When considering the next steps for procurement, the discussion often comes back to the role of risk management across various functions—financial, technical, operational, or usage-related. While risk management is a familiar part of our daily work, we rarely dedicate enough time to assess the scope and magnitude of risks or to map them in a way that allows us to quantify threats and consider risk from multiple perspectives.

Procurement teams are constantly managing and mitigating risks to ensure the delivery of quality goods and reliable services, as well as maintaining a financially stable supplier network without over-reliance on any single supplier.

Failure to manage risk can increase costs, reduce profits, and potentially cause operational breakdowns, especially if a sole supplier experiences problems—an issue particularly critical in industries like manufacturing.

Beyond major cost-increasing events or supplier failures, risk has increasingly become a strategic lens, shaped by industry experience and the vulnerabilities of individual organizations. Risk affects relationships among suppliers, stakeholders, and internal units, as well as the ability to expand market capabilities. Typically, we only become fully aware of risks when significant anomalies occur, sometimes only after initially ignoring them until the next event unfolds.

On one hand, we are familiar with the risks in our work. On the other, few of us delve into the ecosystem of interconnected risks to adjust our understanding of how, when, and where risks may materialize. Often, this assessment is done in depth, not breadth.

The most important step is to communicate and refine risk frameworks to gain a comprehensive understanding of risks and their components. This enables a deeper insight into operational processes, leading to success and creating value for stakeholders and all parties involved.

Look for Technology, but Don’t Over-Rely on It

While technology can assist, relying solely on technical solutions—like AI or sophisticated mathematical algorithms—can itself create risk.

Regarding individual suppliers, procurement teams analyze requests and review contracts, giving a clear view of what could trigger service-level breaches or contract terminations, and the operational impacts in terms of time, cost, and quality. However, we must ask: can we reliably extend this risk understanding across all suppliers or categories, not just a single supplier? Often, the answer is no.

We tend to alert third parties to risks, but notifications often come too late due to delayed or outdated data. Recall that before the 2008 global financial crisis, many of our suppliers were not making proactive decisions, and within six months, it seemed most suppliers were no longer viable.

In summary, we are operating amid risk. The challenge is to prepare effectively, by developing a method to understand how these relationships and dependencies will likely unfold, and what outcomes they will produce.