Summary: GAO designated the transformation of the Department of Homeland Security (DHS) as high risk in 2003, and it continues to do so today. One essential tool for facilitating organizational transformation is an enterprise architecture (EA)--a corporate blueprint that serves as an authoritative frame of reference for information technology investment decision making. The Congress required DHS to submit a report that includes its EA and a capital investment plan for implementing it. The Congress also required that GAO review the report. In June 2006, DHS submitted this report to the Congress. GAO's objective was to assess the status of the EA, referred to as DHS EA 2006, and the plan for implementing it. To meet this objective, GAO analyzed architectural documents relative to its prior recommendations; evaluated stakeholder comments and the process used to obtain them; and analyzed the implementation plan against relevant guidance.
DHS EA 2006 has evolved beyond prior versions, but missing architecture content and limited stakeholder input constrain its usability. While the architecture partially addresses each of the prior GAO recommendations concerning the content of DHS's architecture, the full depth and breadth of EA content that the recommendations solicited is still missing. For example, GAO recommended that DHS use, among other things, an analysis of the gaps between the current ("as-is") and future ("to-be") states of the architecture to define missing and needed capabilities and form the basis for its transition plan. However, DHS EA 2006 does not include a transition plan and it does not include any evidence of a gap analysis. In addition, department stakeholders, including component organizations and the department's EA support contractor, provided a range of comments relative to the completeness, internal consistency, and understandability of a draft of DHS EA 2006, but the majority of the comments were not addressed. Moreover, key stakeholders, such as the Coast Guard and the Transportation Security Administration, did not comment on the draft. GAO found that the extent of stakeholder participation was limited because the approach EA officials used to solicit input did not clearly define the type of information being requested and did not provide sufficient time for responding. Furthermore, DHS's capital investment plan for implementing its architecture is not based on a transition plan and is missing key information technology (IT) investments. Thus, the plan does not provide a comprehensive roadmap for transitioning the department to a target architectural state. Also, the plan does not account for all of DHS's planned investments in IT (excluding about $2.5 billion in planned IT investments). Without an architecture that is complete, internally consistent, and understandable, the usability of the DHS's EA is diminished, which in turn limits the department's ability to guide and constrain IT investments in a way that promotes interoperability, reduces overlap and duplication, and optimizes overall mission performance.
