Gartner Blog Network

Procurement Risk Management

by Debbie Wilson  |  November 11, 2008  |  1 Comment

One of procurement’s lesser known jobs is risk management – taking proactive steps to prepare for rainy day supply-disrupting events such as earthquakes, supplier bankruptcies and acquisitions. Risk management is as much an art as it is a science, because success requires broad contemplation concerning what could go wrong and how likely each potential disaster is, and planning fully for every possible problem is simply not practical. News of the last few days should be elevating risk management to the top of procurement’s mind. A growing number of suppliers are running into financial trouble given declining orders, increasing raw material costs, and tightened credit markets. Yes, procurement needs to cut costs but perhaps in some companies the greater job is identifying troubled suppliers and moving to mitigate the risk of compromised supply. For a great example of this phenomenon, see the Wall Street Journal November 7th article on Ariens, titled, “A Snowblower Maker Braces For Slump’s Blizzard of Woe.” (A subscription is required). In terms of financial risk, there are three primary categories of risk that procurement should address: sole source risk, lengthy switch-over risk, and large customer risk:

  1. Sole source risk – is the risk of shutting down your supply chain indefinitely because you have no alternative sources for certain suppliers. The best way to avoid sole source risk is to refrain from sourcing something that is only made by one supplier (such as a highly specialized semiconductor.) If you already have sole source parts, gauge your risk by estimating how much of your revenue will be impacted if the vendor shuts down. Those vendors with the greatest revenue impact are your largest risks. Mitigate sole source risk by tracking the financial health of those vendors and by actively working to redesign your products so that you have alternatives.

  2. Lengthy switch-over risk – is the risk that occurs because you are working with a single vendor and changing over to an alternative will take a long time. This is different from a sole source vendor because there are alternatives. The Ariens article provides a great example of this type of risk. They were working with a single engine manufacturer for their snowblowers for a practical reason. It would probably have been too expensive to tool up and buy from two sources. This situation occurs a lot in indirect procurement as well – companies typically engage one IT help desk provider, one ERP company, and one construction firm for building new facilities. Again, watching the financial health of these vendors is key. Prioritize your risk management efforts by estimating the potential monetary impact of failure of each lengthy switch-over source.

  3. Large customer risk – is the risk many procurement organizations miss, and miss to their detriment if their organization is large! Large customer risk occurs when your business constitutes a significant overall percentage of a vendor’s total revenues – at least 25% or more. When your fortunes swing, they are amplified for these vendors. A 10% cut in spend in a category for you may result in a 40% cut in cash flow for them – and put them under. For this risk type, it is good to track what percentage your revenues are to your vendor and any time you creep over 25%, look for additional sources of supply.

Category: cost-cutting  risk-management  the-business-of-software  

Deborah R Wilson
Research Vice President
8 years at Gartner
15 years IT industry

Deborah Wilson, a Gartner research vice president, covers procurement strategies and applications. Her areas of interest include procure-to-pay, e-marketplaces, e-sourcing, spend analysis, services procurement and supply risk assessment. Read Full Bio

Thoughts on Procurement Risk Management

  1. Mike Kanze says:


    Supply chain risk management is a red-hot topic these days, and I am glad that you have raised it here.

    The recent past is filled with stark examples underscoring its importance, notably the lapses in the integrity of our food supply chains (for examples, e. coli contaminated produce and melamine contamination of milk products).

    For anyone interested in digging deeper, there is an excellent treatment of this subject by Ila Manuj and John T. Mentzer. Titled “Global supply chain risk management,” readers may find it in the Journal of Business Logistics (Vol. 29, No. 1, 2008).

    Best regards,

    Mike Kanze

    Robert M. (Mike) Kanze, MBA
    CPSM, C.P.M., A.P.P.
    Cornerstone Services, Inc.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.