Defence Procurement Policy Manual

Simple Procurement - A Risk Based Approach:

7. Procurement officers must undertake a risk assessment before conducting any procurement to properly assess the risks associated with the procurement and accurately categorise the procurement as either: Simple, Complex or Strategic. The risk assessment should identify all relevant risks and the probability of those risks occurring. It should also assess the impact such events would have on the procurement and how such risks might be treated (risk management). The types of risks that should be considered include legal, commercial, financial, political, project management (including schedule), technical or logistics.

8. The extent and rigour of the risk assessment should be commensurate with the size and complexity of the procurement as determined by the official conducting the procurement. For most low value, low risk, low complexity procurements, minimal or no risk documentation may be required, particularly where pre-existing arrangements such as a standing offer are used. For larger or more complicated procurements, a more formal methodology may be appropriate. In such cases, the level of risk should be identified by referring to risk evaluation criteria and then identifying where the risk sits in the risk matrix. Risks may then be categorised as low, medium, high or extreme. Chapter 3.2 provides further information on risk assessment.

9. Only where the overall level of risk is determined to be low should the procurement be categorised as a Simple procurement. Importantly, the existence of a risk does not necessarily raise the risk profile of the procurement where there is a clear and effective method for treating or managing that risk. For example, specialist advice from a Procurement officer holding a Complex procurement competency can often be used to treat risks as they arise, thus keeping the overall risk profile of a procurement low. The relevant approval documentation must document the results of the risk assessment and reference any risk mitigations that have been proposed. The Procurement Approver is responsible for validating the risk assessment and subsequent categorisation of the procurement.