Risk arises because of uncertainty about the future. It could involve the possibility of economic or social loss, or incur damage or delay. Risk management provides a structured way of assessing and dealing with future uncertainty. This leads to more efficient and effective decisions, greater certainty about the future and reduced risk exposure.
In every procurement transaction a degree of risk is involved, although most of the time it is not recognised and expressed as such. This is true for simple purchases, for example, ordering a meal or a bottle of wine in a restaurant. It is especially true when ordering complex goods or services, where the specification is not pre-determined, the outcomes are unsure, and the provider unknown.
Subjecting a procurement to risk analysis is a challenge for most functional areas. They do not wish to expose incompetence, flawed processes, inadequate choice of contractor, lack of knowledge of cost drivers and contractual ineptness. The more enlightened professionals recognise the value in effective procurement risk management.
There may be many formal reasons for risk analysis, which may include:
Risk management process
- Economic viability assessment, for high-level, strategic decision making
- Financial feasibility assessment
- Accountability for managers, staff, end users and suppliers to demonstrate that they have fully assessed all the material risks, that the measures taken to control risk are appropriate and the economic reward for taking that risk is adequate
- Contractual purposes, to assess alternative contractual and legal frameworks for the project, including deciding who should bear which risks and determining an equitable sharing of risks and rewards between the council and suppliers
- Tendering, when deciding whether or not to accept a bid
- Regulatory purposes, to demonstrate robust processes
- Communication purposes, to provide information for contract sponsors, contractors or partners, or to demonstrate capability and competence in an area.
There are three key stages to managing risk effectively:
1) Early and systematic identification, analysis and assessment of risks and the development of plans for dealing with them.
2) The allocation of responsibility to the party best placed to manage the risks.
3) Ensure that the costs incurred are commensurate with the importance of the contracted services and the risks involved.
It is important to consider the process logically from the very start to the end, and to be as realistic as possible. An element of lateral thinking can help to identify risks. It is a good idea to have as many people as possible, with a wide range of experience, using innovative tools, to participate in the identification of risk and brainstorming is a frequently used technique.
Where is risk management in your business? Is it conveniently swept under the carpet or is there an excellent process? Deathly silence to this blog will speak volumes.
☛ Stephen Ashcroft is leading the launch of Procurisk. You can comment or connect with him on LinkedIn and follow him on Twitter