How well are you managing risk?Gregg BarrettWE GO THROUGH life – personally and in business – trying to avoid risk or coming upwith sound principles on understanding risk upfront and mitigating these risks.In most cases, risk management is handled manually. This in itself adds a layer of risk -because we are human and – as the saying goes – to err is human.Risks exist in virtually every contract entered into. There are very few organisations thatcan manage these risks through a systematic, auditable and regulated manner.The question is: How well is our community of commercial managers, contractmanagers, lawyers and procurement executives equipped with the tools and abilities totransform the management of risk?Risk in itself is not necessarily a problem. But managing and mitigating it is. Manysourcing professionals either ignore risk, do not manage it properly or are ill-equippedwith the necessary tools for the job.This results in the risk being left unmanaged. It festers, materialises later in thecontracting process and is then left to relationship managers to address through animprovised and hurried solution. This usually occurs too late in the contracting process.But risks also hide in contract language.There are several clauses in a contract that have various elements of risk associated withthem. Typically, the deliverables section has a large number of risks associated and therisks can be for the supplier or the customer.A simple example is when a major computer chip manufacturer is buying a large numberof its silicon wafers from a supplier who makes all its wafers in a plant that sits on aknown faultline in India. So, if a clause exists indicating that the supplier will provideone million silicon wafers a month at two weeks’ notice from the customer, the obviousrisks are:- What are the odds of an earthquake at the supplier’s plant. And if it was to occur, whatwould be the delay in getting a shipment?- The supplier only has one plant and has no backup or contingency plan in place.- What would be the acceptable time delay before the manufacturing delays caused by amissed shipment affect the customer’s ability to meet its market demands?The risk elements in a contract like the above can have devastating effects on anorganisation if they are not assessed. And worse if they are not tracked and reported on.By being pro-active, organisations can often alleviate risks and resort to contingencyplans . For instance, in the above example, a contingent supplier would be part of theresolution process and would get the order if a specific risk element was escalated for theoriginal supplier.So it’s best to regulate and manage the risk. Risk elements need to be regulated in theorganisation so they are deemed material and significant and can automatically be
associated with suppliers, contract language and even commodities (goods and/orservices) being bought or sold.Management needs to meet the appropriate departments – such as sourcing, accounting,risk, audit and legal – to brainstorm all the risk elements that could have an unacceptablelevel of disruption. They then need to be documented and assigned thresholds fornotification. For example, at what percentage level should a manager be informed, adirector be informed and a “C” level be notified.The departments responsible for creating contracts and templates must then ensure thatthe risks can automatically be associated when a new contract is being created.Leading organisations employ solutions in their arsenal with elaborate risk managementcomponents that allow for scenarios like the one above to be reported, tracked, governedand acted on.Risk elements can exist at a contract level, at a clause level and at the supplier level. Riskelements can be tied to specific clauses so that when a clause is used in a contract, theassociated risks are automatically attached to that contract and whatever workflow andnotification was tied to that risk, will be automatically a part of the contract process.It is important that risks be reported on just as you would on when any contracts arecoming to expiry. Also, being pro-active will reduce risk management efforts.In the words of Mark Loughridge, chief financial officer at IBM Corporation: “World-class companies manage risk through headlights, not tail-lights”. To begin managing riskthrough headlights, it starts with visibility – accurate and timely available data processedinto information leading to informed decision-making. Leading organisations are muchmore pro-active in managing risk.They move beyond a situational analysis of risk to ensure that internal systems enable abalance between consequence and probability.They employ enterprise contract lifecycle management systems. Risks are viewed andmonitored as a portfolio.Risk-mapping techniques are used throughout the contract and negotiation process tosupport highly visible enterprise risk management data covering contractual andrelationship risk.Do any of these statements describe how your enterprise manages risks?Research by the International Association for Contract and Commercial Managementshows that only about 35% of organisations consider alternate means and methods toaddress and manage risk at a portfolio level. An even smaller percentage – fewer than 5%– have progressed to using mapping techniques for overall contract and relationship risks.With economic headwinds and supply risk at the front and centre of mind for most, if notall procurement organisations, the time for action is now. Otherwise you might well befacing a visit from Mr Unexpected.