance, and oversight processes related to IT or execution decisions.

In order to fulfill their roles more effectively, agency CIOs will need more detailed instructions and guidance from the OMB.



“DoD senior leadership has not fully implemented statutory requirements to promote department-wide collaboration.” 

According to the GAO’s report, although the senior leadership in the DoD has clearly been making steps to address organizational challenges, there are still large gaps between their efforts and what is required to support department-wide collaboration.

In fact, leadership had not fulfilled three specific statutory requirements related to guidance and training for cross-functional teams and civilian leaders in the Office of the Secretary of Defense, including:

1. Training cross-functional team members
2. Issuing guidance on cross-functional teams
3. Training presidential appointees in the Office of the Secretary of Defense

These requirements are necessary for supporting cross-functional teams, promoting department-wide cooperation, and fostering a “collaborative culture” across all departments of the DoD.



“Adherence to Best Practices is needed to better manage and oversee business programs.”

Many businesses today try their best to adhere to what are known as Best Practices, or business techniques and actions that will supposedly result in maximum efficiency.

Although the DoD is a government entity, it remains a business, nonetheless. Without special attention given to making sure that agencies are actively following Best Practices, efficiency in the DoD will always fall short.

The negative effects of ignoring best practices presents itself clearly within the weak management policies for programs related to government major automated information systems (MAIS). In their report, the GAO states:

“Until the DoD updates its business systems policy to address gaps in establishing performance information such as baseline estimates on program cost and schedule goals, identifying thresholds to identify high risk, and requiring periodic reports to be provided to stakeholders at regular intervals, stakeholders will likely not have all the information they need to manage and oversee MAIS business programs.”

Due to these inefficiencies, the MAIS programs have experienced large gaps between project cost estimates and actual cots (both overestimates and underestimates), which in turn caused project delays of several months to several years.

Simply put, the lack of foresight about unplanned changes and the lack of preparation for them have had detrimental effects on program efficiency in the DoD.



“The DoD needs to continue improving guidance and plans for effectively managing investments.”

Although the DoD has made recent efforts to build and strengthen a business enterprise architecture (BEA), the DoD, especially its military departments, requires more guidance and actions to complete its reviewing and certifying process for its business systems. 


Actions such as business process engineering, BEA compliance, and having a valid implementation plan have mostly been implemented across military departments. However, shortcomings in other areas such as having a proper acquisition strategy and complying with the department’s auditability requirements threaten the success of all attempts for issuing better guidance in investments.

Perhaps the biggest threat to investment management according to the GAO’s report is a lack of investment in the DoD’s IT business infrastructure. The DoD’s IT infrastructure does not include a roadmap for improving computing and business processes, and unfortunately lacks necessary integration with the organization’s other business infrastructures.

Without proper guidance and planning ahead involved in its infrastructure investments, the DoD is missing the vital support it needs for its business strategies and goals.



“Improvements can be made in applying leading practices for managing risk and testing.”

As previously stated, one of the biggest problems among MAIS programs that were reviewed by the GAO was poor cost estimates and a lack of preparation for unexpected changes. Another issue among these programs pertains to risk testing and management.

The GAO suggests improvements for requirements in managing MAIS programs, especially when dealing with risk. For example, not enough effort is being put into “establishing procedures for defining risk thresholds, developing an overall risk mitigation plan, and filling a key test management position.”

Basically, each program should prioritize creating a plan to identify problems before they occur so as to reduce the negative impacts of risky activities. This plan should also contain clearly established roles, responsibilities, and an action plan for unexpected events.

Luckily, the DoD has responded to this concern and is working to improve its strategies for risk management. Whether or not these efforts are enough to promote efficiency across all MAIS programs remains to be clear.


Fortunately, in the GAO’s most recent High-Risk Report released just a couple months ago, the DoD has made notable improvements in areas such as Supply Chain Management, in which the DoD has improved the visibility of physical inventories, receipt processing, cargo tracking, and unit moves. These improvements have already saved the DoD millions of dollars.

Despite these recent improvements, progress overall for processes in the DoD has been slow and minimal. The DoD’s outdated systems and processes are falling farther and farther behind the curve of exponential growth in current day industries and marketplaces and will therefore need to undergo a drastic transformation.

Practicing Agile would be a great way for the DoD to handle some of their riskiest issues and move toward widespread collaboration, agile small teams, risk mitigation, goal prioritization, and streamlined processes.

Agile is exactly what the DoD, as well as the rest of the Federal Government, needs to achieve the flexibility, efficiency, and streamlined systems required for them to get back to the forefront of modern business processes.

Join the Conversation

If you have any questions or feedback please fill out the comments below.