1. How well are you managing risk?
Gregg Barrett
WE GO THROUGH life – personally and in business – trying to avoid risk or coming up
with sound principles on understanding risk upfront and mitigating these risks.
In most cases, risk management is handled manually. This in itself adds a layer of risk -
because we are human and – as the saying goes – to err is human.
Risks exist in virtually every contract entered into. There are very few organisations that
can manage these risks through a systematic, auditable and regulated manner.
The question is: How well is our community of commercial managers, contract
managers, lawyers and procurement executives equipped with the tools and abilities to
transform the management of risk?
Risk in itself is not necessarily a problem. But managing and mitigating it is. Many
sourcing professionals either ignore risk, do not manage it properly or are ill-equipped
with the necessary tools for the job.
This results in the risk being left unmanaged. It festers, materialises later in the
contracting process and is then left to relationship managers to address through an
improvised and hurried solution. This usually occurs too late in the contracting process.
But risks also hide in contract language.
There are several clauses in a contract that have various elements of risk associated with
them. Typically, the deliverables section has a large number of risks associated and the
risks can be for the supplier or the customer.
A simple example is when a major computer chip manufacturer is buying a large number
of its silicon wafers from a supplier who makes all its wafers in a plant that sits on a
known faultline in India. So, if a clause exists indicating that the supplier will provide
one million silicon wafers a month at two weeks’ notice from the customer, the obvious
risks are:
- What are the odds of an earthquake at the supplier’s plant. And if it was to occur, what
would be the delay in getting a shipment?
- The supplier only has one plant and has no backup or contingency plan in place.
- What would be the acceptable time delay before the manufacturing delays caused by a
missed shipment affect the customer’s ability to meet its market demands?
The risk elements in a contract like the above can have devastating effects on an
organisation if they are not assessed. And worse if they are not tracked and reported on.
By being pro-active, organisations can often alleviate risks and resort to contingency
plans . For instance, in the above example, a contingent supplier would be part of the
resolution process and would get the order if a specific risk element was escalated for the
original supplier.
So it’s best to regulate and manage the risk. Risk elements need to be regulated in the
organisation so they are deemed material and significant and can automatically be

2. associated with suppliers, contract language and even commodities (goods and/or
services) being bought or sold.
Management needs to meet the appropriate departments – such as sourcing, accounting,
risk, audit and legal – to brainstorm all the risk elements that could have an unacceptable
level of disruption. They then need to be documented and assigned thresholds for
notification. For example, at what percentage level should a manager be informed, a
director be informed and a “C” level be notified.
The departments responsible for creating contracts and templates must then ensure that
the risks can automatically be associated when a new contract is being created.
Leading organisations employ solutions in their arsenal with elaborate risk management
components that allow for scenarios like the one above to be reported, tracked, governed
and acted on.
Risk elements can exist at a contract level, at a clause level and at the supplier level. Risk
elements can be tied to specific clauses so that when a clause is used in a contract, the
associated risks are automatically attached to that contract and whatever workflow and
notification was tied to that risk, will be automatically a part of the contract process.
It is important that risks be reported on just as you would on when any contracts are
coming to expiry. Also, being pro-active will reduce risk management efforts.
In the words of Mark Loughridge, chief financial officer at IBM Corporation: “World-
class companies manage risk through headlights, not tail-lights”. To begin managing risk
through headlights, it starts with visibility – accurate and timely available data processed
into information leading to informed decision-making. Leading organisations are much
more pro-active in managing risk.
They move beyond a situational analysis of risk to ensure that internal systems enable a
balance between consequence and probability.
They employ enterprise contract lifecycle management systems. Risks are viewed and
monitored as a portfolio.
Risk-mapping techniques are used throughout the contract and negotiation process to
support highly visible enterprise risk management data covering contractual and
relationship risk.
Do any of these statements describe how your enterprise manages risks?
Research by the International Association for Contract and Commercial Management
shows that only about 35% of organisations consider alternate means and methods to
address and manage risk at a portfolio level. An even smaller percentage – fewer than 5%
– have progressed to using mapping techniques for overall contract and relationship risks.
With economic headwinds and supply risk at the front and centre of mind for most, if not
all procurement organisations, the time for action is now. Otherwise you might well be
facing a visit from Mr Unexpected.