Procurement Risk Assessment

Before any department awards a contract, they need to figure out what could go wrong. That's where procurement risk assessment comes in—a systematic evaluation of potential issues that could affect your procurement process, from planning through to contract award. The Supply Manual is clear on this: risk assessment mechanisms should be baked into your procurement planning processes to identify and mitigate risks before you sign anything.

How It Works

Think of risk assessment as a function of two variables: likelihood and impact. According to the Office of the Procurement Ombudsman's Procurement Practice Review Plan 2018-2023, you're measuring the probability of an event occurring against its potential to undermine fairness, openness, or transparency in the federal procurement process. The OPO has identified the highest-risk elements. These are your solicitation documents, evaluation and selection plans, and how you actually evaluate bids.

In practice, the Canada Border Services Agency uses a Procurement Risk Matrix that evaluates each file across several categories before contract award. You'll assess the type of procurement strategy you're using, the contract's timeframe, how urgent the requirement is, and your vendor selection approach. Each factor gets scored, and the combined result tells you whether you're dealing with a low-risk standing offer or a high-risk sole-source situation that needs extra scrutiny.

The assessment doesn't stop at process risks, though. As outlined in Innovation, Science and Economic Development Canada's supply chain security guidance, you need to evaluate three dimensions: what you're procuring, who might provide that good or service, and what mitigation strategies make sense. For complex requirements—think IT systems for DND or cloud services for SSC—this means mapping your supply chain and conducting desk research on potential suppliers. Public Safety Canada's forced labour guidance takes this further, recommending supplier questionnaires, audits, and engagement with trade unions and NGOs when you're assessing supply chain risks.

Key Considerations

• Timing matters. You need to complete your risk assessment during procurement planning, not after you've already drafted your solicitation documents or selected your procurement strategy. Trying to retrofit a risk assessment catches people off guard when they discover issues that would have changed their entire approach.

• Documentation is non-negotiable. Treasury Board expects you to document your risk assessment and the mitigation measures you've put in place. If the OPO or OAG comes knocking, "we thought about it" won't cut it—you need evidence of a structured evaluation.

• Risk profiles change. A low-risk commodity purchase can become high-risk if delivery timelines compress or if there's suddenly only one viable supplier. Reassess when circumstances shift, especially for longer-term contracts or standing offers.

• Different risks need different tools. Process risks might require additional review gates or sign-offs. Supply chain security risks might mean enhanced vendor screening or contract security requirements under the Government Security Policy.

Related Terms

Procurement Strategy, Standing Offer, Due Diligence, Contract Security Requirements, Supply Chain Risk Management

Sources

• Supply Manual - Procurement Planning and Risk Management

• OPO Procurement Practice Review Plan 2018-2023

• Supply Chain Security – Assessing Your Risk Profile

Here's the thing: a solid risk assessment early on saves you from headaches later. It's not bureaucratic box-ticking—it's how you avoid contract challenges, security vulnerabilities, and those awkward conversations with your CFO about why a procurement went sideways.