PROCUREMENT AND SUPPLY CHAIN

RISK MANAGEMENT

Topic FOUR
Risk mitigation strategies in
procurement and supply chain

By Masala Ndelembi
[email protected]
Risk mitigation strategies in
procurement and supply
chain

• Apply the use of probability and

impact assessments to manage
risks in procurement and supply
chain
2
Risk mitigation strategies in
procurement and supply
chain

• Explain the development of a risk

management culture and
strategy to improve procurement
and supply chain

• Develop mitigation strategies in

procurement and supply chain
3
 Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain

• Risk Probability is the determination of the likelihood

of a risk occurring. This likelihood can be based on
historical project information, does the risk typically
occur? Or the likelihood of risks can come from
interviews or meetings with individuals who would have
knowledge of the probability of risks occurring. When
determining the probability of a risk occurring it is often
given a score such as high = 3, medium = 2, or low =
1.
4
 Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain

Impact Assessment is the evaluation of the impact of a

risk if it were to occur. If the risk would to occur would it be
catastrophic to the project or a minor inconvenience? An
impact assessment is generally conducted in meetings or
in interviews with individuals who have the appropriate
knowledge to evaluate the impact of a risk. Upon
completion of an impact assessment a risk is often given
an impact score such as high = 3, medium = 2, or low = 1.
5
 Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
• Definition: Risk impact assessment is the process of
assessing the probabilities and consequences of risk
events if they are realized. The results of this
assessment are then used to prioritize risks to
establish a most-to-least-critical importance ranking.
Ranking risks in terms of their criticality or importance
provides insights to the project's management on
where resources may be needed to manage or
mitigate the realization of high probability/high
consequence risk events
6
 Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain

• A Probability and Impact Matrix is a visual representation of the

results from Risk Probability and Impact Assessments. Imagine a
three by three cube with probability on the left with high on the top,
medium in the middle, and low on the bottom; and impact across
the bottom with high on the left, medium in the middle, and low on
the right. Using the scores mentioned above, if a risk has a high
probability (3) and high impact (3) it will have an overall score of 6
and will be in upper left hand corner of the cube. If a risk has a low
probability (1) and a low impact (1) it will have an overall score of
two and will be in the lower right corner of the cube.
7
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
Risk Prioritization

In the risk prioritization step, the overall set of identified risk events,
their impact assessments, and their probabilities of occurrences are
"processed" to derive a most-to-least-critical rank-order of identified
risks. A major purpose of prioritizing risks is to form a basis for
allocating resources.
Multiple qualitative and quantitative techniques have been developed
for risk impact assessment and prioritization. Qualitative techniques
include analysis of probability and impact, developing a probability and
impact matrix, risk categorization, risk frequency ranking (risks with
multiple impacts), and risk urgency assessment.

8
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
Risk Prioritization

Quantitative techniques include weighting of cardinal risk

assessments of consequence, probability, and timeframe;
probability distributions; sensitivity analysis; expected monetary
value analysis; and modeling and simulation. MITRE has
developed the min- and max-average approaches (using a
weighting scale more heavily weighting the max or min value).
Expert judgment is involved in all of these techniques to identify
potential impacts, define inputs, and interpret the data [3].

9
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
As a responsible manager, you need to be aware of these risks.
Does this mean that you should try to address each and every
risk that your project might face? Probably not – in all but the
most critical environments, this can be much too expensive, both
in time and resources.
Instead, you need to prioritize risks. If you do this effectively, you
can focus the majority of your time and effort on the most
important risks.
The Risk Impact/Probability Chart provides a useful framework
that helps you decide which risks need your attention.

10
 Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
How to Use the Tool
The Risk Impact/Probability Chart is based on the principle that a risk has two
primary dimensions:
Probability – A risk is an event that "may" occur. The probability of it occurring
can range anywhere from just above 0 percent to just below 100 percent. (Note: It
can't be exactly 100 percent, because then it would be a certainty, not a risk. And
it can't be exactly 0 percent, or it wouldn't be a risk.)
Impact – A risk, by its very nature, always has a negative impact. However, the
size of the impact varies in terms of cost and impact on health, human life, or
some other critical factor.
The chart allows you to rate potential risks on these two dimensions. The
probability that a risk will occur is represented on one axis of the chart – and the
impact of the risk, if it occurs, on the other
11
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain

12
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
The corners of the chart have these characteristics:
•Low impact/low probability – Risks in the bottom left corner are low
level, and you can often ignore them.
•Low impact/high probability – Risks in the top left corner are of
moderate importance – if these things happen, you can cope with them
and move on. However, you should try to reduce the likelihood that
they'll occur.
•High impact/low probability – Risks in the bottom right corner are of high
importance if they do occur, but they're very unlikely to happen. For
these, however, you should do what you can to reduce the impact they'll
have if they do occur, and you should have contingency plans in place
just in case they do.
•High impact/high probability – Risks towards the top right corner are of
critical importance. These are your top priorities, and are risks that you
must pay close attention to. 13
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain

How the use of Probability and impact assessment manage risks in

procurement and supply chain??

14
Apply the use of probability and
impact assessments to manage
risks in procurement and supply
chain
To use the Risk Impact/Probability Chart, print this free worksheet, and then
follow these steps: (Five-step process in risk assessment and management)

1.List all of the likely risks that your project faces. Make the list as comprehensive
as possible.
2.Assess the probability of each risk occurring, and assign it a rating. For
example, you could use a scale of 1 to 10. Assign a score of 1 when a risk is
extremely unlikely to occur, and use a score of 10 when the risk is extremely
likely to occur.
3.Estimate the impact on the project if the risk occurs. Again, do this for each and
every risk on your list. Using your 1-10 scale, assign it a 1 for little impact and a
10 for a huge, catastrophic impact.
4.Map out the ratings on the Risk Impact/Probability Chart.
5.Develop a response to each risk, according to its position in the chart.
Remember, risks in the bottom left corner can often be ignored, while those in the
top right corner need a great deal of time and attention. Read Risk Analysis and
Risk Management for detailed strategies on developing a risk response plan. 15
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
What do we mean by risk culture?
Risk culture is a term describing the values, beliefs, knowledge,
attitudes and understanding about risk shared by a group of
people with a common purpose. This applies to all organisations
- including private companies, public bodies, governments and
not-for-profits.
To adequately address risk culture, it must first be defined. Risk
culture is the system of values and behaviors present in an
organization that shapes risk decisions of management and
employees. One element of risk culture is a common
understanding of an organization and its business purpose.
What does a good risk culture look like?
An effective risk culture is one that enables and rewards
individuals and groups for taking the right risks in an informed
manner. 16
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
What is Risk Culture?
Risk culture is the “set of encouraged and acceptable behaviors,
discussions, decisions and attitudes toward taking and managing
risk within an institution.” Developed in conjunction with research
Protiviti conducted with the Risk Management Association[1], this
definition applies to all organizations, whether public or private,
for-profit or not-for-profit. Risk culture is the glue that binds all
elements of risk management infrastructure together, because it
reflects the shared values, goals, practices and reinforcement
mechanisms that embed risk into an organization’s decision-
making processes and risk management into its operating
processes. In effect, it is a look into the soul of an organization to
ascertain whether risk/reward trade-offs really matter.
17
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain

How Do We Evaluate Risk Culture?

Risk culture may be a formidable hurdle to improving risk
management performance, whether management realizes it or
not. Because risk culture often evolves as the organization
evolves, it may make sense for organizations to use self-
assessment techniques, internal surveys, focus groups and other
techniques to understand the current state of risk culture in the
organization by considering the following:

18
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
Tone of the organization – This term refers to the collective impact of the tone at the top,
tone in the middle and tone at the bottom on risk management, compliance and responsible
business behavior. Communications from the top have little impact if the organization’s
employees see and hear a different message every day from the managers to whom they
report. The greater the number of management layers in the organization, the greater the risk
of incongruities in the respective tones at the top, middle and bottom. Likewise, the greater
the risk of executive management being unaware of serious financial, operational and
compliance risks that may be common knowledge to one or more middle managers and rank-
and-file employees. Information is often distorted as it moves up and down the management
chain, creating disconnected leaders.[2]
Physical mechanisms driving risk culture – These tangible mechanisms influence the tone
of the organization and include many things comprising the risk governance structure,
including corporate value statements, code of conduct and ethics programs, policies and
procedures, risk committee oversight activities, incentive programs, risk assessment
processes, key risk indicator reporting and performance reviews and reinforcement
processes, among other things. They also include the risk appetite dialogue of the executive
team and Board, as well as the decomposition of risk appetite into risk tolerances and limit
structures used day-to-day in executing the corporate strategy.
19
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
Internal attributes driving risk culture – These attributes include the attitudes, belief
systems and core values that drive behavior and guide daily activities and decision making
throughout the organization, particularly with respect to entrepreneurial pursuits. While not as
easily “seen and touched” as physical mechanisms, they warrant careful attention. For
example, behaviors around risk management and internal control accountabilities often
manifest themselves in how people clear audit issues, address control weaknesses, escalate
issues and resolve issues reported. The timeliness in which such activities are carried out
provides powerful “tells” regarding an organization’s risk culture. So, too, does executive
management’s reaction (or lack thereof) to warning signs provided by independent risk
management functions.
External attributes driving risk culture – These attributes include regulatory requirements
and expectations of customers, investors and others. The extent to which an organization
seeks out these requirements and expectations and aligns business processes through
actionable improvements reveals a lot about its resiliency.

20
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain

Subcultures that might have an impact on risk management[3] – Multiple subcultures

permit an institution, in response to a changing business environment, to be more agile in
solving problems, sharing knowledge and serving customers that a so-called unitary culture
may not address. On the other hand, they can also lead to rogue, risk-taking behavior that
can ultimately harm the organization.
Relationship to overall culture – Risk culture does not operate in a vacuum. The overall
organizational culture influences it in many ways, and some argue they are one and the same

21
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
Strategies of Improving Risk Culture?
As risk is about uncertainty in facing the future, it would seem logical that a
desirable risk culture would position the organization to be proactive as an early
mover that quickly recognizes a unique opportunity or risk and uses that
knowledge to evaluate its options, either before anyone else or along with other
firms that likewise seize the initiative. Such a culture would give management the
advantage of time, with more decision-making options before shifts in the market
invalidate critical assumptions underlying the strategy. Another example of a
desirable risk culture might be one that maintains a healthy tension between the
organization’s entrepreneurial activities for creating enterprise value and its
activities for protecting enterprise value so that neither one is too
disproportionately strong relative to the other.
Once an initial assessment of the current risk culture is completed, executive
management should consider whether any organizational changes are needed
and take steps to implement those changes as directed by the Board. In
transitioning to a desired risk culture, executive management should try to
22
achieve the following:
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
1. Embed it in the organization – Risk culture should be effected through the firm’s overall
risk governance process; otherwise, it becomes a nebulous appendage. To illustrate,
accountabilities for risk management and desired risk management behaviors should be
reinforced through committee charters, policies, job descriptions, limit structures, procedures
and escalation protocols.
2. Make it a priority at the highest levels – Executive management must support the
desired risk culture by demonstrating the desired behaviors through their actions and
decisions over time, as well as by periodically communicating value contributed by the
organization’s risk culture. For example, promoting a warrior culture, fostering a “star system”
with little or no accountability, shooting the bearers of bad news, ignoring the warning signs
escalated by the risk management function and making decisions that everyone can see are
inconsistent with the desired risk culture all send the wrong message.
3. Undertake an integrated approach – Standing alone, such programs as periodic policy
communications, awareness campaigns and training strategies are mere window dressings.
When baked into a comprehensive program that aligns performance expectations, roles,
responsibilities and compensation structures with appropriate risk taking, they reinforce
critical aspects of the desired risk culture for employees.
4. Periodically evaluate progress – Monitor employee behavior for new trends, attitudes or
perceptions requiring attention. Track quantitative and qualitative measures of an effective
23
risk culture using indicators such as:
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
Level of executive management sponsorship
Line of business ownership of risk management
Effectiveness of risk committee and governance processes
Evidence of key business decisions, taking risk and solvency into consideration
Quality of Board discussions on risk issues and escalated matters
Use of risk appetite statement and tolerances in decision making
Alignment and incorporation of risk into strategic planning and direction
5. Be alert for signs of change, for better or worse – As noted earlier,
employee surveys and focus groups are examples of tools that can provide
insights when evaluating risk culture. Reports from the independent risk
management function and internal audit are other sources. Consider the effects of
changes in strategy and the organization as well as the occurrence of external
events, including regulatory developments, when evaluating whether changes are
necessary to strengthen risk culture.
Every organization is different. That is why it is important to evaluate risk culture
and make necessary adjustments to shape it over time in response to change
24
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
Developing a Risk Management Culture
To cope with the challenge of creating consistent and workable
processes for managing operational risks, organizations need to
adopt a "risk management culture" that emphasizes at all levels the
importance of managing risk as part of each person's daily activities.
The goal of creating a risk management culture is to create a
situation where staff and managers instinctively look for risks and
consider their impacts when making effective operational decisions.
Reasons Why Adoption of Risk Management Doesn't Occur
While few service delivery organizations would argue against
managing risks, many find it difficult to fully adopt the discipline
associated with a proactive risk management process within
operations. Often they might undertake a risk assessment at the start
of each project but fail to maintain the process as the project
25
proceeds
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
The following reasons are frequently given to explain this approach:
 Pressure of time, combined with the feeling that nothing will be
done about reported risks.
 Staff often feels that identifying risks may give the wrong
impression to management and may result in retribution against
them.
 Concern that a visible focus on risks will present a negative
impression to executives and shareholders.
The root cause for these beliefs is that managers themselves often
do not understand the value that risk management delivers. As a
result, they are reluctant to assign adequate resources for risk
management activities. Conversely, where resources are limited,
they might sacrifice these activities first if the budget or schedule
comes under pressure.
26
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
It is therefore especially important to ensure that all stakeholders
appreciate the importance of managing risks in order to establish a
culture where risk management can thrive. The following steps have
been found to be effective in establishing risk management as a
consistent discipline:
i. Obtain management sponsorship.
ii. Seek advice and mentorship from a risk manager who has
personal experiences and knowledge about potential failures.
iii. Educate all stakeholders about the importance of managing
risks and the costs or lost revenues that can result from failure.
iv. Train a core set of risk managers to act as role models and
provide mentorship for others. An effective training approach is
to combine a workshop on the theory of risk management with
27
real exercises based on day-to-day operations activities.
• Explain the development of a
risk management culture and
strategy to improve
procurement and supply chain
v. Invite all stakeholders to operations management reviews
(OMRs) where top risks are reviewed.
vi. Ensure that top risks are included in status reports and
circulated to service managers and key stakeholders.
vii. Seek feedback from stakeholders on the effectiveness of the
risk management process and review the process regularly to
ensure that it continues to add value.
viii. Introduce a recognition scheme for individuals who effectively
identify and/or manage risks.
ix. Ensure that the operations staff considers risk management
activities when scheduling and making key decisions.
x. Make the systems used in risk management easy to use and
accessible. A key requirement is to record risks as soon as they
28
are discovered so they can be analyzed and managed
• Develop mitigation strategies in
procurement and supply chain
Risk mitigation strategy is the process of developing
options and actions to enhance opportunities and reduce
threats to project objectives [1]. Risk mitigation
implementation is the process of executing risk
mitigation actions. Risk mitigation progress monitoring
includes tracking identified risks, identifying new risks,
and evaluating risk process effectiveness throughout the
project

29
• Develop mitigation strategies in
procurement and supply chain
Mitigation is something you do to reduce the effect of
something else, like mitigating the effects of an oil spill.
Since you cannot prevent tsunamis, the approach to
minimizing damage might be: - not allowing any
settlement, commercial activity, or building of any sort
within a defined flood plain along the shoreline.
Obviously that is _not_ going to be a popular option. -
building very, very tall barriers along the ocean. These
could be built a slight distance away from the shore,
with gates in them to allow people access to the
beaches. As the recent tsunami in Japan showed,
however, you probably need to build them twice as high
as you think you will ever need. less damage. - building
30
structures to absorb the energy
• Develop mitigation strategies in
procurement and supply chain

The program's risk mitigation approaches represent

integrated supply chain strategies that take advantage
of economies of scale to improve cost and quality. In
particular. For example, inaccurate forecasting (demand
risk) may lead to under-procurement (supply risk),
eventually resulting in the need for a costly emergency
order (cost risk) to remedy a product stock-out

31
• Develop mitigation strategies in
procurement and supply chain

SUPPLY RISKS
Production and shipping delays can result in product
stock-outs when goods are not delivered according to
the supply plan and, hence, are not available for
scheduled in-country distribution. These stock-outs can
lead to interruption for patients if the needed are not
consistently available. Country-specific procurements
are scheduled according to a multilateral, agreed-upon
supply plan, designed to maintain inventory levels
across the in-country supply chain

32
• Develop mitigation strategies in
procurement and supply chain

In order to improve the delivery performance due to

production or shipping delays to the recipient countries
the following strategies to mitigate supply risks are
used. These 4 strategies are:
 Multiple-source procurement
 Pooled procurement based on projected demand
 Flexible specifications for presentation of product
(appearance of packaging, quantities per package,
instructions printed in multiple languages) to
facilitate common product use across multiple
33
countries
• Develop mitigation strategies in
procurement and supply chain

1. Multiple-Source Procurement Mitigates Production and

Shipping Delays
Based on the best-value approach that is embodied in USAID
procurement regulations, product procurements are usually
awarded concurrently to multiple vendors on a tender-by-tender
basis. The benefits of doing so are twofold. First, the risk and
consequence of sudden production or delivery failures by a single
vendor are mitigated by the completion of orders for the same
product by other vendors. Second, it is the opinion of the authors
that the participation of multiple vendors leads to product
marketplace that is competitive and growing in capacity to
supply these products to an increasing number of demands
34
• Develop mitigation strategies in
procurement and supply chain
2. Pooled Procurement Maximizes Product Availability and
Reduces Costs
Pooling (combining) the procurement for common products
based on their supply plans maximizes the availability of these
product and reduces procurement and shipping costs for a
number of reasons:
 Economies of scale are attained for manufacturing and
shipping.
 Fewer tenders and orders need to be processed, reducing
transactional costs for both the buyer and the
manufacturers.
 Minimum batch volumes imposed by manufacturers before
beginning production are reached more rapidly, thus
avoiding production delays.
 The capacity of shipping containers can be maximized fully,
35
particularly when pooled products are shipped to Regions.
• Develop mitigation strategies in
procurement and supply chain

Pooled procurement among neighboring countries reduces

procurement and shipping costs.
The pooled procurement process also allows vendors and
recipients to plan ahead strategically. For example, when
countries place orders at least 6 months before they need the
goods, ocean freight can be used rather than more expensive air
freight. Additionally, by pooling procurement, SCMS can
negotiate reduced aggregate tendering rates. The program issues
approximately 8 planned tenders to the market per year, of large
aggregate volumes each time. This process increases the
program's negotiating power with vendors, improving the
chances of obtaining the best price available, in contrast to an
annual tender process, which allows only for a single negotiation.
36
• Develop mitigation strategies in
procurement and supply chain

4. Flexible Specifications Facilitate Product Use in Multiple

Countries
The program encourages manufacturers to register a common
presentation for a given product formulation across multiple
countries whenever possible, which allows the program to
procure and ship a single product to most African countries. In
the majority of cases, the single presentation uses labels and
inserts printed in both English and French. This common
presentation strategy has come to dominate the product
procurements made by the program.

37
• Develop mitigation strategies in
procurement and supply chain
DEMAND RISKS
The authors define demand risks as operational matters at the
client, program, or country level that impact the timely and cost-
effective processing of orders through the national and donor
systems.
Producing accurate national demand forecasts is challenging,
which can result in orders that may not reflect the country's
actual need. On the one hand, under-forecasting can result in
product scarcity, increasing the likelihood of stock-outs and
creating the need for costly emergency orders. It also
substantially increases the use of high-cost air shipping—the
normal transportation mode for emergency orders. In contrast,
orders placed sufficiently in advance of their desired delivery
date can be shipped via ocean, with savings of more than 60%
38
when compared with the cost of air freight
• Develop mitigation strategies in
procurement and supply chain

Conversely, over-forecasting can result in excess stocks that

expire before use. This increases costs of storage and handling
as well as the cost of properly disposing of the unused product.
Additional common challenges to timely, accurate procurement
include delays in finalizing and submitting orders and
coordination issues between donors and recipients.8
 To mitigate these demand risks, the program has employed
a combination of strategies:
 Regularly updating country forecasts and supply plans

39
• Develop mitigation strategies in
procurement and supply chain

1. Frequently Updated Country Supply Plans Improve

Orders and Reduce Stock Imbalances
The program assists PEPFAR-supported countries in establishing
12–18 month supply plans, which are updated every 3 months
and are based on reported product consumption. Delivery
quantities for planned shipments can thus be continuously
revised to reflect a more accurate picture of demand and to
respond to changes in consumption trends, ultimately attempting
to avoid both stock-outs and overstocking of commodities.

40
• Develop mitigation strategies in
procurement and supply chain

2. Aggregating Supply Plans for Pooled Procurement

Enables Stock Adjustments at the Regional Level
Taking the additional step of aggregating the supply plans of all
countries within a region further mitigates supply risks linked to
forecasting weaknesses, because adjustments can be made
closer to the country program, as opposed to the very beginning
of the supply chain. For example, if one country in a region
adjusted its supply plans to reflect greater requirements and
another country in the same region concurrently experiences
reduced demand, the relevant RDC could transfer excess from
the latter to meet the increased needs of the former without ever
having to order new supplies from manufacturers

41
• Develop mitigation strategies in
procurement and supply chain

COST RISKS
Cost risks may generally be divided into risks related to the unit
cost of products and risks related to shipping and storage. In
short, efforts described above to reduce supply and demand risks
through regionally aggregated planning, procurement, and
intermediate storage also have a considerable effect on reducing
costs throughout the supply chain

42
• Develop mitigation strategies in
procurement and supply chain

1. Pooled, Frequent Procurement Lowers Product Units

Costs
Economies of scale obtained through pooled procurement create
the opportunity for cost savings in the supply chain. However,
this is not only the result of reducing the number of demand-side
transactions required to obtain the same quantity of products for
multiple countries. Economies of scale are also achieved on the
supply side, as manufacturers are asked to respond to fewer
requests for proposals overall, since the program covers multiple
countries in a single order. This reduces costly workloads
associated with preparing separate outbound orders, export
customs entries, transaction records, and invoices

43
• Develop mitigation strategies in
procurement and supply chain

2. Freight Consolidation Reduces Shipping Costs

The strategy of the program for transporting product focuses on
meeting client country requirements at the lowest possible cost
without compromising product integrity. This means balancing
the use of ocean and air freight for manufacturer-to-country
shipments. Air freight is the best choice when urgency is needed
to avoid stock-outs, treatment interruptions, and significant
program disruptions; otherwise, optimizing available lead time
for orders allows for lower-cost shipment by ocean, which the
program seeks whenever possible. In addition, road freight
rather than air can be used on key lanes for intra-Africa
movements. The program strives to consolidate as many orders
as possible into as few shipments as practical, leveraging the
44
process to facilitate lower-cost modes of transport