Manage risk

Understand how to manage risk when planning a procurement.

On this page

How to manage risk

For detailed guidance, see the Manage risk in procurement: Goods and services guide.

Step 1: Plan risk as part of the project risk management plan

Develop a risk management plan at the start of a procurement as part of the procurement project plan.

If the procurement is part of a larger project, the procurement risk plan should align with the project’s risk plan.

Include training if required.

Step 2: Identify risk events

Identify risks that could (negatively or positively) impact on the achievement of value for money and its associated objectives.

Ask: ‘What could go wrong? What could go better? What could cause it?’

To identify events and their causes, consider the environment the procurement will be conducted in, both within and external to the Agency.

Step 3: Analyse risk

Analyse risk by asking: ‘How likely is it? What would be the impact?’

For each risk event, assess how likely it is to happen and the impact on the factors in value for money.

Use the Agency’s risk analysis process or use the Manage risk in procurement: Toolkit.

Step 4: Evaluate the risk

For each risk event, multiply the likelihood by the impact (or find their intersection in a risk matrix) to calculate the risk rating.

Use the Agency’s risk evaluation process or use the Manage risk in procurement: Toolkit.

Step 5: Develop treatments

Develop risk treatments risk by selecting and implementing measures to change the likelihood and impact of initial risks to an acceptable level of residual risk.

Allocate priority for managing each risk.

Allocate responsibility for implementing risk treatments.

Schedule implementation of risk treatments.

Step 6: Implement treatments

Treatments may be implemented before a risk event occurs, after the event, or both.

Step 7: Record, monitor, review and report risks

Document all the above in a risk register. Use the Agency’s risk register or use the Manage risk in procurement: Toolkit.

Risk is dynamic, so monitor and review risks throughout the procurement. Repeat the steps above as appropriate.

Report risk as required by the risk management plan.

Consider:

Manage conflicts of interest

Manage probity – consider issues raised at Probity issues by stage and task(opens in a new window).

Conflicts of interest can arise during this task. Identify, declare and manage any conflicts.

Address Agency rules

Follow Agency specific rules on when to seek an approval and who can give the approval.

Follow Agency specific rules for recording decisions and storing records.

Updated

Back to top