Eight common procurement risks and how to manage them


Discover the eight most common forms of procurement risk and how they impact your business so you can spot them during vendor vetting and performance reviews.

Eight most common forms of procurement risk | Vendr
Written by
Vendr Team
Published on
June 12, 2023
Read Time

Vendr | TwitterFacebook iconVendr | LinkedIn

All forms of procurement involve some kind of risk.

Procurement includes involving a third party in your business operations, which relinquishes a degree of control to them—a risk in and of itself.

Since different vendors come with varying risk profiles, choosing suppliers with as low a risk as possible is a key goal for many procurement leaders.

To achieve this, however, you need to know which risks to consider when vetting and assessing potential suppliers.

Discover the eight most common forms of procurement risk and how they impact your business so that you can spot them during vendor vetting and performance reviews.

What is the meaning of procurement risk?

Procurement risk is the possibility of something going wrong when purchasing goods or services from a third-party supplier.

A classic example is supply chain risk.

When you purchase an important component used to manufacture the thing you sell, you form a relationship with a supplier. The possibility of that vendor being unable to fulfill an order—due to equipment failure, shipping delays, labor strikes, or any other reason—represents a form of procurement risk.

Finding procurement opportunities without risk is impossible—all relationships include some risk. For instance, the possibility that a supplier goes out of business is always present.

Your goal as a procurement professional is to identify potential risks and find ways to mitigate them.

Much of this involves working with suppliers with the least risk. However, because “zero risk” is unattainable, you may put policies in place to prevent the present risks from significantly impacting operations.

For instance, you may pre-source and vet one or two backup vendors for any business-critical relationships, such as the payroll system you use to process employee salaries.


How to manage the eight most common procurement risks

1. Software security risk

Software security risk is the most critical and pervasive risk to look out for during the SaaS purchasing process.

Aside from the possibility of a data breach—the main concern regarding software security—several other risk categories exist, including:

  • Regulatory compliance
  • Access management
  • Misconfigurations
  • Data retention practices
  • Disaster recovery
  • Software uptime

The best protection against software security risks like these is extra vigilance during the sourcing process by asking questions of potential suppliers like:

  • What procedures do you have in place to prevent data breaches?
  • How often do you review compliance with regulations like GDPR?
  • What is your current software uptime percentage?

2. Vendor financial risk

Vendor financial risk is the possibility of a supplier going out of business, creating subsequent fallout you’ll have to deal with.

Whenever you deal with smaller providers, you expose yourself to risk related to their financial stability.

For example, when Nirvanix, a cloud-based storage pioneer, went out of business, customers were given only two weeks to transfer their data.

Mitigate this risk by:

  1. Assessing the financial stability of any companies you want to partner with
  2. Putting a backup plan in place that details what you’ll do if a given vendor shuts down at short notice
  3. Reassess supplier financials at regular intervals (quarterly or annually)

3. Supply chain risk

Supply chain risk represents the possibility that a strategic vendor cannot meet your order requirements.

If this were to happen, it could significantly strain your operations and impact customer delivery times and profitability.

Mitigate supply chain risk by increasing supplier diversity.

For your most business-critical vendors, it's best practice to have two or three backup options ready. Then, in the event of a shortage, you can switch quickly without going through a new sourcing and vetting process.

Look to partner with vendors who can provide proof of their ability to scale up order volume. If a vendor currently has a max order capacity of 5,000 units and you anticipate ordering 1,000 units at a time, this gives you a good safety net to protect against shortages.

4. Reputational risk

Reputational risk is the possibility of a supplier engaging in some form of activity that garners bad press, impacting your brand negatively.

The best protection here is to identify and partner only with brands that align with your values.

For example, if sustainability and green sourcing practices are a particular concern for your organization, prioritize vendors with a similar view (perhaps they have a favorable carbon offsetting program).


5. Price instability risk

Price instability risk is the possibility of external circumstances driving up the pricing of a good or service you buy from a vendor.

A recent example is the 72 percent increase in shipping costs over the pandemic.

The best way to mitigate price instability risk is to lock pricing in with a contract. For instance, you may agree to a per-user price with your CRM provider and lock that in for 24 months.

However, this may not be possible in all cases.

Vendors of items with seasonal solid variability—think fresh produce—may be reluctant to lock in a price, knowing that an increase in costs might render the agreement unprofitable.

In these cases, the best approach is to increase supplier diversity to give you a fallback option and source internationally to mitigate against possible local supply issues.

6. Fraud risk

All organizations are at risk of fraudulent invoices, especially larger companies, who are less likely to question every payment request they receive.

Even giants like Facebook and Google are susceptible, with one man stealing over $122 million from the two companies using fraudulent invoices.

A purchase order process is your best protection against procurement fraud like this. Requiring that all invoices match a purchase order number puts a double-check procedure in place. You can track legitimate invoices back to the person on your team who initially made the request.

7. Supplier performance risk

Supplier performance risk represents the possibility that a vendor doesn’t live up to the terms of their contract.

For instance, part of the agreement for a new applicant tracking system might be that support tickets receive a response within 24 hours. However, if the average ticket response time after two-quarters of business is 36 hours, the supplier’s poor performance will impact your ability to hire quickly.

The best protection against this risk is to create a supplier performance tracking dashboard in your procurement management platform and to hold regular performance review meetings with your vendors (quarterly is generally appropriate).

8. Market risk

The market risk looks at the possibility of market climate or economic conditions impacting a supplier relationship.

For instance, if you switch from a marketing-led to a product-led growth model owing to evolving market conditions, you may find that your current SaaS vendor doesn’t offer the right features to support this change.

Additionally, there is the risk that market developments force your vendor to switch directions.

For instance, they may deprioritize a feature set you regularly take advantage of in order to prioritize developing and supporting a different product that suits a broader audience.

In this instance, you may need to re-engage in vendor sourcing to replace the supplier that no longer meets your organizational needs.

Manage procurement risks in Vendr, the SaaS buying platform

Managing procurement risks starts with understanding which external risks you might be vulnerable to and ends with putting a solid risk management process in place.

The best procurement teams use dedicated software solutions—procurement software—to maximize compliance with risk mitigation processes and report on their effectiveness.

With Vendr, procurement teams:

  • Use automation to speed up manual processes like approval workflows and ensure decision-making stakeholders are on top of all strategic sourcing initiatives
  • Create personalized contract management processes to ensure agreements don’t renew without consent
  • Track vendor relationship health in a customizable dashboard
  • Analyze the impact of their risk management procedures on the bottom line with real-time visibility into cost savings


Vendr Team
Vendr Team
LinkedIn icon
Vendr's team of SaaS and negotiation experts provide their curated insights into the latest trends in software, tool capabilities, and modern procurement strategies.

Similar posts

Learn more about finding, buying and managing your SaaS stack with resources from our experts.

Introducing New Features to Enhance and Customize Intakes with Vendr

Emily Regenold

SaaS Tools
Introducing New Features to Enhance and Customize Intakes with Vendr

Leverage these features to make your intake process more intuitive, flexible, and automated, simplifying the purchase of both SaaS and non-SaaS products through Vendr.

Read post
How to Think About  CapEx vs. OpEx in SaaS Procurement

Vendr Team

Spend Management
How to Think About CapEx vs. OpEx in SaaS Procurement

A detailed overview of CapEx vs. OpEx and how IT spending has shifted with the evolution of SaaS tools, plus tips on how to negotiate software contracts.

Read post
The Complete Request for Quote (RFQ) Guide

Vendr Team

Spend Management
The Complete Request for Quote (RFQ) Guide

A detailed overview of the process for requesting a quote, including steps to simplify and improve the process for buyers evaluating SaaS tools.

Read post