How to Manage Risk in Procurement

Risk Management in Procurement 

Risk is an event that is capable of impeding procurement from achieving functional and business objectives. There is risk in every supply relationship, without these risks it is difficult to achieve enhanced value. The focus should be on identifying these risks, assessing them effectively and managing them proactively. Therefore, it is good practice for procurement to have a holistic process to risk management. This process should be underpinned by a well-defined risk identification and assessment process, an effective risk strategy and a managed risk register. 

Risk identification and Assessment Process

This is the process where procurement recognises the risk and seeks to minimise the probability of occurrence and impact. Effective risk management recognises that there is an ‘upside’ and ‘downside’ to every risk. Upside refers to new opportunities and downside refers to threats and vulnerabilities, any risk management strategy should seek to exploit ‘upside’ and mitigate ‘downside’. The risk management process is made of 5 Phases:

 Phase 1: Identify: Identify the risk and source
 Phase 2: Establish: Establish probability of occurrence
 Phase 3: Assessment: Evaluate impact of occurrence
 Phase 4: Investigate: Investigate risk reduction options
 Phase 5: Control: Deploy mitigating strategies and monitor against plan

Risk Strategy

Risk mitigation strategy are those actions taking by procurement to manage supply chain risks, these usually falls under the 4T’s framework.

Terminate: Procurement recognises the risk and it is deemed too risky to proceed and terminated. The need to terminate the risk arises because effective mitigating strategies are too risky, complex or expensive to contemplate.

Tolerate: Under this strategy, the risk is tolerated. This is usually after the risk has been identified and it is established that the probability of occurrence is low or the risk has been reduced to levels commensurate with risk appetite.

Transfer or part transfer: The risk is identified, and the most effective way to manage or resolve the risk is to transfer it to a third party. Outsourcing or insurance are ways of achieving this strategy. Part transfer is also a way of risk sharing with a third party, in this approach some elements of the risk are transferred to a third party. The elements transferred should always be those the business is incapable of managing.

Treat: Procurement recognises the likelihood of occurrence and impact to supply and actively manages the risk by implementing mitigating strategies. Treating the risk will not eliminate it, rather, it reduces it to an acceptable level with an element of residual risk. The residual risk can be tolerated or transferred.

Risk Register

A risk register is an important element in risk management and it is crucial to an effective risk management process. The risk register is where the outcome of a risk assessment and mitigating strategies are logged and made visible to stakeholders. The risk register should contain a definition of the risk, probability of occurrence and impact, control or mitigating strategy, proposed action plan and an assigned owner.

Managing supply relationships is challenging, and risk will always be a factor in these relationships. The task for procurement is to recognise these risks, manage them effectively and insulate the business from supply chain risks and vulnerabilities.

By Daniel Usifoh