GAO: Homeland Security's Enterprise Architecture Lacks Key Elements

The Department of Homeland Security's initial attempt at deploying an enterprise architecture furnishes the agency with a partial foundation to build future versions, but it's missing key elements found in well-defined architectures, the Government Accountability Office said in a report issued Tuesday.

Homeland Security's enterprise architecture fails to adequately describe business processes, information flows among these processes, and security rules associated with the information flows, the GAO said in the report prepared for the House Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census.

The department is integrating 22 federal agencies, each specializing in one or more interrelated aspects of homeland security. Last September, the department issued an initial version of its architecture. Since 2002, the Office of Management and Budget has issued various components of the federal enterprise architecture, which is intended to be a skeleton for informing the content of agencies' enterprise architectures. The panel asked the GAO, the investigative arm of Congress, whether the initial version of Homeland Security's architecture is aligned with the federal architecture.

The GAO says Homeland Security's architecture is based on assumptions about a department or national corporate business strategy and, according to the department, is largely the products of combining the existing architectures of several of the department's predecessor agencies, along with their respective portfolios of system-investment projects.

Homeland Security officials told the GAO that they agree with the auditor's conclusion that their initial version lacks key elements. Department officials say they faced a daunting task, noting that because Homeland Security is a new entity, it lacked a strategic plan and had limited resources and time--it only had four months to meet an Office of Management and Budget deadline last year to submit its fiscal year 2004 IT budget request.

Department officials assure the GAO that the next version of the architecture, due next month, will have much more content. As a result, the GAO says, the department has yet to proffer the necessary architectural blueprint to effectively guide and constrain its ongoing business-transformation efforts and the hundreds of millions of dollars that it's investing in supporting IT assets. "Without this," writes Randolph Hite, the GAO's director of IT architecture and systems issues, "DHS runs the risk that its efforts and investments will not be well integrated, will be duplicative, will be unnecessarily costly to maintain and interface, and will not optimize overall mission performance."

According to the GAO, the department's initial enterprise architecture can be traced semantically with the federal enterprise architecture, meaning that similar terms and definitions can be found in the respective architectures. But, the report says, traceability in terms of architecture structures and functions isn't apparent. Because of this, it's unclear whether the substance and intent of the respective architectures are aligned. GAO blames OMB for not clearly defining its expectations between agencies' enterprise architectures and the federal enterprise architecture, including what it means by architectural alignment.

The GAO recommends that Homeland Security aim to improve the department's architecture content and development approach, and that OMB clarify the expected relationship between agencies and the federal enterprise architectures.