Introduction

• Risk is probably one of the most pervasive topics today in

sourcing and supply management.

• The more dependent on its suppliers an organization becomes,

the more likely that a disruption in supply anywhere along its
supply chain can result in the organization's failure to meet its
commitments.
 Nature of Risk

• Simple definition: Risk is the chance of something happening

that will have an adverse impact upon our objectives.

• More complex definition: Risk is a measure of the inability to

achieve program objectives within defined cost, schedule, and
performance constraints.
 What is Risk Management?

• Risk management is the process of identifying, assessing, and

controlling risks arising from operational factors and making
decisions that balance risk with offsetting benefits.

• It is a systematic approach used to identify, evaluate, and

reduce or eliminate the possibility of an unfavorable deviation
from an expected outcome.
• The program or project team is responsible for identifying,
analyzing, planning, tracking, controlling, and
communicating effectively the risks within the team's
environment.

• Risk management is also a continuous process used to

manage risk in order to ensure that activities achieve their
intended objectives.
 Risk Identification

1. Financial risks: These risks can range from an unexpected

and unfavorable change in exchange rates all the way to a
supplier's bankruptcy.

• Some examples of financial risks include budget overruns,

funding limitation, and unauthorized (constructive) changes.
2. Scope or schedule risks: Schedule changes are often the result
of a natural disaster such as hurricanes, fire, or flood, or as a
result of noncompliance issues generated by the supplier.

• Scope risk can occur as a result of changes that are required

when the initial SOW becomes unworkable or due to
technological changes generated by the market.
3. Legal risks. Legal and contractual risks are often related to
disputes or different interpretations of contractual obligations, or
from not meeting a requirement included in the terms and
conditions.

• Use or misuse of intellectual property.

• Violation of laws or regulations and obligations created as a

result of changes in the law, as well as civil lawsuits.
4.Environmental risk. It includes the organization's negative
impact on water, air, and soil as a result of discharges, emissions,
and other forms of waste.

5. Sociopolitical risk: The risk that an investment’s returns could

suffer as a result of political changes or instability in a country.
• Project organization risk: This is a result of not having the
right people or equipment in the right place at the right time. It
might be called as a planning risk.

• Human behavior risks:Sometimes the project or activity may

be placed in jeopardy due to an illness or injury or due to the
departure of key personnel.
• Sometimes it may be the result of poor judgment or bad
decisions.
 Risk Variation

• In addition to the categories just outlined, the risks are

considered to be
• internal risks (risks related to our own operations) or
• external risks related to conditions outside of our organization,
such as market factors, political climate, regulatory
environment, economic circumstances, and so on.
• Internal risks: That you can control or influence.
• It includes cost estimates, staff assignments, schedule delays,
and product design.

• External risks: That you as a contract manager cannot

control.
• It includes governmental actions relating to taxes, and a
change in currency rates.
 Techniques To Identify Risks

1. Expert knowledge: It relies on the experience of people who have

worked on similar sourcing operations in the past.Taking interviews
from those experts.
2. Historical information: Compiling a historical database of risks
encountered in previous sourcing efforts and contracts.
3. Brainstorming: Gathering a group of experts who create a broad list of
potential risk events and then you refine the list.
4. Delphi Technique or method, originally developed as a systematic,
interactive forecasting method which relies on a panel of experts. The
experts answer questionnaires in two or more rounds.
5. Checklists. Through research, you may be able to develop a useful
checklist to run through whenever needed during sourcing activities.
• Simulations. Monte Carlo simulation provides a range of
possible outcomes and the probabilities that they will occur for
any action.

• The decision tree diagram is also a useful simulation tool that

can depict key interactions among decisions and associated
chance events.
 Risk Assessment
• A brainstorming-based risk assessment facilitated session with
stakeholders, team members, and infrastructure support staff is
the most common technique used to identify risks and evaluate
their potentials.

• It is also known as force-field analysis. By using qualitative

terms such as very high, high, moderate, low, and very low to
identify the probability of risk occurring, you can prioritize the
risks accordingly.
 Risk Control
• After identifying and categorizing the risks, you must take
steps to control the risk.
• The approach for control depends on where a risk appears and
on the amount of information about that risk.
• Develop a plan by clearly understanding the product or service
being provided, its purpose, and the expectations of the
customer or stakeholders regarding the product.
• This knowledge will help prioritize your activities.
 Key Elements of Risk Control Plan
• Risk Triggers: It is a “precursor to an actual risk event.”
You should identify triggers for each risk, and then monitor those
triggers, being alert to their appearance.

• Monitoring: It includes tracking current conditions.

• Proper policies and procedures are followed.
• Risk responses have been implemented as planned.
• Mitigation: Reduction of the magnitude, or severity of
exposure to risks.
• Risk mitigation planning is the process of developing actions
to enhance opportunities and reduce threats.

• Contingency Plan: Sometimes reffered to as “Plan B”,

because it can be used as an alternative for action if expected
results are failed to occur.
• It helps an organization to respond effectively to the future
event that may happen.
• Avoidance: Eliminating the cause of the risk.
• Techniques include avoiding suppliers with unproven track
records, and using a proven approach instead of a new one.

• Acceptance: It is a risk response technique.

Two types of risk acceptance strategies.
1- Passive Acceptance.
2- Active Acceptance.
• Transfer: A strategy in which an insurable risk is shifted to
another party.

• Non-insurance way, such as warranty.

• In some situations, your supplier may be better suited to

dealing with a particular risk, so transferring it through
negotiations might be in order.