How well are you managing risk?

Gregg Barrett WE GO THROUGH life personally and in business trying to avoid risk or coming up with sound principles on understanding risk upfront and mitigating these risks.

In most cases, risk management is handled manually. This in itself adds a layer of risk because we are human and as the saying goes to err is human.

Risks exist in virtually every contract entered into. There are very few organis ations that can manage these risks through a systematic, auditable and regulated manner.

The question is: How well is our community of commercial managers, contract mana gers, lawyers and procurement executives equipped with the tools and abilities t o transform the management of risk?

Risk in itself is not necessarily a problem. But managing and mitigating it is. Many sourcing professionals either ignore risk, do not manage it properly or are ill-equipped with the necessary tools for the job.

This results in the risk being left unmanaged. It festers, materialises later in the contracting process and is then left to relationship managers to address th rough an improvised and hurried solution. This usually occurs too late in the co ntracting process.

But risks also hide in contract language.

There are several clauses in a contract that have various elements of risk assoc iated with them. Typically, the deliverables section has a large number of risks associated and the risks can be for the supplier or the customer.

A simple example is when a major computer chip manufacturer is buying a large nu mber of its silicon wafers from a supplier who makes all its wafers in a plant t hat sits on a known faultline in India. So, if a clause exists indicating that t he supplier will provide one million silicon wafers a month at two weeks notice f rom the customer, the obvious risks are:

) What are the odds of an earthquake at the suppliers plant. And if it was to occu r, what would be the delay in getting a shipment?

) The supplier only has one plant and has no backup or contingency plan in place.

) What would be the acceptable time delay before the manufacturing delays caused by a missed shipment affect the customers ability to meet its market demands?

The risk elements in a contract like the above can have devastating effects on a n organisation if they are not assessed. And worse if they are not tracked and r eported on.

By being pro-active, organisations can often alleviate risks and resort to conti ngency plans . For instance, in the above example, a contingent supplier would b e part of the resolution process and would get the order if a specific risk elem ent was escalated for the original supplier.

So its best to regulate and manage the risk. Risk elements need to be regulated i n the organisation so they are deemed material and significant and can automatic ally be associated with suppliers, contract language and even commodities (goods and/or services) being bought or sold.

Management needs to meet the appropriate departments such as sourcing, accountin g, risk, audit and legal to brainstorm all the risk elements that could have an unacceptable level of disruption. They then need to be documented and assigned t hresholds for notification. For example, at what percentage level should a manag er be informed, a director be informed and a C level be notified.

The departments responsible for creating contracts and templates must then ensur e that the risks can automatically be associated when a new contract is being cr eated.

Leading organisations employ solutions in their arsenal with elaborate risk mana gement components that allow for scenarios like the one above to be reported, tr acked, governed and acted on.

Risk elements can exist at a contract level, at a clause level and at the suppli er level. Risk elements can be tied to specific clauses so that when a clause is used in a contract, the associated risks are automatically attached to that con tract and whatever workflow and notification was tied to that risk, will be auto matically a part of the contract process.

It is important that risks be reported on just as you would on when any contract s are coming to expiry. Also, being pro-active will reduce risk management effor

ts.

In the words of Mark Loughridge, chief financial officer at IBM Corporation: Worl d-class companies manage risk through headlights, not tail-lights. To begin manag ing risk through headlights, it starts with visibility accurate and timely avail able data processed into information leading to informed decision-making. Leadin g organisations are much more pro-active in managing risk.

They move beyond a situational analysis of risk to ensure that internal systems enable a balance between consequence and probability.

They employ enterprise contract lifecycle management systems. Risks are viewed a nd monitored as a portfolio.

Risk-mapping techniques are used throughout the contract and negotiation process to support highly visible enterprise risk management data covering contractual and relationship risk.

Do any of these statements describe how your enterprise manages risks?

Research by the International Association for Contract and Commercial Management shows that only about 35% of organisations consider alternate means and methods to address and manage risk at a portfolio level. An even smaller percentage few er than 5% have progressed to using mapping techniques for overall contract and relationship risks.

With economic headwinds and supply risk at the front and centre of mind for most , if not all procurement organisations, the time for action is now. Otherwise yo u might well be facing a visit from Mr Unexpected.