Risk is the chance of something happening that will have an impact upon the achievement of the Organization’s objectives. It can be viewed as both an opportunity and a threat, and is measured in terms of likelihood and impact.  

Risks to procurement stem from various causes and may have different types of effects.  Identifying causes and effects helps understand why the risk is happening, and how it will affect the Secretariat.  Addressing causes of risks will help prevent the risk from occurring; addressing the effects will mitigate the impact of risks.

There are a variety of risks faced during every phase of procurement, with certain risks being of greater importance, depending upon the goods or services being procured as well as the state of the procurement.   

Risk management seeks to mitigate the impact of the risk by reducing the likelihood of its occurrence and/or reducing avoidable consequences through planning, monitoring and other appropriate actions. Whether in general or in a specific case, all risk factors that are likely to occur need to be identified and analyzed and then the most appropriate management response for each risk/combination of risks must be taken. Responses may include:

Risk cannot be entirely avoided; rather it is part of the normal work environment within which we operate. It can to some extent be managed. Some measures to manage risk are based on the quality of the procurement process applied across all activities, while other measures may be targeted to specific risks inherent in certain categories of procurement.

Risks to successful procurement can come from several types of sources, namely:

External factors can include political, economic, and even nature. While political and budgetary factors are generally outside the control of the requesting officer, to reduce the risk of late supply, it is appropriate to begin the procurement process with sufficient lead time, and include appropriate caveats to potential suppliers when a solicitation is issued in advance of authorization, ensuring that it will not lead to binding commitments until and if such authorization is received.  

Project complexity may lead to objective difficulty in specifying requirements, either because conditions are not fully known or the requirement is subject to change for political or other reasons. Risks can be reduced by regularly reviewing the requirement. 

Where project planning is not properly carried out, this can contribute to each of the negative outcomes referred to above, as well as to friction in relations among colleagues. The risks can be best reduced through planning the respective activities to ensure that requirements for and of procurement are properly integrated.

The procurement process contains in each of its stages, multiple specific risks and consequences. Managing these risks is part of the professional responsibility of each staff member involved in the procurement process. 

Fraud, corruption and unprofessional conduct can enter into any stage of the procurement process, producing the risk of loss of organizational resources and budget for inappropriate supply, with corresponding great damage to the image of the organization. Key among the measures to mitigate these risks are:

Competition, transparency and separation of functions are the foundation of risk mitigation, since they ensure any fraudulent or corrupt behavior will not go unnoticed. All those involved in the procurement process should be aware of the potential risks at each stage in the procurement cycle in both planning and undertaking their activities.

There are risks in each phase of the procurement process, and there are organizational and commercial measures that can be taken to mitigate those risks. Examples of typical risks, possible consequences and what to do at each stage are contained in PT 15.01 – Extract from the UN Procurement Practitioner’s Handbook.

Please refer to the Enterprise Risk Management Guide for practical details of the risk management process in UNAIDS.  Also refer to the Risk Management Policy, Enterprise Risk Management Governance Model and the Terms of Reference for the Risk Management Committee which were issued in December 2013.