Defense Dept. may be underestimating tech risks: GAO
Reprints
The Department of Defense may be underestimating the risks associated with some of its business information technology systems, says the U.S. General Accountability Office, in a report issued Wednesday.
The DoD concurs with the GAO’s recommendations, and plans to address them, says the report.
The DoD requested about $37.7 billion for IT investments for fiscal year 2021, which includes major programs intended to help the department carry out key business functions, such a financial management and health care, according to the report.
It said the National Defense Authorization Act for Fiscal Year 2019 includes a provision for the GAO to assess elected programs annually through 2023.
Its assessment indicated that some program could be underreporting risks, the report said. The GAO found 10 programs for which its assessments of program risk reflected greater risk than reported by the DoD.
The differences “highlight the need for DOD to ensure that it is accurately reporting program risks. Until the department does so, oversight of some programs could be limited by overly optimistic risk perspectives,” the report said.
The GAO recommended the DoD revisit its risk ratings, and improve data strategies and ensure its data strategies and data collection efforts had the appropriate level of visibility and the metrics necessary to monitor acquisitions.
Read Next
-
Forecast for cyber availability, cost uncertain: GAO
Cyber insurance’s continued availability and affordability “remains uncertain,” says the U.S. Government Accountability Office in a report issued Thursday.
