Risk Management & Analysis in Procurement
What is risk management
Risk management involves identifying, analysing and responding to risk factors. Having effective risk management helps you to reduce the possibility of risks happening and the impact risks have on the organisation. Risk management looks at ways to prevent and manage risk, as well as ensuring that everyone across the business is aware of risk. Risk management is an ongoing activity which involves lots of evaluation and assessment throughout the whole organisation. It’s important to remember that risks can be measurable such as costs, or immeasurable such as damage to an organisation’s reputation – both are equally important.
Managing risk in procurement
Managing risk in procurement can be a tricky business, particularly because there is so much uncertainty about what risk is likely to occur and the potential impact this could have. Take a look below at the five steps to manage risk in procurement that will help you deliver a simple risk management process.
1. Risk identification:
Risk identification is the first step in managing risk in procurement. It’s not an easy task as it involves acknowledging risks that could be uncomfortable for the organisation to confront. It’s important to get a wide range of people to help with the identification of risks. The sources of procurement risks could be identified as micro and macros factors.
- Micro factors: These risks are typically internal of the organisation and can include internal changes within the buying company, change management, new company direction and strategy.
- Macro factors: These are risks outside of the organisation that can impact procurement activity. These can be environmental risks, economic risks, technology, social, political, legal, ethical, and demographical risks.
2. Risk analysis:
Risk analysis may be qualitative, semi-quantitative, quantitative or a combination of all methods, however it is all dependent on the nature of the risks. These circumstances will include complexity of the risk, cost, time, and the availability of reliable data.
3. Risk assessment:
A risk assessment comprises of the analysis and evaluation of the identified risks. It involves assessing the likelihood and impact of the risk and typically involves qualitative techniques. Some questions that could be asked in the assessment are:
- What are the risks?
- What risks are of concern? (High, medium, and low)
- What does high, medium, and low mean and how were they assessed?
- What is in place to manage those risks at an acceptable level?
- What is being done to reduce the likelihood of risk?
4. Action plan:
The action plan is the actions and processes that are put in place to reduce the likelihood of risk. It’s important for all stakeholders and parties to be involved in this stage and to note down roles and responsibilities. The action plan is based on the ranking of risks and your action plan could involve:
- Risk avoidance
- Risk transfer or sharing i.e., through insurance or an agreement between the involved parties
- Risk reduction by taking action to reduce the probability of risk
5. Monitor:
The last stage of the risk management process is to monitor continuously. Risk will change over time, along with new risks that may appear, so it’s important to keep track. Ensure that everyone involved knows how to monitor risk and how to report it if a risk is identified.
Risk mitigation
Procurement and supply organisations won't experience the same risks, but it's important to identify what they are and how to mitigate them.
Find out more about Risk Mitigation
Risk management key themes
- descriptionSupply chain
- descriptionSupply chain strategy
- descriptionEthical risk
- descriptionVendor risk
- descriptionVendor risk assessment
- descriptionProcurement fraud
- descriptionCounterfeit
- descriptionDeloitte/CIPS Resilience report
- descriptionRisk assessment
- descriptionCommodity Risk Management
- descriptionCommodity Risk Management
- descriptionKPIs
- descriptionSupply chain
- descriptionSupply chain strategy
- descriptionEthical risk
- descriptionVendor risk
- descriptionVendor risk assessment
- descriptionProcurement fraud
- descriptionCounterfeit
- descriptionDeloitte/CIPS Resilience report
- descriptionRisk assessment
- descriptionCommodity Risk Management
- descriptionCommodity Risk Management
- descriptionKPIs
Listen on demand and get the latest practical insights from our panel of procurement and supply experts.
Risk management
CIPS Webinars - Watch the full risk management playlist here
Become a CIPS member
Achieve your potential by becoming a member today. Whether you want to become a studying member or want to upgrade your membership to MCIPS, you’ll receive support and guidance whatever career level you’re at.
CIPS Templates
Explore the templates to help you save time and work smarter in your organisation.
Access the latest research, whitepapers and tools across a range of key procurement and supply topics.
Strategic procurement in risk management guide
An introduction to risk management guide
Supply chain risk management guide
Online events

Risk & Resilience webinars
Are you ready to bolster your procurement and supply chain strategies in an era of unprecedented risk?
Watch CIPS webinars on demandExpand your risk management skills

Procurement Skills Training
Accelerate your learning and keep your knowledge and expertise up to date with our Risk Management training courses.