According to Warren Buffet: “Risk comes from not knowing what you are doing”.

A good example of knowing what they are doing comes from the Insurance industry. They measure and track all kinds of risks they may have before defining a premium for an insurance policy.

We have good references from American National Standard for Security (ASIS SPC.1 2009) in how a company may be prepared for organization resilience for security, preparedness, and continuity management. This helps companies to define the overall framework for ERM – Enterprise Risk Management.

Just as a reference, several consultant companies have reported the same issue regarding risk management in purchasing:

• AT Kearney 2011 report Procurement Leaders list “Manage Risk Systematically” as one of top priorities.

• The Hackett Group also reported in The CPO Agenda 2012 as top priority “Reduce Supply Risk”.

• KPMG reported The Power of Procurement 2012 – “Prioritizing supply chain risk: Given the events of the past five years – financial crisis, natural disasters and massive supplier failures, to name just a few – the research demonstrates a worrying lack of leadership in the area of supplier risk.”

• Kairos Commodities and Valcon and 12 Purchasing institutes in Europe reported; “45% of companies have no commodity risk strategy in purchasing on how to address their total spend.”

Purchasing as part of any enterprise should define their framework, as part of ERM, in terms of types of risk they face, risk appetite (risk level), tools to measure the risk and calculate the impact in the company and governance to make sure the processes are followed, the risks are tracked and mitigation plans are in place and implemented.

We can list at least four risk types: Supplier Risk, Product / Service Risk, Business Risk, Commodity Risk, and in each one you will have different risk drivers.

Supplier Risk related to financial stress, geographic location, code of conduct, border crossing, trade compliance, product stewardship, quality and delivery.

Product Risk related to supply / demand, number of qualified suppliers, specification, volume under contract, technical options, lead time and supplier back integration.

Business Risk related to number of approved suppliers (sole sourced), number of plants and their location, and impact on revenue in case of disruption.

Commodity Risk related to supply / demand balance, suppliers, market forces, cost drivers, resource planning and sourcing strategy.

The key question from Warren Buffet: Do you know what are you doing?

The key question for purchasing professionals: Do you measure and track your risks?