DoD has requested $17.2 billion for its business systems environment and related IT infrastructure investments for fiscal year 2013. That represents close to half of total DoD IT spending. Business systems are composed of about 2,200 business major programs, which include 310 financial management, 724 human resource management, 580 logistics, 254 real property and installation and 287 weapon acquisition administration systems.
According to GAO business systems are overly complex and error prone. They are characterized by (1) little standardization across the department, (2) multiple systems performing the same tasks, (3) the same data stored in multiple systems, and (4) the need for data to be entered manually into multiple systems. 
In May 2001 GAO recommended that the Secretary of Defense establish the means for effectively developing a corporate, architecture-centric approach to investment control and decision making for successful systems modernization program. Congress has included provisions in the National Defense Authorization Act (NDAA) for Fiscal Year 2005 objectives such as (1) a business enterprise architecture (BEA) and a transition plan for implementing the architecture  , (2) identify systems information in its annual budget submission, (3) establish a systems investment approval and accountability structure along with an investment review process, and (4) certify and approve any business system program costing in excess of $1 million.
DOD’s business systems modernization is a high-risk area, while continuing as an enabler for other high-risk areas. For example, business systems continue as the entry points for access of malware into the DoD networks.
The Deputy Chief Management Officer (DCMO) is accountable for developing and maintaining a department-wide plan for business reform, manages modernization. The DCMO was appointed on October 17, 2008.
DOD lacks the governance mechanisms for implementing business systems modernization objectives:
1. The BEA had yet to be extended to the programs that constitute business missions.
2. Budget submissions omitted key information about business system investments.
3. The supporting business system proposal data were of questionable reliability. The military departments have not defined policies and procedures related to project-level management.
4. Business system modernizations costing more than $1 million continued to be certified and approved, but not based on complete information.
5. Certification and approval decisions were approved even though prior reports had identified program weaknesses that remained unresolved.
6. Lacks the staff needed to perform business systems modernization responsibilities. 41 percent of DCMO positions were unfilled.
DoD’s progress in modernizing its business systems is limited by continued uncertainty about governance mechanism as well as questions about roles and responsibilities of key organizations and senior leadership positions.
Until DoD fully implements methods that address long-standing institutional modernization management controls, business systems modernization will remain a high-risk program and also an increasing major gap in assuring information security.
 DOD’s unclassified systems not defined as national security systems.
 GAO-12-685, Governance Mechanisms for Implementing Management Controls Need to Be Improved.
 An enterprise architecture, or modernization blueprint, provides a clear and comprehensive picture of an entity, whether it is an organization (e.g., federal department or agency) or a functional or mission area that cuts across more than one organization (e.g., financial management). This picture consists of snapshots of the enterprise’s current or “as-is” operational and technological environment and its target or “to-be” environment, and contains a capital investment road map for transitioning from the current to the target environment.