The Why and How of Risk Assessment in Procurement Planning

Most organisations rely on suppliers to provide the goods and services they need to operate. But purchasing from a third party inherently introduces operational risk. The more complex or critical the supply chain, the greater the risk.

In this article, we cover why risk assessment should form part of your procurement planning process, the types of risks to look out for, and how to help staff conduct best practice risk assessments.

Risk assessment involves identifying potential risks, assessing their severity, assigning the relevant mitigating actions, and designating risk ‘owners’ responsible for each risk recorded.

Examples of risk in procurement

Some risks are relevant to all procurement activities, while others are more project specific. Risks cover range of areas from corporate to operational and risk types can include, amongst others:

• Financial
• Environmental
• Technical
• Political instability
• Legislation (compliance and probity)
• Security (physical and cyber)
• Supplier resilience
• Price increases and decreases
• Scheduling delays
• Natural disasters
• Accidents
• Product quality
• Service delivery

The rise of Environment, Social and Governance (ESG) risk

In recent years not adhering to ESG regulations has become a significant risk, with some procurement legislation making an organisation accountable for its suppliers this area. In your procurement planning, include the risk that your suppliers might not adhere to acceptable ESG standards including ethical labour practices and sustainable production methods.

And, while it is one thing for an organisation to say they are compliant to ESG principles, can they prove it? Do your suppliers have traceability technology or are they certified by a body such as Fair Trade that can back up their claims?

Not taking ESG into account can result in legal consequences and can impact customer perception of your brand. Increasingly, consumers are willing to pay more for a product if it is ethically and sustainably produced. According to a recent study by Deloitte, more than one in three consumers stopped purchasing certain brands or products because they had ethical or sustainability related concerns about them.

Successful operations depend on a secure supply chain

A disrupted supply chain can have a devastating effect on your organisation. For example, the Covid-19 pandemic has repeatedly slowed delivery of raw materials and finished goods to many businesses, severely impacting their operations.

For reasons like this, it is important to factor in potential supply chain issues at the procurement planning stage and make the necessary contingency plans. For example, to avoid potential disruptions due to the pandemic, many organisations are sourcing locally rather than globally, even if the costs are higher.

Risks influence the procurement path

The level of risk associated with a procurement event will determine the procurement method you should use. A high-risk procurement project will typically fall under a different set of policies than one that is low risk. This is why performing a risk assessment during the planning stage is important, as it allows you to determine which method you should use.

Better business management and outcomes

Risk management is not a stand-alone function; it influences all the facets of a procurement project. Understanding the risks from the outset will inform the broader business decisions and help with the overall procurement management, especially in the areas of contingency management and forecasting. Overall, a procurement project performs better if the risks have been considered while planning.

Be proactive and ready to respond

Having risks identified, with associated mitigation actions mapped out, sets you up to be proactive, not reactive. It produces a resilient procurement operation that is quick to respond to issues with a solid plan in hand. Understanding a risk’s consequences gives you more control of the process.

Systematic procurement risk assessment

By using a consistent, standardised approach to risk assessment in procurement planning, you recognise risks that might otherwise be overlooked. Also, all the risks can be compiled in a single place and not fragmented across the organisation where they could be lost.

Ensures compliance and probity

Procurement is not just about sourcing the best-value or lowest-priced goods, but also about addressing compliance and probity requirements. These should be included in a procurement risk assessment. Where suppliers are concerned, you don’t want costly surprises like corruption and collusion lifting their ugly heads.

A compliance focus also can also help you meet the growing number of standards you may need to comply with, such as ISO 31000, COSO, AS/NZS 4360 and SOX. A risk assessment will become part of a visible audit trail, available for scrutiny at any time.

Increases confidence in you as an organisation

If you have a thorough risk assessment stage incorporated into your procurement planning, you reap the benefits mentioned above. This will instil confidence in your business processes from insurance providers, regulators, and stakeholders.

Most procurement planning solutions will help you conduct a risk assessment by using an automated flow of relevant questions and outputting a risk score combined with a visual matrix. The solution should facilitate building a risk register advise which procurement path to follow according to policies. While affordable procurement risk software exists, the assessment can also be done manually.

A good tip is to get the whole team onboard to look at risks from all angles. Be sure to include experienced individuals who have been down these roads before and those who represent different roles in the organisation.

1. Identify Risks

Identify all risks, from high risk to relatively low risk. Clearly define each to gain an understanding of how to tackle it.

2. Analyse Risks

For each risk identified, determine its impact severity and its likelihood to occur, and give it a score for each. You need to understand the level of urgency if it were to occur.

3. Generate a risk matrix

To build the risk matrix, plot the analysis figures on a visual matrix. If you use procurement planning software, this will automatically be generated for you.

At the procurement planning stage, the matrix provides an overall picture, however, a more detailed analysis needs to be done on the risks for more in-depth understanding and action planning.

4. Action and mitigation plans

At this point, specific people are assigned responsibility for each risk along with resources and mitigating action plans.

Examples of risk action levels:

Monitor – For low risks. You might need to intervene but go ahead as planned in the meantime.
Manage and mitigate – Reduce the severity of the threat posed with the decided actions.
Reassign risk – For example, to a supplier or to another department.
Revision of the procurement plan – Depending on the risk level, a complete change might be needed.

5. Develop a risk register

Finally, summarise the above process in a risk register (also called a risk log). The register should include the following:

• Risk ID
• Date
• Name of Risk
• Description
• Probability and Impact Severity
• Mitigating Actions
• Risk Score
• Person Responsible
• Review Date

You should revisit this matrix and mitigation plan on a regular basis as the procurement project progresses; it might need to be updated as new issues are identified.

Other things to consider when doing a procurement risk assessment are the insurances required and supplier due diligence that needs to be scheduled.

The act of procurement inherently introduces operational risk. By doing a risk assessment during the procurement planning phase, these risks are mitigated.

Want to ensure your staff engage in best practice procurement planning, including performing an upfront risk assessment? VendorPanel’s procurement planning solution may be what you need. To find out more, contact us today.