Corporate procurement departments have significantly added value to the continuing drive for increased productivity and efficiency through leveraging purchasing across the enterprise. The procurement function enhances a company's operational efficiencies by employing a unified purchasing strategy - allowing organizations that purchase a significant amount of goods and services to reduce their cost per unit by increasing production. As such, additional functionality for the procurement department has gained greater prominence across organizations in various industries, including manufacturing, retail and financial services.

In an environment where the purchasing of necessities for the modern enterprise is increasingly leveraged by one set of master buyers, risk management is considered the next function that might be absorbed into the procurement department. But does combining the purchasing and risk management functions make sense in the modern business landscape?

Risk management is a pervasive enterprise-wide function involved in protecting the acquisition, operation and development of goods and services - via risk transfer, risk mitigation, and other risk-related services - that the organization relies on to support its day-to-day operations.  The risk management practice involves guidance and support in claims and risk mitigation that must be specifically adapted to the culture and practical business requirements of the organization.

The procurement department, on the other hand, offers the advantages of economies of scale for goods and services considered commodities or near commodities (e.g., ballpoint pens, printer paper, etc.). As such, a successful merger of the procurement and risk management functions would largely depend on whether the purchases and services developed by risk managers can or should be commoditized.

Consider this: The risk management department often provides a high level of risk consultancy throughout the enterprise, including purchases and decisions regarding purchases from third parties, such as vendors, customers, banks, landlords, leasing companies and other business partners. Moreover, risk management supports other critical business functions ranging from supply chain and logistics to legal, accounting and human resources.

Thus, realizing added value from the procurement department's role within the risk management function poses significant challenges in three key areas:

• uniting the unique competencies of the procurement department with the risk consultancy role in a meaningful way

• making certain the combination does not eradicate creative approaches to risk

• effectively aligning the risk management function with the purchase of risk transfer services

Indeed, the procurement department's strength in purchasing goods and services does not necessarily translate well into the risk management function. An overreliance on cost reduction can be dangerous. If the various roles of the risk management function are properly calculated into the organization's total cost of risk, then the organization may just find that the low-cost provider or vendor isn't the most efficient partner for the company. An additional concept: cost and coverage - that is, proper protection for the organization - may move in opposite directions.

Accordingly, the value of an effective risk management function depends on understanding what drives the total cost of organizational risk. For example, an organization may rely on insurance premiums and other fees as a dependable measure of risk management costs because they can be easily commoditized and translated into the procurement function. However, determining the true cost of organizational risk requires a more sophisticated approach that commands the best available data, metrics, benchmarking, predictive analytics, catastrophe assessment, claims mitigation and management, as well as the efficient application of a variety of risk engineering and related disciplines.

By determining the total cost of risk, an organization can optimize its risk-related decision-making in terms of value added or potential lost opportunity for the enterprise, thereby reducing uncertainty to a meaningful degree.

Imagine two vendors competing to provide an organization with a component necessary for the production of goods. Both offer similar products and quality, but Vendor A is more expensive than Vendor B. Following the procurement department's typical protocol, Vendor B would be the natural choice as a business partner. However, the organization might consider employing analytic-based decision-support tools to create a risk metric that measures the dependability of each vendor in terms of continuity risk. That metric may show that Vendor A is a much more reliable and dependable supplier. So while the short-term costs may be lower for Vendor B, the long-term cost savings and production efficiency offered through Vendor A would be the best solution for the organization.

Though the implementation of efficient procurement strategies undoubtedly offers considerable value to several different enterprise functions, modern risk management departments require a different and broader level of competency that cannot be addressed by the commoditizing of risk-related goods and services alone.  Subsequently, risk management is best served by an independent department that can utilize both reliable analytic capabilities and effective risk partners who can tailor sophisticated risk services to fit specific client needs.

Source: ISO