Procurement Risk Management
Exceeding Basic Compliance = Real Results
Risk is defined as “the possibility that something unpleasant or unwelcome will happen” and also as “a situation involving exposure to danger.”
At times, when authorities think of the risk associated with their purchasing process, they may believe that simply complying with the law is adequate. And while that may be true, compliance is only the beginning. Authorities need to implement a thoughtful and comprehensive strategy that truly minimizes the organization’s exposure.
This article isn’t a review of the purchasing requirements outlined in the Municipality Authorities Act. Rather, it summarizes additional risk management strategies and processes that authorities can implement to safeguard themselves and their employees.
Under the Microscope
First, it’s important to understand that risk management differs considerably between the public and private sectors.
In the private sector, it’s generally true that “the bigger the risk, the bigger the reward” – especially when financial gains are a driving force behind decisions. In the public sector, on the other hand, authorities provide services aimed at ensuring the health, welfare, and safety of constituents and ratepayers, a responsibility that makes the risk-management balancing act a bit more complex. Add in that the entire decision-making process is public – with public engagement and scrutiny – and the need for a robust risk management program becomes quite clear.
In addition, procurement in the public sector demands the highest integrity. Errors or inconsistencies can lead to questions about the authority’s honesty and transparency. The best defense is a proactive approach that allows officials to identify potentially high-risk situations and quickly implement corrective measures.
Analyze, Assess, and Mitigate
Some incorrectly believe risk management is automatically embedded in day-to-day decisions. At times, this belief is accompanied by an absence of clear reporting to senior management and/or an audit committee. Additionally, when authority officials have a general misunderstanding of the purpose and relevance of risk management, employees may view it simply as a compliance exercise. A weak or absent risk management process often spawns a lack of interest in or an awareness of risk.
One approach to developing a risk management plan is to employ the following three-step methodology:
- Analyze: Begin by identifying all the potential things that can go wrong and estimate the probability of each happening. This can be a simple or a formal process, but the key is to identify all the risks associated with any purchase or procurement contract. Developing and using checklists to measure whether your procurement process aligns with legal and ethical standards, along with contract deliverables, can be a great way to start.
- Assess: Evaluate the likely impact of each risk to the authority and identify those that require actions. Keep in mind that common threats may have a low impact or consequence and may not be worth taking action to control or avoid. Conversely, some lower-prob- ability consequences can have significant impacts and preventive actions may be appropriate.
- Mitigate: Once all the risks and required actions have been identified, the next steps are to develop mitigation plans and assign responsibilities. Re- member that risks and consequences change over time so assessments should be con- ducted periodically.
Key Procurement Phases
Now that the importance of risk management is understood, along with the basic step to develop your plan, let’s break down the major phases of the procurement process along with some points to consider:
- Internal processes: Evaluate your purchasing process and the employees who oversee it. These operations should be well-organized with clearly established protocols that follow applicable laws and regulations. Monitoring, re- porting, and internal controls are important tools to promote adherence and consistency. Since public inquiries and Right-to-Know Law requests are common, it’s essential to be transparent and clearly document all procurement steps.
- Procurement documents: Preparing bidding and con- tract documents is often the most critical phase because they define the authority’s procurement needs to potential vendors. Documents should be comprehensive, transparent, and free from restrictions or conditions that would unduly discriminate against any bidders or groups. The description of the goods or services being purchased, as well as the quality of performance (contractual needs and legal requirements), must be clearly stated so vendors understand deliverables and how they will be evaluated. At times, authorities don’t identify their requisite qualifications, experience, and performance standards. Instead, they focus primarily on the lowest cost. Failing to include prerequisites can increase risks, particularly when an authority attempts to disqualify a bidder based on unclear criteria. This can result in added legal costs, delays, and substandard deliverables. Documents should also out- line any unique requirements triggered by funding sources and other agencies involved in the project.
- Advertising: While procurement codes outline the minimal requirements to ensure potential bidders have timely and equal access to bidding documents, you may need to go above and beyond those guidelines based on the type of project or time of the year. When advertising, consider the nature of the good or service being procured and give the target audience adequate time to respond. Vendors, for example, will need more time to develop a bid for a large complex project. Keep in mind, if your authority fails to give reasonable notice for pre-bid meetings and other requirements, this could be viewed as exclusionary or favoring specific bidders and result in a challenge.
- Selection and award: Determining certain things in advance, such as who will review the bids and proposals and the factors for making the award (i.e., scoring criteria, suitability of selected vendor, satisfaction of completed bid or proposal, timing of the selection process, etc.), promotes transparency and integrity of the process. It’s imperative to have clear documentation up front that outlines deficiencies that will lead to exclusion or disqualification so the authority can defend itself against a potential challenge. Public agencies that score high marks in the realm of procurement risk management share three common attributes: fairness, transparency, and the availability of a recourse mechanism. When potential bidders know up front what is expected, it’s easier for them to accept and understand your decision, whether it favors them or not.
- Post-award. An authority’s procurement process should not end with the award of the contract. All procurements should be reviewed shortly after conclusion to determine any issues or necessary improvements. Following up on the procurement during and after the delivery of the goods and services not only ensures the vendor is complying with the requirements and expectations but it also validates your risk management process.
Corruption
When corrupt activities happen in the public sector, it makes head- lines and adds to the negative perception of government officials.
Ultimately, it’s the agency that pays the long-term price, literally and figuratively. Beyond the stolen funds, it will likely have increased legal expenses – two factors that could impact public projects and services. The biggest im- pact of all, however, is the loss of public confidence and trust in the organization.
While government procurement processes can be vulnerable to corruption, risk management efforts offer protection. According to studies, corruption in the procurement process generally occurs in one of the following three ways:
- Demand for payment. This is when a government official demands a bribe or kickback from a potential bidder, or a potential bidder offers a bribe in exchange for a contract or other privileges.
- Bid rigging. This is when a government official manipulates the procurement process, so a specific bidder is awarded a contract, usually in return for a bribe.
- This is when a vendor or contractor exploits a corrupt relationship by inflating prices, billing for work not performed, failing to meet specifications, or delivering sub-standard products. At times, this in- volves the cooperation of officials who knowingly or in- differently allow the fraudulent activities to occur.
Instituting checks and reviews by multiple people can minimize the chances of corrupt or fraudulent activities and should be an integral part of any risk management program.
Putting it All Together
Incorporating risk management into your authority’s procurement process can yield meaningful results and possibly prevent a worst-case scenario. Taking the first step requires an authority to be open-minded to examine and improve their procurement process or at least testing it to see how “bullet-proof ” the process really is. To summarize the key points of Procurement Risk Management:
- Proactively seek out, identify, and mitigate potential risks.
- Understand and document your entire procurement process.
- Ensure that procurement documents clearly define performance expectations and evaluation criteria for potential vendors.
- Establish and maintain multiple-person reviews as part of the overall procurement process.
- Communicate, communicate, communicate.
The items outlined in this article are just a starting point, and we encourage authorities to develop and test their risk management readiness and seek resources need- ed to assist. Most solicitors, for in- stance, are well-versed in this topic and can provide guidance. Additionally, PMAA can also support and connect you with additional resources.
A PMAA-endorsed program, PennBid is the region’s leader in e-procurement and online bid management programs. Provided at absolutely no cost to public agencies and design/consulting firms, PennBid has opened doors for many to take advantage of electronic procurement tools. For more information on PennBid, contact us or request a 30 minute overview.