In Brief - Managing Risk in Procurement

"No construction project is risk free. Risk can be managed, minimised, shared, transferred or accepted. It cannot be ignored" 'Constructing the Team' - Sir Michael Latham (1994)

In a recent report¹ on the practices of Chief Procurement Officers from around the world, almost six in ten saw managing risks as a priority.

An understanding and assessment of the risk factors associated with projects of any kind (construction, IT, facilities management, etc.) and how they can be managed is central to the selection of a suitable procurement strategy.  The chosen strategy should fit a project’s objectives, not the other way around. It should not be assumed, for instance, that a privately financed solution to procuring infrastructure (such as through Public-Private Partnerships) should be adopted for its perceived transfer of risk from public to private sector. There have been many examples over the years where the instinctive but often unrealistic desire to pass as much risk to others without thought for the consequences has resulted in failed projects and financially stressed participants².

Among the many technical, legal, financial and policy issues it needs to consider, the procurer of capital works or operational services should undertake a thorough analysis of the procurement options available to it based on an understanding of the key risks associated with the project – how will different strategies sit with identified risks and the procurer’s preferred risk allocation?

The selected procurement strategy, and the way in which risks are addressed through that strategy, can impact on many aspects of a project, including:

• Overall project implementation and delivery timetable
• The procurer’s and contractor’s organisational requirements
• Control of project costs
• Construction/service delivery periods
• Quality of design/construction/service delivery
• Buildability issues associated with preferred design solutions
• Long-term operation and maintenance/project life-cycle
• Market appetite for a procurement competition
• Health and safety
• Regulatory compliance
• Public perception of the project

Risk assessment should embrace a systematic and auditable process continuing throughout the various stages of a procurement process with clear inputs and outputs.  It is not just the procurer who needs to carry out this task. All project participants (procurers, contractors, subcontractors, service providers, offtakers, etc.) need to perform risk assessments to a greater or lesser extent. And the assessment must be realistic – in the sense that it should delve into the real-world issues affecting the project – and honest – giving appropriate weight to concerns even if this may result in delay or possibly even the cancellation of a procurement exercise.

“Identify – Categorize – Analyse – Manage“.  That is essentially what the risk assessors should aim to do. They should:

• Understand the project and what it involves at every tier
• Consider the range of risks, both internal to the procurer’s organisation and external, that each element of the project presents
• Analyse and assess the likelihood of a risk arising, including the environment (physical, commercial, fiscal, legal, political, technical, etc.) from which the risk is derived
• Consider the effect that an identified risk is likely to have on the project, its delivery and its participants
• Determine who, practically, legally and economically, is best placed to assume the identified risk
• Manage exposure by allocating risk to appropriate project participants or mitigating in other ways. This may involve:
  • Accepting, retaining and internally managing a risk
  • Accepting and transferring a risk to other project participants
  • Rejecting a risk (e.g. in the case of a contractor by qualifying its bid)
  • Sharing a risk with other project participants

(Please click on the diagram for a more detailed look).

Attention to detail in the procurement process, in particular carrying out a thorough risk assessment and translating that into viable project documentation, should not be regarded as a option to be disregarded by procurers in favour of “getting the deal through”.  True value to a business engaged in the procurement of works and services, and the protection of the procurer’s reputation, comes at a cost and that cost should invariably include investing in and embracing an organisational culture of risk management.

¹ Annual Deloitte Global Chief Procurement Officer survey report, 2017

² See “What’s wrong with infrastructure decision-making – conclusions from six UK case studies”, published by the Institute for Government, 2017