Manual of Risk Management for the Procurement Process

Colombia Compra Eficiente presents this Risk Management Manual for

the Contract Process aimed at the participants of the procurement and public procurement
system. Article 4 of Law 1150 of 2007 establishes that the State Entity must "include the
estimation, classification and assignment of the foreseeable risks involved in contracting" in
the specifications or their equivalent. Decree Law 4170 of 2011 establishes, within the
objective of Colombia Compra Eficiente, to optimize public resources in the system of
procurement and public procurement for which the management of risk in the system and not
only the risk of the economic equilibrium of the contract is indispensable. This was
understood by the National Government when assigning in the functions of the Business
Branch of Colombia Compra Eficiente the "design and propose policies and tools for the
adequate identification of risks of public cooperation and its coverage ", without limiting this
function to risk derived from the economic equilibrium of the contracts, a risk that is limited
to the execution thereof .
Decree 1082 of 2015 defines Risk as an event that can generate adverse effects of varying
magnitude in the achievement of the objectives of the Procurement Process or in the
execution of a contract. Also, Decree 1082 establishes that the State Entity must evaluate the
Risk that the Procurement Process represents for the fulfillment of its goals and objectives,
in accordance with the manuals and guides issued by Colombia Purchase Efficient.
Risk in the Hiring Process
The State Entities to reduce the exposure of the Hiring Process to the different Risks that may
arise, must structure a Risk management system taking into account, among others, the
following aspects: (a) the events that prevent the awarding and signing of the contract as a
result of the Procurement Process; (b) events that alter the execution of the contract; (c) the
economic equilibrium of the contract; (d) the effectiveness of the Procurement Process, that
is, that the State Entity can satisfy the need that motivated the Procurement Process; and (e)
the reputation and legitimacy of the State Entity responsible for providing the good or
service. An adequate management of the Risk allows the State Entities: (i) to provide a higher
level of certainty and knowledge for the decision making related to the Contracting
Process; (ii) improve the contingency planning of the Contracting Process; (iii) increase the
degree of trust between the parties to the Procurement Process; and (iv) reduce the possibility
of litigation; among others.
Structure of Risk Management
Risk management is the set of processes aimed at protecting the State Entity from the events
in the Procurement Process. Risk management allows reducing the probability of occurrence
of the event and its impact on the Procurement Process . Colombia Compra Eficiente
proposes to manage the Risks of the Procurement Process following the steps listed below:
1. Establish the context in which the Procurement Process is carried out.
2. Identify and classify the Risks of the Contracting Process.
3. Evaluate and qualify the Risks.
4. Assign and deal with the Risks.
5. Monitor and review the management of the risks.
Colombia Compra Eficiente recommends that the State Entities prepare the matrix in Table
1 that includes all the Risks identified in the Hiring Process, establishing their classification,
the estimated probability of occurrence, their impact, the part that the Risk must assume, the
treatments that can be made and the characteristics of the most appropriate monitoring to
manage it, as shown below:

The following is a step-by-step description of the methodology that Colombia Compra

Eficiente presents to the State Entities in compliance with the provisions of article 2.2.1.2.5.2
of Decree 1082 of 2015.
Set the context
The starting point is to identify the context in which the State Entity interacts to know the
social, economic and political environment, and identify (i) its own Risks; (ii) the Risks
common to their Contracting Processes; and (iii) the Risks of the Procurement Process
in particular. In this step, the State Entity must identify the aspects mentioned below and the
possible adverse effects that these may generate.
The object of the Contracting Process. Participants in the Procurement Process. The citizens
who benefit from the Procurement Process. The sufficiency of the official budget of the
Procurement Process. The geographical and access conditions of the place in which the
purpose of the Procurement Process must be met. The capacity of the State Entity understood
as the availability of resources and knowledge for the Contracting Process. The socio-
environmental environment. The political conditions. The environmental factors. The sector
of the object of the Procurement Process and its market. The regulations applicable to the
purpose of the Procurement Process. Own experience and of other State Entities in
Contracting Processes of the same type.
Identify and classify Risks
Once the context is established, the State Entity must identify and include in the proposed
matrix the Risks of the Procurement Process. This identification of the risks can also start
from sources such as strategic plans, action plans, performance reports, budgets, risks
identified by other state entities, brainstorming, panels of experts when the complexity of the
contracting process demands it , SWOT analysis (Weaknesses, Opportunities, Strengths and
Threats), surveys and questionnaires. In this step, the State Entity must have the personnel
responsible for the Contracting Process, and the personnel with the appropriate knowledge
for the administration of the Risk. Once the Risks of the Hiring Process have been identified,
the State Entity must classify them according to their class, their source, the stage of the
Hiring Process in which the Risk is found, and its Type .
Evaluate and qualify the Risks
Once the steps referred to in numerals 1 and 2 above have been met, the State Entity must
evaluate each of the identified Risks, establishing the impact of these against the achievement
of the objectives of the Procurement Process and its probability of occurrence. . The purpose
of this evaluation is to assign each Risk a rating in terms of impact and probability, which
allows establishing the assessment of the identified Risks and the actions that must be carried
out. To estimate the impact and probability of occurrence of an event that negatively affects
the Contracting Process, it is suggested to consider sources of information such as:
Previous records of the occurrence of the event in the Procurement Process themselves and
of other State Entities. Relevant own experience and of other State Entities. Practices and
experience of the industry or sector in the management of the identified risk. Publications or
news about the occurrence of identified Risk. Opinions and judgments of specialists and
experts. Technical studies.

Assignment and treatment of Risks

Once the assessment and qualification of each of the Risks associated with
the Procurement Process has been carried out , the State Entity must establish a set of
priorities to decide.
The State Entity must select the appropriate option taking into account the cost and benefit
of any of the actions identified for the treatment of the Risk . In most cases a combination of
options allows the best result . Generally, the measures to deal with the Risks are actions or
specific activities to respond to the events, for which it is suggested to prepare a treatment
plan to document how each of the Risks is faced, including actions, schedules, resources
(personnel, information) and budget, responsibilities, reporting and reporting needs and
monitoring . The most important task of risk management is the implementation of the
treatment plan, which requires attention, ensuring the resources it requires and timely
compliance with the tasks envisaged in this plan. The matrix must contain the basic
information on the treatment of the risks.
Monitor Risks
The State Entity must perform a constant monitoring of the Risks of the Contracting Process
as the circumstances change rapidly and the Risks are not static. The matrix and the treatment
plan must be constantly reviewed and reviewed if it is necessary to make adjustments to the
treatment plan according to the circumstances. This monitoring must:
(a) Ensure that controls are effective and efficient in design and operation.
(b) Obtain additional information to improve the risk assessment.
(c) Analyze and learn lessons from events, changes, trends, successes and failures.
(d) Detect changes in the external and internal context that may require review of the
treatments of the Risk and establish an order of priorities of actions for the treatment of the
Risk.
(e) Identify new Risks that may arise
Finally, the State Entity must monitor the Risks and review the effectiveness and
performance of the tools implemented for its management. For which, it must: (i) assign
responsible persons; (ii) set start and end dates of the required activities; (iii) indicate the
form of follow-up (surveys, quality random sampling, or others); (iv) define the review
periodicity; and (v) document monitoring activities.
CYBERGRAFIA
https://www.colombiacompra.gov.co/sites/cce_public/files/cce_documents/manual_cobertu
ra_riesgo_r.pdf