Risk Management in Public Health Procurement: A Case Study Example
Context
This case study is based on practical implementation guidance shared during Health Procurement Africa’s (HPA) Ask the Expert webinar on risk management in procurement. The session presented applied approaches from Nigeria and Kenya, delivered by HPA procurement experts, illustrating how public-sector health procurement teams can identify, assess, and mitigate procurement and supply chain risks.
Watch the full Ask the Expert webinar recording here.
Introduction
Procurement risk is an inherent feature of public health supply chains. Supply disruptions, currency volatility, supplier failure, and regulatory non-compliance can all threaten the delivery of essential health commodities to patients. Effective risk management is not a standalone activity — it must be embedded within every stage of the procurement cycle, supported by cross-functional engagement, structured assessment tools, and clear organisational policy.
Risk Management Framework
A structured approach to procurement risk management follows a repeatable process aligned to the ISO standard for risk management. Most risks are addressed through active mitigation using tools already embedded in procurement practice. Mitigation should operate at three levels: preventive actions to reduce likelihood, contingency actions if a risk materialises, and recovery actions for extreme risks.
|
Process Stage |
Purpose |
|
Identify Risks |
Surface risks across the procurement cycle using cross-functional input from all stakeholders |
|
Evaluate Risks |
Assess probability and impact — and where relevant, duration — to prioritise response effort |
|
Assess Risk Appetite |
Understand organisational tolerance for risk; public sector bodies tend toward risk-aversion, but calculated risk-taking can generate value |
|
Identify Risk Response |
Apply the four T’s: Transfer (pass risk to the party best placed to manage it), Tolerate (accept low-probability, low-impact risks), Terminate (avoid proceeding where risk is unacceptable), or Treat (actively mitigate through supplier appraisal, contract management, and performance monitoring) |
|
Assure the Process |
Maintain risk registers, policies, and quality assurance mechanisms |
|
Embed and Review |
Build risk awareness into organisational culture through training and continuous improvement |
Case Application: Formalising Risk Management in Nigeria
Nigeria’s experience under the HPA programme focused on organisations with little or no formalised risk management. The approach introduced a five-step model: establish a risk management policy; develop a procurement and supply risk management framework; create practical tools including risk registers and contingency planning matrices; integrate risk management across the procurement cycle; and maintain ongoing monitoring and reporting.
Risk Register in Practice
Working with two organisations, HPA identified specific risks and developed structured responses. The table below illustrates the approach.
|
Risk |
Assessment and Mitigation Response |
|
Currency volatility |
Rated high probability and high impact. Existing reactive supplier relationship management was insufficient. HPA introduced framework agreements with quarterly call-offs, enabling proactive market assessment and securing value for money before currency shifts occurred. |
|
Emergence of local manufacturers |
Treated as a positive risk. Policies and pre-qualification procedures were introduced to allow the organisation to pilot procurement with small quantities and scale up as confidence in local suppliers grew. |
Scenario Analysis: Disease Treatment Programme
A programme serving over 500,000 patients, sourcing medicines from a single international supplier through a centralised distribution system, was used to demonstrate applied risk analysis.
|
Risk Identified |
Mitigation Action |
|
Overdependence on a single international supplier |
Diversify and pre-qualify additional suppliers |
|
Inadequate inventory management |
Introduce demand forecasting and buffer stock management |
|
Supplier financial instability |
Conduct supplier risk profiling to assess financial standing |
|
Regulatory risk with imported medicines |
Strengthen regulatory compliance planning to avoid border delays |
|
Supply chain disruption |
Implement early warning systems and supply chain monitoring |
At a systemic level, Nigeria’s Public Procurement Act embeds controls throughout the cycle — competitive bidding, supplier qualification criteria, performance guarantees, and structured evaluation committees. Broader initiatives include a national procurement certification programme, digitalisation of procurement processes, and pooled procurement mechanisms to manage price volatility and supply disruption.
Case Application: Risk Management in Kenya
Kenya’s approach is governed by the Public Procurement and Asset Disposal Act of 2015, monitored by the National Treasury and the Public Procurement Regulatory Authority (PPRA). The Act addresses corruption, conflict of interest, and procedural compliance at every stage of the procurement cycle. Risk analysis is conducted as a cross-functional process: risks are identified, rated, and recorded on a master procurement risk register, with mitigation actions developed and implemented collaboratively. Supplier engagement, including review of critical path activities, supports proactive management of time and cost overrun risk.
|
Risk Category |
Mitigation Measure |
|
Compliance and Regulatory |
Governed by the Public Procurement Act; internal SOPs and manuals developed with HPA support |
|
Environmental |
Mandatory NEMA certification required before any project commences |
|
Social (Labour and Human Rights) |
Ombudsman oversight for all projects; contractors required to engage local labour from surrounding communities |
|
Operational |
Implementation of the e-GP electronic government procurement system |
|
Economic and Budgetary |
Strict budget compliance; price increases require re-budgeting before procurement can proceed |
Lessons Learned
- Risk management is most effective when embedded throughout the procurement cycle from the point of need identification, not applied retrospectively.
- A cross-functional approach is essential — individual departments cannot identify all risks in isolation, and stakeholder engagement strengthens both identification and mitigation.
- Formalisation creates consistency and accountability; many organisations already manage risk informally but lack the structure to sustain it.
- Mitigation should address both likelihood and impact. Where probability cannot be controlled, the focus should shift to managing consequences.
- Legislative frameworks provide a foundation but must be actively applied within each organisation’s operational context.
Conclusion
This case study demonstrates how a structured approach to risk management strengthens public health procurement systems. The experience of Nigeria and Kenya illustrates that effective risk management is built into the tools procurement teams already use — supplier appraisal, contract management, demand forecasting, and performance monitoring. Applying these systematically, and sharing risk intelligence across functions and stakeholders, is central to building more resilient public health supply chains.
More like this
Risk: ISO Risk Standards
ISO (the International Organisation for Standardisation) is the world body for agreeing common standards across trade and and industry ...
Ask The Expert - Risk Management Process - Assets
This session focuses on procurement risk management with an emphasis on the importance of procurement to an organisations strategic ...
Risk Management Framework for Healthcare Commodities
Risk management is an important aspect of procurement and supply management. A recent study developed a risk management framework ...
Risk: The Interview
Listen to the podcast or if you would prefer to review the transcript below. Mpho: Welcome to Health Procurement Africa. The community ...