How well are you managing risk?

Gregg Barrett WE GO THROUGH life personally and in business trying to avoid risk or coming up with sound principles on understanding risk upfront and mitigating these risks. In most cases, risk management is handled manually. This in itself adds a layer of risk because we are human and as the saying goes to err is human. Risks exist in virtually every contract entered into. There are very few organisations that can manage these risks through a systematic, auditable and regulated manner. The question is: How well is our community of commercial managers, contract managers, lawyers and procurement executives equipped with the tools and abilities to transform the management of risk? Risk in itself is not necessarily a problem. But managing and mitigating it is. Many sourcing professionals either ignore risk, do not manage it properly or are ill-equipped with the necessary tools for the job. This results in the risk being left unmanaged. It festers, materialises later in the contracting process and is then left to relationship managers to address through an improvised and hurried solution. This usually occurs too late in the contracting process. But risks also hide in contract language. There are several clauses in a contract that have various elements of risk associated with them. Typically, the deliverables section has a large number of risks associated and the risks can be for the supplier or the customer. A simple example is when a major computer chip manufacturer is buying a large number of its silicon wafers from a supplier who makes all its wafers in a plant that sits on a known faultline in India. So, if a clause exists indicating that the supplier will provide one million silicon wafers a month at two weeks notice from the customer, the obvious risks are: - What are the odds of an earthquake at the suppliers plant. And if it was to occur, what would be the delay in getting a shipment? - The supplier only has one plant and has no backup or contingency plan in place. - What would be the acceptable time delay before the manufacturing delays caused by a missed shipment affect the customers ability to meet its market demands? The risk elements in a contract like the above can have devastating effects on an organisation if they are not assessed. And worse if they are not tracked and reported on. By being pro-active, organisations can often alleviate risks and resort to contingency

plans . For instance, in the above example, a contingent supplier would be part of the resolution process and would get the order if a specific risk element was escalated for the original supplier. So its best to regulate and manage the risk. Risk elements need to be regulated in the organisation so they are deemed material and significant and can automatically be associated with suppliers, contract language and even commodities (goods and/or services) being bought or sold. Management needs to meet the appropriate departments such as sourcing, accounting, risk, audit and legal to brainstorm all the risk elements that could have an unacceptable level of disruption. They then need to be documented and assigned thresholds for notification. For example, at what percentage level should a manager be informed, a director be informed and a C level be notified. The departments responsible for creating contracts and templates must then ensure that the risks can automatically be associated when a new contract is being created. Leading organisations employ solutions in their arsenal with elaborate risk management components that allow for scenarios like the one above to be reported, tracked, governed and acted on. Risk elements can exist at a contract level, at a clause level and at the supplier level. Risk elements can be tied to specific clauses so that when a clause is used in a contract, the associated risks are automatically attached to that contract and whatever workflow and notification was tied to that risk, will be automatically a part of the contract process. It is important that risks be reported on just as you would on when any contracts are coming to expiry. Also, being pro-active will reduce risk management efforts. In the words of Mark Loughridge, chief financial officer at IBM Corporation: Worldclass companies manage risk through headlights, not tail-lights. To begin managing risk through headlights, it starts with visibility accurate and timely available data processed into information leading to informed decision-making. Leading organisations are much more pro-active in managing risk. They move beyond a situational analysis of risk to ensure that internal systems enable a balance between consequence and probability. They employ enterprise contract lifecycle management systems. Risks are viewed and monitored as a portfolio. Risk-mapping techniques are used throughout the contract and negotiation process to support highly visible enterprise risk management data covering contractual and relationship risk. Do any of these statements describe how your enterprise manages risks? Research by the International Association for Contract and Commercial Management shows that only about 35% of organisations consider alternate means and methods to

address and manage risk at a portfolio level. An even smaller percentage fewer than 5% have progressed to using mapping techniques for overall contract and relationship risks. With economic headwinds and supply risk at the front and centre of mind for most, if not all procurement organisations, the time for action is now. Otherwise you might well be facing a visit from Mr Unexpected.