Procurement Risk Management
A Guideline for Managers
This guideline provides information and practical advice on risk management in the procurement of goods and services. This guideline will help you to understand:
* what risk management in procurement is
* the key components of risk management
* the process of risk management
* how to develop a risk management plan.
What is risk management in procurement?
Risk management in procurement is about ensuring potential risks associated with the purchase of goods or services are identified, assessed and managed to ensure unexpected or undesirable outcomes are minimised while achieving maximum benefit from the procurement.
Key components of risk management
Three key principles in managing risk in procurement are:
identifying risks – considering potential risks associated with the procurement assessing risk – understanding the nature of the risk, likelihood of the risk occurring and the consequence or impact it may have managing risk – identifying possible controls, courses of action, creation.
Risk management process
Depending on the nature of the procurement, the level of detail required and the management of risk will vary. The following list identifies key steps in the risk management process: 1. communication and consultation
2. establishing the context
3. risk identification
4. risk analysis
5. risk evaluation
6. risk treatment
7. monitoring and review .
The following overviews the key steps and how they potentially relate to procurement activities. For further information on risk management refer to ISO31000: Risk Management, Principles and Guidelines Risk Management Standard. 1. Communication and Consultation
Ensure appropriate communication and consultation is undertaken with internal and external stakeholders. This is relevant for all steps in the risk management process and promotes a common understanding and approach to risks identified and the process of managing them.
2. Establishing the context
This relates to understanding the environment in which the procurement is being undertaken relating to the Organisations , stakeholders, strategy and the associated importance of risk management for the proposed purchase. Issues that may be considered in establishing the risk management context are: * Organisations approach to risk in terms of levels of acceptable risk (financial, economic, reputational, environmental) * the risk assessment criteria in the Organiusations Procurement Risk Management Framework. * importance of the procurement to the business and its objectives * stakeholders – who is involved or impacted by the procurement (public, State, special interest groups, other departments and institutions) * defining relationships between stakeholders and the organisation * defining responsibilities for risk management in the procurement process * previous experience or lessons learned with similar contracts.
3. Risk identification
Project/Contract managers should seek to identify potential risks associated with any procurement decision. Particularly high value, high risk, high profile or complex purchases. There are several useful tools and techniques that can be used, including checklists, brainstorming, drawing on outside or past experience and scenario analysis. Examples of common risk categories in procurement are:
Risk category | Examples |
Planning and preparation | Unrealistic time/cost expectations Conflict with existing contracts/supply arrangements Limited capacity to access necessary information Legal complexities Delays in obtaining approvals Incorrect method of approach selected | Product/service | Limited availability Complex to manufacture Integration of the product into existing environment Delays in delivery, testing and installing Unsafe use of hazardous materials or practices Final...