The procurement function should uphold risk management initiatives and be prepared to deal with unexpected events. A governance process is required for both internal and external stakeholder’s external events.
Managing contracts, people and money can be tricky especially when problems arise, sometimes matters can even arise on a daily basis. Never presume that governance is a piece of paper in a draw. Risks & events are not static therefore risk and contingency planning should be regularly reviewed by the organisation to ensure you are ready to react swiftly.
Separation of duties
SoD is a basic internal control that attempts to ensure no single individual has the authority to execute two or more conflicting sensitive transactions with the potential to impact financial statements. Without proper guidance and a sound approach, SoD implementation, the average user might be easily overloaded and find good governance extremely difficult to achieve.
Define scenarios in the course of business where an employee is responsible for a specific task, the aim is to understand the scope of a sensitive task that a person might be exposed to.
- Map out users rights and whether if they have access to systems where it’s possible to manipulate information.
- Work through scenarios where a conflict might occur in the procurement process such as evaluation of tenders
In the event that a conflict has occurred insert process to reduce the risk and impact of the conflict if it can’t be removed completely
- Risk identification and assessment
- Risk control and monitoring
- Supplier audits
- Contingency planning
- Fraud and serious organised crime
- Supply base/supply chain activities and supplier vulnerabilities
In the event of an actual conflict occurring despite the steps taken to prevent this from happening the Department should have a plan B in place for steps to be taken after an event has happened.
- Limit reputational damage
- Market manipulation
- Monopolies and Cartels
- Hostile contractors
- Foreign market influence Natural disaster
Dependent on the complexity of the organisation and its requirements, the Procurement Function may require risk registers/contingency planning: for categories of goods and services; by Contract; by individual goods or services; for an individual supplier; etc.
Governance procedures should be reviewed annually and as a suggestion might contain the following:
- A summary of OJEU procurement exercises or if in the private sector procurements of significant value
- The number of procurements completed that are compliant with the procurement strategy
- The extent to which any regulated procurements did not comply, and a statement detailing how the organisation will ensure that future regulated procurements do comply;
- A summary of community benefit requirements imposed as part of a regulated procurement that was fulfilled during the year covered by the report;
- A summary of any steps taken to facilitate the involvement of supported businesses in regulated procurements during the reporting period;
- A summary of regulated procurements expected to commence in the next two financial years.