Defense Supply Chain: DOD Needs Complete Information on Single Sources of Supply to Proactively Manage the Risks
Highlights
What GAO Found
The Department of Defense's (DOD) 2016 report on risks associated with single sources of supply did not fully address two of the four elements directed by a Senate report and did not include other information that would have provided further insight into those risks. DOD included information on major defense acquisition programs and supporting parts provided by each single source of supply. However, DOD did not include implementation plans and timelines for risk mitigation actions or information about the effects of the loss of suppliers, as directed. In addition, complete information about DOD organic facilities was not included. While DOD is not required to update its report, it regularly reports industrial base information to congressional committees. Without complete information about critical suppliers, congressional and DOD decision makers do not know all potential risks and effects associated with the loss of single sources of supply for weapon systems.
GAO Assessment of Department of Defense (DOD) 2016 Report on Single Source of Supply
|
Reporting element from Senate Report 114-49 |
Assessment |
|
Identify major defense acquisition programs with operational implications. |
● |
|
Include a list of critical components provided by single-source and single- provider suppliers. |
● |
|
Identify risk management actions with associated implementation plans and time lines DOD will take to prevent negative operational impact in the event of a loss of such suppliers |
◐ |
|
Identify severity of operational impact of the loss of such suppliers. |
○ |
Legend: ● Addressed ◐ Partially Addressed ○ Did not address
Source: GAO analysis of DOD report. | GAO-17-768
Program offices do not have complete information to fully identify and manage single source of supply risks. First, program officials GAO spoke with were not aware of DOD's 2016 report, and thus did not have information about parts from single-source suppliers that are considered to be most critical, which could provide important focus for managing these risks. Second, program offices often rely on the prime contractor to identify single source of supply risks, among other types of risks, and GAO found that program offices in some instances had limited information to manage those risks because DOD does not have a mechanism to ensure program offices obtain complete information from contractors. Without such a mechanism, program offices may not be aware of risks early enough to take proactive actions to understand and, as appropriate, mitigate those risks. Third, DOD has a program intended to provide information regarding the loss of suppliers and shortages and to proactively manage these risks, called the Diminishing Manufacturing Sources and Material Shortages (DMSMS) program, but GAO found that DMSMS implementation varied at selected program offices. DOD is taking steps toward improving DMSMS management, but there is no department-wide policy that clearly defines the requirements for DMSMS implementation at the program office level throughout the acquisition life cycle. Without such a policy there is no clearly defined requirement for program managers to proactively manage DMSMS issues.
Why GAO Did This Study
DOD has an extensive network of suppliers that provide millions of parts needed to sustain its weapon systems. Some parts are provided by a single source of supply (e.g., one manufacturing facility), and if that single source were no longer able to provide the part, DOD could face challenges in maintaining systems. Senate Report 114-49 directed DOD to report on risks associated with single sources of supply. DOD completed its report in October 2016.
House Report 114-102, accompanying a bill for the National Defense Authorization Act for Fiscal Year 2016, included a provision that GAO review single sources of supply for major defense acquisition programs. This report evaluates the extent to which (1) DOD's 2016 report addressed the direction in the Senate report and (2) DOD's weapon systems program offices have information for identifying and managing single source of supply risks. GAO reviewed DOD policy and procedures, analyzed DOD's report, and interviewed officials from a non-generalizable selection sample of nine program offices.
Recommendations
GAO is recommending that DOD provide complete information to decision makers on risk mitigation plans and timeframes, potential effects from losses, and all critical facilities, commercial and organic, regarding risks from single sources of supply; share information on critical risks with program offices; develop a mechanism to ensure program offices obtain complete information; and issue a DMSMS policy. DOD concurred with GAO's six recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the Defense Contract Management Agency (DCMA) and the military departments, should assess whether risk mitigation actions have been identified in the event of a loss of each task critical assets (TCA) facility in the defense industrial base and, based on this assessment, develop risk mitigation actions with associated implementation plans and time lines, and provide this information to congressional and DOD decision makers. (Recommendation 1) |
DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include the issuance of the mission assurance instruction in August 2018 that guides the identification, prioritization, and assessment of defense critical infrastructure. Further, Executive Order 13806 required that DOD perform a whole-of-government assessment of the manufacturing and the defense industrial base, assess risk, identify impacts, and propose mitigation strategies. DOD issued the resulting report in October 2018, which includes a focus on numerous single source and sole supply risks. As part of this response, DOD completed detailed assessments of key sectors within the industrial base and DOD officials stated that the sectors of the defense industrial base are aligned with key defense capabilities and would be the framework for analyzing risks and associated mitigation strategies going forward. For each sector, the report identifies major risks, which includes single and sole source issues, and includes a discussion of gaps or vulnerabilities and mitigation strategies that identify responsibilities and factors affecting timelines. DOD officials stated in November 2019 that a tracker exists for department officials to track these risks, mitigation strategies, and other information and working groups for each sector utilizes this tracker as part of their efforts. Additionally, DOD officials stated that DOD senior leadership and Congress were briefed in May 2019 on investments planned to reduce risks and updates will be included in an annual Industrial Capabilities Report to Congress. Lastly, DOD officials stated that in addition to OUSD(A&S) efforts, DCMA continuously assessed risks at TCAs and provides yearly updates. DOD has placed considerable focus on defense industrial base issues in the past few years, and in DOD's 2020 Industrial Capabilities Annual Report to Congress, the department has continued to utilize the framework of defense sectors and has included information on the risks associated with each sector and impacts on the sector resulting from risks, as well as mitigation strategies and sector outlooks. While DOD's efforts differ slightly from our recommendation regarding TCA terminology, the department has taken steps to clearly identify the key sectors, or defense capabilities, that are affected by risks within the defense industrial base and has continued to place considerable focus and analyses on those risks by sector. As such, we consider the intent of this recommendation met and closed as implemented as of July 2021.
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on potential effects on defense capabilities in the event of a loss of each TCA facility in the defense industrial base. (Recommendation 2) |
DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include a description of the mission assurance process (including DCMA's annual update of TCAs in the Strategic Mission Assurance Data System) and the annual report on the industrial capabilities that were already in place at the time of issuance of this report, therefore do not represent a change or response to this recommendation. Since the issuance of this report, however, the Department has provided briefings to Congress regarding supply chain risks, most recently in April 2021 when officials briefed the HASC Defense Critical Supply Chain Task Force on supply chain risks, including those related to single source suppliers. Additionally, in response to Executive Order 13806, DOD issued a report on the defense industrial base and supply chain resiliency in September 2018 that provided a whole of government assessment of the defense industrial base risks and impacts and briefed Congress on those results. As part of this response, DOD completed detailed assessments of key sectors within the industrial base. DOD officials stated that the sectors of the defense industrial base are aligned with key defense capabilities and would be the framework for analyzing risks and associated mitigation strategies going forward. Key sectors include traditional defense capabilities, such as aviation and shipbuilding, as well as cross-cutting sectors such as the organic defense industrial base and electronics and software engineering. Further, since the issuance of this GAO report, subsequent publications of DOD's Industrial Capabilities Annual Report to Congress, to the Department has continued to utilize the framework of defense sectors and has included information on the risks associated with each sector and impacts on the sector resulting from risks, as well as mitigation strategies and sector outlooks. While DOD's efforts differ slightly from our recommendation regarding TCA terminology, the department has taken steps to clearly identify the key sectors, or defense capabilities, which are affected by risks within the defense industrial base and has continued to place considerable focus and analyses on those risks by sector. As of July 2021, we consider the intent of this recommendation met and closed as implemented.
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on DOD organic facilities that have been identified as TCAs, similar to the information provided previously on commercial facilities. This information also should include (1) the potential effects on defense capabilities in the event of a loss of the facility and (2) risk mitigation actions and associated implementation plans with time lines. (Recommendation 3) |
DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include the annual mission assurance process that was already in place at the time of the issuance of this report, which does not reflect a change in response to this recommendation. However, other key corrective actions identified include the identification of several DOD-owned assets in the report DOD issued in response to Executive Order 13806 in October 2018. Further, DOD states that it provides yearly updates to Congress in its Industrial Capabilities report. DOD placed considerable focus on defense industrial base issues in the past year as a result of the Executive Order 18806. The 2020 annual Industrial Capabilities report published in January 2021 includes the organic industrial base as one of the key sectors that are priorities for the defense industrial base and are the subject of in depth ongoing assessments. The report identifies the important organic manufacturing arsenals, major depot maintenance facilities, and ammunition plants. Further, it identifies major risks to this sector, which includes sole source issues, and includes a discussion of gaps or vulnerabilities and mitigation strategies that identify responsibilities and timelines. Additionally, detailed information on organic facilities is available to DOD decision makers in its Strategic Mission Assurance Data System and through its Mission Assurance process. As the organic defense industrial base was identified as a key sector in the Executive Order 13806 report in 2018 and has continued to be a key sector in subsequent annual reports to Congress, this demonstrates that the department has placed considerable emphasis on organic facilities. As a result of these actions, we consider this recommendation closed as implemented as of July 2021.
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should take steps to share information on risks identified through the annual Critical Asset Identification Process with relevant program managers or other designated service or program officials. At a minimum, relevant officials should receive information on the most critical facilities (such as TCAs) that produce parts supporting their programs. This information-sharing could occur through service-specific channels of communication or another method of internal communication deemed appropriate by DOD. (Recommendation 4) |
DOD concurred with this recommendation. As of August 2018, DOD officials stated that they are in the process of developing proactive steps to share information on risks identified through the annual CAIP with relevant program managers, or other designated service or program officials as necessary. Executive Order 13806 required that DOD perform a whole-of-government assessment of the manufacturing and the defense industrial base, assess risk, identify impacts, and propose mitigation strategies. DOD issued the resulting report in October 2018, which included a focus on numerous single source and sole supply risks. As part of this response, DOD completed detailed assessments of key sectors within the industrial base and identified major risks, which includes single and sole source issues, and included a discussion of gaps or vulnerabilities and mitigation strategies with factors affecting timelines. DOD officials stated in November 2019 that the terminology for the most key risks for the defense industrial base has changed to a focus on defense sectors and the associated working groups that focus on these sectors. They stated that the Critical Asset Identification Process is still important as it is the first phase of the Mission Assurance process, but the sector based analysis and reviews are a more structured way to identify and address risks in the defense industrial base. They stated that a tracker exists for department officials to track and share information about risks, mitigation strategies, and other information and working groups for each sector utilizes this tracker as part of their efforts. Lastly, DOD officials stated that there is considerable information sharing that occurs at the working groups and the larger Joint Industrial Base Working Group. DOD placed considerable focus on defense industrial base issues in the past few years, and in DOD's 2020 Industrial Capabilities Annual Report to Congress, the department has continued to utilize the framework of defense sectors and has included information on the risks associated with each sector and impacts on the sector resulting from risks, as well as mitigation strategies and sector outlooks. Lastly, DOD has issued guidance for contract language for program offices to use to ensure lower level contractors provide better information about risks to the program office. While DOD will not be able to identify all risks proactively, the department has taken numerous steps to identify risks within the defense industrial base and share information about those risks and DOD officials state this focus will continue as it fully implements its Mission Assurance process. As such, we consider this recommendation closed as implemented as of July 2021.
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should develop a mechanism to ensure that program offices obtain information from contractors on single source of supply risks. (Recommendation 5) |
DOD concurred with this recommendation. In November 2019, DOD provided key corrective actions for this recommendation, which stated that multiple services and agencies began in 2018 to incorporate contracting language to require prime contractors to track and provide sub-tier data and that this effort will expand to cover more programs. Further, it stated that in the Industrial Base Integrated Data System, suppliers are indicated as either single or sole source suppliers and that the services and agencies have access to this list. DOD's 2020 Industrial Capabilities Report to Congress identifies the key sectors of the defense industrial base that have risks from single or sole sources of supply as well as Diminishing Manufacturing Source and Material Shortages (DMSMS). In October 2019, DOD issued a guidebook to provide contract language for program offices to use to define management requirements that a program office should consider and further indicates which of those requirements apply as a function of the responsibilities assigned to the contractor throughout a program's life cycle. Sample contract language is provided to help program offices prevent and mitigate risks stemming from single and sole providers and DMSMS. Lastly, DOD officials stated that better management of supply risks at the program office level is now a focus of discussion at the Joint Industrial Base Working Group, which is chaired by chaired by the OUSD (Industrial Policy) and the Defense Contract Management Agency and is the central hub for U.S. government stakeholders to share information, identify and prioritize risks, and accelerate the implementation of risk mitigation strategies. As such, DOD has taken numerous steps to ensure that program offices obtain better information from contractors on single sources of supply and related risks, including DMSMS, and we consider this recommendation closed as implemented as of July 2021.
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should issue department-wide DMSMS policy, such as an instruction, that clearly defines requirements of DMSMS management and details responsibilities and procedures to be followed by program offices to implement the policy. (Recommendation 6) |
DOD concurred with this recommendation. In November 2020, DOD issued an instruction that details the management of a department-wide Diminishing Manufacturing Sources and Material Shortages (DMSMS) program. DOD Instruction 4245.15 establishes and implements risk-based, proactive DMSMS management throughout the life cycle of all DOD items and requires resolutions to minimize or eliminate risks and negative impacts resulting from DMSMS issues. Further, the instruction details the responsibilities of DOD offices and organizations and the procedures to be followed, including program offices and DMSMS performing organizations. As this instruction addresses our recommendation, we consider this recommendation closed as implemented.
|