DOD SYSTEMS MODERNIZATION

Further Action Needed to Improve Travel and Other Business Systems

Report to Congressional Requesters

January 2026

GAO-26-107663

United States Government Accountability Office

A report to congressional requesters.

For more information, contact: Vijay A. D'Souza at dsouzav@gao.gov.

What GAO Found

In May 2023, the Department of Defense (DOD) discontinued its MyTravel initiative and directed all users to return to the previous Defense Travel System (DTS). Based on information from DOD, the department’s abandonment of MyTravel was due to four primary factors: lack of a central leadership authority and advocate for change; insufficient program management practices; inadequate outreach to understand evolving stakeholder needs; and inconsistent inclusion of key users in gathering and tracking program requirements. 

While DOD is reinvesting in DTS to add key capabilities, the department has not yet fully addressed applicable leading practices related to the primary factors of MyTravel's abandonment (see figure). These practices include statutory department-specific business system requirements. Overall, DOD fully addressed 12 practices, partially addressed six, and did not address four. Of particular concern are the three program management and five requirements management practices that are not yet fully addressed. Until it fully implements these practices, DOD risks shortcomings in managing the program and in ensuring that users are involved in requirements gathering and tracking.

Regarding overall system modernization, DOD has department-wide improvements underway. However, its policies and guidance for managing and directing these efforts do not fully address 11 of 23 leading practices and statutory requirements related to the above four factors. For example, the department has established a framework to monitor progress of selected programs but has not established a permanent leadership structure for the efforts or taken steps to ensure that programs fully align with department-wide goals and priorities. Without fully implementing these leading practices and statutory requirements, DOD can experience coordination issues and inconsistent execution in planning and making improvements to its business systems modernization efforts.

Why GAO Did This Study

DOD relies on its travel system to support mission-critical operations. DOD has faced multiple challenges in its many attempts to modernize this system, most recently through the abandoned MyTravel initiative. Similar challenges have kept DOD’s business systems modernization on GAO’s High-Risk List since 1995.

GAO was asked to review the DTS modernization program and DOD’s overall business system modernization. This report examines (1) primary factors that caused DOD’s abandonment of MyTravel, (2) the extent to which DOD is following applicable leading practices in modernizing DTS, and (3) the extent to which DOD is following selected practices in its overall business systems modernization.

To conduct this review, GAO analyzed DOD documentation related to MyTravel and identified leading practices for system modernization. GAO analyzed DOD efforts to modernize its travel system, as well as documentation related to departmentwide business system modernization efforts, against the leading practices. GAO also interviewed relevant DOD officials.

What GAO Recommends

GAO is making 13 recommendations to DOD, including to identify leadership roles for the DTS modernization and department-wide Defense Business Council, and to document details for the tracing and prioritization of requirements. The department concurred with 11 recommendations. Although partially concurring with the remaining two, DOD provided information on steps it had underway or planned to implement all 13 recommendations. GAO will continue to monitor the department’s actions to address these recommendations.

 

 

 

 

 

 

Abbreviations
BEA	business enterprise architecture
BSM	Business Systems Modernization
CIO	Chief Information Officer
DBC	Defense Business Council
DHRA	Defense Human Resources Activity
DOD	Department of Defense
DTM	Defense Travel Modernization
DTMO	Defense Travel Management Office
DTS	Defense Travel System
IT	information technology

January 22, 2026

The Honorable Robert Garcia
Ranking Member
Committee on Oversight and Government Reform
House of Representatives

The Honorable Nancy Mace
Chairwoman
Subcommittee on Cybersecurity, Information Technology, and
   Government Innovation
Committee on Oversight and Government Reform
House of Representatives

The Department of Defense (DOD) is the largest U.S. government department and one of the most complex organizations in the world. DOD employs 2.1 million military service members and approximately 780,000 civilian employees at approximately 4,600 sites. In fiscal year 2022, DOD employees booked over 3.2 million trips using the department’s internal travel systems. In Fiscal Years 2016 through 2018, DOD spent an average of $6.1 billion annually on payments for travel made through Defense Travel System (DTS), the department’s primary system to process travel payments.

In 2018, DOD announced an effort to replace DTS with a new commercial solution, known as MyTravel. The department mandated the use of MyTravel for selected DOD organizations in October 2022. However, in May 2023, DOD abandoned its effort and instructed components to revert to the Defense Travel System.[1] In July 2023, we testified that DOD has faced issues in managing DTS and that DOD’s decision to abandon the MyTravel modernization raised concerns about its ability to implement reforms effectively.[2]

The challenges DOD experienced on its travel system are consistent with those experienced on other business systems modernization efforts over the last three decades.[3] While DOD’s capacity for modernizing its business systems has improved over time, significant challenges remain. As a result of the challenges it has faced, DOD’s business systems modernization efforts have been on GAO’s High-Risk List since 1995.

Given the importance of this modernization and DOD’s past challenges in this area, you asked us to review the DTS modernization program and DOD’s overall business system modernization efforts. Our specific objectives were to determine (1) the primary factors that caused DOD to abandon its migration to the MyTravel system and related leading practices and statutory requirements; (2) DOD’s plans to modernize its travel system and to what extent it is following selected leading practices and statutory requirements in modernizing this system; and (3) to what extent DOD is following selected leading practices and statutory requirements for overall improvement of its business system modernization efforts.

To address the first objective, we reviewed and summarized documentation supporting DOD’s decisions to abandon MyTravel, such as memoranda, department-wide communications, external congressional and executive reports, documentation of decision reviews, and a lessons learned report. We used this information to identify and describe four primary factors that caused DOD to end implementation of MyTravel, and to revert to DTS. We used a two-analyst process in which a first analyst created a mapping of causal relationships between events to justify the groupings for each primary factor, and a second analyst then independently verified all sources and corroborated the logic used for the groupings. We further validated the primary factor results through interviews and discussion with relevant officials within DOD, including in the Defense Manpower Data Center, Defense Services Support Center, Defense Travel Management Office, and the Office of the Chief Information Officer.

Next, we identified leading practices and statutory requirements relevant to the four primary factors through review of past GAO work and DOD policies, in consultation with internal stakeholders. We then chose criteria from each of these sources and grouped them based on applicability to the four primary factors listed above. We used criteria from five main sources, including requirements in the Fiscal Year 2005 National Defense Authorization Act, which was later amended, as codified in 10 U.S.C. § 2222;[4] past GAO work in the areas of stakeholder involvement, interagency collaboration, and systems modernization; and the Capability Maturity Model.[5] We then chose 23 practices and requirements from each of these sources and grouped them based on applicability to the four primary factors listed above. We validated our selection and organization of these leading practices with applicable internal stakeholders.

For the second objective, we reviewed DOD documentation to determine the status of DOD’s plans to modernize its travel system, including current system state documentation, an acquisition strategy, and a DOD presentation on planned future work for the travel system. To determine the extent to which DOD is following leading practices and statutory requirements relevant to modernizing the DTS system, we identified actions DOD has taken or is planning to take to modernize DTS by reviewing documentation such as a business case analysis, project schedule, and maintenance release plan. We compared these actions to modernize DTS against 22 of the 23 leading practices and statutory requirements relevant to factors underlying the abandonment of the MyTravel system discussed above.[6]

To address the third objective, we compiled a list of policy and procedure related actions DOD has taken or is planning to take to improve its department-wide business system modernization initiatives by reviewing current DOD directives, guidance, strategies, framework, and playbooks. We then compared these policy and procedure actions against all 23 selected leading practices and statutory requirements to determine the extent to which improvements DOD is making to its business system modernization efforts are following them. We selected leading practices and statutory requirements based on their applicability to the MyTravel system’s abandonment, due to historical similarities between these practices and requirements and issues encountered on other DOD business systems modernization (BSM) efforts. In our prior work, each of the four primary factors have been relevant to analyses of department-wide weakness in other DOD business systems modernization efforts. DOD has experienced issues in several recent attempted modernizations of its business systems.[7]

In addition to comparing DOD’s department-wide actions to these 23 leading practices and statutory requirements, we also evaluated improvements to DOD’s BSM efforts against leading practices for agency reform identified in our prior work.[8] We have previously used these reform practices to evaluate DOD’s efforts to modernize its travel system as well as other department-wide reform efforts at DOD.[9]

As part of our second and third objectives, we determined, based on the documents and data provided, the extent to which DOD had fully addressed, partially addressed, or not addressed the leading practices and statutory requirements.

·       We considered a leading practice or statutory requirement to be fully addressed when evidence provided by DOD addressed all tasks or activities associated with a specific leading practice or statutory requirement.

·       We considered a leading practice or statutory requirement to be partially addressed when evidence provided by DOD addressed some, but not all, tasks or activities associated with a specific leading practice or statutory requirement.

·       We considered a leading practice or statutory requirement to be not addressed when evidence provided by DOD did not address any tasks or activities associated with a specific leading practice or statutory requirement.

For all three objectives, we interviewed officials in DOD’s Office of the Secretary of Defense and Office of the Chief Information Officer. For example, we interviewed officials to gain further context on travel system status and history, and specifics on DOD actions to improve its efforts to modernize its business systems. For additional detail on our objectives, scope, and methodology, see Appendix I.

We conducted this performance audit from June 2024 to January 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Background

DOD implemented the Defense Travel System (DTS) in the mid-1990s in response to recommendations to provide improved travel capabilities for all DOD employees. Over the next several decades, DTS experienced functional flaws such as improperly displaying flight information, allowing unauthorized premium-class travel, and the processing of improper travel payments.[10] Based on these issues, DOD took steps to modernize its travel system.

Decision to Modernize DOD Travel System

In 2015, DOD began to consider replacing DTS through use of commercial off-the-shelf software. Specifically, in April of that year, the organization then known as the United States Digital Service evaluated the DOD travel process and recommended that DOD pursue a commercial-off-the-shelf solution to improve DTS.[11] According to the Digital Service, use of a commercial-off-the-shelf solution provided advantages such as use of streamlined industry practices and scalability for both system complexity and number of users.[12]

Based on the results of the Digital Service study, the Defense Manpower Data Center conducted a pilot from November 2015 through October 2017 to evaluate the effectiveness of a commercial-off-the-shelf product for defense travel.[13] The Office of the Secretary of Defense submitted a report on the pilot’s progress to Congress in December 2017. The report concluded that the pilot had produced enough information to proceed further with the travel system modernization. It also noted that the pilot suffered from changes to the scope of the project and delays in its execution. According to the report, these changes were due in part to the turnover of DOD executive leadership responsible for the pilot’s oversight.

Following the completion of the pilot, in 2018, DOD awarded a contract to develop a Defense Travel Modernization (DTM) prototype. According to DOD documentation, the purpose of this prototype was to further explore the technical capabilities of the commercial travel services product developed in the pilot.[14] DOD intended the prototype program to identify the requirements needed to provide an effective and efficient travel and travel expensing service. The prototype used a simplified version of the rule set governing DOD business travel.

Decision to Proceed with MyTravel

In October 2020, the Defense Human Resources Activity (DHRA) was granted authority to proceed with acquisition and testing of the DTM prototype. DHRA awarded a contract to continue implementation of the DTM prototype, now referred to as MyTravel.[15] DHRA determined that a competitive process was not necessary for this contract, based on its designation as a highly specialized service, where competition would lead to unnecessary costs or delays on the part of the government.

DOD published an acquisition strategy in March 2021 based on the feasibility findings of the initial pilot and the prototype.[16] This strategy outlined an acquisition approach, program schedule, risk management, and other aspects of the acquisition of MyTravel.

In October 2022, the Under Secretary of Defense issued a mandatory use memorandum, which directed travelers in organizations where MyTravel had previously been implemented to use it for all travel functions it currently supported. This memorandum also directed all organizations that had not yet integrated their Enterprise Resource Planning systems with MyTravel to do so.[17] The mandatory use memorandum did not apply to DOD’s military departments, which were the primary users of defense travel, due to their financial management systems not yet being integrated with MyTravel.[18]

Decision to End MyTravel

DOD continued the implementation of MyTravel through the first half of 2023. However, in May 2023, the Under Secretary of Defense Personnel and Readiness chose not to exercise the next contract option for the MyTravel product, which ended the MyTravel implementation. This decision, documented in a May 2023 memorandum issued by the Under Secretary of Defense for Personnel and Readiness, repealed the mandatory use memorandum and DOD organizations using MyTravel at the time were directed to revert to DTS. The memorandum also recommended that DOD organizations stop any planned financial systems integrations with MyTravel. Figure 1 highlights key decisions made on the travel system, and related issues.

Over time, several different DOD entities had key roles in the implementation and oversight of DTS and MyTravel. See Table 1 for a list of these entities and their travel system-related responsibilities.

Entity	Responsibilities
Cross-Functional Team for Travel	Reviews existing policy, service delivery approaches, and technology within DOD with respect to travel. Published functional, lifecycle, and technical requirements that informed the development of the prototype system which later became MyTravel. Please see Figure 1 for more details.
Defense Human Resources Activity (DHRA)	Established the Defense Travel Modernization Working Group to bring together key stakeholders across the Department’s travel enterprise. It formally established both the Defense Travel Advisory Panel and the Defense Travel Governance Board and managed the acquisition, testing, and deployment phase for the prototype system which later became MyTravel.
Defense Manpower Data Center	Collects and maintains an archive of databases on DOD manpower, personnel, and training. Among other things, the center conducted a travel pilot program to evaluate the effectiveness of a replacement for the Defense Travel System (DTS) system.
Defense Travel Advisory Panel	Integrates policy, financial, travel programs, and systems personnel to advise and approve changes to the Defense Commercial Travel Enterprise. Co-chaired by the Defense Travel Management Office and Defense Manpower Data Center, the Defense Travel Advisory Panel’s role is to ensure that proposed changes to the travel system are reviewed across DOD.
Defense Travel Governance Board	Established to provide a formal governance structure for DOD’s travel system and oversight for the DTS modernization effort. Chaired by DHRA’s Director of the Defense Support Services Center.
Defense Travel Management Office (DTMO)	Serves as the central authority for commercial travel within the DOD, responsible for enterprise programs, automated travel systems, and commercial travel policy. DTMO provided policy guidance for development of the pilot system that would eventually become MyTravel, and co-chairs the Defense Travel Advisory Panel, which advises DOD on changes to its travel enterprise.
Office of the Under Secretary of Defense for Personnel and Readiness	Develops policies, plans, and programs to support DOD services and agencies during both wartime and peacetime operations. Among other things, this office notified congressional defense committees of the department’s intent to conduct a travel pilot program and later submitted a report on its results to Congress.

Source: GAO analysis of Department of Defense (DOD) data. | GAO‑26‑107663

As discussed in more detail later in this report, DOD is planning further work to improve DTS. In particular, DOD plans to invest additional resources in a multi-year modernization of DTS. According to an official in DOD’s Defense Human Resources Activity, this modernization will improve system functionality and close longstanding capability gaps.

Modernization of DOD Business Systems Is a High-Risk Area

DOD business systems include financial systems as well as systems that support other business functions, such as logistics and health care. DOD spends billions of dollars each year to acquire modernized systems, including ones that address key areas such as personnel, financial management, health care, and logistics. For example, for fiscal year 2025, the department requested approximately $64.1 billion for its total IT and cyber activities, including $47.8 billion for its unclassified IT investments. This request also included investments in major IT and other business programs which are intended to help the department sustain its key business operations.[19]

DOD has taken steps to improve its business system investment management process by addressing some associated recommendations. For example, it has established more stable management roles and responsibilities and developed a roadmap with specific actions and associated milestones to help the department to improve management of its portfolio of defense business systems.[20] While DOD’s capacity for modernizing its business systems has improved over time, significant challenges remain.

Since 1995, the modernization of DOD business systems has remained on GAO’s High-Risk List.[21] GAO’s latest High-Risk report, issued in February 2025, highlighted three steps DOD should take to address challenges it faces in improving management of its business systems acquisitions. Specifically, DOD should:

·       improve business systems acquisition management to achieve better cost, schedule, and performance outcomes;

·       manage DOD’s portfolio of business system investments more effectively and efficiently; and

·       leverage DOD’s federated business enterprise architecture to help it identify and address potential duplication and overlap.[22]

Prior Work Highlights Leading Practices and Statutory Requirements Relevant to Improving Business System Modernizations

GAO has developed leading practices relevant to the modernization of business systems such as MyTravel. Appendix II contains a full list of these leading practice criteria and their sources. These leading practices include:

·       Enhancing interagency collaboration.[23] These practices define optimal approaches for collaboration among entities by (1) defining common outcomes; (2) ensuring accountability; (3) bridging organizational cultures; (4) identifying and sustaining leadership; (5) clarifying roles and responsibilities; (6) including relevant participants; (7) leveraging resources and information; and (8) developing and updating written guidance and agreements.

·       Implementing agency reform.[24] These practices provide a framework agencies can use to assess the development and implementation of agency reforms to improve their operational efficiency, and include the following four categories: (1) goals and outcomes for the reforms; (2) applying a process for developing the reforms; (3) effectively implementing the reforms; and (4) strategically managing and aligning the federal workforce for the reforms.

·       Using Agile development practices to involve stakeholders in key decisions.[25] These practices help entities assess an organization’s readiness to adopt Agile and evaluate its current use of Agile methods, and include: (1) ensuring repeatable processes are in place, (2) fostering an organizational culture that supports Agile methods (3) eliciting and prioritizing requirements effectively, (4) balancing customer and user needs with project constraints, (5) ensuring metrics align with organization-wide goals and objectives, (6) establishing management commitment, and (7) committing to data-driven decision-making.

·       Modernizing legacy systems.[26] These practices focus on evaluating whether agencies have adequately planned how they will update or replace aging systems, including: (1) establishing clear milestones to track progress toward modernization goals, (2) providing a detailed description of the work required to modernize the system, and (3) documenting what will happen to the legacy system once the modernization is complete.

·       Managing and tracing requirements.[27] These practices help ensure effective requirements management in the context of system modernizations, including (1) validating requirements to confirm they accurately reflect user and mission needs, and (2) managing requirements with bidirectional traceability to maintain consistency and accountability throughout the lifecycle.

In addition to these leading practices, statute requires DOD to enact practices to better ensure success in the development of individual defense business systems. Specifically, the Ronald W. Reagan National Defense Authorization Act for fiscal year 2005 enacted requirements for initial approval and annual certification of business systems, which were later amended, as codified in 10 U.S.C. § 2222.[28] In particular, DOD is required to annually review and certify compliance for covered defense business systems with the following statutory requirements:[29]

1.     compliance with the agency’s enterprise architecture;

2.     engineering each system to be as streamlined and efficient as practicable, such that the implementation of the system will maximize the elimination of unique software requirements and unique interfaces;

3.     assurance of valid requirements; and

4.     development of acquisition strategies should be designed to eliminate or reduce the need to tailor commercial-off-the-shelf systems to meet unique requirements or incorporate unique interfaces to the maximum amount practicable.

GAO Has Recommended Actions to Improve DOD Business Systems, Including Its Travel System

Prior GAO reports have outlined actions DOD could take to improve modernization of its business systems. For example:

·       In March 2023, we reported that DOD had not updated certification guidance for business systems to comply with statutory requirements. These requirements include establishing oversight processes, using and communicating quality information, sustaining leadership commitment, and managing risk.[30] We made nine recommendations that DOD update this certification guidance to address statutory requirements for, among other things, alignment with DOD’s business enterprise architecture, the promotion and use of valid, achievable requirements, and reduction of the need to tailor commercial-off-the-shelf solutions. As of August 2025, DOD had not demonstrated that its updated certification guidance fully addressed these statutory requirements. DOD had partially addressed six of our recommendations but had not addressed three others.

·       In June 2025, we reported that 14 of 24 DOD IT business programs reported cost and/or schedule changes since January 2023 and programs reported mixed progress in meeting performance targets.[31] We made one recommendation to DOD; it has not yet been implemented. Specifically, we recommended that the agency ensures that IT business programs identify and report results data on performance metrics in each of several categories, such as customer satisfaction, strategic and business results, financial performance, and innovation.

GAO has also made recommendations to DOD to improve its travel system. For example:

·       In January 2006, we reported that the DTS system was experiencing functional flaws such as improperly displaying flight information and allowing unauthorized premium-class travel.[32] We made 10 recommendations to DOD, including that DOD take steps to streamline its travel management practices. DOD implemented eight of our recommendations, but did not take steps to monitor the number and cost of processing travel vouchers outside of DTS or to simplify the display of airfares in DTS. DOD officials told us that they had not developed the means, nor did they plan to develop the means, to ascertain the number of vouchers that are processed outside of DTS. They also told us that the department did not plan to make any additional changes to the manner in which flights were displayed to the traveler.

·       In August 2019, we reported that DOD could do more to reduce improper payments in its defense travel program.[33] We issued five recommendations, including that DOD consider data on improper payment rates in its remediation approach, define terminology, and consider cost effectiveness in deciding how to address improper payments. DOD has implemented all five recommendations.

Further, in July 2023, we testified that DOD’s decision to abandon the MyTravel modernization raised concerns about its ability to implement reforms effectively. To address these persistent travel system challenges, we reiterated the importance of past GAO recommendations that could assist DOD in transforming its business operations and assess reform efforts. Among other things, these recommendations include improving policy compliance monitoring, providing stronger oversight of acquisition programs, modernizing DOD’s business enterprise architecture, and adopting sustainable reform strategies. We also listed several leading practices for reform that DOD could use to improve its business systems modernization outcomes.

Key Factors Led to Abandonment of the MyTravel System; Leading Practices and Requirements Could Have Helped Mitigate Them

Four primary factors led DOD in May 2023 to abandon development of the MyTravel system and direct its components to revert to using DTS: (1) lack of leadership authority and advocate for change; (2) inconsistent use of leading program management practices; (3) insufficient outreach to understand evolving stakeholder needs; and (4) inconsistent inclusion of key users in gathering and tracking requirements. Implementation of selected leading practices identified in our prior work and by others, as well as specific DOD statutory requirements, could have helped mitigate these factors.

Four Primary Factors Led to the MyTravel System Abandonment

Our assessment of DOD documentation, including an assessment of lessons learned and congressional hearing transcripts, identified four primary factors that led to the abandonment of MyTravel. These factors are listed in figure 2.

DOD Lacked Sufficient Leadership Authority to Prioritize Aspects of Its Modernization

The transition to MyTravel lacked sufficient leadership authority to coordinate implementation efforts, prioritize the most central risks to the system, and more quickly identify potential issues that would prevent the MyTravel modernization effort from achieving its desired outcomes. According to DOD lessons learned documentation, the MyTravel implementation did not have a central decision-making body that could have assisted DOD in recognizing the need for and coordinating of a mitigation plan when faced with an unexpected lack of resources.[34] This body could also have taken steps such as encouraging the utilization of MyTravel over DTS when both systems were live and limiting changes made to DTS while MyTravel implementation was ongoing to promote use of the latter.[35]

According to DOD’s lessons learned document, the transition to MyTravel also did not have an official or organization with sufficient authority to advocate for changes to outdated travel regulations, such as in determining incidental allowances for traveler lodging. DOD’s MyTravel lessons learned document also stated that the timeline establishing planned use by DOD services of MyTravel was further extended due to the department not updating travel regulations.

DOD Did Not Fully Incorporate Program Management Practices in Managing its Modernization

According to DOD’s lessons learned document, the implementation of MyTravel lacked definite project planning milestones for when the DTS system would be sunset. This uncertainty, combined with unexpectedly long lead times DOD took in adding new features requested by users, made it difficult for users to justify switching over from DTS until the later stages of MyTravel, causing lower utilization. The modernization effort also lacked flexibility to adjust to changes or issues in development as they arose, stemming from its decision to use a firm-fixed price contract for MyTravel and to develop it as a commercial off-the-shelf product that was not easily customizable.[36]

Regarding change management, according to DOD’s lessons learned document, DOD did not take steps to manage impacts to users when making changes to functional elements of MyTravel. Specifically, the technical elements of MyTravel were not coordinated over time with functional features, and there was no path for risk escalation when the two diverged. For example, legacy features previously present in DTS were dropped in MyTravel, and DOD did not track the impact of not having these features on the number of MyTravel end users.

DOD Did Not Consistently Perform Outreach to Understand Evolving Stakeholder Needs

During the MyTravel implementation, DOD did not perform sufficient outreach to understand the functions most important to stakeholders. For example, DOD struggled to account for a change in prioritization by the military services stakeholders. Specifically, DOD organizations using MyTravel had to make manual adjustments to financial transactions as their enterprise planning systems could not automate those adjustments.[37] The use of these manual adjustments impacted services’ ability to achieve an unmodified audit opinion.[38] Additionally, outreach to end users to promote and market the use of MyTravel was insufficient due to individual components being responsible for MyTravel’s promotion, rather than a central, DOD-wide campaign.[39]

Further, DOD did not adequately consider impacts to stakeholders when revising elements of MyTravel. According to officials, DOD did not recognize the importance of buy-in from the services on the overall success of MyTravel. There also was no clear understanding of how to support the complex integration of MyTravel into the DOD services’ financial management systems or provide time to accommodate the temporary loss of key features such as support for long-term temporary duty travel.

DOD Did Not Fully Include Key Users in Requirements Gathering and Tracking

After stakeholder needs were established, insufficient contact with military services during the system requirements setting process played a role in DOD’s decision to abandon its migration to the MyTravel system. According to DOD’s MyTravel lessons learned document, the department did not fully include services in requirements gathering until after MyTravel went into production. For instance, DOD did not get input from Army officials on key feature and interface requirements for MyTravel until after the system was operational. According to DHRA officials, a key reason for this was that implementation of MyTravel lacked a milestone to ensure that services’ needs were captured in requirements as part of a minimum viable capability release. As a result, there were persistent capability gaps between DTS and MyTravel that reduced the motivation for services to switch to the new system.

Leading Practices Relate to Primary Factors for MyTravel Abandonment

Selected leading practices and statutory requirements, if implemented, could have helped to mitigate the primary factors leading to MyTravel’s abandonment. Table 2 lists 23 selected leading practices identified in our prior work and by others, as well as statutory requirements, that are relevant to elements of each of the four primary factors. These leading practices are also listed according to their source in Appendix II.

Primary factor for abandonment of the MyTravel system	Leading practice
Lack of sufficient leadership authority and advocate for change	Establish management commitment.
	Commit to data-driven decision making.
	Organization culture supports Agile methods.
	Identify and sustain leadership.
	Define common outcomes.
	Ensure accountability.
Inconsistent use of leading program management practices	Comply with the agency’s enterprise architecture.
	Describe the work necessary to modernize the system.
	Include milestones for completing the modernization in system modernization plans.
	Ensure metrics align with organization-wide goals and objectives.
	Ensure repeatable processes are in place.
	Include details regarding the disposition of existing legacy system.
Insufficient outreach to understand evolving stakeholder needs	Clarify roles and responsibilities.
	Bridge organizational cultures.
	Include relevant participants.
	Leverage resources and information.
	Develop and update written guidance and agreements.
Inconsistent inclusion of key users in gathering and tracking requirements	Have an acquisition strategy designed to eliminate or reduce the need to tailor commercial-off-the-shelf systems to meet unique requirements or interfaces.
	Elicit and prioritize requirements.
	Streamline and minimize unique requirements and interfaces.
	Balance customer and user needs when coordinating implementation of requirements.
	Validate requirements.
	Manage requirements and ensure bidirectional traceability.

Sources: GAO analysis of leading practices and statutory requirements against Department of Defense (DOD) information. | GAO‑26‑107663

Note: Information is from Defense Business Systems (10 U.S.C. § 2222(g)); ISACA, Capability Maturity Model Integration (CMMI), Version 3.0 (Schaumburg, IL: April 2023); and GAO, Agile Assessment Guide: Best Practices for Adoption and Implementation, GAO‑24‑105506 (Washington, D.C.: Dec. 15, 2023); Government Performance Management: Leading Practices to Enhance Interagency Collaboration and Address Crosscutting Challenges, GAO‑23‑105520 (Washington, D.C.: May 24, 2023); and Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems, GAO‑19‑471 (Washington, D.C.: June 11, 2019). CMMI Model Copyright © 2023 ISACA. All rights reserved.

Note: For more information on the sources of leading practices and statutory requirements, see Appendix II.

Examples of cases where implementation of specific leading practices or statutory requirements could have been beneficial during MyTravel’s implementation include:

·       Regarding leadership authority, as stated above, DOD could have demonstrated stronger management commitment by encouraging use of MyTravel over DTS when the former had completed development. Further, travel system leadership could have defined common outcomes by advocating for changes that it judged as necessary to travel regulations. According to DOD’s MyTravel lessons learned document, the removal of these changes resulted in delays to the timeline for implementing MyTravel.

·       Regarding program management, DOD could have followed leading practices in this area by specifying more definite milestones for sunsetting the DTS legacy system. Further, DOD could have better ensured repeatable processes were in place by taking steps to regularly compare that planned technical elements of MyTravel were coordinated with functional requirements needed by end users.

·       Regarding outreach to understand evolving stakeholder needs, DOD could have given responsibility for the promotion and marketing of the MyTravel system to one department-wide official. Further, by developing and updating written guidance and agreements, DOD could have formalized and specified commitments by military services to using MyTravel.

·       Regarding requirements management, DOD could have more quickly resolved capability gaps between DTS and MyTravel to increase the motivation for military services to switch to the new system. Further, by adding a milestone review to ensure that services’ needs were captured in requirements, DOD could have received formal input from services earlier in the MyTravel development process, allowing for additional time to incorporate that input.

DOD Has Developed Plans to Modernize DTS but Has Not Fully Incorporated Selected Leading Practices

Since abandoning MyTravel in 2023, DOD has taken steps to modernize the Defense Travel System, the travel system in use prior to and during the attempted MyTravel transition. In particular, DOD plans to use ongoing updates and invest additional resources to begin a six-year modernization of DTS. According to DHRA officials, this reinvestment will build on continuous updates made to DTS, while also addressing key capability gaps.

Although it is progressing with plans to improve DTS, DOD is not fully following leading practices and statutory requirements. For example, DOD has not fully documented key modernization milestones, aligned performance metrics with organizational goals, or demonstrated compliance with its enterprise architecture by ensuring new system components integrate with existing DOD IT infrastructure.

DOD Plans to Modernize DTS to Address Key Capability Gaps

Following its decision to end MyTravel operations, DOD convened a working group in November 2023 to determine the best path forward for its defense travel modernization initiative.[40] The working group considered several options, prioritizing factors such as cost efficiency, familiarity among staff with the platforms planned for use, system usability, and integration with the system’s existing payment infrastructure. The working group determined that a phased reinvestment strategy for DTS would best satisfy requirements and provide the needed operational benefits.[41] Based on the working group’s analysis, DOD chose the option to reinvest more resources in DTS, rather than to build a new system.

To further support this decision, the DHRA office performed a business case analysis that identified the specific capability need and an analysis of solutions that would meet that need in line with DOD requirements. The business case analysis, finalized in November 2024, evaluated viable travel system options and confirmed that continued reinvestment in DTS was the best option. This recommendation reinforced the initial findings of the working group from November 2023.

As part of this effort, DOD plans to build on ongoing DTS sustainment activities while also addressing key capability gaps in financial, technical, and functional areas. According to officials from the Defense Support Services Center, though DTS currently remains in a sustainment phase, DOD is planning for broader reinvestment in it.[42] DOD has used Agile development principles to make enhancements to DTS prior to the use of MyTravel, and, according to DHRA officials, intends to continue these Agile processes in the future.

Officials also stated that the department’s goal in aligning current sustainment activities with planned modernization efforts is to allow DOD to improve system functionality and close longstanding capability gaps. DOD aims to do so without launching an entirely new, separate modernization program or delaying crucial improvements by waiting for new programs to advance through their various development phases. According to officials from the Defense Support Services Center, enhancing DTS would allow it to fold enhancement costs directly into existing budgets, providing a better focus on critical needs like improved usability, payment integration, enhanced reporting, and mobile capabilities.

As part of its reinvestment strategy for DTS, DOD is building on policy updates it made previously to align with changing travel regulations, financial management systems, and cybersecurity standards. For example, DOD implemented updates to accommodate changes to department-wide joint travel regulations, new federal financial reporting rules, and integration with evolving industry practices, such as ensuring access to a broader range of commercial airline bookings through the system.[43]

DOD also introduced automated tools within DTS to reduce improper payments and improve compliance with legislative requirements, such as those in the Payment Integrity Information Act.[44] A representative from the Defense Support Services Center noted that the adjustments to DTS were made to ensure compliance with laws and regulations.

DOD has outlined a six-year plan for making its improvements to DTS, which is scheduled to begin in Fiscal Year 2027. DOD’s reinvestment plan prioritizes addressing gaps identified by a department-wide working group. It includes enhancements such as streamlined travel approval processes, cloud infrastructure assessments, improved data reporting, and features like automated trip planning assistance and the ability to remove inactive users from workflows.

Ongoing Efforts to Modernize DOD’s Travel System Do Not Fully Follow Selected Leading Practices

DOD has taken steps to address leading practices and statutory requirements to modernize its travel system, but efforts to address remaining practices and requirements remain incomplete. Specifically, of 22 leading practices or statutory requirements relevant to the primary factors for abandonment of the MyTravel system, DOD fully addressed 12, partially addressed six and has not addressed four. Figure 3 shows the extent to which DOD has incorporated 22 applicable leading practices and statutory requirements in its modernization of DTS.[45]

DOD Lacks Sufficient Leadership Authority to Prioritize Aspects of the DTS Modernization

Establishing sufficient and effective leadership authority includes six leading practices: (1) establishing management commitment, (2) supporting the development and use of data-driven decision-making, (3) fostering an organizational culture that promotes modern practices, specifically Agile development, (4) defining short- and long-term common outcomes to address challenges, (5) ensuring accountability through clear performance measures, and (6) identification and sustainment of leadership.[46] DOD has fully addressed four and partially addressed two of these practices. Table 3 provides details on how DOD has addressed the six practices with respect to the DTS modernization.

Leading practice	Assessment	Description of assessment
Establish management commitment.	●	The Department of Defense (DOD) established management commitment to the Defense Travel System (DTS) modernization by committing to a multi-year plan for making improvements to DTS that builds on previous travel system policy updates to align with changing travel regulations, financial management systems, and cybersecurity standards. DOD delegated overall responsibility for the DTS implementation to the Defense Travel Modernization Office (DTMO). To facilitate travel system improvements, DOD implemented updates to accommodate changes to department-wide joint travel regulations, new federal financial reporting rules, and integration with evolving industry practices. DOD also allocated resources to the performance of a business case analysis that identified specific travel system capability needs and analyzed a range of potential solutions to meet those needs.
Commit to data-driven decision making.	●	DOD has committed to data-driven decision making on the DTS modernization. For instance, the contract governing system sustainment calls for the tracking of metrics in areas such as availability, disaster recovery, and software quality. DOD also produces year-long trend analyses for these metrics. DOD also has produced a document outlining, at a high-level, goals for the modernization of DTS, including documentation of the content of five planned software updates, timing for when each update will occur, and which part of the system each update affects.
Organization culture supports Agile methods.	◐	DOD has emphasized usage of Agile practices for its systems modernizations, including for business systems modernizations such as DTS. DOD has integrated Agile practices into both its training and acquisition strategies. DOD policy and guidance promotes the use of Agile practices as part of the development of DTS, and DOD has committed to using certain Agile practices as part of the DTS modernization. However, the DTS program office is not required to document their commitment to using Agile practices.
Identify and sustain leadership.	◐	DOD has identified key leadership entities and assigned them roles in overseeing functional, technical, and financial aspects of DTS modernization. However, the formal documentation designating the DTMO as the leadership authority for the modernization effort has not yet been finalized.
Defining common outcomes.	●	DOD has defined common modernization outcomes through formal governance structures. Specifically, in implementing a business case analysis for DTS, DOD has identified crosscutting challenges and opportunities across functional, technical, and financial domains, and outlined short-term outcomes like system releases and incremental efficiency improvements, alongside its long-term DTS modernization goals.
Ensuring accountability.	●	DOD has demonstrated the development of mechanisms to monitor, assess, and communicate progress toward short- and long-term modernization outcomes. Among other things, DOD has established processes for management to monitor progress through regular performance reports, which include information on release quality and deployment schedules. It has also developed a business case analysis methodology to track long-term progress and to monitor the resolution of functional, technical, and financial gaps, system efficiency, and potential cost savings. Officials in the DTMO participate in weekly meetings to identify and monitor any delays or issues.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of agency data. | GAO‑26‑107663

As mentioned above, DOD has fully addressed four and partially addressed two of the six leading practices in this area. Specifically:

·       DOD has taken steps to promote an organizational culture that supports Agile development for its business systems modernization efforts, for example by integrating Agile practices into both its training and acquisition strategies. In addition, DOD policy and guidance promotes the use of Agile practices for DTS and other business systems.

However, DOD policy does not require owners of business systems such as DTS to document their commitment to using Agile practices. According to DOD policy governing use of Agile software practices, such a documented commitment is unnecessary for DTS because it delivers anticipated value, meets requirements, and successfully iterates based on customer feedback.[47] The policy also states that DTS would require written documentation of its use of Agile practices were it to no longer meet these criteria. However, DOD did not provide documentary evidence to support the ways in which DTS met these requirements. Without documenting the extent of its commitment to Agile practices, DOD risks that it will not be using modern practices in the DTS modernization effort.

·       DOD has taken steps to identify entities with leadership responsibilities for the DTS modernization, such as the Defense Travel Management Office (DTMO), Defense Human Resources Activity (DHRA), and Defense Manpower Data Center. DOD has identified DTMO as the overall leader of the modernization.

However, DOD has not documented leadership authority roles for the DTS modernization. According to an official in DOD’s Defense Human Resources Activity, delays in filling the Undersecretary of Defense for Personnel and Readiness position have prevented the department from assigning permanent leadership authority for the DTS modernization. Without doing so, DOD’s ability to establish effective leadership authority over the DTS modernization will be limited.

DOD Inconsistently Incorporates Leading Practices for Program Management in Its DTS Modernization

Effective program management is essential to successful modernization of large-scale systems like DTS because it ensures that programs are meeting cost, schedule, and performance goals and that risks are being managed efficiently. The applicable statute calls for DOD business systems to comply with the agency’s business enterprise architecture.[48] Additionally, effective program management incorporates the following four leading practices: describing the work necessary to modernize the legacy system; creating milestones to complete modernization; ensuring that metrics align with organization-wide goals and objectives; and ensuring repeatable processes are in place that support consistent and effective program oversight.[49]

DOD has fully addressed two, partially addressed two and not addressed one of the five leading practices and statutory requirements in this area. Table 4 shows the extent to which each of these practices and statutory requirements has been addressed by DOD’s DTS modernization efforts.

Leading practice	Assessment	Description of assessment
Comply with the agency’s enterprise architecture.	○	The Department of Defense (DOD) has not demonstrated that the DTS modernization effort complies with a department-wide requirement to align modernizations with DOD’s enterprise architecture. Specifically, while DOD reported in its most recent annual certification results that it was in compliance with the department-wide enterprise architecture for the DTS system, related documentation did not contain details on the steps DOD took to achieve system-level compliance for DTS, or rationale for why it considered the requirement met.a
Describe the work necessary to modernize the system.	●	DOD has defined the work necessary to modernize DTS. In particular, DOD entities with responsibility for performing this work, including the Office of the Chief Information Officer, Office of the Under Secretary of Defense, and Defense Manpower Data Center, identified capability gaps and ways to track them to closure, and produced essential planning artifacts such as an implementation timeline, a maintenance release plan, and summaries of requirements gaps.
Create milestones to complete the modernization.	◐	DOD created a notional timeline that includes milestones for the planned functional, technical, and financial enhancements recommended by the Defense Travel Modernization Working Group that are planned to be included in DTS. However, these milestones lack specific dates and are not integrated into the overall implementation timeline.
Ensure that metrics align with organization-wide goals and objectives.	◐	DOD demonstrated its use of metrics to track its performance in achieving improvements to DTS. For example, monthly quality status reports including, among other things, information on any significant deficiencies noted and year-long trend analyses. However, these metrics are not directly linked to the goals or milestones in DOD’s high-level outline for the DTS modernization.
Ensure repeatable processes are in place.	●	DOD has put in place repeatable processes for DTS modernization, using daily reviews and regular updates for management oversight. For example, the contract that provides technical support services for the sustainment and maintenance of DTS requires use of Agile development methodologies, continuous integration of software additions and changes, use of daily standup meetings, and regular updates to the Defense Manpower Data Center on the modernization’s progress. The DTS Program Management Office also conducts monthly sprint reviews focusing on areas such as security scans and defect fixes.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of agency data. | GAO‑26‑107663

^aIn July 2015, we recommended that DOD take additional action to improve management of its business enterprise architecture activities. Since then, DOD has initiated and restarted multiple efforts to improve its business enterprise architecture. See GAO, DOD Business Systems Modernization: Additional Action Needed to Achieve Intended Outcomes, GAO‑15‑627 (Washington, D.C.: Jul. 16, 2015).

As mentioned above, DOD has partially addressed two and has not addressed one of the five leading practices and statutory requirements in this area. Specifically:

·       DOD has not yet taken steps to ensure that its actions to improve DTS are in compliance with the department’s enterprise architecture. Although statute requires that all covered defense business systems—including DTS—are or will be in compliance with the department’s enterprise architecture,[50] DOD did not provide evidence specific to DTS demonstrating that this requirement has been met.

Officials in DOD’s Office of the Chief Information Officer stated that, while DOD produces department-wide reports that aggregate relevant information, this information is compiled into a spreadsheet that is not easily disaggregated to show compliance for an individual system such as DTS. However, high-level compliance assertions with DOD’s enterprise architecture are required for each individual system.[51] Without demonstrating the steps it took to achieve system-level compliance for DTS, or rationale for why it has achieved compliance, DOD risks less certainty in ensuring alignment between the DTS modernization and department goals and priorities.

·       Although DOD established several interim milestone dates for completing its planned improvements to DTS, these dates are not reflected or tracked on the overarching implementation timeline. Additionally, DOD has not developed a well-defined schedule to complete the DTS modernization.

According to leadership from the Defense Travel Management Office and the program management team supporting the modernization effort, the department’s current notional timeline is a guideline for potential capability gap implementation and will be updated as the budget and funding dependencies are resolved. However, without integrating milestones into the overall implementation timeline or having a definitive completion schedule, DOD risks not meeting program schedule goals.

·       The department has created metrics that align with and prioritize organization-wide goals and objectives by tracking the content of specific activities over the course of a release and showing DTS work progress through a cumulative flow diagram. However, these metrics are not clearly traceable to evolving organizational goals and priorities for the modernization.

DTS program management officials stated that metrics delivered to the customer are higher-level and focused on overall program functionality, such as progress to date or overall timeline. These metrics are different from internal team metrics geared towards internal performance measurements such as internal test results and time to complete subtasks. However, if metrics are not tailored to convey developers’ progress and achievements to internal and external customers, it can impede feedback and communication between both entities.

DOD Performed Outreach to Determine Stakeholder Needs on Its DTS Modernization

Effective stakeholder outreach is essential to successfully modernizing large-scale systems like DTS in cases where stakeholder priorities and system dependencies shift over time. Effective stakeholder outreach to understand evolving stakeholder needs incorporates the following five leading practices for interagency collaboration: (1) clarifying roles and responsibilities, (2) bridging organizational cultures, (3) including relevant participants, (4) leveraging resources, and (5) establishing written guidance to institutionalize best practices.

DOD has fully addressed these leading practices in its approach to DTS modernization.[52] Table 5 shows the extent to which each of these practices is addressed with regards to DOD’s efforts to improve DTS.

Leading practice	Assessment	Description of assessment
Clarify roles and responsibilities.	●	The Department of Defense (DOD) has clarified roles and responsibilities for the modernization of DTS by establishing formal governance bodies, such as the Defense Travel Advisory Panel and Defense Travel Governance Board, to oversee system improvements and ensure alignment with enterprise-wide objectives.
Bridge organizational cultures.	●	DOD has bridged organizational cultures by institutionalizing formal strategies that promote cross-agency cooperation and trust. These efforts include standing up the Defense Travel Advisory Panel and the Defense Travel Modernization Working Group, and adopting the Defense Travel Advisory Panel Charter, which outlines decision-making roles, voting procedures, and engagement protocols to support collaborative operations.
Include relevant participants.	●	DOD has demonstrated its inclusion of relevant stakeholders in modernization activities. For example, DOD coordinates with contracting officers, as well as the Defense Manpower Data Center, which is responsible for analyzing the allocation of manpower and personnel with respect to mission needs, at weekly sustainment meetings. DOD has set up a variety of recurring meetings with DTS program participants to foster regular communication on status details for ongoing efforts. Mechanisms for stakeholder feedback are also incorporated into system development activities.
Leverage resources and information.	●	DOD has leveraged resources to improve stakeholder outreach on its DTS improvements by assigning dedicated product owners, project managers, and development staff to incorporate user feedback into system improvements.
Develop and update written guidance and agreements.	●	DOD has established written guidance to improve outreach to stakeholders, such as the components for which DTS will be implemented and their end users, by creating an updated business case analysis and a formal communication plan so that stakeholders are informed and engaged.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of agency data. | GAO‑26‑107663

DOD has taken action to coordinate with stakeholders during the DTS modernization. Collectively, its efforts promote consistent coordination and enhance the likelihood of DOD achieving its DTS modernization goals. For instance, the department has clarified responsibilities by developing formal documentation that outlines roles, voting procedures, and dispute resolution processes; bridged organizational cultures through the adoption of cross-agency collaboration strategies; and increased the inclusion of relevant stakeholder participants by integrating user group feedback into system development.

DOD Has Not Consistently Included Key Users in Gathering and Tracking Requirements Over Time on the DTS Modernization

For successful system modernization, effective requirements management is critical for ensuring that new solutions meet user needs and expectations and to reduce the risks of cost overruns and project failures. Effective requirements management incorporates implementation of the following leading practices: (1) eliciting and prioritizing requirements; (2) balancing customer and user needs; and (3) managing requirements and ensuring bidirectional traceability.[53] Additionally, statute calls for DOD business systems to (4) have an acquisition strategy designed to eliminate or reduce the need to tailor commercial-off-the-shelf systems to meet unique requirements or interfaces, (5) streamline and minimize unique requirements and interfaces, and (6) validate requirements.[54]

DOD has fully addressed one, partially addressed two and not addressed three of these six leading practices and statutory requirements. Table 6 provides details on the extent to which DOD has implemented these leading practices or statutory requirements as part of the DTS modernization.

Leading practice	Assessment	Description of assessment
Elicit and prioritize requirements.	◐	DOD has taken steps to elicit and refine requirements for DTS, for example through use of focus groups, regular meetings, and problem reporting processes to foster communications across stakeholders, as part of updating system features such as travel lodging options and user reimbursement calculations. However, DOD has not demonstrated a consistent process for receiving stakeholder feedback on new requirements. DOD also could not demonstrate how user feedback is systematically evaluated and converted into actionable non-functional requirements, in areas such as security and privacy.
Balance customer and user needs when coordinating implementation of requirements.	◐	DOD makes decisions on which system updates to prioritize based on factors such as impact on end users and level of urgency for which the update is needed. A review team made up of government and contractor staff convenes regularly to review and rank these items, and meeting notes show what was discussed and decided. However, DOD did not document the specific factors that the review team considered to determine their relative value. Insufficient consideration of the relative value of work performed is often an indication that a product owner is not prioritizing requirements throughout development and could be developing functionality that is not immediately necessary.
Manage requirements and ensure bidirectional traceability.	●	DOD has produced artifacts that demonstrate structured processes for tracking system requirements changes and aligning them with project goals. For example, DOD manages system requirements changes by tracking the lifecycle of proposed system modifications. This system includes key details on the initiation, content, and approval of each change that enable DOD to monitor its status and progression through implementation. Additionally, the DTS change management plan outlines formal processes for controlling changes, ensuring they trace back to modernization objectives. Program documentation, such as a project schedule and documented lessons learned, further incorporate requirement tracking activities into planning and implementation.
Have an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements or interfaces.	○	DOD reported compliance with three statutory requirements for the DTS system: to consider an acquisition strategy that reduced the need to tailor commercial off-the-shelf systems to meet unique requirements or interfaces, to streamline and minimize unique requirements, and to validate system requirements. However, for each of these three requirements, DOD documentation did not include details on the steps it took to achieve system-level compliance for DTS, or rationale for why it considered the requirements met. A DOD official noted challenges in capturing and demonstrating the prioritization of non-functional requirements and acknowledged that aspects of their requirements refinement process are not fully documented.
Streamline and minimize unique requirements and interfaces.	○
Validate requirements.	○

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of agency data. | GAO‑26‑107663

As mentioned above, DOD has partially addressed two and not addressed three of the six leading practices and statutory requirements in this area. Specifically:

·       DOD gathered input on stakeholder requirements through focus groups, monthly meetings, and travel system feedback sessions, and relies on coordination with DTMO and the DTS program management office to adjust implementation priorities as needed. However, the department has not demonstrated a consistent process for eliciting stakeholder feedback on new requirements. For example, DOD documentation does not include information on how insights from focus groups were translated into formal requirements or prioritized for development. DOD documentation also does not include information on ways in which user feedback is systematically evaluated and converted into actionable requirements, including for non-functional requirements, such as security and privacy requirements.

An official in the Defense Manpower Data Center noted challenges in capturing and demonstrating the prioritization of non-functional requirements and acknowledged that aspects of their requirements refinement process are not fully documented. Unless DOD takes steps to more completely capture all requirements, it risks its solutions not meet user and stakeholder expectations.

·       DOD has taken steps to balance customer and user needs by documenting its requirements valuation and prioritization process—including through meeting minutes that list issue summaries, user impact, workarounds, and resulting prioritization decisions. However, DOD documentation does not sufficiently explain how the team consistently measures or compares the relative value of different work items. This gap means that, though urgent needs may be addressed, there is no clear indication that the product owner uses a value-based framework to ensure the most beneficial user needs are prioritized and reflected in the functionality it develops.

Officials in the DTS program management office attributed this deficiency to the lack of a defined, consistent mechanism for comparing and determining the relative value of different project tasks. Without developing a more consistent framework for determining the relevant value of project task elements, DOD risks prioritizing less-valuable user needs as part of its modernization of DTS.

·       DOD annual certification results report that DTS is in compliance with statutory requirements for developing an acquisition strategy that minimizes customization of systems, eliminating outdated or duplicative requirements, and validating system requirements. However, DOD documentation does not detail how compliance was assessed, or the steps DOD took to achieve compliance.

Officials in DOD’s Defense Support Services Center attributed these gaps to a reliance on aggregated reporting that obscures compliance details for individual systems like DTS. Without documenting details of how it demonstrated compliance with these requirements, DOD faces uncertainty in setting up a process to ensure continued compliance for future business system modernization efforts.

DOD Has Not Fully Addressed Selected Leading Practices in Its Overall Business Systems Modernization

As mentioned previously, DOD has initiated a variety of efforts to improve its ability to modernize its business systems in response to long-standing challenges. DOD has also continued to make progress on ongoing improvement efforts, as previously reported by GAO.

Similar to its travel system modernization, DOD business system modernization activities could benefit from the incorporation of selected leading practices. DOD has fully addressed 12 of 23 selected leading practices and statutory requirements relevant to establishing sufficient department-wide priority and leadership, incorporating leading program management practices, performing sufficient outreach to and collaboration with key stakeholders, and managing and tracing user and stakeholder requirements. However, DOD did not fully address 11 other selected practices and requirements.

GAO has also identified leading practices for conducting agency reforms that are applicable to DOD’s business systems modernization efforts. DOD policies and guidance fully addressed two and partially addressed two of four leading practices for conducting agency reforms. Specifically, DOD policies and guidance generally address goals and outcomes of department reforms, and a process for developing these reforms, but DOD has not completed key documentation related to implementing reforms of its business systems modernization efforts.

DOD Has Several Efforts Underway to Modernize Its Business Systems

DOD has initiated several new efforts to improve the management of its business systems in response to long-standing challenges. These efforts, overseen by the Defense Business Council (DBC) and requiring approval from the Chief Information Officer (CIO), include the following:[55]

·       creation of a new DOD “high-risk” designation for business systems that requires special approvals to continue to the next phase of development;[56]

·       an update to key policy documentation, such as DOD’s instruction for business systems requirements and acquisition, and two policies for IT portfolio management;

·       development of a new strategy for improvement of IT department-wide, including development of joint capabilities, modernization of IT networks, optimization of governance processes, and improvement and enhancement of the cyber workforce;

·       creation of a “playbook”, or ready-made step-by-step implementation guidance, for software development, security, and operations; and

·       creation of a dashboard showing department-wide certification status for business systems.

DOD has also continued to make progress in implementing further business system improvements as we have previously reported, such as

·       developing and updating a policy framework for adaptive acquisition of business systems in June 2022;[57]

·       making updates and enhancements to a certification guide to be used for each new defense business system in October 2024;[58] and

·       planning to complete a business enterprise architecture guidebook, which is intended to strategically align DOD’s business strategy, processes, and its individual modernization efforts to achieve department-wide goals. The Defense Business Council also plays a key role in overseeing this strategic alignment.

DOD Has Not Fully Addressed Selected Leading Practices Relevant to Modernizing Its Business Systems

As stated above, shortfalls in central decision-making, program management, stakeholder outreach, and requirements gathering were primary factors in the abandonment of DOD’s MyTravel modernization. Our prior work established that DOD has experienced longstanding issues relating to each of these factors in conducting its business systems modernization efforts.[59]

The department has fully addressed 12 and partially addressed 11 of 23 selected leading practices and statutory requirements relevant to the four primary factors in improving its department-wide business system modernization efforts. For example, DOD has issued policy guidance to establish a central decision-making authority among stakeholders, but policies did not require the establishment of metrics that align with organization-wide goals and objectives. Figure 4 shows the extent to which DOD has addressed these selected leading practices and statutory requirements relevant to its efforts to modernize its business systems.

In addition to the leading practices and statutory elements related to these factors, GAO has also identified leading practices for conducting agency reforms that are applicable to DOD’s business systems modernization efforts, including modernization of its travel system. DOD policies and guidance generally address goals and outcomes of department reforms, and a process for developing these reforms, but DOD has not completed key documentation related to implementing reforms of its business systems modernization efforts.

DOD Guidance Establishes Management Commitment for Its BSM Efforts but Lacks Clarity on Leadership Authority

Leading practices related to improving leadership identified in prior work include (1) establishing management commitment, (2) committing to data-driven decision making, (3) ensuring the organization culture supports Agile methods, (4) defining and sustaining leadership, (5) defining common outcomes, and (6) ensuring accountability.[60]

DOD policies and guidance fully addressed four and partially addressed two leading practices in this area. Table 7 provides detail on how DOD policies and guidance address leading practices in this area.

Leading practice	Assessment	Description of assessment
Establish management commitment.	●	DOD has committed at the management level to support modernization of its business systems. For instance, DOD policy established a software modernization steering group for its business systems modernization (BSM) to measure progress against operational outcomes to attempt to ensure the ongoing value of modernization activities underway. In addition, DOD established the Defense Business Council (DBC) to advise the Deputy Secretary of Defense on modernization progress. Further, a DOD operations policy includes a detailed discussion of ways to support and ensure continuous evaluation of the modernization’s software environment.
Commit to data-driven decision making.	●	DOD guidance provides details on the content and purposes of metrics, including that metrics should be designed to provide programs with usable information to support decision-making. For example, this guidance calls for program stakeholders to be consulted for their expertise on selected metrics to provide the information necessary to support specific decisions and ensure that the development teams agree on a single approach.a DOD’s software acquisition policy, which also governs use of Agile practices across DOD business systems, calls for performance and quality metrics to be collected using automated tools to minimize manual errors and improve the quality of data.
Organizational culture supports Agile methods.	●	DOD’s Agile guidance states that the department seeks to foster a culture that removes organizational barriers to agility. Further, DOD’s development, security, and operations playbook provides for the establishment of a software engineering culture to break down silos and unify software development, deployment, security, and operations.
Identify and sustain leadership.	◐	As mentioned above, DOD established the DBC to advise the Deputy Secretary of Defense on modernization progress, in addition to designating the Chief Information Officer (CIO) and Performance Improvement Officer to co-chair the DBC.b However, DOD guidance does not specify updated leadership roles in outlining roles and responsibilities of the DBC. Specifically, the council’s current charter designates that the CIO and two other entities share the lead role. DOD drafted an updated council charter to address this uncertainty, but the updated document remains unpublished.
Defining common outcomes.	◐	DOD’s primary IT modernization strategy identifies crosscutting challenges and opportunities and clearly defines measurable short- and long-term planned outcomes. This strategy also links to the most recent set of department-wide goals and objectives set forth in its national defense strategy and strategic management plan. However, the department does not yet have a defined process to periodically reassess its modernization strategy in response to future changes to departmental priorities.
Ensure accountability.	●	DOD’s IT strategy demonstrates ways in which department leadership can monitor, assess, and communicate progress toward short-and long-term BSM outcomes. For example, the strategy outlines a comprehensive approach to monitor and assess BSM efforts using measurable mechanisms to improve outcomes related to IT capabilities, modernized networks, IT governance, and workforce development. Specifically, each outcome area is supported by strategic objectives and performance measures, providing a framework for continuous evaluation and progress reporting.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of DOD documentation. | GAO‑26‑107663

^aDOD’s Enterprise DevSecOps Fundamentals guidance defines stakeholders as development, security, operations, and end user personnel with the responsibility to promote shared responsibility for software development, security, and capability delivery.

^bDOD has established the DBC as a department-wide governance and integration body with authority over matters associated with defense business systems. The DBC’s responsibilities include supporting the development of the defense business architecture, coordination and reengineering of business processes, and the requirements for development and deployment of defense business systems.

As mentioned above, DOD has fully addressed four and partially addressed two of the six leading practices in this area. Specifically:

·       DOD has taken steps to identify and sustain leadership for its business systems modernization efforts by, for example, establishing the Defense Business Council to manage progress on business systems modernization efforts. However, it has not fully updated guidance to clearly establish a permanent leadership structure for the council. Specifically, while statutory authority designates the DOD CIO and Performance Improvement Officer as the entities responsible for leading the Defense Business Council, the council’s charter differs in designating the CIO and two other entities as sharing leadership of the DBC.[61]

According to officials in the DOD Office of the Chief Information Officer, DOD drafted an updated Defense Business Council Charter to address the leadership discrepancy between department policy and statutes. However, the updated document remains unpublished. Without addressing gaps in its guidance that establish clear leadership structures, DOD risks uncertain lines of reporting.

·       DOD has taken steps to define common outcomes through policies that identify crosscutting challenges and opportunities and clearly define measurable short- and long-term goals. For example, the Fulcrum strategy document outlines the DOD CIO’s IT goals and objectives for department-wide priorities through Fiscal Year 2029.[62] However, there is no evidence that these outcomes are periodically reassessed and updated as needed to align with overarching national defense priorities and strategic management plans. According to an official in the DOD Office of the Chief Information Officer, DOD has not yet developed a process to periodically reassess and adapt its modernization strategy in response to plan changes or shifting departmental priorities. Without addressing gaps in its guidance to define common outcomes, DOD risks conflicting goals and misalignment of strategy relative to shifting priorities and changing plans.

DOD Has Not Fully Established Policies Aligning Modernization Initiatives with Department-wide Goals

Effective program management involves developing program plans, capturing and understanding stakeholder needs, and establishing processes for maintaining program management oversight, among other activities. As mentioned above, the applicable statute calls for DOD business systems to comply with the agency’s business enterprise architecture.[63] Additionally, leading practices relevant to program management include creating a description of the work necessary to modernize the system, creating milestones to complete the modernization, ensuring metrics align with organization-wide goals and objectives, ensuring repeatable processes are in place, and providing details for the disposition of the legacy system.[64]

Information in DOD policies and guidance fully addressed three and partially addressed three leading practices and statutory requirements in this area. Table 8 shows the extent to which DOD policies and guidance address leading practices and statutory requirements in this area.

Leading practice	Assessment	Description of assessment
Comply with the agency’s enterprise architecture.	◐	DOD guidance states that defense business systems must satisfy statutory requirements for compliance—or planned compliance, as a result of planned modifications—with DOD’s overarching business enterprise architecture.a However, no guidance across DOD fully describes how programs or systems are to address, and decision-makers are to substantiate, the requirements.
Describe the work necessary to modernize the system.	●	DOD policies have established requirements for a description of work necessary to modernize legacy systems. For example, the DOD Business Capability Acquisition Cycle requires, among other things, a comprehensive, phased documentation tied to clear decision criteria at specific authorization points to ensure that modernization work is clearly described, planned, and aligned with performance measures.
Plans include milestones for completing the modernization.	●	DOD policy provides a framework that establishes, oversees, and manages the creation of milestones to measure progress toward completion of business system modernization efforts. This framework requires that performance baselines are set either prior to development at the program level or before each release. The framework also requires that a milestone decision authority, with support from other officials, approve each program’s progress against baselined cost, schedule, and performance parameters.
Ensure metrics align with organization-wide goals and objectives.	◐	DOD policy generally discusses metrics, such as the tracking of bottlenecks, productivity, and the impact of process improvements supporting individual business systems modernization results against department-wide strategic goals. However, DOD documentation outlining use of Agile development does not detail traceability between elements such as product roadmaps and requirements backlogs,b and department-wide strategic goals and objectives.
Ensure repeatable processes are in place.	◐	DOD policy documents encourage use of repeatable process while integrating additions and changes to software requirements to ensure the quality of code being developed. For example, DOD guidance encourages the use of an automated test suite to enhance software quality. However, related guidance did not include specifics on which repeatable steps should be taken to enhance testing. Officials stated that DOD encouraged but did not require teams to adopt Agile elements such as daily standups and end-iteration demonstrations. Inclusion of elements like these could enhance team member accountability for work performed and limit duplication of efforts.
Include details regarding the disposition of an existing legacy system.	●	DOD’s framework for managing department-wide priorities and goals contains specific objectives and performance measures that directly support legacy system disposition planning and documentation. For example, DOD’s strategic management plan includes a performance measure of the percentage of business systems decommissioned, retired, or rehosted/migrated on schedule with planned dates. The annual performance report listing progress made in implementing the plan notes that the Defense Business Council developed plans for the retirement of systems and regularly reviewed progress, risks, and potential mitigations.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of Department of Defense (DOD) documentation. | GAO‑26‑107663

^a10 U.S.C. § 2222(e) calls for the defense business enterprise architecture to include, among other things, policies, procedures, business data standards, and business information requirements that apply uniformly throughout DOD.

^bAn Agile roadmap shows a plan for development of product features across releases, and a backlog prioritizes requirements based on value. If metrics do not account for traceability from the roadmap through the product’s releases and backlog, an organization may not have the right information to make decisions about prioritization and potential re-planning.

As mentioned above, DOD has partially addressed three of the six leading practices and statutory requirements in this area. Specifically,

·       DOD’s Fiscal Year 2025 memorandum on annual certification of defense business systems, reflecting requirements in statute, requires that these systems comply with the department’s enterprise architecture but does not describe the type of documentation necessary for approval and steps the approver needs to take to validate the statutory requirement, or what specific documentation system owners need to provide to comply with the statutory requirement.

We previously recommended that DOD should update guidance for the initial approval and annual certification of business systems to ensure that these statutory requirements are fully addressed.[65] DOD officials have noted in past GAO work that they recognize gaps in their annual certification guidance and indicated that they would take steps to address gaps identified by GAO. DOD has since updated its guidance for certification of defense business systems but could not demonstrate that its updated guidance fully addresses statutory requirements, or how approval authorities are to validate that systems have met these requirements.

·       DOD officials have taken steps to ensure metrics for implementing BSM that align with organization-wide goals and objectives. For example, DOD policy suggests the use of an Objectives and Key Results methodology for setting strategic goals and tracking results.[66] However, DOD Agile policy documentation does not require the tracing of strategic goals and objectives to Agile artifacts, such as the roadmap and backlog.[67]

In addition, DOD Agile policy documentation did not specify what metrics to use to measure performance against those goals and objectives. DOD officials in the Office of the Secretary of Defense stated that the department was still working through implementation of Agile-related department-wide policies and practices, due to what they described as a cultural shift still underway in better understanding the value behind use of such processes. Without incorporating in its policies program management practices that more clearly establish traceability to its strategic goals, DOD may develop business systems that do not align to department-wide objectives and omit key features during development.

·       We previously recommended that DOD ensure that its IT business programs developing software use management tools consistent with those identified in GAO’s Agile Assessment Guide, such as the consistent use of repeatable processes during software development.[68] DOD has taken steps to encourage the use of repeatable processes to implement its BSM efforts. For example, DOD guidance encourages the use of an automated test suite to enhance software quality because of its ability to use the results from the test suite to more quickly identify test failures. However, the test suite instruction did not include specifics on repeatable process steps that should be taken to make best use of the test suite results. For example, the instructions did not include details on the frequency and content of team meetings. According to officials in the DOD Office of the Chief Information Officer, teams were encouraged but not required to adopt Agile elements enforcing repeatable processes such as daily standups and end-iteration demonstrations. Without fully establishing use of repeatable processes in implementing its BSM efforts, DOD may inadvertently introduce errors in development and delays in timelines for completing its efforts.

DOD Established Guidance with Roles and Procedures for Addressing Stakeholder Needs

Effective stakeholder outreach for agency-wide BSM efforts includes taking specific steps to ensure that stakeholder partners’ needs are met in achieving agency-wide outcomes. Specifically, leading practices to understand evolving stakeholder needs incorporates the following five leading practices for interagency collaboration: (1) clarifying roles and responsibilities, (2) bridging organizational cultures, (3) including relevant participants, (4) leveraging resources and information, and (5) developing and updating written guidance and agreements.[69]

DOD policies and guidance fully addressed four and partially addressed one of the leading practices in this area. Table 9 shows the extent to which DOD policies and guidance address leading practices in this area.

Leading practice	Assessment	Description of assessment
Clarify roles and responsibilities.	●	DOD policies define roles and responsibilities for business systems requirements and demonstrate a structured decision-making process for collaborating to implement them. For example, DOD policy dictates that a business system’s functional sponsor drives solution analysis and stakeholder engagement, ensuring that business needs are met throughout the acquisition process. Another official, the milestone decision authority, oversees acquisition decisions, ensuring compliance with cost schedule, and performance expectations. Further, DOD policy establishes that the department’s Office of the Chief Information Officer ensures cybersecurity and IT infrastructure standards are met by reviewing and approving cybersecurity strategies and establishing standards for IT infrastructure solutions and hosting requirements.a
Bridge organizational cultures.	●	DOD policies and guidance include elements that bridge organizational cultures through elements designed to establish compatibility among business systems modernization efforts. Specifically, DOD’s policy governing business systems mandates the use of a common acquisition cycle procedure when acquiring and managing business systems. DOD’s IT modernization strategy also included plans for development of a unified governance standard to standardize policies, processes, and procedures for IT operations. This strategy also promotes the use of memoranda of understanding to establish collaborative partnerships across the federal, private, and academic sectors.
Include relevant participants.	●	DOD guidance requires that decisions to proceed to the next phase of a modernization are coordinated across key stakeholders and made in a collective forum where key stakeholders contribute diverse perspectives at each decision point. Further, DOD policies promote continuous learning and the establishment of cross functional teams to provide personnel with the appropriate knowledge to apply issued guidance in alignment with the agency’s modernization goals.
Leverage resources and information.	●	DOD policies enable leveraging of resources for its business systems modernization efforts by establishing a centralized modernization implementation team with the capacity to support business systems modernization initiatives. In January 2022, DOD created the Defense Business Council, which directly supports resourcing and coordination for these efforts. The council serves as the governance and integration body responsible for management, defense reform, and performance improvement across the defense business enterprise. The council is tasked with, among other things, supporting the development of the defense business architecture, business process reengineering, and identifying requirements for development and deployment of defense business systems.
Develop and update written guidance and agreements.	◐	DOD policy calls for developing and updating written guidance and agreements to enhance department-wide business systems modernization efforts. DOD’s primary instruction for business systems promotes department-wide alignment with commercial best practices and minimizing customization. The department’s IT modernization strategy also calls for formalizing commitments through memoranda of understanding to increase partnerships among commercial, federal, and academic organizations that can identify improvements in emerging technologies and enhance the department’s IT workforce. DOD has also provided evidence that written guidance is regularly monitored and updated. However, as noted above and in prior GAO work, the information in written guidance for DOD’s business systems modernization effort documentation is not fully sufficient in enabling system owners to meet statutory requirements. For example, DOD has not yet updated its guidance to fully address statutory requirements for the initial approval and annual certification of business systems.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of Department of Defense (DOD) documentation. | GAO‑26‑107663

^aDOD standards for infrastructure solutions and hosting requirements prioritize shared infrastructure solutions and cloud-based solutions with the appropriate program executive officer or service provider.

Specifically, to address these five leading practices, among other things, DOD has issued guidance to bridge organizational cultures across the department, such as by establishing a common framework for business systems acquisition and deploying an agency-wide Information Technology strategy.[70] These documents include requirements for documenting and monitoring DOD-wide BSM efforts, including by mandating the use of the Business Capability Acquisition Cycle for acquisitions, and providing a roadmap for aligning IT investments with DOD priorities.

DOD has also developed and regularly updated documentation that emphasize enhancements of DOD-wide BSM efforts through alignment with commercial best practices. For example, DOD’s Fulcrum strategy calls for DOD to increase the number of commercial, federal, and academic partnerships established through memoranda of understanding to identify improvements in emerging technologies and enhance the department’s IT workforce.[71]

However, as noted above, the information in written guidance for DOD’s business systems modernization effort documentation is not fully sufficient in enabling system owners to meet statutory requirements. For instance, regarding the statutory requirement to comply with the department’s enterprise architecture, DOD did not describe the type of documentation necessary for approval and steps the approver needs to take to validate the statutory requirement, or what specific documentation system owners need to provide to comply with the statutory requirement. We previously recommended that DOD should update guidance for the initial approval and annual certification of business systems to ensure that these statutory requirements are fully addressed.[72] DOD officials have noted in past GAO work that they recognize gaps in their annual certification guidance and indicated that they would take steps to address gaps identified by GAO. DOD has since updated its guidance for certification of defense business systems but could not demonstrate that its updated guidance fully addresses statutory requirements, or how approval authorities are to validate that systems have met these requirements.

DOD Policies and Guidance Lack Details Regarding the Prioritization and Tracking of Business System Modernization Requirements

As stated above, effective requirements management is critical for ensuring that new solutions meet user needs and expectations and to reduce the risks of cost overruns and project failures. Leading practices for managing requirements as part of effectively performing system modernizations, as identified in prior GAO work, include: (1) eliciting and prioritizing requirements, (2) balancing customer and user needs, and (3) managing requirements and ensuring bidirectional traceability.[73] Additionally, statute calls for DOD business systems to (4) have an acquisition strategy designed to eliminate or reduce the need to tailor commercial-off-the-shelf systems to meet unique requirements or interfaces, (5) streamline and minimize unique requirements and interfaces, and (6) validate requirements.[74]

DOD fully addressed one and partially addressed five leading practices and statutory requirements in this area. Table 10 shows the extent to which DOD policies and guidance address leading practices and statutory requirements in this area.

Leading practice	Assessment	Description of assessment
Elicit and prioritize requirements.	◐	DOD policies provide details on the department’s process for eliciting requirements, including the format for identifying initial requirements and their prioritization according to mission needs, operational impact, and value to users. However, these policies do not provide specific details on steps to be taken for capturing requirements on an ongoing basis.
Balance customer and user needs when coordinating implementation of requirements.	●	DOD has a consistent process in place to balance the needs of stakeholders for a given software product. For example, the department’s software acquisition policy requires the sponsor and end users to provide feedback on the relative value of delivered software—whether the delivered software was timely and worth the investment.a Other officials, including program managers, use these assessments to update strategies, designs, and to inform resource decisions. Further, the product owner and program office are to develop and maintain a detailed list of prioritized user needs. Tracking these lists allows program managers to reallocate resources across current and planned software releases and to address issues identified during development and operations.
Manage requirements and ensure bidirectional traceability.	◐	DOD business system and software acquisition policies outline approaches to managing requirements across business and software systems.a In particular, these policies support formal processes for managing requirements, including change request approvals, impact assessments, and engagement to ensure modifications remain aligned with operational objectives. However, these instructions do not mandate use of requirements traceability, for example through matrices linking high-level requirements through design, implementation, and test cases.
Eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements or interfaces.	◐	DOD policy and guidance includes three requirements that defense business systems must satisfy: (1) to eliminate or reduce the need to tailor commercial off-the-shelf systems, (2) to streamline and minimize unique requirements and interfaces, and (3) to have both valid, achievable requirements and a viable plan for implementing those requirements. However, for each of these three requirements, DOD guidance does not fully describe how programs or systems are to address, and decision-makers are to substantiate compliance with, these requirements. We have previously recommended that DOD and the military departments update its guidance to substantiate and document compliance with these requirements.
Streamline and minimize unique requirements and interfaces.	◐
Validate requirements.	◐

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of DOD documentation. | GAO‑26‑107663

^aA DOD memorandum notes that individual business systems can opt to follow the department’s software acquisition policy in selected cases, for example, in following Agile practices. A second DOD memorandum directed all DOD components to adopt the department’s software acquisition pathway as the preferred pathway for all systems, including business systems.

As mentioned above, DOD has fully addressed one and partially addressed five of the six leading practices and statutory requirements in this area. Specifically:

·       To enable elicitation and prioritization of requirements, DOD’s software acquisition policy and software lifecycle playbook discuss the requirements generation process and provide information such as the format for identifying initial requirements.[75] However, they do not provide details on the steps programs must take to address changing stakeholder needs, such as the adjustment of requirements on an ongoing basis.

·       In order to manage and ensure traceability of requirements, DOD policy instructions on acquisitions also support formal processes for managing requirement changes.[76] For example, the department’s Business Capability Acquisition Cycle encourages traceability between capabilities. However, these instructions do not mandate specific steps to manage and maintain requirements traceability throughout a given system’s life cycle. In particular, the department’s acquisitions policy instructions leave the definition and implementation of traceability artifacts to the discretion of individual programs.

DOD stated that challenges include culturally shifting and familiarizing organizations across DOD with the appropriate requirements management processes to use. However, without incorporating in policy program management practices to better ensure continued alignment of system requirements with and traceability to stakeholder needs throughout system development, DOD may develop business systems that do not align to department-wide objectives and omit key features during development.

·       The latest DOD defense business system certification guidance included requirements that financial management systems (1) are streamlined and unique requirements minimized (2) have valid requirements, and (3) have a strategy to reduce modification to commercial off-the-shelf systems.[77] Certification guidance documents did not describe the type of documentation necessary for approval and steps the approver needs to take to validate the statutory requirements. They also did not indicate the specific documentation system owners need to provide to comply with these three statutory requirements.

As stated previously, we have recommended that DOD and the military departments update guidance for initial approvals and annual certifications of business and financial systems to substantiate and document compliance with requirements.[78] DOD officials have noted that they recognize gaps in their annual certification guidance and indicated that they would take steps to address gaps identified by GAO. DOD has since updated its guidance for certification of defense business systems but could not demonstrate that its updated guidance fully addresses statutory requirements, or how approval authorities are to validate that systems have met these requirements.

DOD Did Not Fully Address Additional Leading Practices for Agency Reform in Planning its Business System Modernization Efforts

In addition to ensuring that agency-wide policies address the primary factors of the MyTravel system’s abandonment to prevent similar issues from occurring on other BSM efforts, ensuring that such policies reflect leading practices for agency reform can assist agencies in improving the processes by which modernizations are conducted.[79] In particular, leading practices for successful agency reform efforts, developed by GAO in prior work, include four broad categories: (1) goals and outcomes of the reforms, (2) processes for developing reforms, (3) implementing the reforms, and (4) approaches for strategically managing the federal workforce for the reforms.[80]

DOD policies and guidance fully addressed two and partially addressed two of the four leading practices in this area. Table 11 shows the extent to which policies and guidance address leading practices in this area.

Leading practice	Assessment	Description of assessment
Goals and intended outcomes of the reforms	●	A DOD instruction and strategy document defined goals and outcomes for business systems modernization (BSM) reforms through establishment of outcome-oriented goals, demonstrating alignment between proposed reforms and DOD’s mission, and incorporating considerations of how upfront costs would be funded. For example, DOD’s IT strategy establishes a line of effort to accelerate the acquisition, development, and deployment of IT.
Process for developing the reforms	●	A DOD policy and other documentation defined a process for developing BSM reforms through engaging employees, establishing two-way communication strategies, using data and evidence to justify reforms, supporting business cases, and addressing areas of overlap and duplication. For example, DOD policy establishes a process for acquiring and maintaining business systems and providing phases for modernization including, among other things, capability need identification, solution analysis, and capability implementation.a Further, a DOD official stated that the department provides annual learning opportunities, in the form of briefings or meetings allowing component officials to ask questions regarding defense business systems annual certification guidance changes in each fiscal year.
Implementing the reforms	◐	DOD has established a dedicated implementation team, the Defense Business Council (DBC), to manage the BSM reform process and established policy to ensure continued delivery of services during reform implementation through the DBC charter.b DOD is undertaking several initiatives to reform and improve how it conducts BSM efforts, such as developing playbooks, dashboards, and processes for identifying high-risk priority business systems. DOD has delayed release of a primary policy document defining the scope of its reform efforts. Further, the DBC charter designates different officials with responsibility for leading it than are called for in related statutory authority.c
Strategically managing the federal workforce for the reforms	◐	DOD guidance outlines processes, such as workforce qualification, to determine whether the department will have the needed resources and capability in place for proposed BSM reforms. For example, the department’s IT strategy requires the development of a digital workforce trained in emerging technologies, and department officials stated that they provide annual learning opportunities in support of BSM efforts. However, as discussed in prior GAO work, DOD has not yet established a strategic approach for department-wide workforce planning.

Legend:

● = DOD fully addressed the leading practice.

◐ = DOD partially addressed the leading practice.

○ = DOD did not address the leading practice.

Source: GAO analysis of Department of Defense (DOD) documentation. | GAO‑26‑107663

^aDOD’s business capability acquisition cycle is a cyclical process with flexible phases that can be repeated as necessary to ensure timely achievement of outcomes. Department of Defense, Business Systems Requirements and Acquisition, DODI 5000.75 (Jan. 24, 2020, as amended) establishes the policy for the use of the business capability acquisition cycle for business systems requirements and acquisition within DOD.

^bDOD has established the DBC as a department wide governance and integration body with authority over matters associated with defense business systems. The DBC’s responsibilities include supporting the development of the defense business architecture, coordination and reengineering of business processes, and the requirements for development and deployment of defense business systems.

^c10 U.S.C. § 2222(f).

As mentioned above, DOD has fully addressed two and partially addressed two of the four leading practices related to agency reforms. Specifically,

·       DOD policies incorporate several leading practices for department-wide reform efforts. For example, policies and guidance establish clear outcome-oriented goals, showing alignment between reforms and DOD’s mission. DOD policies also defined a process for enhancing the BSM reform process through fostering effective communication strategies to engage employees across the department. For example, according to an official in DOD’s Office of the Chief Information Officer, DOD provides yearly briefings or meetings that allow component officials to ask questions, regarding defense business system annual certification guidance changes.

·       DOD policy has made improvements to reform efforts by outlining an approach for prioritizing continuous learning for the digital workforce.[81] However, DOD does not yet have a strategic approach for workforce planning. GAO previously recommended that DOD establish a mechanism for ensuring that DOD financial management systems take a strategic approach to workforce planning for the staff that develop and maintain its systems. DOD has not provided an update on its plans to implement this recommendation. Without doing so, DOD further risks its efforts to develop and maintain systems.[82]

·       DOD has established the DBC to oversee implementation of its business systems modernization reform efforts. The DBC also oversees the department’s business systems acquisition policy, to ensure continued delivery of services during implementation of reforms by releasing incremental upgrades in support of the business capability.[83] As mentioned above, DOD’s policies have not clearly identified which office or offices have responsibility for leading the council and providing strategic direction to implement its BSM efforts. The DBC Charter, issued in January 2022, identified a three-way leadership group to manage the newly created DBC, but related statutory authority identifies the DOD CIO and Performance Improvement Officer as co-chairs of the DBC and thus solely responsible for business systems improvement.[84] An official in DOD’s Office of the Chief Information Officer stated that an updated DBC charter is in the process of being drafted. However, as of August 2025, these documents have not been issued.

DOD has also delayed completion of its Business Enterprise Architecture guidebook, which an official in DOD’s Office of the Chief Information Officer pointed to as an important guidance document for implementing its reforms. We previously recommended that DOD take additional action to improve management of its business enterprise architecture activities. While DOD has since published a framework outlining roles and potential approaches for modernization of its business enterprise architecture, it has not yet published a guidebook that would address the recommendation by describing in more detail Business Enterprise Architecture governance processes, roles and responsibilities, and best practices for DOD Business Enterprise Architecture development. Until DOD does so, the department risks inconsistent decision making concerning DTS modernization.[85]

Without taking steps to complete guidance on implementing reforms to its business systems modernization efforts or solidifying a leadership structure for these efforts, including by fully completing and releasing its enterprise architecture document and an updated DBC charter, DOD risks uncertainties in implementing its reforms that could lead to misalignment of their results with department-wide strategic goals.

Conclusions

Over the last several decades, DOD has struggled to modernize its business systems, including its Defense Travel System (DTS). Although DOD has taken steps to plan a six-year effort to make further improvements to DTS, it has not yet fully addressed leading practices and statutory requirements. Among other things, it has not documented a lead office for the DTS modernization or ensured that metrics measuring DTS progress align with department-wide goals. By taking these steps, DOD can increase the likelihood that its travel modernization effort will be responsive to the needs of stakeholders and end users and more compatible with department-wide objectives.

Focusing more broadly, DOD has several department-wide efforts underway to improve its process for modernizing its business systems, in areas such as project management, requirements management, and stakeholder outreach and coordination. However, the department has not yet addressed leading practices that would enable it to improve outcomes such as the tracing of stakeholder and user requirements to completion, or to enable clarification on which officials or offices are responsible for oversight and guidance of BSM efforts department-wide. Without fully implementing these leading practices, DOD may experience coordination issues and inconsistent execution in planning and making improvements to its business systems modernization efforts.

Recommendations for Executive Action

We are making thirteen recommendations to DOD:

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to document the Agile practices relevant to the Defense Travel System program. (Recommendation 1)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to develop and implement clearly identifiable leadership roles and responsibilities for the Defense Travel System modernization effort, including by documenting the lead agency for this effort. (Recommendation 2)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to substantiate compliance for the Defense Travel System with all statutory requirements related to the initial approval and annual certification of business systems and provide rationale on how DOD has achieved compliance. (Recommendation 3)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to integrate interim milestones planned for the upcoming Defense Travel System modernization into the program’s overall implementation timeline. (Recommendation 4)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to develop performance metrics that clearly link to goals and milestones in program-wide documentation for the DTS modernization. (Recommendation 5)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to document a consistent process for the elicitation and prioritization of non-functional DTS requirements, such as security, privacy, and system performance requirements. (Recommendation 6)

The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness and the Director of the Defense Travel Management Office to document its process for determining the relative value of the factors it considers when making decisions to balance customer and user needs. (Recommendation 7)

The Secretary of Defense should direct the DOD CIO to develop and implement clearly identifiable leadership roles and responsibilities for its business system modernization efforts, including by clarifying the entity or entities with leadership responsibility over the Defense Business Council. (Recommendation 8)

The Secretary of Defense should direct the DOD CIO to document in policy a process to periodically reassess and adapt the common outcomes included in its modernization strategy in response to plan changes and shifting departmental priorities. (Recommendation 9)

The Secretary of Defense should direct the DOD CIO to update policies for Agile development to include related metrics that enable traceability between elements planned for inclusion in an effort and department-wide strategic goals. (Recommendation 10)

The Secretary of Defense should direct the DOD CIO to ensure agency policies include guidance on steps to take when using Agile repeatable processes to conduct software tests. (Recommendation 11)

The Secretary of Defense should direct the DOD CIO to update agency-wide policies to provide specific details on steps that programs are required to take when adjusting requirements, such as steps for addressing changes to stakeholder needs. (Recommendation 12)

The Secretary of Defense should direct the DOD CIO to update business system and software acquisition policies to require bidirectional traceability of requirements. (Recommendation 13)

Agency Comments

We provided a draft of this report to DOD for review and comment. In its comments, reproduced in Appendix III, the department concurred with 11 of our 13 recommendations and partially concurred with two. The department provided information on steps either underway or that it planned to take to implement each of the 13 recommendations.

For the two recommendations where the department partially concurred, it explained that its OCIO and Office of the Undersecretary of Acquisition and Sustainment would work to update agency-wide guidance to implement the actions we recommended. We will continue to monitor the department’s actions to address our recommendations to determine the extent to which they meet the intent of the recommendations.

We are sending copies of this report to the appropriate congressional committees and the Secretary of Defense, and other interested parties. In addition, the report is available at no charge on the GAO website at http://www.gao.gov.

If you or your staff have any questions about this report, please contact me at dsouzav@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made key contributions to this report are listed in Appendix IV.

Vijay A. D’Souza
Director, Information Technology and Cybersecurity

Our objectives were to determine (1) the primary factors that caused DOD to abandon its migration to the MyTravel system and related leading practices and statutory requirements; (2) DOD’s plans to modernize its travel system and to what extent it is following leading practices and statutory requirements in modernizing this system; and (3) to what extent DOD is following leading practices and statutory requirements for overall improvement of its business system modernization efforts.

To address the first objective, we reviewed and summarized documentation supporting DOD’s decisions to abandon MyTravel, such as memoranda, department-wide communications, external congressional and executive reports, documentation of decision reviews, and a lessons learned report from the abandonment of the MyTravel system. We used this information to identify and describe four primary factors that caused DOD to end implementation of MyTravel, and to revert to the Defense Travel System (DTS). In particular, we used a two-analyst process in which a first analyst created a mapping of causal relationships between events to justify the groupings for each primary factor, and a second analyst then independently verified all sources and corroborated the logic used for the groupings. We further validated the primary factor results through interviews and discussion with relevant DOD officials.

Next, we identified leading practices and statutory requirements relevant to the four primary factors through review of past GAO work and DOD policies, and coordination with stakeholders. We then chose criteria from each of these sources and grouped them based on applicability to the four primary factors listed above. We used the following five criteria sources:

·       Fiscal Year 2005 National Defense Authorization Act: This Act contained requirements, which were later amended, as codified in 10 U.S.C. § 2222, for initial approval and annual certification of its business systems.[86]

·       Stakeholder involvement: Based on DOD’s increased use of Agile, including in modernizing DTS, we coordinated with internal stakeholders and incorporated elements of GAO’s Agile Assessment Guide related to stakeholder involvement on the sufficiency of requirements and consideration of key user needs.[87]

·       Interagency collaboration: Based on prior GAO work, we incorporated leading practices on interagency collaboration as part of evaluating the extent and quality of ways in which DOD components and departments worked together on in developing DTS and setting up overall guidance for BSM efforts.[88]

·       Legacy systems modernization: We incorporated leading practices, developed by GAO in prior work, on steps organizations should take to adequately plan how they will update or replace aging systems.[89]

·       Capability Maturity Model Integration (CMMI) framework: The CMMI framework typically supports organizations in assessing and improving key capabilities. In the context of system modernization, several key practices help ensure effective requirements management. We coordinated with internal subject matter experts to confirm the applicability of these criteria.[90]

We then chose 23 practices and requirements from these sources and grouped them based on applicability to the four primary factors listed above. We selected these sources and validated our selection and organization of these practices from them, in consultation with internal stakeholders.

To perform our second objective, we reviewed DOD documentation to determine the status of DOD’s plans to modernize its travel system, including artifacts such as current system state documentation, an acquisition strategy, and a DOD presentation on planned future work for the travel system. To determine the extent to which DOD is following leading practices and statutory requirements in modernizing the DTS system, we identified actions DOD has taken or is planning to take to modernize DTS by reviewing documentation such as a business case analysis, project schedule, and maintenance release plan. We compared these actions to modernize DTS against 22 of the 23 leading practices and statutory requirements relevant to factors underlying the abandonment of the MyTravel system discussed above.[91]

To perform our third objective, we compiled a list of policy and procedure related actions DOD has taken or is planning to take to improve its department-wide business system modernization initiatives by reviewing current DOD directives, guidance, strategies, framework, and playbooks. We then compared these policy and procedure actions against all 23 selected leading practices and statutory requirements to determine the extent to which improvements DOD is making to its business system modernization efforts are following them. We selected leading practices and statutory requirements based on their applicability to the MyTravel system’s abandonment, due to historical similarities between these practices and requirements and issues encountered on other DOD business systems modernization (BSM) efforts.

In addition to comparing DOD’s department-wide actions to these 23 leading practices and statutory requirements, we also evaluated improvements to DOD’s BSM efforts against selected leading practices for agency reform. We identified these practices in prior work to assist DOD in reforming its ongoing issues in modernizing its travel system[92] as well as in evaluating other department-wide reform efforts.[93]

As part of our second and third objectives, we determined, based on the documents and data provided, the extent to which DOD had fully addressed, partially addressed, or not addressed the required tasks or activities.

·       We considered a leading practice or statutory requirement to be fully addressed when the evidence provided by DOD addressed all tasks or activities associated with the leading practice or statutory requirement.

·       We considered a leading practice or statutory requirement to be partially addressed when the evidence provided by DOD addressed some, but not all, tasks or activities associated with the leading practice or statutory requirement.

·       We considered a leading practice or statutory requirement to be not addressed when the evidence provided by DOD did not address any tasks or activities associated with the leading practice or statutory requirement.

For all three objectives, we interviewed officials in DOD’s Office of the Secretary of Defense and Office of the Chief Information Officer. For example, we interviewed officials to gain further context on travel system status and history, and specifics on DOD actions to improve its efforts to modernize its business systems.

We conducted this performance audit from June 2024 to January 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

The following 23 leading practices and statutory requirements are relevant to four primary factors for abandonment of the Department of Defense’s (DOD) MyTravel system. These practices and requirements have been derived from five main sources, including the Fiscal Year 2023 National Defense Authorization Act; past GAO work in the areas of stakeholder involvement, interagency collaboration, and systems modernization; and the Capability Maturity Model.

Criteria Source	Leading Practice
Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems (GAO‑19‑471)	Documented system modernization plans should include milestones to complete the modernization.
	Documented system modernization plans should include a description of the work necessary to modernize the legacy system.
	Documented system modernization plans should include details regarding the disposition of the legacy system.a
Defense Business Systems: Approvals Required for Development (10 U.S.C. § 2222(g))	The system has been, or is being, reengineered to be as streamlined and efficient as practicable, and the implementation of the system will maximize the elimination of unique software requirements and unique interfaces.
	The system and business system portfolio are or will be in compliance with the defense business enterprise architecture or will be in compliance as a result of modifications planned.
	The system has valid, achievable requirements and a viable plan for implementing those requirements.
	The system has an acquisition strategy designed to eliminate or reduce the need to tailor commercial off-the-shelf systems to meet unique requirements, incorporate unique requirements, or incorporate unique interfaces to the maximum extent practicable.
Government Performance Management: Leading Practices to Enhance Interagency Collaboration and Address Crosscutting Challenges (GAO‑23‑105520)	Define common outcomes.
	Ensure accountability.
	Bridge organizational cultures.
	Identify and sustain leadership.
	Clarify roles and responsibilities.
	Include relevant participants.
	Leverage resources and information.
	Develop and update written guidance and agreements.
Agile Assessment Guide: Best Practices for Adoption and Implementation (GAO‑24‑105506)b	Organization culture supports Agile methods.
	Ensure repeatable processes are in place.
	Elicit and prioritize requirements.
	Balance customer needs and constraints when coordinating implementation of requirements.
	Ensure metrics align with organization-wide goals and objectives.
	Establish management commitment.
	Commit to data-driven decision making.
ISACA, Capability Maturity Model Integration, Version 3.0	Manage and maintain requirements with traceability throughout the system life cycle

Source: GAO analysis of leading practices and statutory requirements. | GAO‑26‑107663

Note: Information is from Defense Business Systems (10 U.S.C. § 2222(g)); ISACA, Capability Maturity Model Integration (CMMI), Version 3.0 (Schaumburg, IL: April 2023); and GAO analysis. CMMI Model Copyright © 2023 ISACA. All rights reserved.

^aBecause DOD’s travel system modernization involves enhancements to an already-existing system—DTS—the legacy modernization leading practice regarding disposition of a legacy system was not applicable to analysis of DTS, only analysis of department-wide practices.

^bDOD has emphasized usage of Agile practices for its business systems modernizations. The primary contract for modernization of the DTS system also requires use of Agile development methodologies. DOD’s software acquisition policy governs use of Agile practices across DOD systems, including its business systems.

GAO Contact

Vijay A. D’Souza, dsouzav@gao.gov

Staff Acknowledgments

Principal contributors to this report were Shaun Byrnes (Assistant Director), Kendrick Johnson (Analyst in Charge), Olivia Adams, Hassan Kane, Destin Hinkel, Emile Ettedgui, William Laing, Jennifer Leotta, Donna Epler, and Christopher Businsky. Other key contributors included Christine Bassett, Simon Hirschfeld, Michael Lebowitz, Jillian Schofield, Andrew Stavisky, and Roger Stoltz.

GAO’s Mission

The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.

Order by Phone

The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.

Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.

Connect with GAO

Connect with GAO on X, LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.

To Report Fraud, Waste, and Abuse in Federal Programs

Contact FraudNet:

Website: https://www.gao.gov/about/what-gao-does/fraudnet

Automated answering system: (800) 424-5454

Media Relations

Sarah Kaczmarek, Managing Director, Media@gao.gov

Congressional Relations

Dave Powner, Acting Managing Director, CongRel@gao.gov

General Inquiries

https://www.gao.gov/about/contact-us