After a long gap, I found time today to write in my blog about Procurement Risks.
So, What is risk?
The Random House Unabridged Dictionary defines risk as, “The exposure to the chance of injury or loss; a hazard or dangerous chance.”
In any procurement function there are these elements of risks; the auditors always pick them up!
Why we only realize when auditors questioning the credibility of a procurement transaction? Why we are unable to identify these risks prior to its occurrence?
The answers to these questions are either we never had a mechanism to identify and address the risks or we never had the required tools to address the risks.
I thought to finish this subject by start writing about few of the risks, and I thought I could provide a helicopter view of this subject by writing about few risks and say “That is all folks!”, but once I approached the core of this posting I realized how difficult it is to explain the depth of this subject in one post.
BTW, the procurement risks can be classified under following categories (get ready to scroll and scroll);
Process Risks
Information Risks
1. Strategic Risks are again classified in to 11 sub categories
- Competitor Risk:
- Customer Wants Risk:
- Technological Innovation Risk:
- Stakeholders Expectations Risk:
- apital Availability Risk:
- Sovereign / Political Risk:
- Legal Risk:
- Regulatory Risk:
- Industry Risk:
- Financial Markets Risk:
- Catastrophic Loss Risk:
2. Process Risks are the major risks spread under many other sub categories
2.1. Financial risk
2.1.1. Currency Risk:
2.1.2. Opportunity Cost Risk:
2.1.3. Commodity Risk:
2.2. Empowerment Risk
2.2.1. Leadership Risk:
2.2.2. Authority / Limit Risk:
2.2.3. Outsourcing Risk:
2.2.4. Performance Incentives Risk:
2.2.5. Change Readiness Risk:
2.2.6. Communications Risk:
2.3. Information Technology Risk
2.3.1. Relevance Risk:
2.3.2. Integrity Risk:
2.3.3. Access Risk:
2.3.4. Availability Risk:
2.3.5. Infrastructure Risk:
2.4. Governance
2.4.1. Organizational Culture Risk:
2.4.2. Ethical Behavior Risk:
2.4.3. Board Effectiveness Risk:
2.4.4. Succession Planning Risk:
2.5. Reputation
2.5.1. Image & Branding Risk:
2.5.2. Stakeholder Relation Risk:
2.6. Integrity
2.6.1. Management Fraud Risk:
2.6.2. Employee and/or Third Party Fraud Risk:
2.6.3. Illegal Acts Risk:
2.6.4. Unauthorized Use Risk:
2.7. Operations
2.7.1. Customer Satisfaction Risk:
2.7.2. Human Resources Risk:
2.7.3. Knowledge Capital Risk:
2.7.4. Product Development Risk:
2.7.5. Efficiency Risk:
2.7.6. Capacity Risk:
2.7.7. Performance Gap Risk:
2.7.8. Cycle Time Risk:
2.7.9. Sourcing Risk:
2.7.10. Partnering Risk:
2.7.11. Compliance Risk:
2.7.12. Business Interruption Risk:
2.7.13. Product / Service Failure Risk:
2.7.14. Environmental Risk:
2.7.15. Health & Safety Risk:
2.7.16. Brand Erosion Risk:
3. Information Risks
3.1. Business Environment Risk
3.1.1. Environmental Scan Risk:
3.1.2. Business Model Risk:
3.1.3. Business Portfolio Risk:
3.1.4. Investment Evaluation Risk:
3.1.5. Organization Structure Risk:
3.1.6. Measurement (Strategy) Risk:
3.1.7. Resource Allocation Risk:
3.1.8. Planning Risk:
3.1.9. Life Cycle Risk:
3.2. Business Reporting Risk
3.2.1. Budgeting & Planning Risk:
3.2.2. Accounting Information Risk:
3.2.3. Financial Reporting Evaluation Risk:
3.2.4. Internal Control Evaluation Risk:
3.2.5. Taxation Risk:
3.2.6. Pension / EOSB Funds Risk:
3.2.7. Regulatory Reporting Risk:
3.3. Operational Risk
3.3.1. Product / Service Pricing Risk:
3.3.2. Contract Commitment Risk:
3.3.3. Measurement (Operations) Risk:
3.3.4. Alignment Risk:
3.3.5. Selection risk (supplier selection, product selection)
Wow, these all? Yes, so, how we can address them, even not all of them though, at least few of them. Well, but even before we go to this subject, it is important for a supply-chain practitioner to realize and identify the risks (either inherited or perceived) in his organization to address them.
Here is where the importance of Microsoft excel lies.
I used three following tools to identify the risks in my organization in my past life; they are:
1. Gap Analysis
2. Control Frame Work Analysis and
3. Various Reporting Tools
Gap analysis
In order to prepare this tool what I did was,
1. I have researched CIPS and used my knowledge to identify the international standards in the procurement process chain, so now I have the international best practices of procurement in my hand.
2. I started writing down questions, to get the answer, to clarify whether my organization has achieved the best practices which I have compiled in the previous step, then;
3. I applied a 80:20 rule to identify the relevance of the question and answers later
4. I used weighted average scoring method to optimize the tool to get the right result and the result is a fantastic automated spread sheet tool which identifies, where the problem (gap) lies in my organizations functions, which of course cause and reason for risks
(Please see the screen shot below)
1. Control Frame Work analysis
Before I prepare this tools, I thought I would give emphasize on identifying financial risks by using this tool, by thinking so, I made sure what kind of risks I should identify by using this tool
In order to prepare this tool what I did was,
1. I chunked down the frame work required in to
1. Supervisory controls
2. Monitoring controls and
3. Regulatory controls
2. I have prepared a spread sheet tool asking generic questions related to control measures and used again weighted average to measure the answer and get the result.
3. Lastly, I virtually let each procurement functions to pass through each controls frameworks by drawing a flow chart in order to identify where the breach occurs
The result was great again (Please see the screen shot below)
Various Reporting Tools
See the following report; the below screen shot is about a price movement reports, which addresses the part of Business Reporting Risks
The above mentioned tools help us to identify and address the risks. But what are the common solutions and methodologies we apply to resolve the identified risks?
I would say, the supply-chain practitioner should be able to master in managing risk by using the following methods:
- Avoid the risks by applying the best practices
- Mitigate the risks by continuously using the reporting tools
- Transfer the risks to a decision making level by using the reporting tool
- Reduce the severity (for example from High to Medium) by integrating the control measures to the function
That is not the end of it mates! We got plenty of this to think and do. Please contact me to get these tools and dashboards.
3 comments:
I think Gap Analysis seems to be more useful when you have to make presentation to top executive. Because we can see where we are now and how far we have to get on top.
Hi Austine, Thanks for all your information, this will help me a lot!
How can i download these files?
I find this information to implement in my Purchasing Dpt. Is there any place where I could download it? Thanks in advance!
Post a Comment