Your Guide to Procurement Risk Management in 2022
Procurement risk management is a strategic approach to managing the risks associated with the purchasing of goods or services. It is about how risk is managed throughout the entire supply chain: not just when you start to engage with a new supplier.
Procurement risk management is about designing and implementing a strategy that helps companies reduce their exposure to financial risk in both their immediate and whole supply chain. Strong procurement risk management also ensures that a company has high-quality, reliable supplies at competitive prices.
The following article provides a detailed overview of procurement risk management. It also explains why it is essential and how it can benefit you and your organisation.
What is Procurement Risk Management?
Procurement risk management is a process that is used to identify risks associated with purchasing goods and services from suppliers. The goal is to reduce the risk of non-performance or poor performance by managing the contract terms and conditions. This includes identifying potential hazards, such as price increases, late delivery, quality issues, etc.
Having a successful procurement risk management strategy will not only save costs for your business and help avoid any unwelcome setbacks, but it will also safeguard your business’s procurement process, ensuring it remains as efficient and productive as possible.
Risk identification is the first step toward reducing the impact of these risks on your company. To effectively manage risks, you need to understand them. First, you should identify what types of risks are most likely to occur.
So how do you identify procurement risks?
Procurement risk management is about identifying critical risk in the procurement process - in particular identifying critical suppliers - and then taking a long view of risks within these supply chains. Once these risks have been surfaced and understood, the task of mitigating, communicating, and monitoring those risks can begin.
Once risks have been identified there are 4 options to choose from:
- Tolerate - accept the risk, ensuring you document the decision and communicate to relevant stakeholders.
- Treat - change the likelihood of the risk coming to pass, or change the consequences of the risk coming to pass.
- Transfer - share the risk burden with another party (e.g. via insurance).
- Terminate - eliminate the risk by removing the activity affected, or by removing the source of the risk.
There are several ways to identify risks:
1. Identify the risks yourself
Risks can’t be managed until they are identified and monitored. Work to ensure that risks are identified at all levels of your company operations.
This is not a one-time exercise - the identification of risks is something that should happen on a regular basis. A Risk Register document shared among relevant stakeholders which is reviewed on a scheduled basis could be a helpful process to implement.
You may choose to take a criticality approach - i.e. starting with the key suppliers where interruption or failure will have the most major impact on your business. Alternatively, you could take a category / departmental approach to refine the process before rolling it out more widely.
2. Use a third-party risk assessment service
Finding information provided by third parties to support your own risk assessments is increasingly important in a time of economic uncertainty and market volatility. Ensuring that you are proactively alerted to changes in a supplier’s situation is especially important. That will not always be easy for suppliers located outside the UK, so taking time to understand what information is available in different regions is key. Ultimately, how well do you KYS?
3. Ask your supplier for information
Meet your suppliers face-to-face to see how their business operates. Understanding how your supplier works will give you a clear sense of how it can benefit your organisation. Ask about their plans for development or expansion. Will this affect the goods or services they're providing to you, and will it impact their financial health?
If face-to-face meetings are not possible, try to at least have video calls, and maybe a virtual tour of their facilities to get a better understanding of the organisation you are dealing with.
4. Talk to other organisations who have experience with procurement risk management
Utilise any contacts you have in other organisations. What have they experienced and can you learn anything from them? LinkedIn is a great place to start!
5. Review your current lifecycle processes
Most organisations will have several processes which are implemented at various points of the procurement lifecycle. Undertaking regular reviews to ensure clarity about the purpose of each process and assigning metrics in order to assess success is a key step in improving procurement risk management. The following steps might be helpful:
- Identify and discuss your current processes - in particular thinking about the purpose/outcome of the process should give you a good idea of what to measure to help judge success.
- Map out your existing process, this will allow you to visualise it and break it down into smaller steps.
- Get to the bottom of all variants in your process, why does each component exist? Make sure that each component has a purpose and isn't correcting for another component that isn't working properly.
- Review each individual step. Question each of the steps, why are you currently doing it and can it be optimised in any way? Adding steps to your process may well be necessary once your review is complete, but it usually pays to cut it down in size.
- Map the new process. Rework and remap the process from the ground up. It is now time to think about changes, start by framing the process without thinking too closely about how it has performed in the past. This approach may lead to finding new and significant efficiencies.
- Test the new process. Make sure the new process is used in real-world applications to see if it actually works and is an improvement on your old process. If it doesn't, you may need to amend, repeat and test again!
- Document and implement widely. It is time to document your finalized process. After all, this is what will be used to roll out and standardise the new process throughout your organisation.
6. Perform a SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis
Simple, but effective. Investigate any weaknesses you discover further. Once you have performed a SWOT analysis this is a great opportunity to go back to your supplier and ask for more information on things you have picked up and are interested in understanding more about.
7. Analyse past experiences
The majority of procurement professionals have at least one horror story they would rather forget. Take time to pool knowledge from within the business and from external experiences. What can you learn from these failures, or indeed successes! We’ve found procurement guru Peter Smith’s Bad Buying blog a particularly insightful resource.
8. Review contracts and policies
The devil is in the detail! Too often key details in contracts are overlooked, but when things go badly they can have big consequences. Conduct your due diligence and ensure your contract is watertight and safeguards your business. Maintaining a Key Terms sheet for critical suppliers which highlights any variance from the standard terms of business you normally contract on can be very useful - particularly when bringing new members of the team up to speed on contracts.
If suppliers fail to meet your agreed levels of service, Service Level Agreements (SLAs) will typically provide compensation in the form of rebates on monthly service charges. When writing up your SLA with your supplier, pinpoint the most crucial elements of the deal so you can apply the strictest penalties to these.
How to manage the most common procurement risks
The most common risks associated with procurement include fraud, theft, waste, and supplier failure (either a direct supplier or a company further up the supply chain). However, these risks can be mitigated by using appropriate controls, monitoring processes, and training staff to implement these things correctly.
Standardise procurement processes
An important part of procurement risk management is ensuring consistency of process throughout the organisation - i.e. standardising processes as much as possible. This can help improve efficiency and also opens the way into being able to apply consistent metrics across the organisation.
How to standardise:
- Define any standard and common processes for your entire organisation.
- Don't reinvent the wheel! Try to avoid developing single specifications, which typically generate a higher cost. Instead, select elements that match the standards available from the suppliers in your market and apply those to your own organisation.
- Create catalogues that are easily accessible to internal users, with item references accepted by the organisation from pre-approved suppliers.
Deploy procurement automation technology
More than half of Chief Procurement Officers (CPOs) admit that the underutilisation of automation software in procurement processes is a huge problem that needs addressing.
Complicated manual workflows are too time-consuming and full of errors, slowing down the whole procurement process. Procurement automation tools will allow you to automate and reduce the errors associated with purchasing goods and services. These include managing vendor relationships, creating contracts, tracking invoices, and automating payments.
Another key benefit of automation is that it frees up your staff to focus on higher-value activities like spending more time focusing on critical supplier risks (defined both by spend value, but also strategic importance within your business) and enabling them to drill down to really understand the dynamics in play within your partner organisations.
Improve staff communication
Good communication creates a shared understanding. The best way to improve staff experience is by ensuring that they understand what they are doing and why.
This means that you should provide clear instructions and explanations for any steps that require interaction from staff. It’s essential to keep this information simple and easy to follow so that it doesn’t cause confusion or frustration within your organisation.
Develop supplier relationships
The best way to ensure you receive what you pay for is by developing strong vendor relationships. It means ensuring you know who you’re buying from, understanding their business model, and being able to negotiate better terms if necessary.
At Company Watch we believe that no one knows your business and supply chain as well as you do. Be proactive by addressing issues and problems as they arrive, this prevents them from snowballing into something more serious. An early and frank discussion with your supplier is the best approach and will help to build trust and respect.
Why is understanding Procurement Risk Management important?
Procurement is an integral part of every organisation. However, getting it wrong can cost organisations a huge amount of time and money. Putting processes in place to understand the nature of risk within your supply chain, and taking proactive measures to be able to avoid and mitigate these will make your organisation more robust and able to deliver on its key strategic goals.
You may also find that some risks are not as significant a deal as you thought. For example, you might even save money because you were overpaying for something else!
By reducing the risk of costly mistakes, you can increase the efficiency and effectiveness of your procurement risk management process.