Skip to main content

Your Procurement Compliance and Risk Management Checklist

We recently had the opportunity to chat with seasoned procurement pros at our OntarioTalk event, and they had some great compliance advice that applies to all jurisdictions.

Our panelists included:

  • Hend Salem, Manager of Strategic Sourcing – Non Clinical at The Ottawa Hospital
  • Carol Izzio, Director of Procurement at Sheridan College
  • Christine McParland, Director of Residence and Ancillary Services at St. Lawrence College
  • Luca Del Grosso, Manager of Procurement at Technical Standards and Safety Authority

They all shared their experiences and what worked well in their agencies. Find the summary of their advice in this article or watch the full conversation here.


Keep reading for a checklist to help you optimize procurement compliance and internal risk management.

1. Clear procurement policies and procedures

In order to be compliant, you have to know and understand what to be compliant with. There’s no shortage of federal and state/provincial regulations to adhere to, so meeting them all—plus your corporate policies—is your challenge.

Having clear policies and procedures ensures everyone on your team is processing things in the exact same way while complying to the same standards.

Ask yourself these questions:

  • Do my policies use clear, plain language?
  • Are my procedures well-documented and specific?
  • Are these documents easily available to everyone who may need them?
  • Are my staff thoroughly trained on these documents?
  • Do I have regular review cycles to address inefficiencies in procedure?

2. Leadership support

Like most things, procurement compliance starts at the top. While procurement can create the initial policies and procedures, leadership gets the final say.

If you’re pushing compliance across all departments that you work with, making sure your leadership team has your back is essential. This ensures your internal stakeholders understand that you’re not forcing them to follow made-up rules, but adhering to corporate-wide policies to make sure things run smoothly, are risk-averse, and follow the law.

Ask yourself these questions:

  • Has my leadership team reviewed and approved all policies?
  • Does leadership have a process for enforcing policies?
  • Does leadership support procurement education for other departments?

3. Internal client education

Educating internal clients on procurement compliance is incredibly important—which all our panelists echoed. They need to understand what they’re complying with, why, and how to stay compliant, or else they’ll do what they feel is best. Educate on the benefits to both them and the organization if the rules are followed—such as spending budget efficiently, increased transparency, avoiding legal issues, streamlined workflows, etc.

Ask yourself these questions:

  • Are there any educational sessions on procurement for other departments?
  • How are new hires introduced to the procurement process?
  • Is it clear to everyone how procurement works and their role in the process?
  • Do others understand why policies exist and how to adhere to them?
  • Do all other departments have easy access to policy and procedure documents?
  • Do others understand the risks associated with not following policy and procedures?

“We are not policing [internal stakeholders] or policing how they are spending budget but they are accountable for the budget, the risk, and the spend. It’s not a procurement policy, it’s a corporate policy. Everyone has to buy in.”

— Hend Salem, Manager of Strategic Sourcing – Non Clinical, The Ottawa Hospital

4. Procurement checks and balances

Making sure there are processes in place to catch mistakes before they become problems is a crucial part of the procurement compliance process. Your team—and your whole organization—can land in hot water if policy and procedure aren’t followed to the T.

Regulations like Ontario’s Broader Public Sector Procurement Directive give a list of requirements for certain documents, and our panelists have baked these into their own review processes. Many regulations also have requirements for segregation of duties and approval responsibilities that can help you craft your own procedures.

Ask yourself these questions:

  • Are there already review processes in place? Are they working as intended?
  • Are my documents version-controlled?
  • Is my recordkeeping system organized, centralized, and easily accessible?
  • Do you do regular internal procurement audits?
  • Are there designated people to review procurement documents?
  • Do you have a checklist of document requirements to use in your review?
  • Do you use any tech that has compliance checkpoints?

Compliance and risk management is a team effort

Procurement compliance and risk management doesn’t just fall to the procurement department—it’s everyone’s responsibility. But it is procurement’s duty to make sure policies and procedures are standardized, accessible, and easily understood by internal clients.

Procurement technology is your ally. It helps you centralize and manage documents, create compliance checks, follow custom approval workflows, collaborate with your team and internal stakeholders, and so much more.

Get eProcurement with compliance built-in. Learn how Euna Procurement, powered by Bonfire, can help—book a demo.


Learn how to find the right solutions partner to enhance your ERP, save time and resources, and ultimately deliver a greater impact on the communities you serve.

Download eBook


Learn how to find the right solutions partner to enhance your ERP, save time and resources, and ultimately deliver a greater impact on the communities you serve.

Download eBook