Unit 6: Managing risk


How can we open public procurement to new vendor groups, new approaches, and innovations to maximize value for citizens while managing risks responsibly?

Risks are uncertainties in achieving an organization’s objectives or in delivering a specific project. Traditionally, procurement tended to be constructed around bureaucratic risks, such as the transactional risks in contracting that might expose the government to liabilities, blame for mistakes or failure. If we reduce procurement to an exercise of bureaucratic risk management, we undermine the purpose of city government spending: to create value for citizens.

This unit offers a step-by-step guide to identify, assess, and respond to risks in procurement. It includes recommendations to help you map and prioritize risks according to their likelihood and effects, as well as some examples of mitigation actions. It recommends keeping a clear sense of priority for citizens’ needs when mapping and managing risks.

Perceiving risk

When dealing with innovation and risk management in procurement, different stakeholders are likely to have different perceptions of risk. As outlined in the Unit 1, these stakeholders fall into three main groupings: government, providers and citizens:

  • Government typically prioritizes bureaucratic risks like cost-overruns and delays, while arguably the biggest risk is not meeting their citizens’ needs swiftly and effectively.
  • Providers’ perception of risk is influenced by their business model and place in the supply chain and often centers on cash flow, delays, reputation and disputes.
  • Citizens’ perception of risk is related to the response of both local government and providers to their needs. Citizens’ perceptions are fundamental, as signals of misspending or corruption could lead to an erosion of trust and even civil unrest.

“Start with a pilot, test and then go into a big procurement. That in itself is a risk management tool”

Adrian Walker, Global Head of Infrastructure, Energy, Resources and Projects, Hogan Lovells

Managing risk

Risk is the measurable uncertainty of the outcome of your procurement. This uncertainty is expressed in terms of the likelihood of undesired outcomes. Each risk in your procurement can be characterized according to its nature, its likelihood of occurring and its potential consequences.

Risk management is the method by which you mitigate risks through a process that commonly includes three steps: 1) identifying, 2) assessing, and 3) responding.

Identifying risks

As explained in Unit 2, it is fundamental to have a clear view of the objectives of your procurement. Without clearly defined goals it is unlikely that you can identify, assess and respond to risks. What follows is an illustration of different types of risks that can be found throughout the procurement cycle.

To identify risks, you can involve internal and external stakeholders and use different tools. You will need to assess the best suitable mapping method, which may include:

  • Interviewing different stakeholders
  • Conducting brainstorming sessions
  • Running risk mapping workshops
  • Using checklists
  • Doing a SWOT Analysis

The following table shows examples of common risks — organizational, societal, market, technological, financial — that can occur during the different stages of the procurement cycle. This list of risks is not comprehensive but aims to provide you with some examples for you to tailor it to your specific context. You will need to map and analyze the risks for each new procurement.

Table 11 — Examples of typical risks in procurement

You should not only map risk at the beginning of the procurement process, but continuously as it is very difficult to foresee all events. Repeat the risk assessment procedure at pre-identified stages of the procurement cycle, including before or during the implementation and contract management.

Assessing risks

Different types of risks will have different effects on your procurement as well as different likelihoods of occurring. Therefore, once you have identified the risks it is necessary to assess them. This exercise will help you foresee, prioritize and minimize the effects of risks.

Some recommendations when carrying out a risk assessment:

  • Involve different stakeholders in this exercise.
  • Analyze each risk according to its probability and consequences. How likely is it to occur? What would be the consequences in terms of achieving your objectives?
  • Translate the risks one-by-one into a matrix that will help you visualize your priorities. There are different matrix models available, use the one that best suits your needs.
Table 12 — Risk matrix — Source: Department for Education and Child Development Government of South Australia

Responding to risks

Once you have identified, analyzed and evaluated the risks that your procurement project may entail, you will need to prioritize those that require mitigation measures.

There are many ways you can prioritize risks. For example, the matrix below can help you visualize the identified risks according to the resources they will require and the potential effects and benefits of response measures.

Figure 7 — Resource intensity vs effect and benefit

Once you have established which risks or combination of risks require mitigation, appropriate response actions need to be planned. The measures to be taken and the allocation of resources must be agreed before the risks occur, as well as the allocation of responsibility for implementing each measure.


In 2012, Los Angeles, California awarded a five-year $110.000.000 revenue-generating contract for an advertising license on the Metro Bus fleet and Rail system.

The greatest risk identified in the contracting was that the selected vendor would be unable to pay the Metro its guaranteed revenue. To mitigate this risk, an in-depth risk assessment was conducted on the two most promising vendors. In the end, the contract was awarded to the vendor that guaranteed 6.5% less overall revenue, but had a stronger payment history and a more reasonable and realistic work plan.

Responses may include:

  • Accepting the risk. Sometimes influencing the risk might not be feasible or the costs of handling it might be too high in relation to the potential benefits. In those cases, you will just need to prepare for the potential consequences.
  • Avoiding the risk. Although it is unlikely that you will be able to avoid all risks, on certain occasions you might be able to refrain from actions that create those risks in the first place.
  • Transferring the risk. Share the risk between parties. As explained in Unit 4, there are different ownership models that allow you to do so. Another way to do this is through insurance.
  • Reducing its likelihood or consequences. Develop a contingency plan for if the risk occurs and take the actions needed to reduce the likelihood of a risk occurring.

“When you put your need statement out, there is a transfer of management of that risk on the supplier because the person best placed to manage risks in the delivery of the product or service is likely to be the supplier.”

Adrian Walker, Global Head of Infrastructure, Energy, Resources and Projects, Hogan Lovells

Innovation and risk

Procurement can become a driver for innovation when the problem statement calls for solutions that are not yet available on the market. Unit 4 covers the steps to carry out market analysis that will allow you to identify these gaps.

The following table describes some of the risks associated with the procurement of innovative solutions as well as some mitigation actions:

Table 13 — Mitigating actions for procurement of innovative solutions

Key Takeaways

  1. Reassess and map potential risks at every stage of the procurement process. Buying the wrong solution (i.e. not solving the problem) is as big a risk as service provision risks (underperformance or non-delivery) and traditional procurement risks (contractual issues).
  2. As a contracting authority, define your key concerns. Ask potential providers how they will manage them.
  3. Start small. Try out a risky innovation first, and once proven successful, improve and scale up stepwise.
  4. Spread risk. Collaborate with others on sharing risks, and possibly pair up small and risky innovators with larger, more established providers to ensure the right balance between creativity and stability.
  5. Failure is part of change. Rather than trying to avoid it, you should discuss, define, and agree upon an acceptable amount of risk and failure.

Now do your homework!

Copy the Worksheet to map key risks in procurement and to understand how to prioritize and manage them effectively. To do risk mapping you can interview different stakeholders, conduct brainstorming sessions, run workshops, use checklists or do SWOT analyses. Focusing on one of your priority indicators from your strategy, choose one of these risk mapping approaches and think about the risks your organization might face. During this exercise, keep in mind that the biggest risk in procurement is failing to address citizens’ needs.


Proceed to Unit 7: Measuring results



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sascha Haselmayer

Sascha Haselmayer

Passionate about social + city innovation, delightful procurement, connecting social entrepreneurs and governments. Fellow @ New America | Founder/CEO Citymart