Procurement uncertainty in 2025: Strategies for risk and resilience

Morgan Markwood

As the adage goes, “the only thing in life that’s guaranteed is that there are no guarantees.”

Certainly, 2025 promises to be as uncertain as any of the last four years, and nowhere is that more true than procurement.

Political turmoil continues to fester and escalate, wars conflagrate, and now, economically devastating trade wars look certain. All this puts procurement uncertainty top of mind for organizations for 2025 as supply chain and procurement challenges continue to mount. While procurement professionals like to believe that they are masters of chaos management, in reality many succumb to short-term thinking when it comes to solving procurement needs.

That’s why establishing a plan to guide procurement teams through uncertainty is one of the top issues CPOs are looking to address this year.

What every procurement team needs to manage chaos is conceptually simple: crisis management and crisis anticipation:

  • The crisis management solution addresses how to ease supply disruption through proactive mitigation.
  • Crisis anticipation is how to forecast risks and solve them before they materialize.

Procurement risk management is essential for organizations aiming to stay resilient amid ongoing supply chain disruptions.

Supplier diversification: A key to crisis management in procurement

Put simply, the concept of supplier diversification is to mitigate risks by spreading your firm’s procurement of a certain product across multiple sources. i.e., not putting all your eggs (if you can even afford them anymore) into one basket.

If your organization relies on a single supplier for a product and that supplier fails to deliver, you will at best be forced to purchase from alternatives with whom you lack a relationship – if they even exist – and thus beneficial terms; at worst, you may spend a considerable amount of time changing your business model to adapt to an entirely new product. What will those costs be to your organization – financial and reputational?

This diversification concept is straightforward, so consider the following procurement best practices for 2025:

  • For non-critical products, consider spreading out your active purchasing across multiple active suppliers.
  • For commodities, ensure you have vetted secondary suppliers that can be quickly ramped up when the primary fails.
  • For more complex products, identify comparable offerings from other suppliers.
  • For suppliers in politically tumultuous regions, consider secondary sources in more stable parts of the world.

It’s important to note that supplier diversification assumes that there are alternatives to the products your organization uses.

What happens when there are no alternatives?

What if your organization procures a totally unique product that is of strategic importance? This is where the importance of forecasting risks is paramount, as there may be no contingency options within the supply chain itself.

Third Party Risk Management (TPRM): Anticipating and mitigating procurement risks

Third party risk management (TPRM) is a discipline that aims to identify and manage external risks. These risks, while dealing mainly with suppliers, are not exclusive to supply chains in nature; they encompass everything from risks associated with suppliers’ financial health to risks stemming from broader geopolitical events. This involves a complex process of identifying, cataloging, and continuously monitoring risks so they can be mitigated before they become reality. This makes TPRM a critical cornerstone of procurement risk management and is crucial for managing procurement uncertainty in 2025.

As the concept has become more popular in recent years, many firms have opted to establish TPRM teams that manage the identification, monitoring, and mitigation process. There is also an entire software industry segment dedicated to technology solutions that aid TPRM teams in scanning multiple information sources, whether they are financial or even news-based, to identify risks faster than human ability alone.

Referring back to the concluding challenge of the previous section, TPRM provides a way to manage risks related to strategic suppliers when there are no close alternatives. Obviously, supplier diversification does not work in this situation. In that case, the only procurement solution is to build up strong supplier relationship management.

Then again, if a strategic supplier fails, it won’t matter how strong your company’s relationship is with them. In that scenario, the best case would be to have TPRM business intelligence that would forewarn your company of the supplier’s imminent catastrophe. Advanced warning (the more advanced, the better) could enable your business to address the risk by:

  • Developing your own alternative in-house
  • Re-designing your product or business model so it doesn’t rely on the product
  • Preparing to acquire that strategic supplier

Whatever the ultimate business decision, a robust TPRM function will help proactively identify and manage risks before they actually become unmanageable problems. This will give your firm its most valuable advantage: Time.

What are the different types of third-party risks in procurement?

  • Financial health risks refer to a supplier’s ability to maintain financial viability. Poor financial health may lead to an inability to deliver contractual obligations or even the total business collapse of the supplier.
  • Cybersecurity and data risks may be introduced by suppliers who have access to or manage data on behalf of your company, including customer data, employee data, and any other kinds of sensitive data.
  • Compliance and regulatory risks are associated with changes in laws, industry standards, and regulations that govern a supplier’s products.
  • Reputation risks include supplier actions that may adversely affect your company’s public image, such as unethical practices, political affiliations, and any actions that may be deemed unaligned with your company’s brand and image.
  • Financial systems risks extend to suppliers providing transactional tools and/or services related to supporting or managing accounts receivable, accounts payable, treasury, and any other financial transactions. This may overlap with cybersecurity and data risks.
  • Operational risks include any supplier failures that impact local and/or regional revenue generating operations.

How to implement these procurement risk management strategies

1. Perform supplier segmentation

Supplier segmentation is the process by which suppliers are scored based on their impact to your profits and the supply complexity of their offering. This allows your organization to understand the relationship between these two variables using a concept known as the Kraljic Matrix.

Create a questionnaire that can be used to score each supplier based on their profit impact and supply complexity. The result will be that supplier’s placement on one of the four quadrants of the matrix:

  • Non-Critical: Suppliers in this classification offer undifferentiated commodities with many alternative suppliers and have a low impact on profitability.
  • Leverage: Standard commodities with abundant supplier alternatives; they offer highly standardized and readily available products. Supply risk is low but there is a high impact on profitability.
  • Bottleneck: These suppliers offer products with limited alternatives. The supply risk is high, but profit impact is low.
  • Strategic: Critical suppliers that present the highest supply-chain risks and greatest profit impacts to a company. Suppliers within this classification should be the key focus for procurement teams.

Once segmentation is completed, you now have a baseline understanding of your organization’s most critical suppliers. This can be used to determine supplier diversification strategies and, if necessary, prioritize suppliers for the risk management process.

2. Identify risks associated with your suppliers

Now that supply chain risks have been determined from the supplier segmentation process, it is also critical to identify broader kinds of third-party risks as described in the TPRM section.

Create a questionnaire used to identify and score a supplier based on the different risk types. Once the questionnaire has been completed for a supplier, calculate their aggregate score to determine their overall level of severity. These scores can be used to determine which suppliers require the most scrutiny from your TPRM team.

3. Create a system to monitor and manage procurement risks 

Once risks have been identified, your TPRM and Procurement teams now need to actively monitor and manage those risks. This is best done with the support of TPRM tools and technology to augment and automate what would otherwise be a tedious, manual process. A combination of supply chain criticality (supplier segmentation) and risk severity (risk classification and scoring) will guide which firms require the most frequent level of internal reviews and scrutiny.

Building procurement resilience for 2025, and beyond

If the only certainty is uncertainty, then we are indeed living in a unique time that presents unique challenges — and demands unique solutions.

To that end, as procurement professionals you can help protect your companies by devising robust crisis anticipation and mitigation plans. These should be led by strategic supplier diversification efforts underscored by ongoing third party risk management processes. By prioritizing procurement risk management and adopting best practices for 2025, you can build more resilient supply chains that will help your organizations successfully navigate uncertainty.