Both Procurement and the wider Organisation must have robust plans in place to manage risk and to plan for all contingencies. A risk management process should be embedded across both Procurement and the Organisation, and as a minimum should include a risk and issue register and mitigation plans with designated owners for activities / events such as:
- Separation of duties
- Conflicts of interest
- Abuse of processes
- Contingency planning
- Risk identification and assessment
- Risk control and monitoring
- Fraud and serious organised crime
- Supply base / supply chain activities and supplier vulnerabilities
- Risk of reputational damage
- Supplier audits
More advanced procurement risk assessment activity would include a process and mitigation plan to address potential risks such as:
- Market manipulation
- Monopolies and Cartels
- Hostile contractors
- Foreign market influence Natural disaster
No market/situation is static and therefore risk and contingency planning should be regularly reviewed by the organisation to ensure the inclusion of any new development(s), and react appropriately.
Dependent on the complexity of the organisation and its requirements, the Procurement Function may require risk registers/contingency planning: for categories of goods and services; by Contract; by individual goods or services; for an individual supplier; etc.
More information can be found in Risk.