Risk management in procurement: fail to plan, and you plan to fail

by Tara Baurmann09.11.2021

Supply chains are changing; procurement is no longer just a cost-cutting process but rather is evolving, partially on account of the global pandemic. Covid-19 brought with it many supply chain disruptions cementing the urgent need for sufficient risk management and mitigation. But what does this entail exactly and how can it be effectively implemented?

What is Risk Management?

Risks are internal or external events that are uncertain both in terms of occurrence and impact. These events may even include ‘delayed consequences’ which are those that have historically occurred but are yet to be played out. In simple words: risk management is the process of avoiding or minimizing the impact of events that could affect the way your company operates. 

But how does this apply to procurement?

Risk management in procurement is the process of identifying, understanding, and grading these risks in order to mitigate possible supply-chain disruptions. These risks can manifest themselves in anything from late deliveries to quality issues. But whilst the most effective type of risk management involves circumnavigating and eliminating possible threats, there is no such thing as an entirely risk-free business.

The Importance of Risk Management in Procurement

Risk management is critical due to its far-reaching effects on many aspects of the sourcing process. Implementing suitable risk management and mitigation strategies not only ensures a smoother and more successful running of supplier operations but also helps to bring down costs.

We sat down with Stefan Wiemers, Digital Supply Chain Risk Management Expert at targetP!, to discuss the topic of Risk Management in Procurement further. Our most burning question for Stefan was: “Why is risk management crucial in procurement?”. Here’s what he had to say:

“The #1 priority for a supply chain risk management strategy is to prevent risks and professionally mitigate risks. Protecting financials and assets while creating a competitive advantage must be at the top of every CPO's agenda.”

Among other reasons, effective risk management has the following positive knock-on effects on a business:

  • Ensures resources are being used responsibly
  • Improves supplier relationships and customer service
  • Encourages an innovative culture
  • Reduces business liability
  • Aids in regulatory compliance

The financial consequences of poor risk management can be vast. For example, in a single year alone, Ford, General Motors, Nissan, and FCA US, could reportedly have generated a combined profit of $2 billion if they had selected better suppliers (Barrios, 2022). 

“Losing revenue changes the mindset of senior management and opens access to more budget for professional supply chain risk management. The last few years have significantly contributed to a new perception of Procurement in companies. As a value driver and crisis manager.” - Stefan Wiemers, Digital Supply Chain Risk Management Expert at targetP!

The Dangers Posed to Your Supply Chain…

It is clear that mitigating risk is a high priority for procurement professionals but in order to do so well, understanding the risks is crucial. Companies must identify all possible risks if they wish to begin the task of aptly safeguarding their organisation. 

These risks can fall under four possible categories: 

  1. Social, Ethical, and Environmental
  2. Financial
  3. Operational
  4. Strategic 

Potential social, ethical, and environmental compliance risks have profound implications. These include issues surrounding sustainability, which is quickly becoming a high priority for businesses, yet, also ranges to issues of human rights violations. 

Financial risks can include a variety of external factors such as unfavorable exchange rates or the cost of supplier instability and bankruptcy. Internally, though, supply chain risks can also manifest themselves when budgets are exceeded or are limited. All of the aforementioned factors can have an extensive impact on trade and procurement processes. 

Stefan Wiemers, Digital Supply Chain Risk Management Expert at targetP! notes, regarding the external risks faced by procurement organizations…

“The most significant [...] are the global uncertainty of geopolitics and economics and the amendment of national laws especially “German Supply Chain Act’ [...] We have had to learn to deal with common disasters and crises like the tsunami in New Zealand, earthquakes in Japan, Brexit, Covid-19, semiconductor shortages, the Ukraine war, and many more.” 

It is clear then: factors which could negatively impact supply chains are constantly arising, highlighting effective risk management strategies as crucial in procurement. 

Risk Management in Procurement: Steps for a successful execution

It is crucial that risk management is seen not as a static process but, rather, a continuous set of processes. In essence, risk management consists of identification, analysis, mitigation, planning, and continuous monitoring. Companies should conduct regular risk assessments in order to avert risks to their supply chains and ensure they are adequately prepared in the event of a crisis.

“Think big, start agile, be fast and effective from day 1. Risk mitigation is a journey and it will not be implemented overnight. Create awareness within your organization for supply chain risks and develop it stepwise” - Stefan Wiemers, Digital Supply Chain Risk Management Expert at targetP!

1. Analysis of your business needs

Firstly, a full needs analysis should be done to ensure your procurement department has a clear understanding of what goods or services are required, who needs them, when, and why. This analysis should be fully documented and include a good understanding of the customer, client, and supplier needs.

During the needs assessment process it is critical that needs are neither overstated nor understated and that realistic timelines are proposed. Similarly, requirements must be clearly defined and an accurate budget proposed. An incorrect needs analysis and forecasting can create a host of issues down the line. For example, a supplier may be selected who is too expensive or a quantity of product might be ordered in excess. Therefore, we suggest following Stefan’s advice:

“Conduct a risk maturity assessment to analyze your status quo regarding risk culture, understanding, governance, processes, and internal collaboration. Derive your project roadmap to a comprehensive and proactive Supply Chain Risk Management (SCRM).” - Stefan Wiemers, Digital Supply Chain Risk Management Expert at targetP!

2. Select the right suppliers

Choosing the right supplies is one of the most crucial decisions a procurement department can make in terms of risk management. It is only once suppliers have been thoroughly researched that their performance can be assured. In order to do so, it is important to implement a supplier evaluation method that is both easy to read and readily accessible. 

Failing to do so puts companies at reputational risk. For example, recently UK retailer Boohoo was forced to cut down its suppliers from 500 to 100 after it came to light that factory workers were being paid as little as £3.50 an hour (Sillars, 2021). This in turn sparked a £1bn hit to the companies’ share price. Likewise, Uniqlo and ASOS have both faced serious backlash on account of poor supplier selection. In 2016, it was discovered that their Turkish factories were employing 7-year-old children to work 60-hour weeks (Hutchison, 2016), which severely impacted their reputation and led to substantial financial losses.

Choosing suppliers incorrectly has detrimental effects in procurement when it comes to delays and cost implications. But did you know it can also have serious ESG ramifications? 

To avoid non-compliance, a company should look for ways to embed ESG criteria throughout the entire organisation, not just in procurement. However, to do so, a careful analysis of suppliers and a thorough review of how ESG affects procurement processes are necessary.

At Lhotse, we are committed to simplifying the process of finding sustainable suppliers. Whilst manual processes leave procurement teams with a lack of comparable data, Lhotse enables transparency as well as easy selection of sustainable or regional suppliers. To find out more about ESG compliance and how procurement leaders can drive sustainability in their supply chains, head to [our article] (https://www.lhotse.de/blog/sustainability-in-procurement-esg-compliance-for-a-more-resillient-supply-chain).

3. Effective contract and supplier relationship management

When the process of contract management is neglected, contracts can be left both unexecuted or uninvestigated, leading to inefficiencies in time and costs. In order to ensure efficient contract management, procurement leaders should regularly audit the process for failures and ensure effective management and communication. 

Organised supplier relationship management is of equal importance. External processes, contrary to internal ones, can be much more difficult to manage. Delays, which frequently occur in supply chains, can be reduced by properly keeping track of suppliers’ past and current records as well as ensuring favorable contract terms and maintaining a constant relationship, especially in times of crisis.

4. Continuous analysis of possible supply chain disruptions

The term “risk” often denotes the sense that supply chain vulnerabilities are entirely unexpected. In reality, disruptions are inevitable and can often be adequately planned for. Treating risk management as an ongoing, continuous process ensures quick response times in times of crisis, which currently occur all too frequently.

In order to continuously monitor risk management processes their effectiveness must also be evaluated. Indeed, even the most well-thought-out plans can have flaws. Therefore, it is important to hold regular evaluations to find areas for improvement. Digitizing procurement enables a simpler evaluation process through transparency and also ensures that the ongoing process of risk management is easy to maintain. 

Questions to consider:

Does your company have a robust risk management strategy and adequate protocols? Find out by answering the questions below…  

Do you have full visibility when it comes to your supply chain process and the suppliers you use? Do you treat risk management as an ongoing process, rather than a static one, by regularly monitoring the performance of your suppliers? Are you aware of how legislation, such as the new ESG regulations published in the [Supply Chain Act] (https://www.lhotse.de/blog/supply-chain-act-do-not-neglect-the-non-strategic-suppliers), affect your company? Are you confident that you can respond quickly and efficiently to disruptions in your supply chain without ramifications to the rest of your business?

If the answer to any of the former is no, your supply chain may be at risk. So, here’s a tool that can help: Artificial Intelligence.

AI solutions create transparency in your procurement workflows and help you to gain a better understanding when it comes to the reliability of your suppliers. [AI software] (https://www.lhotse.de/blog/supplier-mapping-how-your-company-can-use-AI-to-find-the-best-suppliers) enables your company to see anything from whether your supplier holds a conflict of interest or whether their ethics align with those of your company.

“Connecting the “digital and the non-digital world” is the most effective way to operate a value-creating SCRM, and it is the only way to drive resilience! Technology-driven risk management increases agility to mitigate, identify, evaluate, and prevent risks faster.” Stefan Wiemers, Digital Supply Chain Risk Management. Expert at targetP!


In the case of procurement, ‘ignorance’ is certainly not ‘bliss’. Belief in this saying is not only dangerous to procurement teams but also to a business' ability to deliver on promises to their consumers.

Whilst factors influencing supply chains such as the global pandemic are difficult to forecast, the chances of other risks affecting your business (such as fraud, lacking compliance, and ethical sourcing) can all be reduced through effective risk mitigation strategies. It is only by seeing risk management as a high priority that corporations can prepare to react to issues such as poor supplier performance or price instability.  

With the help of AI-software solutions, such as Lhotse, companies remove manual labor from risk management processes, thus enabling efficiency. Data-driven risk management also has the advantage of improving supplier selection and making compliance, for example, to ESG regulations more transparent.


Barrios, K. (n.d.). Play Nice: What is the Cost of Poor Supplier Relationships? Retrieved October 31, 2022, from https://www.xeneta.com/blog/what-is-the-cost-of-poor-supplier-relationships

Hutchison, C. (2016, October 20). Uniqlo criticised for supply chain failures that left vulnerable staff out of work. Evening Standard. https://www.standard.co.uk/business/uniqlo-criticised-for-supply-chain-failures-that-left-vulnerable-staff-out-of-work-a3374441.html

Sillars, J. (2021, March 25). Boohoo cuts hundreds of suppliers to fashion new future after factory scandal. Sky News. https://news.sky.com/story/boohoo-cuts-hundreds-of-suppliers-to-fashion-new-future-after-factory-scandal-12256064

Copyright © 2023 Lhotse. All rights reserved