DHS, GAO don't see eye-to-eye on EA

The Government Accountability Office today released a report acknowledging the progress the Homeland Security Department has made in developing an enterprise architecture but criticizing the blue print for lacking sufficient detail.

"It is missing, either in part or in total, all of the key elements expected to be found in a well-defined architecture, such as descriptions of business processes, information flows among these processes, and security rules associated with these information flows, to name just a few," the report stated.

Last September, with help from San Diego-based Science Applications International Corp., DHS finished the first version of its architecture in only four months. The department was under pressure to finish the document in order to prepare its IT budget request.

One of the GAO's chief complaints was that the DHS architecture seemed like little more than a compilation of architectures from the department's 22 component agencies. SAIC worked on several of those architectures.

Lee Holcomb, chief technology officer at DHS, recently told Washington Technology a second, more detailed version of the department's EA would be out this fall.

In a detailed reply to the report, DHS admitted it had a long way to go in creating its target architecture, but the department took issue with many of GAO's findings.

"The DHS EA was evaluated against an unrealistic expectation that the first version would comprehensively address the full national scope of the homeland security enterprise," wrote Anna Dixon of DHS' Office of the Chief Financial Officer. "While this full scope is one of the highest priorities of the EA effort, the scope is long term and collaborative in nature."

For its part, GAO disagreed with many of the objections DHS raised. Some of the disagreements stemmed from the definition of a business process. DHS insisted its EA adequately described its business processes, but GAO didn't see it that way.

"While we acknowledge that there are high-level business functions and activities in the business model, the model did not define business processes," the report said. "Business process descriptions have a definitive beginning and end and reflect the interrelationships among business functions and activities."

DHS and GAO also disagreed on whether the architecture adequately detailed existing systems, systems to be deployed and systems to be phased out.

Oddly enough, it appears even DHS is confused about where its EA currently stands. Despite the department's lengthy objection to parts of the report, GAO said when it first shared its findings with senior DHS architects and contractors, they agreed with the findings.

"To their credit, the department's chief information officer and senior architecture officials recognize the architecture's limitations and are in the process of developing a new version," wrote Randy Hite, GAO's director of information technology architecture and systems issues.