The US Government Accountability Office (GAO) has ordered the Pentagon to sharpen up its procurement policies, particularly in IT.

At the start of July, the GAO told Congress that the Defence Department was costing taxpayers billions of dollars and that systems remained "fundamentally flawed".

Now, however, it has sent a report on the situation to Congress and made 14 recommendations for changes. It warned that if its recommendations aren't heeded, future IT investments at the Pentagon will be put at risk.

And the financial consequences could be huge, the GAO claimed. Of the $28 billion in IT funding that the Pentagon requested for the government's current fiscal year, $19 billion will go toward operations, maintenance and modernisation of business systems as opposed to military command-and-control systems, according to the GAO.

It was asked late last year by the Senate's subcommittee on military readiness and management support to evaluate the Pentagon's procurement guidelines to see if they were consistent with private-sector best practices and included sufficient controls.

The GAO report said recent revisions do include many procedures followed by corporates, such as the need to economically justify systems investments and to continually measure projects against financial baselines. But it added that the Pentagon left out other best practices, most notably ones related to rollouts of packaged applications.

Defence officials told the GAO that more best practices will be added by 30 September, but there are no documented plans for doing so, the GAO said, and the required personnel haven't been assigned yet "due to higher-priority needs".

Among the recommendations made by the GAO is a suggestion that the Defence Department create a formal plan to incorporate missing best practices. The report also calls for the Pentagon to discourage modification of third-party applications and develop plans to evaluate systems integrators based on their ability to install commercial applications.

Another hole involves risk management processes for identifying potential problems and creating plans for dealing with them, the GAO said. Without such oversight capabilities, it's "likely that acquisition risks will become cost, schedule and performance problems," the GAO said.

In a letter to the GAO that was included in the report, the Pentagon said it agreed with some of the recommendations. But it disagreed or only partially concurred with others.

For example, the GAO's call for a detailed plan for beefing up the business system policies is unnecessary and "inappropriate", it said in its letter, signed by deputy assistant Secretary of Defense John R. Landon.

Landon also said that the Pentagon doesn't see the need to incorporate risk management processes into the IT procurement guidelines because it already has sufficient processes in place.