Updating prices, please wait...

Risk Management & Analysis in Procurement

Managing risk in procurement can be tricky business, but our simple five-step process will help you break it down

What is risk management

Risk management involves identifying, analysing and responding to risk factors. Having effective risk management helps you to reduce the possibility of risks happening and the impact risks have on the organisation. Risk management looks at ways to prevent and manage risk, as well as ensuring that everyone across the business is aware of risk. Risk management is an ongoing activity which involves lots of evaluation and assessment throughout the whole organisation. It’s important to remember that risks can be measurable such as costs, or immeasurable such as damage to an organisation’s reputation – both are equally important.

Managing risk in procurement

Managing risk in procurement can be a tricky business, particularly because there is so much uncertainty about what risk is likely to occur and the potential impact this could have. Take a look below at the five steps to manage risk in procurement that will help you deliver a simple risk management process.

1. Risk identification:

Risk identification is the first step in managing risk in procurement. It’s not an easy task as it involves acknowledging risks that could be uncomfortable for the organisation to confront. It’s important to get a wide range of people to help with the identification of risks. The sources of procurement risks could be identified as micro and macros factors.

  • Micro factors: These risks are typically internal of the organisation and can include internal changes within the buying company, change management, new company direction and strategy.
  • Macro factors: These are risks outside of the organisation that can impact procurement activity. These can be environmental risks, economic risks, technology, social, political, legal, ethical, and demographical risks.

2. Risk analysis:

Risk analysis may be qualitative, semi-quantitative, quantitative or a combination of all methods, however it is all dependent on the nature of the risks. These circumstances will include complexity of the risk, cost, time, and the availability of reliable data.

3. Risk assessment:

A risk assessment comprises of the analysis and evaluation of the identified risks. It involves assessing the likelihood and impact of the risk and typically involves qualitative techniques. Some questions that could be asked in the assessment are:

  • What are the risks?
  • What risks are of concern? (High, medium, and low)
  • What does high, medium, and low mean and how were they assessed?
  • What is in place to manage those risks at an acceptable level?
  • What is being done to reduce the likelihood of risk?

4. Action plan:

The action plan is the actions and processes that are put in place to reduce the likelihood of risk. It’s important for all stakeholders and parties to be involved in this stage and to note down roles and responsibilities. The action plan is based on the ranking of risks and your action plan could involve:

  • Risk avoidance
  • Risk transfer or sharing i.e., through insurance or an agreement between the involved parties
  • Risk reduction by taking action to reduce the probability of risk

5. Monitor:

The last stage of the risk management process is to monitor continuously. Risk will change over time, along with new risks that may appear, so it’s important to keep track. Ensure that everyone involved knows how to monitor risk and how to report it if a risk is identified.

Risk mitigation

Risk mitigation

Procurement and supply organisations won't experience the same risks, but it's important to identify what they are and how to mitigate them.

Find out more about Risk Mitigation

Listen on demand and get the latest practical insights from our panel of procurement and supply experts.

CIPS Podcast

Risk management

CIPS Webinars - Watch the full risk management playlist here

Become a CIPS member

Achieve your potential by becoming a member today. Whether you want to become a studying member or want to upgrade your membership to MCIPS, you’ll receive support and guidance whatever career level you’re at.

Sign up now
 

CIPS Templates

Explore the templates to help you save time and work smarter in your organisation.

Exclusive for CIPS Members

 

Access the latest research, whitepapers and tools across a range of key procurement and supply topics.

Member only accesslock

Strategic procurement in risk management guide

Member only accesslock

An introduction to risk management guide

Member only accesslock

Supply chain risk management guide

Online events

decorative blue swirls

Risk & Resilience webinars

Are you ready to bolster your procurement and supply chain strategies in an era of unprecedented risk?

Watch CIPS webinars on demand

Expand your risk management skills

"risk-management-skillstraining.jpg"

Procurement Skills Training

Accelerate your learning and keep your knowledge and expertise up to date with our Risk Management training courses.

Risk Management Training

 

expand_circle_right
  • What is risk management
  • Managing risk in procurement
  • Five steps to manage risk in procurement
  • Access the latest research
  • Online events
  • Expand your risk management skills