Risk Management and Corporate Governance


One of the key indicators of the efficiency of corporate governance is a consistent risk management strategy. The key function of corporate governance resides in ensuring accountability, transparency, and credibility; in other words, it is supposed to include all the elements that are comprised in a high-level performance (Global Association of Risk Professionals 2012). A reliable risk management strategy serves as a helpful tool to achieve the described objectives. The failure to design such a strategy implies numerous threats to the company’s performance, from the distorting of the company’s reputation to a complete collapse.

A sound risk management strategy serves as a reliable guarantee for the company’s stakeholders. Recent research has revealed that business owners are getting more and more concerned about their partners’ reputation in the context of risk management (Solomon et al. 2000). One of the key points of concern within the risk management field is procurement and supply. In the modern environment that implies numerous risks that include delays and disruptions, it is critical to ensure that the goods and materials are timely delivered to the customer (Giunipero & Eltantawy. 2004).

Hence, the paper at hand is aimed at analyzing the best risk management practices and outlining guidelines for designing an effective procurement risk management strategy. This report puts a particular emphasis on the practical applicability of the provided recommendations and the preventative activities described herein.


The expert community points out the fact that the risk management culture is in the very early stages of its establishment. Hence, a large number of companies still have a tendency to neglect the basic principles of risk management, as guided by their desire to receive larger revenues (Lang & Jagtiani 2010). In the meantime, there is a large body of case studies that illustrate the importance of reliable risk management, particularly that related to procurement.

Throughout these decades, the expert community has been examining the factors that determine the efficiency of a risk management model. Some experts believe that the main condition is the close interconnection between risk management and corporate governance. In other words, it is assumed that a risk management model should target the risks that can potentially prevent the company from achieving its core goals and objectives (Bhimani, 2009). In the framework of the procurement field, a particular focus is put on the choice of suppliers and effective delivery planning as the key to successful performance (Bureau Van DIJK, 2016).

Most of the experts agree on the point that the procurement risks imply all the factors that lead to delivery delay or cancellation (Khan & Zsidisin, 2012). It should also be pointed out that more and more significance, in terms of risk management, is now assigned to the board of directors, rather than to CEOs. Hence, a recent study has revealed that a board proves to be a more productive decision-maker than the classic corporate governance in crisis conditions (Aebi, Sabato & Schmid 2012).

Some experts also put a particular emphasis on the important role of auditors in the risk management process. In other words, external auditors are considered to be the only parties capable of providing an independent, expert assessment of all the elements of a risk management system, including the board (Bedard & Johnstone 2004).

Designing an Effective Risk Management Strategy

Identifying the Risk Location

In order to eliminate the existing risks, it is, first and foremost, essential to identify their location. The same principle can be equally applied to risk prevention – it is easier to prevent the risk in case its potential source is identified. Broadly speaking, the risk locations might be divided into two large groups: external and internal. Meanwhile, it is likewise proposed to consider strategic and operational risks.

Strategic Risks

According to the Institute for Public Procurement (2012), strategic risks are those related to the organization’s long-term objectives. Strategic risks consist of the following types:

  1. Political risks that might be associated with the company’s failure to meet the policy commitments of the local authority, the governmental changes that challenge the policy’s sustainability, etc.
  2. Economic risks determined by the inflation rate, the exchange rate, recessions, etc.
  3. Social risks that imply the company’s inability to deliver its services to the target population due to the particular socioeconomic or demographic changes.
  4. Technological risks associated with the company’s failure to integrate the latest technologies in order to improve its procurement service.
  5. Legislative risks that imply the company’s failure to keep up with the regulatory changes or to meet some particular directives.
  6. Competitive risks that comprise the company’s inability to use outsourcing and other monitoring tools in order to ensure a consistent competitive advantage.

Even though this risk group might be characterized as external, it does not mean that the company cannot manage them. The procurement risk management strategy should consider these risks and offer a contingency plan for every scenario. Ideally, the strategy’s guideline should be composed in such a manner that it describes all the actions that every employee needs to perform in details. Hence, for example, in order to avoid legislative risks, the procurement risk management strategy should oblige procurement employees to examine related legislation on a regular basis to ensure that the deliveries’ organization is legally sound.

Operational Risks

According to the Institute for Public Procurement (2012), this risk group includes the hazards associated with the employees’ everyday activity. Operational risks might be divided into the following groups:

  1. Professional risks that imply the lack of competence in procurement specialists.
  2. Financial risks that imply the failure to evaluate economic outcomes. Hence, for instance, the wrong assessment of the supplier’s appraisal might lead to a supply disruption.
  3. Legal risks that relate to the failure to compose legal and sound contracts.
  4. Physical risks that imply the violation of safety regulations that might lead to workplace accidents.
  5. Contractual risks that imply the failure to meet the requirements that are initially registered in the contract, such delivery date or cost.
  6. Technological risks that imply the employees’ excessive reliance on their equipment. Hence, for instance, the eProcurement system allows managing procurements in a convenient and timely manner. Meanwhile, it does not imply that the employees do not have to reexamine all the critical aspects personally.

The analysis of the two types of potential risk locations shows that a wide scope of risk factors is determined by the professionalism and competence of the procurement workers. Hence, it is recommended that a particular focus is put on the relevant training and proficiency examination.

Identifying the Major Risk Factors

The basic component of an effective risk management strategy is risk identification. Therefore, it is considered rational to discuss the main types of risk factors.

First and foremost, it is essential to monitor the raw materials’ costs on a regular basis. Thus, while composing a contract and trying to set a beneficial delivery price, it is essential to take into account the fact that fuel and energy costs tend to escalate (The Institute for Public Procurement, 2012). Therefore, it is critical that the company and the supplier decide if the delivery cost is dependent on the raw materials price. From the company’s perspective, it is more rational to insist on a fixed delivery price to avoid potential risks.

Secondly, it is critical to examine the supplier’s risk management reputation (The Institute for Public Procurement, 2012). Hence, even the most effective risk management practices cannot prevent delivery incidents in case these practices are performed by one party only. Therefore, it is necessary to check the supplier’s background and collect the feedback from the previous partners.

Another risk factor that should be considered is the so-called wrong focus. Hence, many companies tend to put a particular focus on cutting the delivery costs and refuse to make any effort to improve their quality of their services. In the meantime, it is essential to take into account the severe competitiveness of the modern market. Hence, customers are equally interested in an attractive price and good quality. Therefore, it is essential to ensure both in order to compete with the rivals.

Action Plan for Risk Identification

The clear and concise identification of key risks is a pivotal element of an effective risk management strategy. There are different ways to determine the main risks. In the first place, the board should examine previous security reports and identify the most common roots of delivery failures. Second, it is essential to involve external auditors in order to provide an expert assessment of the currently existing risks that should be considered while composing the strategy. Finally, the corporate risk management experts should examine relevant case studies and prognosis in order to outline the scope of risks the company’s procurement might potentially face in the future.

Clear risk identification is critical from two perspectives. Primarily, it allows defining the risk management strategies’ mission and objectives. Secondly, it makes the employees more risk-conscious. Hence, a recent study revealed that it is particularly important that personnel show a high awareness of both operational and non-operational risks.

The research was carried out in companies that have adopted the enterprise management strategy recommended by the Toronto Stock Exchange Guidelines. The study showed that those companies report a sufficient level of awareness on the part of their personnel likewise illustrate a high level of their employees’ involvement and responsiveness within the relevant decision-making process (Kleffner, Lee & McGannon 2003).

Finally, it should be pointed out that the identification of potential risks should also include the analysis of two important factors. First of all, it is necessary to define the probability extent. Secondly, it is critical to assess the impact extent of the risk incident (Global Association of Risk Professionals 2012).

Strategy Design and Implementation

A complex risk management strategy should comprise a series of critical components. Above all, it should include setting objectives and explaining responsibilities – points that have already been laid out above. Another part of the strategy should include event identification and risk assessment. In other words, it is necessary to describe all the events that are likely to affect the company’s performance and evaluate the risk of their occurrence. One of the pivotal parts of the strategy involves control activities (The Association of Chartered Certified Accountants 2008).

Hence, a good strategy should essentially provide a detailed action plan for every risk pattern. Lastly, it is important that the strategy elucidates the communication and monitoring measures that can be taken to integrate the strategy (Global Association of Risk Professionals 2012). At this point, it should be noted that communication is an important element of the risk management process. A particular focus should be put on consistent reporting, particularly in those cases when unethical or illegal conduct is carried out within the workforce.

Evaluating the Strategy’s Efficiency and Eliminating Existing Flaws

In order to evaluate the strategy’s efficiency, it is essential to analyze the critical assessment provided by different parties. From this perspective, a valuable analysis might be provided by external auditors (Global Association of Risk Professionals 2012).

While evaluating the strategy’s efficiency, it is also crucial to test whether the targeted risks meet the corporate values as they were initially set. In other words, it might turn out that risk management seems to be effective, as it ensures timely and rational actions to prevent the targeted risks. However, there can be initial mistakes in identifying the risks themselves, so that there are some other risk factors that impede the company’s progress, but that were initially neglected in the process of formulating the company’s risk management strategy (Sobel and Reding 2004).

Incorporating Risk Management into the Company’s Corporate Governance

Finally, it is essential to ensure that a risk management model becomes an integral part of the corporate governance strategy. In other words, the latter should register all of the principles and mechanisms that are supposed to guarantee a consistent approach to risk management and prevention.

Case Studies

Practice shows that different companies employ various approaches to procurement risk management. Hence, for instance, a few years ago, Hewlett-Packard Company reported that it managed to save more than a hundred million dollars because of an improved risk management system in the procurement sector. Their innovation resides in the maximal computerization of the delivery process. Hence, the company insists that the relevant software is more reliable in terms of delivery tracking and evaluating risks than manual tracking by employees (Nagali et al. 2008).

In the meantime, as it has been already mentioned above, excessive reliance on automatic evaluation is irrational as a creative and effective alternative solution might be generated only with the help of the analytical skills of the procurement specialists. Therefore, it is recommended that the positive practice of Hewlett-Packard Company can be applied to the performance of simple and monotonous activities, whereas the critical and foreseeing analysis is carried out with the employees’ participation.

Another case study illustrates the importance of the planning stage in the framework of an effective procurement risk management. Hence, a series of Brazilian companies was examined to test the efficiency of their procurement management practices. The findings show that the most critical problem is poor planning that includes needs’ overestimation, setting excessively short timeframes, etc. (Blos et al., 2009). Therefore, this factor should be essentially considered while shaping the risk management strategy in the procurement sector.

Proposed Procurement Risk Management Strategy

Basing on the overviewed data and the relevant literature, it is proposed that the procurement risk management strategy has a multi-level structure.

Stage 1: Need Identification and Purchase Planning

At this stage, it is critical to assess the need accurately without either understating or overstating it. The misinterpretation of the need is likely to result in significant money issues and inevitable time loss. It is likewise important to ensure that the planned funding is sufficient to cover all the delivery expenses; otherwise, insufficient funding might cause delays and disruptions. Finally, it is necessary to set a practical timeframe. The timeframe is needed both by the company to have a vision of the delivery process and by the tenderers that can evaluate the company’s procurement scheme. It should also be noted that the planning stage requires that the personnel adheres to ethical principles and provides real and transparent planning data.

Stage 2: Specification

At this stage, it is necessary to perform a detailed market examination in order to specify the needed products. Hence, it is essential to register the target company-providers as well as those organizations that can provide an alternative product in case of emergency. Unless the product is not specified, it will be more problematic to evaluate the delivery expenses and packaging adequately.

Stage 3: Sources Selection

At this stage, it is important to target the sources of all the elements of effective procurement. Hence, for example, it is essential to have a full list of the companies that can provide or repair the transport, the fuel, etc. Unless such a list is completed in advance, there is a risk of critical delivery delay because one of the sources might turn out to be invalid in the procurement process.

Stage 4: Documentation Management

All the documentation needs to be composed in such a manner that both the customer and the company find the described conditions admissible. A good procurement contract should cover such aspects as terms and conditions, the quality of service of goods, the delivery timeline, the parties’ responsibilities, etc. It is vital to register whether the delivery costs will be fixed or dependent on the raw materials’ prices and exchange rates (The Association For Operations Management, n.d.).

Stage 5: Orders Management

It is essential to ensure that the customers’ enquiries are addressed in a timely manner. Otherwise, there is a chance that the customer prefers to shift business to rivals. In order to ensure that the enquiries are properly managed, it is necessary to provide the procurement employees with relevant training. In addition, it is recommended to employ the latest technologies for the enquiries’ systematization.

In addition, it is essential to ensure a high level of the data security so that the details of delivery, procurement contracts, and other important documents cannot be accessed by external parties.

Stage 6: Supplier Selection

Suppliers’ performance determines the outcome of the entire procurement process. Therefore, it is recommended that the procurement personnel undergo relevant training to be capable of evaluating the risks of collaborating with a particular supplier. It is essential to take into account the fact that even though a contract might serve to be a risk-free guarantee, it still cannot prevent unreliable suppliers from disrupting the procurements.


Therefore, it is proposed that new risk management strategy is based on three critical elements. First and foremost, this strategy includes consistent identification of the risks in accordance with corporate values. Second, in the framework of this strategy, a particularly important role is assigned to the board.

In addition, it is recommended that the strategy mainly focuses on the prevention of incidents. In order to do so, it is advised that the company performs the identification of both risks and their locations, putting a particular emphasis on such aspects as unreliable suppliers and unforeseen incidents.

Reference List

Aebi, V, Sabato, G & Schmid, M 2012, ‘Risk management, corporate governance, and bank performance in the financial crisis’, Journal of Banking & Finance, vol. 36, no.12, pp. 3213-3226.

Bedard, JC & Johnstone, KM 2004, ‘Earnings Manipulation Risk, Corporate Governance Risk, and Auditors’ Planning and Pricing Decisions’, The Accounting Review, vol. 79, no.2, pp. 277- 304.

Bhimani, A 2009, ‘Risk management, corporate governance and management accounting: Emerging interdependencies’, Risk Management, vol. 20, no.1, pp. 2-5.

Blos, MF, Quaddus, M, Wee, HM & Watanabe, K 2009, ‘Supply chain risk management (SCRM): a case study on the automotive and electronic industries in Brazil’, Supply Chain Management: An International Journal, vol. 14, no.4, pp. 247- 252.

Bureau Van DIJK 2016, Public Procurement Practice. Web.

Giunipero, LC & Eltantawy, RA 2004, ‘Securing the upstream supply chain: a risk management approach’, International Journal of Physical Distribution & Logistics Management, vol. 34, no.9, pp. 698-713.

Global Association of Risk Professionals 2012, Corporate Governance & Risk Management.

Khan, O & Zsidisin, GA 2012, Handbook for Supply Chain Risk Management: Case Studies, Effective Practices, and Emerging Trends, J. Ross Publishing, Fort Lauderdale, Florida.

Kleffner, AE, Lee, RB & McGannon, B 2003, ‘The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence from Canada’, Risk Management and Insurance Review, vol. 6, no.1, pp. 53-73.

Lang, WE & Jagtiani, JA 2010, ‘The Mortgage and Financial Crises: The Role of Credit Risk Management and Corporate Governance’, Atlantic Economic Journal, vol. 38, no.2, pp. 123-144.

Nagali, V, Hwang, J, Sanghera, D, Gaskins, M, Pridgen, M, Thurston, T, Mackenroth, P, Branvold, D, Scholler, P & Shoemaker, G 2008, ‘Procurement Risk Management (PRM) at Hewlett-Packard Company’, Interfaces, vol. 38, no.1, pp. 51-60.

Sobel, PJ & Reding, KF 2004, ‘Enterprise Risk Management with Governance Means Directors, Senior Management, Internal and External Auditors, and Risk Owners Must Work Interdependently’, Management Accounting Quarterly, vol. 5, no.2, pp. 1-9.

Solomon, JF, Solomon, A, Norton, SD & Joseph, NL 2000, ‘A Conceptual Framework for Corporate Risk Disclosure Emerging From the Agenda for Corporate Governance Reform’, The British Accounting Review, vol. 32, no.4, pp. 447-478.

The Association for Operations Management n.d., Procurement Contract Risk Management.

The Association of Chartered Certified Accountants 2008, Corporate Governance and Risk Management Agenda. Web.

The Institute for Public Procurement 2012, Public Procurement Practice. Web.

Cite this paper

Select style


BusinessEssay. (2022, December 12). Risk Management and Corporate Governance. Retrieved from https://business-essay.com/risk-management-and-corporate-governance/


BusinessEssay. (2022, December 12). Risk Management and Corporate Governance. https://business-essay.com/risk-management-and-corporate-governance/

Work Cited

"Risk Management and Corporate Governance." BusinessEssay, 12 Dec. 2022, business-essay.com/risk-management-and-corporate-governance/.


BusinessEssay. (2022) 'Risk Management and Corporate Governance'. 12 December.


BusinessEssay. 2022. "Risk Management and Corporate Governance." December 12, 2022. https://business-essay.com/risk-management-and-corporate-governance/.

1. BusinessEssay. "Risk Management and Corporate Governance." December 12, 2022. https://business-essay.com/risk-management-and-corporate-governance/.


BusinessEssay. "Risk Management and Corporate Governance." December 12, 2022. https://business-essay.com/risk-management-and-corporate-governance/.