GAO finds holes in DHS architecture

"Homeland Security: Efforts Under Way to Develop Enterprise Architecture, but Much Work Remains"

A Government Accountability Office report found that the Homeland Security Department's initial enterprise architecture lacks significant components for a well-defined business and technology blueprint for integrating the 22 agencies.

Version 1.0 of DHS' enterprise architecture, released a year ago, provides a foundation but lacks sufficient "breadth and depth" in departmentwide operational and technical requirements, according to the report.

For example, the department's "to be" architecture — which describes future capabilities, information needs, business processes and structures — does not satisfy 14 of 34 key elements and only partially satisfies the remaining 20 elements, according to GAO auditors.

Also, the report states that DHS' plan for transforming from the "as is" to the "to be" environment does not outline changes to current business processes and systems, identify existing systems to phase out, include a time frame for replacing those systems, or define staff and allocate funding for the changes.

Working with Science Applications International Corp., DHS officials produced the first version of their enterprise architecture in about four months. Steve Cooper, the department's chief information officer, acknowledged that the architecture lacked depth, characterizing it then as "an inch deep and a mile wide." Version 2.0 is scheduled for release next month.

The GAO report recognizes DHS' time constraints and limited resources, but said without an effective tool, agencies will have a hard time capitalizing on the technology needed for institutional change.

"Nevertheless, the department is in the midst of transforming itself and investing hundreds of millions of dollars in supporting systems without a well-defined architecture to effectively guide and constrain these activities," according to the report. "Following this approach is a risky proposition, and the longer DHS goes without a well-defined and enforced architecture, the greater the risk."

GAO officials are recommending better collaboration among stakeholders and developing and funding a plan to incorporate the missing components into the architecture. It also presented 39 actions to ensure that future versions include key elements.

In the report, GAO auditors said DHS officials agreed that the enterprise architecture needs improvement and assured them that Version 2.0 will incorporate some of the required changes. But they also said they had only four months last year to meet an Office of Management and Budget deadline for submitting their fiscal 2004 information technology budget request. They were forced to develop the architecture with limited resources and without having all the criteria they needed.

GAO auditors recommended that OMB clarify the relationship between the federal enterprise architecture and other agencies' enterprise architectures, which use the federal architecture as a framework. It was unclear whether DHS' initial architecture was aligned with the federal one, the report states.