• Increase font size
  • Default font size
  • Decrease font size
Home News Archive Managing DoD Supply Chain Risk

Managing DoD Supply Chain Risk

E-mail Print PDF

The Government Accountability Office (GAO) released a very recent report that addressed the Department of Defense’s attempts to manage risk in its programs’ supply chains. The 2016 National Defense Authorization Act (NDAA) required GAO to report back to the House of Representatives regarding “single sources of supply” for DoD’s major weapon programs (MDAPS). This topic is important because contractors can compare their efforts to manage supply chain risk to the government’s efforts, and perhaps even learn a thing or two in the process.

The first thing that GAO found is that DoD’s 2016 report to the Senate was incomplete. It was supposed to have four elements and it fully addressed only two of them. The other two elements (“Identify risk management actions with associated implementation plans and time lines DOD will take to prevent negative operational impact in the event of a loss of such suppliers” and “Identify severity of operational impact of the loss of such suppliers”) were not fully addressed.

Next GAO found that DoD’s report was without value; most people interviewed didn’t know it existed and wouldn’t know how to use it if they were aware of it. GAO wrote—

… program officials GAO spoke with were not aware of DOD’s 2016 report, and thus did not have information about parts from single-source suppliers that are considered to be most critical, which could provide important focus for managing these risks. Second, program offices often rely on the prime contractor to identify single source of supply risks, among other types of risks, and GAO found that program offices in some instances had limited information to manage those risks because DOD does not have a mechanism to ensure program offices obtain complete information from contractors. Without such a mechanism, program offices may not be aware of risks early enough to take proactive actions to understand and, as appropriate, mitigate those risks.

It is commonly understood that the DoD’s program office is responsible for program risk management. GAO noted that several programs had risk management committees that met on a regular basis. However, GAO found that proactive risk management actions were limited, primarily because most (but not all) program offices relied on prime contractors. GAO wrote –

During our interviews at the selected program offices, numerous officials stated that they expect the prime contractor for their program to identify risks related to a single source of supply and to bring that information to the attention of the program office. However, they acknowledged that they do not have a way to ensure this information-sharing and that they are not fully aware of risks that exist in the sub-tiers of contracts. In contrast, officials from two programs, both of which manage older systems that have long been in the sustainment phase of their life cycle, told us they did not rely on contractors for information on supply risks. Officials from one of these program offices stated that while a contractor can be an important partner, the government should not rely on a contractor to understand and manage risks to the federal government. Also, these officials stated that independent analysis is critical to appropriately manage risk.

GAO found that, although DoD was moving toward addressing DMSMS issues, it was not addressing its other supply chain risks—especially those associated with single sources of supply. (“DOD has efforts under way to obtain better information from contractors on obsolescence risks but not for other types of related risks, such as those stemming from a single source of supply.”)

GAO made six recommendations. Two of the six are as follows:

  • The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should develop a mechanism to ensure that program offices obtain information from contractors on single source of supply risks.

  • The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should issue department-wide DMSMS policy, such as an instruction, that clearly defines requirements of DMSMS management and details responsibilities and procedures to be followed by program offices to implement the policy.

In a shocking coincidence, DoD just announced that it wants its contractors to report to them their supply chain weaknesses. According to this article at Defense News (authored by Aaron Mehta), John McGuinn, (acting deputy assistant secretary of defense for defense, manufacturing and industrial base policy) “is hoping industry will volunteer information on weak spots in their industrial supply chains, as part of a broader review and war-gaming effort to discover potential failure points for America’s defense industrial base.” The article quoted McGuinn as saying “We’re looking for industrial base risks, and those risks include foreign dependency, sole source, single source, fragile suppliers, suppliers that may not be looking to stay in the market….”

The article stated: “To help the study, the Pentagon will shortly release a questionnaire to the defense industry to try and gather information about potential weak spots. The questionnaire, which will be entirely voluntary, will go out with help from trade associations and major industry players.”

Thus, if you are a major industry player, you should expect to receive a questionnaire about vulnerabilities in your programs’ supply chains. The amount of effort you put into your response—indeed, whether you decided to respond at all—is completely up to you. It is not a requirement, which is why should you not expect to be reimbursed for by DoD for your efforts. We wonder about the quality of the information DoD will receive back from its contractors, remembering the old adage that “you get what you pay for.”

So GAO says DoD needs to do more, and that it should ask its prime contractors for information. DoD says it will ask its prime contractors for information, on a voluntary basis. This entire situation was predictable and—indeed!—we predicted it here in this blog.

First of all, and not to toot our own horn overmuch, we have been discussing supply chain risk here for many years. For example, in 2010 we ranted about the importance of supply chain management in this piece. In another, more recent, piece, we discussed counterfeit electronic parts and how effective supply chain management (should) work to proactively manage that risk. So we believe our bona fides are solid in this area. We’ve been sounding the alarm for years, and if effective action hasn’t yet been taken by DoD or its contractors, don’t point any fingers of blame in this direction.

Second, DoD itself has had the action to map out its programs’ supply chains for several years. Remember S2T2? Sure you do! We wrote about it several times…

In May, 2011, Frank Kendall testified before a Senate Subcommittee that—

We have undertaken an aggressive effort to map and assess the industrial base sector-by-sector, tier-by-tier (S2T2). The goal is to understand the gross anatomy of the industrial base. Just as doctors do not seek to understand the functioning of every individual neuron in the central nervous system, the Department does not seek to know the exact details and reasoning behind every supplier relationship. But we do need to better understand the industrial base’s nervous system, circulatory system, and bone structure. … The new S2T2 repository of industrial base data will also serve as a jumping off point for future assessments by all Defense Components, ensuring that data collection and analysis cumulates, thereby increasing the value of all industrial base assessment efforts.

We offered our opinion of Mr. Kendall’s testimony in a separate piece that followed on the report above. We wrote—

… we have our doubts about DOD’s ability to accomplish its stated goals. We have yet to encounter very many DOD contractors that have actually mapped their entire supply chains, program by program, and identified where lower tier suppliers support multiple programs. The burden to execute the S2T2 strategy will likely fall on the DCMA—and we don’t think they’re prepared for it. That said, we agree with DOD that it’s a laudable—and even important—objective that needs to be accomplished.

A year later, we offered a perhaps controversial opinion that the S2T2 initiative—while being well-intended—was flawed. We suspected it might be intentionally flawed. We wrote—

We thought—and still think—that it’s a back-office type approach to doing what is really needed, which is to have every single prime contractor map individual program supply chains via a common format, and then aggregate those program supply chains in a secure database. … It has not yet come to pass because it’s not finished yet. It’s not finished yet because … well, the Report doesn’t say. We assert it’s not finished yet—and may never be finished—because it’s not the right approach. Or because it’s not in the best interest of the (former) IP Directorate to actually complete the initiative. …

So what was formerly the Industrial Policy Directorate is now the Deputy Assistant Secretary for Defense (DASD) for Manufacturing and Industrial Base Policy (MIBP). The office has been promoted up in the DOD hierarchy, the office lead has been promoted, and the “realigned” organization now has a long-term “priority” mission that it can use to drive funding requests.

This, readers, is what success looks like at the DOD.

The fact that the DOD bureaucracy is growing in a time of budget cut-backs, and that there is no tangible output from this long-term “comprehensive process” for identifying weak points in the defense industrial supply chain—and, indeed, that no S2T2 completion date has even been set—should not be used to judge these individuals. They are winning by their own applicable criteria.

And if they ever do issue a comprehensive S2T2 analysis, their importance in the Pentagon foodchain will diminish. Which is, perhaps, one reason that the initiative may not ever make as much progress as we think it should.

So while the DOD bureaucrats are reorganizing, so is the industrial base they are supposed to be analyzing. The industrial base is reorganizing and evolving quickly, in response to the endemic forces of the marketplace. In contrast to the nimble movements of the market, the bureaucrats are progressing far more slowly than we think they should be. And they are perhaps sauntering down the wrong path.

What’s interesting to contemplate is the impact of the market reorganizations on the S2T2 analysis. By the time DOD gets the S2T2 data input into the database (using the approved template), we predict that data is going to be largely obsolete, overtaken by real-life events such as mergers, acquisitions, divestitures, spin-offs, and bankruptcies. By the time the S2T2 analysis is completed—if it ever is—it will describe an industrial base that no longer exists.

But that’s okay.

We’re quite sure that the good folks at DASD (MIBP) will be willing to undertake a new S2T2 analysis, if more resources and funding can only be made available to them.

In conclusion, here we are, more than six years after DoD initiated its critical S2T2 initiative. The last substantive thing we could find on S2T2 is right here. One of the PowerPoint’s conclusions is that “DoD will never have complete Industrial Base visibility.” We agree. The only way to get visibility is to have the prime contractors map their program supply chains – and pay them to do it and to provide that information into a database. DoD: if you want to do this right, you need a new contract clause.

Meanwhile, GAO and DoD act as if S2T2 never existed.

But we remember….




In March 2009, Nick Sanders’ article “Surviving Government Audits: Have the Rules of Engagement Changed?” was published in Government Contract Costs, Pricing & Accounting Reports (4 No. 2 GCCPAR P. 11). Apogee Consulting, Inc. is proud to announce that Mr. Sanders’ article was selected for reprint and publication in Thomson West’s The New Landscape of Government Contracting.  Mr. Sanders, Apogee Consulting’s Principal Consultant, joins such distinguished contributors as Professors Steven Schooner and Christopher Yukins, Luis Victorino and John Chierachella, Joseph West and Karen Manos, Joseph Barsalona and Philip Koos and Richard Meene, and several others.  The text covers a lot of ground, ranging from the American Recovery and Reinvestment Act (ARRA) to Business Ethics and Corporate Compliance, and includes several articles on the False Claim Act and the Foreign Corrupt Practices Act.  In addition, the text includes the full text of many statutory and regulatory matters affecting Government contract compliance.


The book may be found here.