Defense Supply Chain: DOD Needs Complete Information on Single Sources of Supply to Proactively Manage the Risks
Highlights
What GAO Found
The Department of Defense's (DOD) 2016 report on risks associated with single sources of supply did not fully address two of the four elements directed by a Senate report and did not include other information that would have provided further insight into those risks. DOD included information on major defense acquisition programs and supporting parts provided by each single source of supply. However, DOD did not include implementation plans and timelines for risk mitigation actions or information about the effects of the loss of suppliers, as directed. In addition, complete information about DOD organic facilities was not included. While DOD is not required to update its report, it regularly reports industrial base information to congressional committees. Without complete information about critical suppliers, congressional and DOD decision makers do not know all potential risks and effects associated with the loss of single sources of supply for weapon systems.
GAO Assessment of Department of Defense (DOD) 2016 Report on Single Source of Supply
|
Reporting element from Senate Report 114-49 |
Assessment |
|
Identify major defense acquisition programs with operational implications. |
● |
|
Include a list of critical components provided by single-source and single- provider suppliers. |
● |
|
Identify risk management actions with associated implementation plans and time lines DOD will take to prevent negative operational impact in the event of a loss of such suppliers |
◐ |
|
Identify severity of operational impact of the loss of such suppliers. |
○ |
Legend: ● Addressed ◐ Partially Addressed ○ Did not address
Source: GAO analysis of DOD report. | GAO-17-768
Program offices do not have complete information to fully identify and manage single source of supply risks. First, program officials GAO spoke with were not aware of DOD's 2016 report, and thus did not have information about parts from single-source suppliers that are considered to be most critical, which could provide important focus for managing these risks. Second, program offices often rely on the prime contractor to identify single source of supply risks, among other types of risks, and GAO found that program offices in some instances had limited information to manage those risks because DOD does not have a mechanism to ensure program offices obtain complete information from contractors. Without such a mechanism, program offices may not be aware of risks early enough to take proactive actions to understand and, as appropriate, mitigate those risks. Third, DOD has a program intended to provide information regarding the loss of suppliers and shortages and to proactively manage these risks, called the Diminishing Manufacturing Sources and Material Shortages (DMSMS) program, but GAO found that DMSMS implementation varied at selected program offices. DOD is taking steps toward improving DMSMS management, but there is no department-wide policy that clearly defines the requirements for DMSMS implementation at the program office level throughout the acquisition life cycle. Without such a policy there is no clearly defined requirement for program managers to proactively manage DMSMS issues.
Why GAO Did This Study
DOD has an extensive network of suppliers that provide millions of parts needed to sustain its weapon systems. Some parts are provided by a single source of supply (e.g., one manufacturing facility), and if that single source were no longer able to provide the part, DOD could face challenges in maintaining systems. Senate Report 114-49 directed DOD to report on risks associated with single sources of supply. DOD completed its report in October 2016.
House Report 114-102, accompanying a bill for the National Defense Authorization Act for Fiscal Year 2016, included a provision that GAO review single sources of supply for major defense acquisition programs. This report evaluates the extent to which (1) DOD's 2016 report addressed the direction in the Senate report and (2) DOD's weapon systems program offices have information for identifying and managing single source of supply risks. GAO reviewed DOD policy and procedures, analyzed DOD's report, and interviewed officials from a non-generalizable selection sample of nine program offices.
Recommendations
GAO is recommending that DOD provide complete information to decision makers on risk mitigation plans and timeframes, potential effects from losses, and all critical facilities, commercial and organic, regarding risks from single sources of supply; share information on critical risks with program offices; develop a mechanism to ensure program offices obtain complete information; and issue a DMSMS policy. DOD concurred with GAO's six recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the Defense Contract Management Agency (DCMA) and the military departments, should assess whether risk mitigation actions have been identified in the event of a loss of each task critical assets (TCA) facility in the defense industrial base and, based on this assessment, develop risk mitigation actions with associated implementation plans and time lines, and provide this information to congressional and DOD decision makers. (Recommendation 1) | DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include the issuance of the mission assurance instruction in August 2018 that guides the identification, prioritization, and assessment of defense critical infrastructure. Further, Executive Order 13806 required that DOD perform a whole-of-government assessment of the manufacturing and the defense industrial base, assess risk, identify impacts, and propose mitigation strategies. DOD issued the resulting report in October 2018, which includes a focus on numerous... single source and sole supply risks. As part of this response, DOD completed detailed assessments of key sectors within the industrial base and DOD officials stated that the sectors of the defense industrial base are aligned with key defense capabilities and would be the framework for analyzing risks and associated mitigation strategies going forward. For each sector, the report identifies major risks, which includes single and sole source issues, and includes a discussion of gaps or vulnerabilities and mitigation strategies that identify responsibilities and factors affecting timelines. DOD officials stated in November 2019 that a tracker exists for department officials to track these risks, mitigation strategies, and other information and working groups for each sector utilizes this tracker as part of their efforts. Additionally, DOD officials stated that DOD senior leadership and Congress were briefed in May 2019 on investments planned to reduce risks and updates will be included in an annual Industrial Capabilities Report to Congress. Lastly, DOD officials stated that in addition to OUSD(A&S) efforts, DCMA continuously assessed risks at TCAs and provides yearly updates. DOD has placed considerable focus on defense industrial base issues in the past few years, and in DOD's 2020 Industrial Capabilities Annual Report to Congress, the department has continued to utilize the framework of defense sectors and has included information on the risks associated with each sector and impacts on the sector resulting from risks, as well as mitigation strategies and sector outlooks. While DOD's efforts differ slightly from our recommendation regarding TCA terminology, the department has taken steps to clearly identify the key sectors, or defense capabilities, that are affected by risks within the defense industrial base and has continued to place considerable focus and analyses on those risks by sector. As such, we consider the intent of this recommendation met and closed as implemented as of July 2021.
View More |
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on potential effects on defense capabilities in the event of a loss of each TCA facility in the defense industrial base. (Recommendation 2) | DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include a description of the mission assurance process (including DCMA's annual update of TCAs in the Strategic Mission Assurance Data System) and the annual report on the industrial capabilities that were already in place at the time of issuance of this report, therefore do not represent a change or response to this recommendation. Since the issuance of this report, however, the Department has provided briefings to Congress regarding supply chain risks, most...
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on DOD organic facilities that have been identified as TCAs, similar to the information provided previously on commercial facilities. This information also should include (1) the potential effects on defense capabilities in the event of a loss of the facility and (2) risk mitigation actions and associated implementation plans with time lines. (Recommendation 3) | DOD concurred with this recommendation. In November 2019, DOD provided follow up information and identified key corrective actions for recommendations from this report. The key corrective actions identified for this recommendation include the annual mission assurance process that was already in place at the time of the issuance of this report, which does not reflect a change in response to this recommendation. However, other key corrective actions identified include the identification of several DOD-owned assets in the report DOD issued in response to Executive Order 13806 in October 2018. Further, DOD states that it provides yearly updates to Congress in its Industrial Capabilities...
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should take steps to share information on risks identified through the annual Critical Asset Identification Process with relevant program managers or other designated service or program officials. At a minimum, relevant officials should receive information on the most critical facilities (such as TCAs) that produce parts supporting their programs. This information-sharing could occur through service-specific channels of communication or another method of internal communication deemed appropriate by DOD. (Recommendation 4) | DOD concurred with this recommendation. As of August 2018, DOD officials stated that they are in the process of developing proactive steps to share information on risks identified through the annual CAIP with relevant program managers, or other designated service or program officials as necessary. Executive Order 13806 required that DOD perform a whole-of-government assessment of the manufacturing and the defense industrial base, assess risk, identify impacts, and propose mitigation strategies. DOD issued the resulting report in October 2018, which included a focus on numerous single source and sole supply risks. As part of this response, DOD completed detailed assessments of key sectors...
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should develop a mechanism to ensure that program offices obtain information from contractors on single source of supply risks. (Recommendation 5) | DOD concurred with this recommendation. In November 2019, DOD provided key corrective actions for this recommendation, which stated that multiple services and agencies began in 2018 to incorporate contracting language to require prime contractors to track and provide sub-tier data and that this effort will expand to cover more programs. Further, it stated that in the Industrial Base Integrated Data System, suppliers are indicated as either single or sole source suppliers and that the services and agencies have access to this list. DOD's 2020 Industrial Capabilities Report to Congress identifies the key sectors of the defense industrial base that have risks from single or sole sources of...
|
| Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics | The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should issue department-wide DMSMS policy, such as an instruction, that clearly defines requirements of DMSMS management and details responsibilities and procedures to be followed by program offices to implement the policy. (Recommendation 6) | DOD concurred with this recommendation. In November 2020, DOD issued an instruction that details the management of a department-wide Diminishing Manufacturing Sources and Material Shortages (DMSMS) program. DOD Instruction 4245.15 establishes and implements risk-based, proactive DMSMS management throughout the life cycle of all DOD items and requires resolutions to minimize or eliminate risks and negative impacts resulting from DMSMS issues. Further, the instruction details the responsibilities of DOD offices and organizations and the procedures to be followed, including program offices and DMSMS performing organizations. As this instruction addresses our recommendation, we consider this...
|