Risk Response

Once you've identified what could go wrong in a procurement, you need to decide what to do about it. Risk response is where theory meets practice—it's your game plan for handling the threats you've mapped out. The Government of Canada's risk management cycle, formalized in 2016, positions response as the third critical step after identification and assessment, followed by communication and monitoring.

How It Works

The Supply Manual from Public Works and Government Services Canada describes risk management as integral to procurement activities, though it doesn't prescribe a single approach to response. Instead, you're working with five fundamental strategies: accept the risk, reduce it, avoid it entirely, monitor it closely, or transfer it to another party. Which one you choose depends on what you're buying, who you're buying from, and what happens if things fall apart.

Your response needs to be proportional. If you're procuring complex IT services worth millions, your mitigation measures will look different than a straightforward office supply contract. Science.gc.ca's supply chain security guidance emphasizes that proper risk assessment directly informs what mitigation measures are warranted—you're not applying blanket solutions.

In practice, Treasury Board policy already builds risk mitigation into contracting approval limits. Services procured through Government Electronic Tendering Service (GETS) can go up to $2 million, while competitive contracts cap at $400,000 and non-competitive at $100,000. These thresholds aren't arbitrary—they reflect assessed risk tolerance levels across government. When the Office of the Procurement Ombud reviewed DND's procurement practices, they flagged three highest-risk elements: establishing evaluation criteria, the bid solicitation process, and evaluating bids for contract award. Your response strategies need to address these pressure points specifically.

Key Considerations

• Response isn't a one-time decision. You monitor and adjust as circumstances change. A vendor's financial situation deteriorates? Your monitoring triggers a new response. Supply chains shift? Time to reassess whether you're still avoiding or just accepting certain risks.

• Documentation matters for accountability. When you choose to accept a risk rather than mitigate it, document why. Treasury Board policy requires demonstrating due diligence, and "we didn't think it would happen" won't satisfy an audit.

• Transfer strategies have limits. You can't transfer every risk through insurance or contractual clauses. Some risks—particularly reputational ones tied to vendor performance—stick with you regardless of what the contract says.

• Reducing risk costs money and time. Additional vendor due diligence, performance bonds, milestone-based payments—these all add complexity to your procurement. Balance the cost of mitigation against the cost of the risk materializing.

Related Terms

Procurement Complexity Levels, Vendor Risk Assessment, Contract Security Requirements

Sources

• Supply Manual: Risk Management, Public Works and Government Services Canada

• Supply Chain Security – Assessing Your Risk Profile, Government of Canada

• Procurement Practice Review of the Department of National Defence, Office of the Procurement Ombud

The best response strategy is the one you've thought through before the risk materializes. When something does go sideways—and eventually something will—having a documented, approved response plan means you're managing the situation rather than scrambling to explain it.