Risk management within procurement and supply chain involves understanding, analysing and addressing risk to make sure organisations achieve their objectives.
It is often underplayed by many larger organisations, which, in this day and age, is very surprising and somewhat disturbing. Organisations need to make sure they manage the procurement and supply chain risk so that it minimises the threats and maximises the potential.
Cyber-attacks, data protection, Brexit and the increasing trend for outsourcing now means that risk management, in a structured and visible manner, is vital for organisations as part of their Procurement and Supply Chain strategy and capability.
It can be argued that cost reduction is still seen as the number one role of the procurement organisation from stakeholders within their own company, BUT having the process, capability, and technology to manage ongoing risk has also to be of significant value in the longer term.
It is essential to engage with the market in terms of identifying the preferred outcomes, risks and issues. It is also best practice to confirm that suppliers are contractually required to provide full transparency of data as part of the contract deliverables and governance.
Any risks identified should be documented in the organisations risk register and should have clear mitigating actions, appropriate owners and a review date. By documenting the risks, it will help to identify any overlaps.
Risk management is a planned and organised process consisting of various stages:
Identification of procurement and supply chain risks and issues and their potential to impact on the objectives of a given procurement project is essential in terms of understanding.
Sources of risk can be divided into four broad areas:
- Strategic/Corporate i.e. commercial, financial, economic, political
- Programme i.e. procurement, acquisition, funding, projects
- Project i.e. personal, technical, cost, schedule, resource
- Operations i.e. quality, environmental infrastructure, operational support
Several risks can be generic across all procurement projects however there will also be project specific risks that you must consider. Once risks are identified they should be documented in the risk register as detailed above.
To get advice and help with risk management within your organisation contact us.