Risk is defined as ‘the effect of uncertainty on objectives’ (ISO 31000). With innovation procurement, everything about the end solution is uncertain. It is only through embracing uncertainty that buying teams will find new ideas and turn them into value.
With so much uncertainty, buying teams need to prioritise risk management to protect value. However, the risks associated with uncertainty can feel overwhelming and drive risk-aversion, becoming a barrier to innovation.
To build the risk appetite needed for innovation, buying teams should understand which risks can bring the most benefits and how to manage those risks carefully.
Carefully managing risks that help achieve innovation outcomes takes more effort than buying a known solution, where many risks can be avoided.
Buying teams can use the Innovation Eligibility checklist to help decide whether the effort or cost is justified to achieve the benefits of innovation procurement.
This guidance helps buying teams identify and manage risks to protect value in buying projects. It provides key concepts, processes, worked examples and resources to support buying teams to take managed risks within the context of agency risk frameworks. It also helps agency risk management and procurement teams refine their risk management frameworks, processes and resources to support innovation procurement.
When to manage innovation risk
Risk management should start early in the Discover phase of a multi-stage procurement process. Understanding risks helps with each step in the Discover phase. Each step may in turn refine the buying team's understanding of risks and controls.
Risk management continues throughout the buying journey, with a focus that evolves at each step.
At the start of a procurement journey, some risks are apparent and can be easily identified during scoping. Other more technical risk categories such as security and solution integration are more likely to be identified later in the Discover phase. This could be through market research or even after proposals are received.
The buying team's understanding of solution and supplier risks will improve with each stage. New risks and controls should be identified and managed with each stage and some might even drive changes in the procurement strategy, pathway or iteration plan.
Innovation-specific risk thinking in each phase
Expand the boxes below to learn about innovation-specific risk thinking in each phase.
Align need with strategy step:
- Ensure the project team and approvers have an appetite for taking carefully managed risks to achieve innovation outcomes.
- Ensure all stakeholders understand the iterative nature of risk management for innovation procurement and their role in it throughout the buying journey.
- Understand the risk of the buying team making assumptions about the solution.
- Pathway step – Decisions around testing and buying pathways not only carry different risks, but can also mitigate other risks.
- Mobilise step – Ensure all stakeholders contribute to the identification of risk and controls and they all understand their roles.
- Market research step – Focus on the risk of inadequate market research and use guidance around sources of market information to inform buying strategy decisions.
- Iteration plan step – Incorporate risk management activities into each stage of a multi-stage process to ensure new risks are identified and managed at each stage, and risk experts know their roles.
- Business case step – Give approvers confidence about known risks, management strategies and the iterative process to continually manage risks and improve confidence.
- Requirements step – Determine which requirements should be mandated upfront, and which requirements should be signalled for later stages, to stay ahead of critical risks.
- Evaluation criteria step – Set a level of detail and weighting for each stage, for each criterion, in a way that reflects the risk focus for each stage and supports an increasing focus on technical risk in later stages.
- Buying strategy step – Document how the proposed market approach manages known risks and how it will support additional risks to be uncovered.
- Iterate step – After the initial market approach and at the start of each subsequent stage, look at what was learned in the previous stage and adjust risk controls to manage any new or evolving risks.
- Tender documents step – Ensure key risk domain experts collaborate with the buying team to ensure the terms and conditions of tender participation, as well as key terms in any proposed contracts, mitigate known risks and allow flexibility to adapt to emerging risks.
- Evaluation plan step – Refine evaluation processes within the bounds of the evaluation criteria to ensure evaluators are incorporating relevant risks and mitigants for the stage.
- Contract management activities – Monitor risks as part of usual activities to manage contracts, deliverables and supplier relationships.
- Acceptance testing – As part of evaluating the deliverables for the stage, capture any insights or lessons learned that might change how risks are managed, and reflect changes to risks in the Iterate step for the next stage.
Who to involve
Risk management is a collaborative exercise. The buyer should engage experts in all the risk domains that apply (or might apply) to a buying project. Ideally, these experts work through risk identification and assessment together, since there may be shared risks or shared controls.
Everyone in a buying team should understand their risk management responsibilities, including how to build risk appetite when buying innovation.
Expand the boxes below to read about the types of risk experts and how they can contribute to risk management as part of an innovation buying project.
The NSW Government buys digital solutions by entering into agreements for the provision of goods and services. These are legal contracts, in which each clause is designed to treat a particular risk, usually as a means of last resort. Tender documents also include legal terms and conditions.
Compared to procurement of known solutions, innovation procurement requires more attention to contractual positions on confidentiality and ownership of Intellectual Property (IP). These may vary between projects depending on the solution maturity and the level of commercialisation involved.
Engaging with a legal representative early ensures legal risks and controls are captured well in advance of tenders and contracts being issued. Planning ahead for these considerations helps when the end solution is unknown, as decisions may need to be approached in stages. The right change governance structures will support staged decisions.
When the end solution is uncertain, it can be hard to know what cyber security risks could emerge at the start of the project. Buying teams could be wasting respondents' and evaluators’ time if they request detailed cyber security information at the initial market approach.
Cyber security advisers can draw on their knowledge of best practices across the agency, NSW government and wider industry landscape to plan ahead for cyber security risks. This helps set milestones where appropriate risks and controls can be identified as more information becomes available. It is important they are involved in the design of testing stages right through to evaluation, iteration and implementation at scale.
Procurement teams should be willing to advise early in the process on possible risks and mitigants with the selected procurement pathway. Ideally some level of consultation and advice happens in the Discovery phase as part of the buying pathway step, rather than the Plan phase where some important decisions would already have been made. The types of risks will depend on the engagement and testing methods that make up the pathway. These can include pitch events, Proof of Concept (PoCs) or trials.
They may draw on a mix of professional experience and samples or templates to support the treatment of risks. These can help both the design of procurement stages and detailed action planning and execution.
Buyers should consult with central ICT and digital teams in their agency or department early in the risk management process to seek technical expertise on risks and mitigants. This helps ensure solutions are aligned to strategy and future-proof.
Specific technical risks can become more apparent as solutions emerge, meaning ICT advisers may need to advise on the design of testing stages. They may also be required for evaluation and/or implementation activities throughout the Discover, Plan and Source phases.
Innovation buying projects with multiple stages can be complex, particularly for agencies that don't often support these kinds of projects. Risk and governance expertise can help design a transparent, fair and well-documented procurement process that stands up to scrutiny.
Suppliers have a different experience for innovation procurement compared to a more traditional procurement. Therefore buying teams should manage supplier expectations carefully and emphasise fairness and transparency even more than usual.
For particularly high risk or high value projects, buyers might consider including an independent risk or probity advisor for the life of the project. Checking early on the agency's view about the need for external oversight will ensure any external risk advisor is budgeted for. This will also enable the advisor's advice to feed into the strategy and be revisited at checkpoints along the way.
Risk management resources to support buying innovation
Understand how to take smart risks and manage them carefully to drive innovation outcomes, through five key risk concepts.
Augment existing risk management frameworks by embedding an innovation risk mindset into each risk management step.
Understand how risks are managed through two fictional scenarios.