Risk appetite when buying innovation
Understand how to take smart risks and manage them carefully to drive innovation outcomes, through five key risk concepts.
Innovation procurement requires a higher risk appetite than most procurements. In practice, however, risk appetite isn't something that buying teams or their approvers just choose to have. To build a strong risk appetite, buying teams and their decision-makers need to:
- understand their risk landscape
- know which risks create innovation benefits and might be worth taking
- feel supported to take risks safely.
Uncertainty and complexity inherently bring risks. To balance these with the benefits of innovation procurement, buying teams and their procurement advisors need to bring an innovation mindset to risk management. This mindset is compatible with usual risk management practices and helps implement an agency's risk management framework in an innovation context.
This page supports buying teams to build a shared innovation risk mindset for buying projects and navigate risk decisions in a way that protects benefits.
Five key risk concepts to build an innovation risk mindset
Five overarching concepts can help buying teams apply existing risk management frameworks to innovation procurement. Teams should explore these together and collaboratively discuss what they might mean in practice. Approvers may also need to be briefed on these concepts to support any decision-making that demands a higher risk appetite.
- Agile delivery breaks risks into manageable chunks – Human-Centred design and agile delivery methods help break down significant risks into smaller, more manageable chunks.
- Multiple stages help uncover information to reduce uncertainty – A multi-stage procurement approach supports progressively uncovering information to reduce uncertainty and increase confidence, enabling the process to adapt accordingly.
- Manageable and masked risks in an outcome-based approach – An outcome-focused market approach introduces (manageable) risks and masks technical risks which will need to be revisited at each stage.
- Risk treatments can create secondary risks – Some risk treatments create secondary risks so buying teams must be prepared to weigh these up against each other as well as against project objectives.
- Mobilisation for collaboration and expertise – Mobilisation sets up close and regular collaboration between agile project team members. Engaging the right subject-matter experts helps identify and manage risks to process and business outcome, as well as helping with the design of testing stages that help understand risks.
This page helps buying teams understand how these concepts play out in practice, and their effect on risk identification, treatment options and ongoing monitoring.
Agile delivery breaks risks into manageable chunks
Innovation can uncover completely new solutions, existing solutions applied in new contexts or even ideas that have not yet been turned into solutions. Evidence that these sorts of solutions has achieved desired outcomes elsewhere, or that suppliers can deliver effectively, might be limited or non-existent. Committing several years' worth of money and resources to the implementation of an unknown or untested solution would pose a significant risk.
Agile methods and Human-Centred Design break this large risk into several smaller and more manageable ones. Agile methods include a focus on outcomes, testing through multiple stages and deep engagement with users.
The bigger the scope and financial scale of a solution, the more valuable agile methods will be. Without them, an agency is unlikely to have the appetite to invest in an unknown or untested solution.
Expand the boxes below to learn how various agile methods can help break down risks.
An outcomes-focused approach such as a challenge statement can attract a range of possible solutions that could solve a problem in different ways. This broader comparison can help assess effectiveness, find the most up-to-date technology and achieve the best value for money.
While running an innovation challenge means taking some risks (see manageable and masked risks heading below), they are preferable to the risk of investing in the wrong solution or not finding one at all.
Financial commitment in a multi-stage procurement is smaller at early stages, when not much is known about solutions and suppliers. Some early-stage funding might go towards solutions or suppliers that don't progress any further in the process. This is often either not budgeted for or seen as wasteful by some. However, the cost of testing is generally far less than the cost of terminating an agreement for a solution that's not suitable or the cost of scope-creep.
Building engagement and collaboration time between suppliers, project staff and end users into testing stages can increase confidence in the effectiveness of the solution. It also provides valuable insight into how well suppliers can work with government staff, systems and customers. This approach requires more time, resources and attention to probity. However these efforts would cost far less than an agreement with a supplier who is uncooperative, doesn't understand the operating environment or doesn't value customer outcomes.
Multiple stages help uncover information to reduce uncertainty
Innovation buying projects start with a lot of unknowns – the type of solution, how effective it will be, technical details, whether it will work with other operating systems, whether it will meet security and privacy requirements, whether the supplier can work well with government and end-users.
The way this uncertainty is managed in standard procurements is to ask suppliers for everything in their initial proposals. This would be ineffective for innovation, especially when exploring emerging markets, as there is a high chance that requests for proposals could miss important detail.
Expand the boxes below to learn how multiple stages can reduce uncertainty.
By asking suppliers for information in multiple stages, buyers improve their understanding of the market offerings and refine the information they ask for at the next stage, after short-listing.
Participating in tenders is very costly for suppliers, so it helps to ask only for critical information at a first stage. The focus should be to assess how well suppliers can solve the problem and whether they meet any non-negotiable requirements while giving them advanced notice of information that might be needed later.
It is more efficient and effective for everyone if greater technical detail is requested at later stages. A smaller cohort of suppliers investing more time into tender proposals that have a higher chance of success means a smaller number of detailed proposals for the project team to evaluate.
An added benefit is that limiting the detail requested in the initial proposal can attract a wider range of suppliers and solutions.
Manageable and masked risks in an outcome-focused approach
Buying innovation can amplify the likelihood and/or consequences for certain risks that already apply to most buying projects. At the same time, adopting an agile approach breaks these risks down into smaller chunks. This systematically reduces the risk exposure over multiple stages.
Buying teams should capture the following risks in their initial risk identification, as well as the aspects of an agile approach that help manage each one.
The market for innovative solutions may be immature, with limited competition or standards. This increases the risk of vendor instability, limited supplier options or insufficient market support. Working more closely with suppliers helps manage this risk.
Risks relating to specific types of technology can't be identified before proposals are received. Involving technology subject-matter experts in the design of stages and in evaluation and/or iteration helps ensure risks are identified at later stages.
Innovation is likely to involve sharing or licensing of proprietary technologies, processes, data or even ideas. This can raise concerns about protection of Intellectual Property, ownership rights or confidentiality with vendors or competitors. Sound confidentiality practices, and proactive communication of those practices to suppliers, helps manage this risk. These practices are embedded in all innovation procurement guidance, tools and templates.
Innovation tenders typically involve more interactive engagement, or even siloed interactions, with suppliers. This increases the risk of perceived unfairness. Building fairness into all interactions, proactively communicating those measures and checking on suppliers' comfort with the measures can help manage this risk.
Adapting the procurement process based on new information helps to manage investment risk but can also increase the risk of perceived bias. Communicating to suppliers how those decisions are governed and how changes will be managed can help manage this risk.
Given the uncertainty about the end solution, decisions about long-term funding (via business cases) or applications to other use cases will need to be made after the procurement begins. This can create a risk of actual or perceived lack of transparency. Proactive communication about the scale of the opportunity and any funding uncertainty can help manage this risk.
Read more about managing probity for innovation buying projects
During the Plan phase for innovation buying projects, some risks are masked. When buying known solutions, these risks would usually be identified and treated before approaching the market. When buying teams don't know what they are buying, they can't accurately identify these risks until after reviewing proposals.
Buying teams should continuously update their risk register with the latest information after each stage, capturing any new risks.
Expand the boxes below to learn the risks most likely to emerge after evaluating proposals or testing solutions.
The solution may face challenges integrating with existing systems, leading to potential delays, increased costs or reduced functionality.
Relevant Strategy professionals and experts in the ICT/Digital/Product and technical domains should be engaged to align with the ICT technology roadmap to determine if the problem can be solved by a planned or inflight project. The NSW Digital Strategy identifies priority missions and digital commitments that set the strategic direction for the NSW Government. The NSW State Digital Assets Reuse Policy mandates agencies to reuse what is already available.
Suppliers of innovative solutions may lack the experience, resources or stability needed to deliver and support the solution, leading to potential failures or service disruptions.
Solutions may introduce new vulnerabilities or fail to meet data protection standards, increasing the risk of cyberattacks or data breaches.
The solution may not fully comply with relevant regulations, resulting in legal challenges or the need for costly modifications.
The adoption and maintenance of a solution may require skills and knowledge that the agency lacks, leading to substantial training or hiring efforts to ensure proper maintenance and support.
Risk treatments can create secondary risks
Innovation-friendly procurement methods act as treatments for the larger risk of investing in and implementing an unfamiliar solution. They can also be perceived as risks in their own right. These risks include using a solution-agnostic problem statement, funding multiple testing stages or increasing interaction with suppliers.
These risks are smaller, manageable and beneficial overall. They help manage uncertainty and ensure a broad exploration of potential solutions. However, risk-aversion can result in over-treating (or even removing) these smaller risks. This can inadvertently weaken their effectiveness as controls for the larger risks.
It is crucial to manage smaller risks in innovation procurement rather than removing them. Recognise how these risks act as controls for larger risks and over-treating them could undermine this balance.
Expand the boxes below to read about some secondary risk examples.
A problem statement that is outcome-focused, solution-agnostic and minimises technical requirements can attract a wide range of potential solutions. This can be seen as a risk because buying teams are less familiar with documenting requirements this way.
This smaller risk could be removed by being more prescriptive about the solution and its technical requirements. However, doing so could lead the buyers to miss out on the latest market expertise and not understand the full range of possible solutions.
The result could be committing all available funds to an inferior solution that doesn't solve the right problem, represent value for money or adapt well over time. This would be a worse outcome and a bigger risk. Rather than removing the risk, accessing support to evaluate diverse suppliers will help manage it.
Increased supplier interaction enhances understanding and collaboration between buyers and suppliers. This improves the relevance and quality of proposals, making them easier to evaluate.
Removing the associated probity risk by limiting communication could prevent suppliers from fully understanding the problem space and demonstrating their user insight. This could lead to a higher risk of missing out on the best solutions or dealing with uncooperative suppliers.
The likelihood of a solution not being fit for purpose or a contract being terminated becomes higher.
Rather than removing the risk, planning for probity-rich supplier interactions helps manage it while protecting benefits.
Mobilisation for collaboration and expertise
Effective collaboration is an important control for several risks related to the uncertainty inherent in buying innovation. On top of contributing subject-matter knowledge at key points, a cross-functional team should collaborate on the design of the whole procurement process.
Good mobilisation sets a cross-functional team up for successful collaboration throughout the life of a buying project. Mobilisation means bringing all team members together early, both the core buying team and subject-matter experts. It means defining clear roles and responsibilities and getting on the same page.
For all ICT projects, buying teams should consult technical experts at key points like requirements gathering, evaluation or contract negotiations. For innovation procurement, the buying team should go beyond consultation. They should engage experts and stakeholders in defining the business outcome, designing the procurement process, ensuring clear communication to suppliers, evaluating proposals and iterating between stages.
This level of collaboration is closer to a shared responsibility approach. It ensures all relevant roles have touch points throughout the project. Regular feedback loops ensure that the procurement stays aligned with evolving sector requirements.
Expand the box below to read an example of stakeholder engagement risk that is mitigated through a mobilisation activity.
A buying project focused on a known solution would engage a cyber security expert to provide input at fixed points. In the Plan phase, they might define cyber security requirements. In the Source phase, they would provide a cyber security questionnaire for suppliers to respond to.
Since innovation buying projects are solution-agnostic, a cyber security expert's contribution to requirements (i.e. the problem statement) would do little to help manage cyber security risks. Cyber security controls can only be put in place once the preferred solutions become clear.
However, the buying team could miss opportunities to introduce these controls without input from the right expert. By contributing to the design of each procurement stage, the cyber security expert can indicate how to uncover basic technical information that can then guide further cyber-security assessment.
That expert would then know when to expect technical information to be available and be prepared to contribute further.