How to assess and manage risk in your 2024 procurement policy and plan

0

This year presents the procurement industry with yet another opportunity to navigate, innovate and reinvigorate our procurement plans, strategy and direction. In retrospect, the lessons gathered from major events in the global economy last year will obviously be a guide leading into this year.

The fact of the matter is, going into this new year, our guiding principles in procurement should not be an obstacle to achieving our goals, but must only serve as a guide to success and achieving corporate goals. We must be innovative, anticipatory and forward-looking in all our procurement endeavours. Achieving this success can only be done when we know how to clearly access and mitigate our risk factors – and turn them into advantageous opportunities.

It is important to appreciate that in this new year there are two key things every organisation needs to underpin in their procurement processes – thus, a well-defined procurement policy as well as its accompanying procedures. These are, at best, the most significant documents that help in shaping decision-making and ultimately mitigating risks to the business.



We at Fitzgerald-Bassey Consultancy Ltd. have painstakingly developed and explained how we can mitigate risk in procurement during the year 2024. This is mainly to mitigate your risks within the Supply Chain – to help you build blocks to absorb unforeseen events, creating alternatives plans for the what ifs, and minimising unplanned and unforeseen events which could disrupt one’s supply chain.

Understand and personalise your concept of risk  

In the past year, one thing we came to appreciate in managing risk for the majority of our clients, is for them to have a clear understanding of what risks there are within their supply chains.  Many of our clients did not understand the risk involved in their business – and therefore did not plan to mitigate their risks. Most often in procurement, when risk is mentioned most procurement practitioners’ default to financial risks; to the underestimation of other risks such as supply, operational, legal & reputational risks.

In simple terms, risk is the possibility of an event or action impacting the success or objectives of your procurement process. In essence, anything that is likely to become a hinderance to the successful procurement process is a risk, and all of the things which come to mind should be considered in your procurement planning process for the year. When we clearly get to understand what our risks are, we are half-way through the problem. By understanding and personalising the concept of risk, you get to know which ones apply to your supply chain and the ones that do not.

Identify, Analyse and Evaluate potential risks

Basic within risk management is identifying the possible loopholes that will be classified as risk factors and essentially conducting a risk assessment, which primarily involves analysing your procurement process and identifying any potential threats or vulnerabilities. Identified risks should then be classified as High, Medium and Low risk. Within your procurement policies, pay particular attention to the very high risk and medium risk while keeping and eagle eye on the low as well, since they also have the potential to pull up surprises with a resultant negative impact on your bottom-line.

For instance, within a procurement context, some of the very high-risk factors in our experience include sub-contractor failure, project delays, budget overruns and non-compliance with regulations. With supplier failure topping the chart, the very likelihood of your procuring very essential items being delayed by a supplier – especially in our part of the world – should not underestimated.

Once potential risks have been identified, you need to use a tool such as a 4×4 risk assessment matrix to rate a risk’s probability of occurrence (probability) and its Impact (the negative consequences to cost, time, resources, etc.) if a risk occurs. This will help you understand the risk’s severity and help enact mitigations to counteract it.

Probability:

Risk probability, or likelihood, is the possibility of a risk event occurring. The likelihood can be expressed in both a qualitative and quantitative manner. When discussing probability in a qualitative manner, terms such as frequent, possible, rare etc. are used. It is also possible to describe the probability in a numerical manner. This can be done using scores, percentages and frequencies defined by the organisation.

Impact:

Impacts are often defined as the consequences or effects from a risk event on the project objectives. These impacts can be both beneficial or harmful to the objectives. The impact of risk events on different project objectives can be defined in both a qualitative and quantitative manner. These project objectives are cost, schedule, quality, scope, health and safety etc.

Prepare for the risk – Risk Impact & Probability Matrix

Practitioners should evaluate the possibility of a risk occurring against any impact it can have on the business. These evaluations should help define the mitigating strategies for such risks.

Based on the evaluation, you can then develop risk management strategies to mitigate or reduce the impact of each risk. In mitigating and managing risk, these strategies have shown to be very effective and reliable:

High Probability/High Impact (Mitigate)

For circumstances deemed to be High Risk/High Impact, procurement practitioners must have a detailed action plan – monitored daily, weekly, monthly or as required depending on the severity of risk. This is a probable disaster probability waiting to happen with a severe impact on the business. If, for example, a risk is identified for a potential gas-pipe blowout, a comprehensive team including technical, senior procurement decision-makers may be put together to monitor the situation on a daily basis and take actions necessary to eliminate the risk. Such a risk could have a catastrophic impact on the environment, business, reputation and bottom-line of the organisation.

High Probability/Low Impact (Management Challenge)

These are risks deemed likely to occur but have a low impact on the financials, reputation, Operations etc. of the business. These risks are mostly due to uncertainties of numerous elements that individually are minor risks, but combined could amount to higher risks. Management should identify individual risks and put in place contingency plans to counteract those identified

Low Probability/High Impact (Insure/Mitigate)

These are higher risks that have been identified but have a low probability of occurrence. The business and organisation can insure against such risks. They can also put in operational structures to further reduce the probability of occurrence within the business.

Low Probability/Low Impact (Accept)

These are risks that have a low likelihood of occurring, and if they do will have a minor impact on the organisation. There is no need for a proactive management approach to mitigate against such risks. Management can accept those risks when they occur and deal with them on a one-on-one basis. These are some shock absorbers that can help you weather the storm in your procurement processes. As a procurement lead organisation, it is very important to involve all stakeholders in the development of these strategies to ensure buy-in and support for them.

Risks and the mitigating strategies should be reviewed regularly, depending on nature of the business and organisation; and changes to the risk strategy register must be tracked and clearly logged.  Owners of the identified risks must be clearly identified within the organisation. Accountability for these risks and mitigation strategies cannot be overemphasised.

Incorporate risk management into procurement policy, plan and Communicate plans to stakeholders

Once risk management strategies have been developed, they should be incorporated into your procurement and management processes. They should be subject to change, as risks are fluid and circumstances change. These should include clearly-defined procedures for risk identification, assessment and management. The policy and plan should also clearly map out the risk management procedure; outline roles and responsibilities for managing risks; and the steps to be taken in case a risk does occur.

In all, it is important to communicate the risk management strategies and procedures to all stakeholders involved in the procurement process. This includes procurement staff, suppliers and other relevant parties. Stakeholders should also be trained on how to identify and manage risks according to the policy and plan. Leveraging technology and tools available that can help to manage risks in procurement has always been advantageous. These include risk management software, data analytics and automated processes. Consider utilising these resources to enhance your risk management efforts.

By following these steps, you can effectively access and manage risk in this new year. Regularly reviewing and updating your risk management strategies will ensure the success of your procurement process and minimise any potential risks to your organisation, with a resultant improvement in your bottom-line.

Leave a Reply