Governance represents the way in which institutions are managed, with leadership, strategy and control mechanisms, to evaluate, direct and monitor management. Within this scope there is risk management.
Objectively speaking, risk is the effect of uncertainty. It is the possibility of something happening and negatively affecting an organization's objectives. Risk management, in turn, is the process used to identify, analyze, evaluate, treat and monitor potential events and their consequences. In practice, it is an excellent management tool used to safeguard and protect the organization. And, precisely for this reason, it is used in various situations and by the most varied legal entities, including in public procurement. Law No. 14,133/21 itself, known as the New Procurement Law, established for the Public Administration the need to implement risk management, as a process capable of ensuring the efficiency, effectiveness and efficacy of procurement, being applicable in all phases.
All these considerations can also be lebanon telegram data applied to the Entities of the S System. In fact, the TCU, by Ruling 699/2016-TCU-Plenário, reported by Minister Weder, recommended to all entities of the 'Sistema S': “9.2.3. that they make efforts to improve their control processes, studying the feasibility of implementing internal audit units, without losing sight of the regional autonomy of each department, in order to improve the effectiveness of their risk management, control and governance processes;…”.
In view of the positive results of governance and risk management, such mechanisms can and should be used in the bidding processes of such entities.
Drawing an analogy with the guidelines of Law No. 14,133/21, risk management can be an internal process applicable in the planning phase, in the selection of the supplier and in the execution of the contract, or represent shared management with the supplier, through a risk matrix in the contract.
In addition, it is important to mention the recent SESC and SENAC Bidding and Contract Regulation (Resolution No. 1570/2023 and No. 1243/2023, respectively), which establishes in art. 4 the concept of risk matrix, which, according to this regulation, is “a contractual clause that defines risks and responsibilities between the parties and characterizes the initial economic-financial balance of the contract, in terms of financial burden resulting from events subsequent to the contracting, duly provided for in the notice”. It also defines the mandatory risk matrix in engineering works and services with values equal to or greater than 20 times the value of the competitive bidding modality (currently R$2,465,000.00); in integrated or semi-integrated contracting regimes; or in contracts that involve technological risk.
Risk management can mitigate or avoid problems in contracts such as: insufficient planning, overpricing or overbilling, non-execution of contracts, inspection failures, bidding targeting, undue contract amendments, emergency contracting caused by planning failure, excessive objections, judicialization, etc.
There are many frameworks available for implementing risk management for contracting, but the main steps are (1) identifying the risk, originating from a cause and with a consequence; (2) analyzing the probability of its occurrence and impact; (3) assessment and prioritization; (4) treatment to be given, such as avoidance, mitigation, acceptance and transfer; and (5) risk monitoring.
For entities that have not incorporated this tool, it is recommended that implementation be gradual and in situations identified internally as necessary, that is, in those in which the probability of occurrence, in view of the characteristics, history, protection mechanisms, is medium or high and the impacts are considerable.
As an example of risk management in bidding processes, imagine a contract for outsourced cleaning and maintenance services that presents the following historical situations: many questions from bidders and objections regarding the required documents, little interest from bidders (low competitiveness), difficulties in inspection. Such events must be transposed into risk maps to include all the management elements mentioned above.
Let's explore one of the items in our example: low competitiveness. First (1) the risk event is identified by establishing the (1.1) cause, which may be excessive demands, lack of clarity regarding obligations and other contractual clauses, difficulties in obtaining information from the Bidding Committee, etc., and the consequences (1.2) increased questions, increased contract value, etc.; then (2) the risk is analyzed, defining that the (2.1) probability of occurrence is high, since there is a history of few bidders for this object, and the (2.2) impact may be serious, considering the indispensability of the services and risks associated with urgent contracts, if there are no interested parties and the bidding is abandoned; based on this information (3) the risk is assessed by defining the risk as moderate, with a short time frame to implement controls; (4) the most appropriate treatment is presented, such as mitigating, by reviewing the notice, the annexes and the contract, or hiring a consultancy to prepare the terms of reference, or even training the members of the sector responsible for preparing the bidding documents, in the hope of reducing the probability of the risk materializing and the consequences; and, finally, (5) the process is monitored to identify the effectiveness of the control or the materialization of the event.
- Board index
- All times are UTC
- Delete cookies
- Contact us