Assessing, managing risk in 2024 procurement policy and plan

Assessing, managing risk in 2024 procurement policy and plan

The Authors

This year presents the procurement industry with yet another opportunity to navigate, innovate and reinvigorate our procurement plans, strategy and direction.

In retrospect, the lessons gathered from the major events in the global economy last year will obviously be a guide leading into this year.

The fact of the matter is, going into this new year, our guiding principles in procurement should not be an obstacle in achieving our goals, but must only serve as a guide to success and achieving corporate goals.

We must be innovative, anticipatory and forward-looking in all our procurement endeavours. The achievement of this success can only be met when we know how to clearly access and mitigate our risk factors and turn them into advantageous opportunities.

It is important to appreciate that in this New Year, there are two key things that every organization needs to underpin in their procurement processes thus a well-defined procurement policy as well as its accompanying procedures.

These are, at best, the most significant documents that help in shaping decision making and ultimately, mitigating risks to the business.

Fitzgerald-Bassey Consultancy Limited, a consultancy firm have painstakingly developed and explained how to mitigate risk in procurement in the year 2024.

This is mainly to mitigate risks within the Supply Chain, to help build shocks to absorb unforeseen events, creating alternatives plans for the what ifs, and minimize unplanned and unforeseen events which could disrupt one’s supply chain.

Understand and personalise concept of risk  

In the past year, one of the things we came to appreciate in the management of risk, for the majority of our clients, is for clients to have a clear understanding of what their risks are within their supply chains.  

Many did not understand the risk involved in their business and therefore did not plan to mitigate their risks.

Most often in procurement, when risk is mentioned, most procurement practitioners’ default to financial risks to the underestimation of other risks such as supply, operational, legal and reputational risk.

In simple terms, risk is the possibility of an event or action impacting the success or objectives of your procurement process. In essence, anything that is likely to become a hinderance to the successful procurement process is a risk, and all of these things that come to mind should be considered in your procurement planning process for the year.

When we clearly get to understand what our risks are, we are half way through the problem. By understanding and personalising the concept of risk, you get to know which ones apply to your supply chain and the ones which do not.

Identify, Analyse, Evaluate potential risks

Basic amongst risk management is identifying the possible loopholes that will be classified as risk factors and essentially conducting a risk assessment, which primarily involves analysing your procurement process and identifying any potential threats or vulnerabilities.

Identified risks should then be classified as High, Medium and Low risk. Within your procurement policies, pay particular attention to the very high risk and medium risk while keeping and eagle eye on the low as well since they also have the potential to also pull up surprises, with a resultant negative impact on your bottom-line.

For instance, within a procurement context, some of the very high-risk factors include sub-contractor failure, project delays, budget overruns, and non-compliance with regulations.

With supplier failure topping the chart, the very likelihood of your procurement of a very essential items being delayed by a supplier, especially in our part of the world, should not underestimated.

Once potential risks have been identified, you need to use a tool such as a 4×4 risk assessment matrix to rate a risk’s probability of occurrence (Probability) and its Impact (the negative consequences to cost, time, resources, etc.) if a risk occurs.

This will help understand the severity of the risk and help enact mitigations to counteract the risk.


Risk probability, or likelihood, is the possibility of a risk event occurring. The likelihood can be expressed in both a qualitative and quantitative manner.

When discussing probability in a qualitative manner, terms such as frequent, possible, rare etc. are used.

It is also possible to describe the probability in a numerical manner. This can be done using scores, percentages and frequencies defined by the organization.


Impacts are often defined as the consequences, or effects of a risk event on the project objectives.

These impacts can be both beneficial and harmful to the objectives. The impact of risk events on different project objectives can be defined in both a qualitative and quantitative manner. These project objectives are cost, schedule, quality, scope, health, safety, etc.

Prepare for the risk – Risk Impact & Probability Matrix

Practitioners should evaluate the possibility of a risk occurring against the impact it can have on the business. These evaluations should help define the mitigating strategies for such risks.

Based on the evaluation, you can then develop risk management strategies to mitigate or reduce the impact of each risk. In mitigating and managing risk, these strategies have shown to be very effective and reliable.  

High Probability / High Impact (Mitigate)

For circumstances deemed to be High Risk/High Impact, procurement practitioners must have a detailed action plan, monitored daily, weekly, monthly or as required, depending on the severity of the risk.

This is a probable disaster probability waiting to happen with a severe impact on the business.

If for example, a risk is identified of a potential gas pipe blowout, a comprehensive team including technical, procurement, senior decision makers may be put together to monitor the situation on a daily basis and take actions necessary to eliminate the risk.

Such a risk could have a catastrophic impact on the environment, business, reputation and bottom line of the organization.

High Probability/Low Impact (Management Challenge)

These are risk that are deemed likely to occur but have a low impact on the financials, reputation, Operations etc of the business. These risks are mostly due to uncertainties of numerous elements that individually, are minor risks but combined, could amount to higher risks.

Management should identify the individual risk and put in place contingency plans to counteract the individual risks identified.

Low Probability/ High Impact (Insure/Mitigate)

These are higher risks that have been identified but have a low probability of occurrence. The business and organization can insure against such risks. They can also put in operational structures to further reduce the probability of occurrence within the business.

Low Probability/Low Impact (Accept)

These are risks that have a low likelihood of occurring, and if they do, will have a minor impact on the organization. There is no need for a proactive management approach to mitigate against such risks. Management can accept those risks when they occur and deal with them on a one on one basis.

These are the some shock absorbers that can help you weather the storm in your procurement processes. As a procurement lead organisation, it is very important to involve all stakeholders in the development of these strategies to ensure buy-in and support for these guidelines.

Risks and the mitigating strategies should be reviewed regularly, depending on the nature of the business and the organization, and changes to the risk strategy register must be tracked and clearly logged. 

Owners of the identified risks must be clearly identified within the organisation. Accountability for these risks and mitigation strategies cannot be overemphasised.

Communicate plans to stakeholders

Once risk management strategies have been developed, they should be incorporated into your procurement and management processes. They should be subject to change as risks are fluid and circumstances change.

These should include clearly defined procedures for risk identification, assessment, and management. The policy and plan should also clearly map out the risk management procedure, outline roles and responsibilities for managing risks and the steps to be taken in case a risk does occur.

In all of it, it’s important to communicate the risk management strategies and procedures to all stakeholders involved in the procurement process.

This includes procurement staff, suppliers, and other relevant parties. Stakeholders should also be trained on how to identify and manage risks according to the policy and plan.

Leveraging technology and tools available that can help in managing risks in procurement has always been advantageous.

These include risk management software, data analytics, and automated processes. Consider utilising these resources to enhance your risk management efforts.

By following these steps, you can effectively access and manage risk in 2024.

Regularly reviewing and updating your risk management strategies will ensure the success of your procurement process and minimize any potential risks to your organization, with a resultant improvement in your bottom line.

 By Alvin Mingle & Kwabena Peprah

Google+ Linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *