Logo PTI Logo icrmat

Proceedings of the 2022 International Conference on Research in Management & Technovation

Annals of Computer Science and Information Systems, Volume 34

Integration of Supply Chain Risk Management into the Enterprise Risk Management Program for the Department of Defense


DOI: http://dx.doi.org/10.15439/2022M8894

Citation: Proceedings of the 2022 International Conference on Research in Management & Technovation, Viet Ha Hoang, Vijender Kumar Solanki, Nguyen Thi Hong Nga, Shivani Agarwal (eds). ACSIS, Vol. 34, pages 3741 ()

Full text

Abstract. This paper explores supply chain risk management (SCRM) integration into the enterprise risk management (ERM) program across the Department of Defense for three main reasons: responsibility, necessity, and visibility. Multiple laws, orders, policies, strategies, and standards hold Federal leaders responsible for their agencies' performance. The current global nature of the DoD's supply chain, its dependency on information technology, and the constant threats in the cyber realm make it necessary to integrate SCRM into the ERM program. Should DoD leadership lose sight of these threats, the impact on the enterprise could be catastrophic. As a result, DoD leaders must maintain the visibility of the supply chain as part of the ERM program. While many organizations have treated SCRM and ERM separately throughout the years, technology and the exponential growth of cyber threats have brought those days to a close. The importance of the supply chain to mission accomplishment, coupled with persistent threats in the cyber-realm, dictates the integration of SCRM and ERM as a requirement. This paper explains the issues above while giving multiple examples of why integration is imperative. Should the DoD make SCRM part of its ERM program, the chances of remaining a dominant global force will continue well into the future for Cybersecurity professionals working in U.S. organizations.


  1. U.S. Chief Financial Officers Council (USCFOC), Playbook: enterprise risk management for the U.S. federal government, 2016
  2. U.S. Government Accountability Office (GAO), Enterprise risk management: selected agencies’ experiences illustrate practices in managing risk, 17-63. (2016).
  3. Donovan, S., OMB circular no. A-123: management’s responsibility for enterprise risk management and internal control, 2016
  4. Association for Federal Enterprise Risk Management (AFERM), Federal enterprise risk management survey results, (2019).
  5. Office of Management and Budget (OMB). Circular no. A-130: Management of federal information resources. 2000.
  6. Federal Acquisition Supply Chain Act (FASCA) of 2018, Title II of the SECURE Technology Act (Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure) (H.R. 7327, 41 USC Chap. 13 Subchap. III and Chap. 47, P.L. 115-390)
  7. Obama, B. The comprehensive national cybersecurity initiative, 2009.
  8. Obama, B. National strategy for global supply chain security, 2012.
  9. Department of Defense Instruction (DoDI) 4140.01. DoD Supply Chain Material Management , 2019.
  10. Boyens, J., Paulsen, C., Moorthy, R., & Bartol, N., Supply chain risk management practices for federal information systems and organizations. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-161. 2015
  11. Cimpanu, C., Logitech wireless USB dongles vulnerable to new hijacking flaws, 2019
  12. Scannel, T., Curkovic, S., & Wagner, B. Integration of ISO 31000:2009 and supply chain risk management. American Journal of Industrial and Business Management, 3, 367-77., 2013.
  13. Department of Defense Manual (DoDM) 4140.01, vol.1. DoD Supply Chain Material Management Procedures: Operational Requirements.
  14. U.S. Government Accountability Office (GAO) 18- 667T, Information security: supply chain, 2018.
  15. Department of Defense Instruction (DoDI) 5200.44, Protection of Mission Critical Functions to Achieve Trusted Sysxtems and Networks., 2018
  16. U.S. Department of Defense, Defense Science Board (DoDDSB), Task force report: resilient military systems and the advance cyber threat, 2013.
  17. Department of Defense Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System, (2019).