28 May 2021

Risk management in public procurement

Innovative services, if they include the introduction of new technologies, can be associated with technical risks, e. g. failure of systems, susceptibility to maintenance, etc. The risks are not easy to assess. However, this must not mean that riskier solutions are not considered from the outset.

In addition to the technical risks, there are of course a number of other risks that can be relevant in procurement. But how do you find out about these risks? How do you deal with them? And how does risk management work at all?

Risk management is about assessing entrepreneurial risks or making them financially calculable in order to prevent damage to the organisation. Risks can fundamentally endanger an organisation's business plan. Different risks can weigh differently depending on the company and its strategy.

In procurement, delivery failures, delivery delays or the insolvency of a supplier are probably the most relevant risks. But logistics and transport risks, technical risks and price risks, material risks and poor performance can have major effects as well. Logistical or transport risks can arise the more complex the supply chain is ,and the greater the distance to the supplier.

What about risk management in innovative projects?

Risk management also plays an important role in innovative public procurement, because every innovation can also involve risks. In the case of existing solutions, strengths and weaknesses are usually known or can be assessed on the basis of personal experience. However, the weak points of new solutions cannot be easily identified.

Completely newly developed products may not meet the expectations associated with them. Time delays and unexpected increases in costs represent further risks that can affect the success of the project. At worst, highly innovative projects can also fail completely. This shows how important the introduction of a risk management (or risk management system) is.

Introduction and implementation of risk management

To make a decision as to whether a risk management system should be introduced, all possible risks for a company are compared in a cost-benefit analysis and opportunity costs are determined.

The essential components of a risk management system are:

  • risk policy principles and goals
  • a risk management organisation (in the organisational structure)
  • the risk management process
  • the risk culture and the associated communication.

Possible steps in a risk management process

1. Risk identification
Possible risks should be known, especially for the most important product groups, suppliers and procurement markets. To identify these, various internal and external sources can be used (e.g. financial accounting, controlling, technology, credit and business reports) or selected instruments (e.g. ABC analysis, portfolio analysis, SWOT analysis, Ishikawa diagram).

As part of a comprehensive market research, attention should be paid to potential risks. The results of the supplier evaluation can also be the basis for identifying possible risks. Many companies rely on the use of electronic tools for risk management, which reduce the effort of manual searches due to their automated information (so-called alerts) and provide an information advantage.

2. Risk assessment and analysis
With the help of a so-called risk matrix (also risk portfolio or risk map), the amount of damage when the risk occurs and the probability of occurrence can be compared.

3. Risk Control
The question of how risks are dealt with (accept, minimise, eliminate) is difficult to answer across the board. It depends a lot on what type of risk it is and how high the expected risk is. It must also be taken into account what effort would have to be made and what resources are available in the company for risk management.

Measures to reduce risks are e.g:

  •  Comprehensive market analysis for improved supplier variety and the establishment of alternative suppliers
  • regular material tests,
  • increased warehousing, Kanban systems or vendor-managed inventory warehouses (supplier-controlled inventory) to achieve security of supply and
  • regular monitoring and evaluation of delivery backlogs

An important factor in recognising the risk indicators at suppliers at an early stage is the ongoing cooperation between purchasing and internal finance and accounting. One of the most important principles for risk avoidance is a good performance description. Suppliers must be able to calculate their offer best possible. It must be clearly described which expectations and requirements are placed on the product or service.

4. Risk monitoring

The use of electronic tools such as risk management IT systems or purchasing dashboards can help to keep an eye on potential risks at all times. To monitor supplier risks, it is advisable to carry out a regular supplier evaluation. The knowledge gained from this can be incorporated into subsequent tenders. Certification of one's own company makes a decisive contribution to risk management. The resulting standardised quality regulations can be demanded of the suppliers in the same way. This mainly affects the business processes.

In practice, the risk assessment is often carried out too short-term and only in relation to the first supplier level. However, the deeper the supply chains are analysed and the more transparent they are, the better purchasing can react to possible risks. As mentioned earlier, the introduction of a risk management tool can help with this.

In the cost-benefit analysis, i.e. when comparing the costs of possible risks and the costs of risk management software, different sources can be used. The following can be named as examples: Financial accounting, controlling, statistics, forecasts, management consultants, specialist literature and other external sources of information as well as cost statements for various risk management software.

For more information, visit the website of KOINNO