Risk can be defined as “the probability of an unwanted outcome happening”. Risk assessment should be viewed in the overall context of risk management and seen as one of the three key activities – risk analysis, risk assessment and risk mitigation – which facilitate the taking of decisions and actions to control risk appropriately.
Risk analysis is the process of identifying all the potential issues that can go wrong with an activity and then estimating the probability of each happening. It should form part of any significant contract management process and is a fundamental part of determining the contract strategy. The process can range from a simple listing of risks on an informal, intuitive basis to a formal process involving set procedures and working with other professional disciplines in brainstorming and technically and financially evaluating potential risks. A more formal process may involve the establishment of a risk register for each tenderer and, following contract award, the transfer of the register of the successful tenderer to the contract management team for use in risk assessment;
Risk assessment is the process of assessing the likely impact of a risk on the organisation. Highly predictable risks may have low impact and it is possibly not worth taking action to control or avoid such risks. Conversely, low probability risks may have a significant impact demanding action to be taken to avoid or mitigate the risk. Other issues for consideration in risk assessment are:
- the costs of identifying, controlling or avoiding the risk
- the need for insurance for risk not readily managed or avoided
- the need for “sensitivity analysis” on risks of an unknown level or magnitude
- identifying compensating behaviour practices
- the impact of time, external factors and project actions on risk and the need for assessment to be iterative
- the impact of product life cycle including disposal and obsolescence.
Risk mitigation: Having assessed the risks and identified those requiring action, responsibility for managing and mitigating them should be allocated. This allocation should be dependent on the assessment of the likelihood and consequence of the risk. Other issues to be considered in risk mitigation:
- identifying the most appropriate body to manage or control the risk in terms of expertise, time and/or resource
- establishing a fair and reasonable reimbursement mechanism
- insurance
- risk transfer to suppliers including issues of appropriate level, “trade off” and supplier contingency
- address potential areas for fraud in buyer/supplier relationships and measures to mitigate their impact should be considered at the early stage of contract formulation.
- the adoption of a continuous “what if” mentality is advisable when considering areas for potential fraud.
Risk management, say, during the contract period comprises those activities associated with identifying and controlling the risks that may potentially affect the successful fulfilment of such contract. Risks to a contract would include such issues as:
- lack of capacity of the supplier, particularly if there are significant increases in demand
- reduction in demand leading to higher unit costs borne by the supplier
- an event which causes an increase in the total of the price to the purchaser
- an event which causes a programme delay
- supplier staff changes
- changes to the supplier’s business objectives
- deterioration in the supplier’s financial standing
- demand changes that cannot be met by the supplier
- deterioration of quality
- force majeure issues
- market fluctuations for commodities.
When a risk is anticipated or perceived, its management involves the parties working together to identify where the responsibility for it lies, methods of minimising it and how the risk will be managed. Issues to consider for effective management to succeed will include:
- establishing a binding process to encourage early warning of issues such as those mentioned above, as soon as either a supplier or the purchaser becomes aware of them
- identifying the party best able to control the situation leading to the risk occurring
- identifying the party best able to control the risk itself – this may include the organisation
- identifying who should be responsible if the risk cannot be controlled
- establishing whether, if the risk is transferred to the supplier, the cost to the organisation will fall, whether new risks will arise and transfer to the organisation, and the legal position of any transfer.
Reference
Elsey, R.D. (2007). Contract management guide. The chartered Institute of Purchasing & supply. CIPS_KI_Contract Management Guidev2
