Spelthorne Borough Council

Procurement Policies & Procedures

 

 

 

07_Managing Risk in Procurement Projects

 

 

 

 

 

 

 

 

 

 

 

Version

v 3.0

Author

 

Date Drafted

1 August 2025

Date Approved

 

Review Date

August 2028

 

 

 

 

 

 

 

 

 

 

 

Managing Risk in Procurement Projects

 

 


CONTENTS

 

1.

Introduction: What is Risk Management?

………….1

2.

Purpose

………….1

3.

Procurement Risks

………….1

4.

Risk Management Process

………….2

5.

Procurement Risk Management lifecycle

………….4

6.

Support from Corporate Procurement

………….4

7.

Summary

………….4

8.

References to other SBC Policies

………….4

 

 

 

 


1.            Introduction: What is Risk Management?

 

A ‘Risk’ is the chance of something happening that will have an impact on the delivery of objectives. Risks can have a positive or negative impact.

Risk Management is the process of identifying and anticipating individual risk events and overall risk and putting in place effective measures for preventing and / or managing them.

Risk is measured in terms of the potential impact of an event and the likelihood of it happening. Whilst the comprehensive management of risk is critical across an organisation, this procedure focuses on the risks associated with a Procurement project.

 

2.            Purpose

The purpose of this procedure is to ensure that officers undertaking a procurement project carefully and fully consider the specific procurement risks associated with the project, and to provide guidance and support where required from the Corporate Procurement team.

 

 

3.            Procurement Risks

Procurement of works, goods and services exposes the organisation to risk. Procurement in SBC is devolved across the organisation – that is, unless required to do so by the Contract Standing Orders[1], officers are not required to seek support from Corporate Procurement. This Procedure is therefore designed to provide guidance for smaller projects undertaken without Corporate Procurement support, as well as for larger projects which may have greater risk associated with them.

The Procurement policies and procedures developed by Corporate Procurement have been developed to support the management of risk.

Some of the consequences of not managing procurement risk effectively include the following:

Type of risk

Consequence

·         Delays in project delivery

leading to cost increases, or gaps in contract provision

·         Disruption to the supply of essential goods and services

leading to cost increase and impacting service provided to the community

·         Risk of challenge from the supply market

leading to reputational damage, project delays, etc.

·         Damage to our relationship with strategic suppliers

leading to less collaboration and a reluctance from suppliers to ‘go the extra mile’

·         Failure in corporate governance controls

leading to poor audit recommendations

The key benefits of effective procurement risk management can be summarised as:

·         Enabling better procurement decisions which achieve the required financial outcomes (managing cost);

·         Improved delivery of the intended project outcomes (managing cost, time and quality);

·         Improved supplier relationships, social value and supply chain sustainability (managing added value, and community benefits).

 

 

4.            Risk Management Process

The diagram below shows the steps required for the management of all risks and has an effective application for procurement projects. It also demonstrates the requirement for the continuous review of risk throughout the life of the project, not just at the start.

page4image811587216

©CIPS 2013 

The form at Appendix A will help to work through the process above. Details are provided below about each step:

Context – In considering the context for the management of Procurement risks, think about SBC’s corporate priorities and how this project will contribute to their delivery, or prevent the priorities being delivered. Think also about any internal and external stakeholder requirements, such as, for example value for money (financial); environmental impact (sustainability); and improved services for the community (social value);

Identifying Procurement Risks – simple, low value procurements will not require the same degree of formal risk identification that is required for larger, strategic or complex procurement projects. However, due consideration must be given to the skills required and the specialist capability available, the supply market, and the procurement process and any factors for consideration such as time, governance and cost management. For larger projects, Corporate Procurement will need to provide support, and in some cases, resources may need to be brought in, e.g. where there is insufficient technical capability to write a specification.

There are some broad risk categories which should always be considered at this stage:

·         Internal governance– what approval process is required before you proceed with the project and what are the risks of non-compliance? Have all requirements been met?

·         Legal – what regulations apply to the procurement of the project? For example, consider procurement law; TUPE etc. What kind of contract may be required and what risks are associated?

·         Relationship or Social – how will your project affect the immediate local and wider communities? Is there an incumbent provider who needs to be managed carefully during the procurement process?

·         Environmental – what are the environmental risks associated with the project? Is an Environmental Impact Assessment needed?

·         Political / Reputational risks – for example, what damage might be done to the Council’s reputation if the project fails, or does the success of the project imply that there may be some political fallout; for example, procuring a parking charging system, which will need careful management.

·         Economic – is there any investment required and what is the payback period? What are the implications of failing to complete the project within budget?

Assessing Risk – requires the project team to Analyse and Evaluate the risks which have been identified. The Analysis considers the likelihood of the risk occurring, the impact the risk would have, and the effectiveness of any mitigation measures in place (controls;(refer to the Spelthorne Risk Evaluation Methodology).

The risk Analysis should be a quantitative assessment, supplemented by any necessary narrative to describe the score. For Procurement projects, risks are generally associated with cost, quality, acceptability of supply, and time. Once the Analysis has been carried out, the Evaluation process will then consider, prioritise and develop actions for managing the risks to an agreed acceptable level.

 

Treatment of Procurement Risks – the Procurement project team will need to consider whether the risks can be:

·         avoided;

·         transferred or shared;

·         reduced by appropriate actions and processes.

A risk may be avoided altogether by finding an alternative way of doing things. For example, if there is insufficient time to procure a high value project without failing to comply with Procurement regulations (risks = challenge by disgruntled suppliers for not offering the opportunity; failure when internally audited, etc.)

Transferring risks to a supplier will inevitably incur costs; sharing those risks will reduce the cost. The amount of risk that is to be transferred can depend on several factors: skills of officers to do the work in-house; budget available; how well the risk can be identified, etc. Some risks cannot be completely transferred.

Please refer to Procurement for further support. A fundamental principle of risk transfer is that it should be allocated to the party in the best position to control it.

5.            Procurement Risk Management lifecycle

Procurement Risk Management is a key part of the Procurement project initiation and should be carried out throughout all stages of the procurement, led by the project manager or their designated responsible person.

6.            Support from Corporate Procurement

For larger projects, Corporate Procurement should be an active participant in the management of risk. Corporate Procurement will provide support in identifying process, commercial and legal (procurement) risks and provide an overview which also benefits from the wider, ‘helicopter’ view of the Corporate Procurement Plan.

7.            Summary

This procedure proposes a full consideration of the risks associated with carrying out a procurement project. It proposes a systematic approach to the identification of procurement and / or commercial risk, and assessing and managing these to an acceptable level to achieve the procurement project objectives.

 

 

Appendix A – Working through the Risk management process

Establish the Context

·         How does the objective of this project contribute to the wider objectives of a) your Group and b) SBC as a whole?

·         Are project team members all aware of the objectives, and fully on board to help deliver?

·         Is there a Project sponsor?

Identify Risks

·         Have you identified the project risks in a Risk Register?

Analyse Risks

·         Do you know what kind of risk these are – e.g. financial, reputational, strategic, etc.?

Evaluate Risks

·         Have you worked through the risks to understand the likelihood and impact?

Treat Risks

·         What measures have you put in place to mitigate the risks (to reduce the likelihood and / or impact)?

Monitor and review

·         Have you put in place a process for regularly reviewing and discussing risks with the project team?

·         Do you need to report on the risk management process at a Committee?

 


[1] CSOs stipulate that Procurement must be consulted where the project value will exceed £30k.