Managing Risk in the Procurement Process

With NASPO’s Law Institute happening this week, it couldn’t be a better time to talk about risk: what is risk; when and where should we look for risk; and how should we mitigate it?  

In its simplest form, risk in the procurement process is the possibility of an event occurring that would: 

  • adversely impact a project’s timing 
  • cause liability 
  • result in harm
  • cause some other negative outcome

When assessing risk in a procurement, the assessment should include every part of the procurement process—from solicitation development to contract closeout. Agencies typically recognize the importance of risk management while the RFP is being developed and during the supplier selection process. However, as the process proceeds to contract administration, risk management typically falls by the wayside. We will address three primary risk-mitigating strategies in the procurement process to help ensure risk management appropriately remains at the forefront.  

1st Strategy   

The first mitigating strategy is ensuring stakeholders are included in the decision-making process throughout the procurement. Stakeholders are broadly divided into two categories – internal and external stakeholders. 


When procuring software or new process that will impact day-to-day end users, ensure they are included in the decision. These external stakeholders especially must be involved where a procurement requires integrations with existing infrastructures (i.e., hardware integrations) provided by other manufacturers. Without including these stakeholders costly change orders (if they are even an option under your state’s procurement laws) are inevitable.  

2nd Strategy 

The second mitigating strategy is using subject matter experts (SME). While not the silver bullet to completely absolving risk, SMEs are a great resource to gain insight into an otherwise unfamiliar industry. SMEs can provide insights only available through years of experience. One overlooked resource for SMEs is from the suppliers themselves through a structured Request for Information (RFI). It is typical in the public procurement process to disallow a supplier from competing in a procurement that was involved in drafting the Request for Proposal (RFP). However, soliciting this industry expertise through an RFI generally absolves this issue when managed according to state statute. The use of suppliers as SMEs can also be achieved through structuring your RFP such that suppliers can demonstrate their expertise in their proposed solution and how it aligns with your agency’s objectives.  

3rd Strategy 

The third mitigating strategy is to ensure sound contract administration practices in your procurement. It is typical for an agency during the RFP development phase and supplier evaluations to have industry standards at the forefront of selecting the best value supplier. However, following contract award, state agencies typically neglect this importance. Two years into the contract, term industry standards can shift. If the appropriate contract administration procedures aren’t practiced, this will be missed. The original contract terms typically are no longer aligned with these new industry standards. With changing technology and industry standards, you must continue monitoring the occurrence of a risk during the contract term. 

The outlined risk mitigation strategies are by no means exhaustive. However, these serve as an excellent starting point to ensuring your agency is not exposed to unnecessary risk. Proper risk mitigation strategies will allow your agency to focus more on what is important–managing those risks you can’t control. Additionally, these strategies will support your agency in selecting the supplier who can best mitigate those risks for which you do not have the expertise or resources to mitigate on your own. 

 Continue building your knowledge about risk with: 

Leave a comment

Your email address will not be published. Required fields are marked *