Whoa Nellie!

So I guess you have to be an old guy like me to remember Keith Jackson, long-time ABC Sportscaster,  shouting “Whoa Nellie”KeithJackson1 but that’s what came to mind as I read the latest on the US Marine Corps audit saga.  Apparently GAO has forced the DoD Inspector General to retract the Marine Corp’s clean audit opinion because of problems in the suspense accounts.  Here’s a link to an article in Defense News with  the details. I have opined on DoD audits on several occasions….first shouting with joy at the accomplishment, then wondering if it really mattered and finally pointing a limp finger towards the Defense Finance and Accounting Service for using “plugs” to fix differences with the Treasury.

So for the record……I told you so!  It’s hard for me to believe that the underlying problem has existed for so long without apparent remedy.  Here’s a link to a 2005 GAO Report in which GAO finds:

Until DOD complies with existing laws and enforces its own guidance for reconciling, reporting, and resolving amounts in suspense and check differences on a regular basis, the buildup of current balances will likely continue, the department’s appropriation accounts will remain unreliable, and another costly write-off process may eventually be required.

 That was almost 10 years ago folks!  This has been a continuing report topic for the GAO with various status updates being published throughout the years.  Here’s an excerpt from the Summary of a more recent GAO report from December 2011:

Neither the Navy nor the Marine Corps have implemented effective processes for reconciling their FBWT[Funds Balance With Treasury].

Huh?  Navy and Marine Corps have been preparing for audit for years and yet it doesn’t appear that they were able to make any progress in fixing a problem identified by GAO way back in 2005 as a key impediment to a clean audit opinion.

So what are the “Suspense Accounts” that are causing such a problem?  Technically GAO defines them as “Combined receipt and expenditure accounts established to temporarily hold funds that are later refunded or paid into another government fund when an administrative or final determination as to the proper disposition is made. “ Translation: The place where a transaction is put when the documentation is incomplete so that it can not be assigned to a specific appropriation before it’s written off.  To get an idea of scale, in 2005 GAO reports it was an absolute value of $35 Billion.  Who knows what it is now? But I point out that it’s just about the amount of the DoD Sequestration hit.  Perhaps if they fixed this problem, sequestration wouldn’t have such a bad effect?  It seems to be to be awfully hard to go the the Hill and say that $35 Billion in spending cuts would kill the Department, when they are not exactly sure about $35 Billion already sitting around.  Those on  the defensive will say that the differences are eventually reconciled, but I am skeptical…and since they are already written off, does it really matter?  My guess is the money goes straight into the US Treasury Black Hole that all checks drafted to the US Treasury go…you know…that big ever increasing dense ball of greenbacks sitting in the Treasury Department basement.

This problem is precisely why DoD needs to get on with the audit….so they can be sure they know where the money is and provide accurate estimates of the impact of budget cuts.  If my kids came to me and said” We need more allowance”, and when asked what did they did with allowance I already gave them they reply, “We don’t know, but we need more!”, I would be highly skeptical of their requirement.

As it stands now, the Army, Navy, Air Force and Marines will spend around $45 Million this year for audits they already know will fail because of the DFAS Suspense Account issues.   Why not spend the money to fix that problem before plodding ahead for a pre-ordained result? To be sure it’s a tough problem…after all we have her unable to fix it for 10 years.

Who’s to blame, you ask?  Well, there’s enough to go around….DFAS for not fixing it, but also the Services for not taking actions to fix the paperwork before it gets to DFAS.  Ultimately, the fault probably rests on the shoulders of all those folks in DoD who improperly enter information at the command level.  I would also guess that given the kludge of IT systems required to record transactions, that errors are also introduced between systems, hand-jammed data is incorrectly transferred, and  by improperly trained people entering data.  This is what is referred to as a “Wicked Problem,” in management parlance. A “Wicked Problem” is defined as ” a problem that is difficult or impossible to solve because of incomplete, contradictory, and changing requirements that are often difficult to recognize. The use of term “wicked” here has come to denote resistance to resolution, rather than evil. Moreover, because of complexity, the effort to solve one aspect of a wicked problem may reveal or create other problems. For more info on “Wicked Problems” you can download the original paper written by C. West Churchman for $30 here.

Is the problem of unresolved transactions so complex that it defies correction?  Perhaps given the current architecture within DoD it is, and that alone is reason for the new DCMO to tackle it.  A fresh look is needed and the DCMO might be just the person to do it.  Right now DoD has an acting DCMO, and given the current political environment, I am not too sure the current nominee, Peter Levine will get confirmed….But for now Mr. Dave Tillotson has the dot.  Can someone in an “acting” position draw enough water to tackle this problem?  Don’t know, but why not give it a whirl. If and when Mr. Levine gets in the chair, it would be a great legacy to fix this problem once and for all.  Given his reputation, I have no doubt that he could fix it.

 

The Devil is in the DoD-tails

A few weeks ago, Secretary of Defense Hagel published his list of six focus areas for the coming year. Here’s his list:focus

  1. Focus on institutional reform.
  2. Re-evaluate our military’s force planning construct.
  3. Prepare for a prolonged military readiness challenge.
  4. Protecting investments in emerging military capabilities
  5. Achieve balance
  6. Personnel and compensation policy

Really?  That’s what he’s focusing on?  You probably haven’t heard much about this list because it is sooooo uninspiring.  If this isn’t bureaucratic gobbledygook, I don’t know what is. Do you think these are his real priorities, or just the same type of feel-good rhetoric that his staff regularly generates. Ask yourself what the really big issues facing the DoD today are and see if this list scratches the itch. Let’s look at the priorities:

Focus on institutional reform.  The subheadings under this priority are reform and reshape our entire defense enterprise, direct more resources to military readiness and capabilities, and make organizations flatter and more responsive.  So what are the metrics to use to determine is progress is bring made?  As far as I can tell, this focus area should be part of the regular drumbeat of DoD, not some special focus area, implying that we will look at it, fix it and move on.  Does he serious think that he is going to reshape the entire defense enterprise?  Into what?  And does he really mean to direct  more resources into readiness, or just cut spending in other areas, only so they can become focus area next year?  This one just leaves me uninspired and wondering exactly what we are reforming?

Re-evaluate our military’s force planning construct. This one includes the classic example of Pentagon-speak, namely force planning construct.  In the interest of clarity, I believe he means develop a different way to decide how big the Army, Navy, Air Force and Marine Corps needs to be.  “Challenge assumptions” is a key part of this focus area.  When have you not been to some type of business course where they didn’t say “Challenge the Assumptions?”  Exactly what assumptions will we be challenging, who will challenge them and by what process will we evaluate the accuracy and efficacy of the assumptions? In my experience, DoD did a pretty good job translating the National Security Strategy into what wars and other missions we were supposed to be prepared for, turning that into war plans and then figuring out how many forces we needed to execute the plans.  The problem was always with the front end in defining what the military would be expected to do.  It always turned out to be too expensive.  When I first started paying attention to the war fighting expectations I was a policy wonk on the Joint Staff.  Back then we were supposed to fight and win two wars simultaneously.  That proved so expensive that we had to change it to win one war, while holding our own in another, swinging forces to the the second war once we triumphed in the first.  That, too, became too expensive, so we changed to win two wars, but one of them would be the war on terror.  Frankly, I’m just not sure what the overarching strategy is these days, but I think it can be found in the 2014 QDR (see QDArghhhhhh).  This is what it says:  “U.S. forces could defeat a regional adversary in a large-scale multi-phased campaign, and deny the objectives of – or impose unacceptable costs on – another aggressor in another region,” whatever that means.

Prepare for a prolonged military readiness challenge. This is Pentagon-speak for figure out how to do more with less.

Protecting investments in emerging military capabilities. Not sure why this requires the continued focus of SECDEF. Can’t he just say make sure we have enough money in R&D accounts?  By the way, here is where the grand plan is not to spend more DoD dollars in R&D, but push off the expense of R&D to industry.  That’s not going to work as long as DoD keeps putting pressure on industry to lower profit margins…..Let’s see.  I’m a Captain of industry; What’s my priority for where to put the profits I make? 1) Shareholders, 2) capital improvements, 3)cash reserves, 4) corporate jet 5)R&D.  Hmmmmm what am I going to cut first when my profits drop????

Achieve balance I guess this is the old “tooth-to-tail” argument that Secretary Rumsfeld was fond of.  How much redundancy do we need?  How much forcible entry capability do we need? HOw many forces do we station overseas?  How many fighters do we need and who gets them? and on and on.   We’ve tried this before and the Services resisted any balancing initiatives that left them with less.

Personnel and compensation policy The crux of this priority is to figure out how to have a world-class military force while implementing the lowest price, technically acceptable personnel and compensation schemes. That hasn’t worked so well in the acquisition world and I doubt it will work any better as a personnel policy. This is one I agree that’s needed, but not in its current fashion.

None of these priorities are necessarily bad or wrong, but they are lacking the detail necessary to figure out if they will really make a difference.  Is there someone tracking these priorities and providing monthly updates on progress.  None of these items are terribly original either.  We have all heard these things time and time again.  I can remember tackling the issue of balance way back in 1990 with the AC/RC study done by the Joint Staff.  I would rather see a list of 5 really vexing issues facing the department and put a concentrated effort into fixing them.  The current list has no sense of urgency and just seems like business as usual to me. They are so big, just about everything winds up in a focus area.  Why not focus on specific issues?

OK, Smart guy.  What would your priorities be?” you are asking.  Here is my list:

  1. Make JSF affordable (It’s costing us big time and we will never cut it!)
  2. Rightsize the force, paying attention to Army and Marine Corps (Admit that they are both too big and fix it and stop worrying about hurting feelings)
  3. Develop a sustainable personnel compensation and benefits system by 2017(put together a comprehensive package and stop focusing on the margins)
  4. Accelerate and complete Service transition to ERPs, institute direct treasury disbursement and eliminate DFAS (It’s the 21st Century! Why doesn’t DoD join it with the rest of us?)
  5. Eliminate Department dependence on OCO by 2017. (said another way, produce one budget……..incorporate sequestration and stop pounding people into the dirt developing budgets which are dead on arrival)

Beware the Cyberwock

JabberwockyIn a previous article, Cyber-Too Big Not To Fail, I provided some comments on the recently signed Improving Cybersecurity and Resilience through Acquisition .  This document lists six recommendations for doing just that.  As I mentioned in the article, it’s very hard for a “cyber-outsider” to understand much of what it is saying (which is part of the problem IMHO).  It does however prioritize the recommendations and pushes for tackling Recommendation 4 as a first step.  Recommendation 4 is this: Institute a Federal Acquisition Cyber Risk Management Strategy.  Here is a link to the draft of the plan to implement Recommendation 4.  I had a chance the other day to have a look at a draft document which is in support of implementing Recommendation 4 entitled “Appendix I, Category Definition, Prioritization, and Overlays.”

This document is trying to show how Federal dollars are spent on cybersecurity and then provides a proposed structure on how to characterize the types of cyber acquisitions, based on Product and Service Codes.  I just have to provide a quote to demonstrate just how confusing documents like this are to me (and I suspect to most of us non-geeks). Here it is,”..[This document]..is intended to provide a starting point for the collaborative, stakeholder-centric development of a method for categorizing similar types of acquisition that achieves the goals of recommendation number four…..”  Can anyone tell me what the heck a “collaborative, stakeholder-centric development” means? (Now’s a good time to review my article on Self-Licking Ice Cream Cones.)  I know it’s a complex subject, but geez-louise can we at least use plain English?  It seems to me before we start diving into the pool we ought to see how deep the water is.  By that I mean, I strongly believe that we should spend some time first developing a set of principles to guide us through the process.  These principles should be simple, easily understood and brief.  Once we get the principles right, all the other stuff is easy.  So you heard it here first: Crenshaw’s Cyber Acquisition Guiding Principles.

 

  1. Government and Corporate data must be protected.
  2. Access to data must be controlled at all times.
  3. Risk to Government and Contractors should be considered.
  4. How the information is being used is as important as what hardware is being used to handle the information.
  5. Rules must be consistent with existing rules and regulations to minimize confusion.
  6. Leverage existing rules and regulations before inventing new ones.
  7. Rules must be executable by all, from  the smallest 8A, SDVOSB, Hub Zone firms to world-wide corporations.
  8. Contracting Officers must have enough knowledge in cyber to make reasonable judgments when drafting RFPs
  9. Rules and Regulations must be verifiable with reasonable effort and minimum time (In other words, no 5 year long DCAA audits)
  10. Incident response responsibilities must be clear and incentivized.

OK.  Now that we understand that, perhaps we can get down to putting something on paper that we can work with, not “a collaborative, stakeholder-centric approach”, whatever that means?

Stealth works in the Budget Too!

First thing: Yesterday’s blog on Shared Services fell flat on the website with only a handful of hits.  I take it the world of Shared Services is not so hot on the list of “interesting” topics.  But there’s still a lot of money to be saved there.  In fact, I would contend that there’s a lot of money floating around in areas that most people don’t find so interesting.  It’s the uninteresting that ironically is the most interesting in terms of budget cutting.  They escape scrutiny during the year-to-year  budget battles, floundering in cash. The big programs which matter, act like a Black Hole, sucking up more and more money with less and less light escaping.  On the other side of the coin, the programs with marginal dollars become the darling of the Pentagon budget cutters.  It’s ooh  so easy to cut a Billion or so from the commissary subsidy program, but try and take $10 Million from the JSF and the fan starts getting hit with “not-so-nice stuff.”  With leaders unwilling to take on the issues that really matter and foolishly focusing instead on the margins, I would suggest that they take a look at the “stealth” portions of the budget, those areas with relatively large dollars, but never targeted for cuts.  Forcing agencies into a shared service environment is one of those areas. (There, I said it and I promise never to write another word on Shared Services!).  When looking at these stealthy programs, there’s virtually no risk of offending a large defense corporation, a Congressman or Senator, or even another Service because they have no constituency.  When I did the budget for the Navy I used to think that out of the $130 Billion or so under my control, every Million had a evangelist waiting in the wings to mount the pulpit and extoll the value of their million over the remaining 129,999 million.

How about the family of Defense Working Capital Funds (WCF) and Revolving Funds?  These funds exist  in the shadows, out of public scrutiny, but with lots of dollars associated with them.  For those of you not familiar with working capital funds I suppose you could relate them to petty cash, or “Walking Around” money.  It’s the corpus of operating cash the Department uses to pay  bills day-to-day.  Here’s a link to short list of many of the DoD funds and what’s in them.  In simple terms, when  Organization A provides a service or item to Organization B, it uses the WCF funds to pay their costs and they bill Organization B, using rates set at the beginning of the year.  A takes money from the WCF and B pays it back (at least in theory).  How much money is in these accounts you ask?  North of $100 Billion…..Yep, that’s correct…$100 Billion!!  That’s roughly 20 per cent of the budget.  One of the reasons there’s so much money in these funds is the requirement to carry 7-10 days of cash on-hand.  In this age of electronic accounting, ERPs and near-perfect connectivity I can’t for the life of me figure out why it has to be so much.  Most of these WCFs have their own accounting systems (Darn! I said I wasn’t going to mention Shared Services again).  To be fair, these funds are as close to being run like a commercial business as anything in DoD, and individually they are generally well managed.  But there’s not a lot of cross-talk, the rates don’t generally reflect the real costs of good and services and they are sometimes used as a cash cow to buy just about anything.

So the next time you hear the DoD poobahs whining about the cost of  benefits, people, etc.,  why not ask them about the Working Capital Funds and what they are doing to trim them back.  I’ll bet you they will have to take that question for the record!  Not in their scan because it’s stealthy money, they don’t understand how it works and would rather slash the margins because of their inability to slash the big ticket items.

 

Cyber: Too Big Not To Fail

I admit that I am not much of a cyber-techie.  I do know a little about computers though. When Microsoft announced they were  not supporting Windows XT a while back, I had a bit of a cyber-rebellion because I refuse to spend anymore money on Mircrosoft Operating Systems, which I assume, much like the NSA, report your every keystroke and video back to some central repository for “troubleshooting.”  Right….But I instead elected to move to linux.  I’ve not noticed a degradation in what I can do, don’t have to worry about virus checkers and internet security programs that slow my system down….and all for FREE!  Sometimes the simpler solutions are the best.  I think we have so many problems with IT implementations and cyberattacks because they are so complicated and intricately interwoven that it is impossible for those who make decisions to understand what they are deciding.  Unlike my previous post on the JSF (Too Big to Fail), the cybersecurity and IT world is just the opposite: Too big not to Fail!” It’s just too complicated and the consequences are too dire to trust decisions in the Information and Communications Technology (ICT) world.  (See, you are already behind, it’s no longer IT and Cyber, it’s ICT) Come on, get with it!

I received a briefing yesterday  on a report recently completed by the GSA and DoD entitled, Improving Cybersecurity and Resilience through Acquisition.” It’s signed by Frank Kendall from DoD and Dan Tangherlini of GSA. I’ve read through it a few times and I swear I still can’t make heads of tails out of it, and I very much doubt that the signees did either. The report is about increasing the use of cybersecurity standards in Federal acquisitions. Keep in mind there are similar standards for National Security Systems, so I assume they are so unique that they need their own (there’s always an exception isn’t it?) They make six recommendations in no particular order of priority:

  1. Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions
  2. Address Cybersecurity in Relevant Training
  3. Develop Common Cybersecurity Definitions for Federal Acquisitions
  4. Institute a Federal Acquisition Cyber Risk Management Strategy
  5. Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers,  or Other “Trusted Sources” Whenever Available, in Appropriate Acquisitions
  6. Increase Government Accountability for Cyber Risk Management

I don’t know about you, but I don’t feel any better after reading them than before!  Heck, the wording is so complicated and full of Pentagon-speak I can’t figure out what they mean.  To be fair there are explanatory paragraphs written in the same cyber-jargon that most decision makers in the Pentagon are not likely to understand. It’s fine for the techies to toss all those words around, but wouldn’t it be better when stuff like this is released to the public it would be in the Cybersecurity for Dummies format? At least have the techies who wrote it sign it.

This all flows from the Cyber Stone Tablet, “Framework for Improving Critical Infrastructure Cybersecurity” , done by NIST and released last week. Like most bureaucratic products it’s steeped in organization, tiers, overlays, constructs, phases and interrelated touch-points.  I dare you to understand it!  I’ve seen this before.  Remember the Office of Business Transformation?  They spent so much time developing papers and frameworks and touching those interrelated points that they forgot to do anything.  It was all about organization not about doing.  I see this cyber mess going  down the same path..lots of organization and logical interrelationships with countless coordination meetings between Governing Councils.

How would I do it?

  1. Put one person in charge-the Cyber Czar (even though we don’t like Putin very much)
  2. Listen to the techies, but not be controlled by them
  3. Get buy-in from top leadership that no one is exempt from our policies and regulations
  4. Stop admiring the problem and start doing visible, effective steps to fix the problem
  5. Insist that the Cyber Czar has the authority and the money to reward the stars and punish the evildoers. (nothing gets done without control of the money in this town)
  6. Make it mandatory for all!

 I cringe when I see words like  “this is a living document” and “Use of this voluntary Framework is the next step to improve the cybersecurity of our Nation’s critical infrastructure.” We need action verbs and Proper nouns in this framework

Without those steps, the whole schmegegge will flop because It’s Too Big Not To Fail

DoD IG Report to Congress

DOD_IG_REPORTThe DoD Inspector General released the semi-annual required report to Congress on its activities from April through September 2013.  There are plenty of reports with bad news and some not-as-bad news (I don’t think IG reports ever are better than the not-as-bad category, hence the need for an IG, I suppose).  I focused on  the Financial Management section of the report.  The first thing I found interesting is that in the introductory narrative, while acknowledging “some” progress towards audit readiness is being made by the Department, there was no mention of the audit readiness shining star, the US Marine Corps.  Granted, the report doesn’t cover the period in which the announcement of a clean opinion on the 2012 USMC Statement of Budgetary Resources was made, but they were certainly “breathing heavy” and should have been acknowledged in the report.  I guess it will be in the next report to Congress next September, almost a full year after it happened!

Enough of that! The other items mentioned in the financial section related to the Defense Agency Initiative (DAI), Navy Enterprise Resources Planning (ERP) system, Army General Fund Enterprise Business System (GFEBS), excess motor pool vehicles in the DC area, the DISA audit opinion and a few other cats and dogs.  It’s interesting that the most significant problems all involve ERP systems: DAI, Navy ERP and GFEBS.

The costs of these three systems alone is pretty staggering: $426 Million for DAI, at least $2.4 Billion for first increment of Navy ERP and $1.4 Billion for GFEBS.  That doesn’t count all the false starts, legacy phase-out costs, legacy sustainment costs, and the unknown costs of fixing all the problems being identified by the DoD IG and others.  The upcoming audits of the Services Statements of Budgetary Resources (supposedly to be complete by 2014) will identify more problems and throw more costs onto the burgeoning price tag of these expensive systems.

One wonders if DoD will ever see a real return on the investments being made in ERP systems.  Why not?  I think there a several key reasons:

1.  It is taking way too long to implement them.  Navy ERP has been in implementation since 2003  and still has a way to go.  That sort of snail’s pace exacerbates implementation issues, creates software refresh issues, increases reliance on legacy systems, and tends to make them a continually target for budget reductions.  And with long implementation schedules,  the systems will become obsolete before they reach FOC.

2.  Failure to eliminate legacy systems.  We all know they exist and individual fiefdoms throughout the DoD continue to fund them to the detriment of other, needed capabilities.

3. The leadership outside the Financial Management Community doesn’t understand ERPs and they are the ones who make the real budget decisions.  Without a full understanding of what ERPs are and how, properly implemented, they will make more money available for people and weapons, the leadership is likely to defer funding, further compounding problem 1.

So what to do?

  • Make sure the leadership understands ERPs and what they can do for them. Unified support at the top is essential.
  • Don’t use ERPs as bill payers.
  • Be ruthless in the elimination of legacy systems, forcing users to rely on ERPs.  Do it sooner rather than later. No excuses!
  • Put a priority on implementation with deadlines and make program offices accountable.

I admit DoD ERPs are complex.  But no more so than those of major US companies.  We should learn from them.