Skip to main content

The National Health Service (NHS) is the UK’s largest employer and the fifth-largest employer in the world. Managing risks in such a huge organisation is no easy task, especially in healthcare where the stakes are so high.   


Chris Wagner is an Associate Director of Finance for Contracts and Procurement within the Lewisham and Greenwich NHS Trust, London. Chris has worked in public sector procurement for over 11 years, including in local government. Since joining the NHS he has added contract management and income to his portfolio. 

Phoebe Jordan, Director of Corporate Development at Thomas Murray, chatted to Chris about the unique risk management issues he deals with on a daily basis, the trends he’s noticed over the course of his career, why low costs don’t always make for great savings, and how to retrain the Terminator to be a risk manager.

Phoebe Jordan: Hi Chris, great to see you. I’m looking forward to this – I expect you’ve got lots of interesting things to say about this topic.

Chris Wagner: I hope I meet expectations!

PJ: I’m going to start with a big question that should bring an immediate answer to mind: What would you say is the single biggest risk you’re facing from your third parties and suppliers? Is it financial, operational, cyber, reputational, or supply chain risk?

CW: I think for us in the NHS, and this would apply to a wider healthcare setting, the biggest risk is around the operational delivery – specifically, how that impacts on patient care. When you’re looking at it from our supply base as a whole, which could include consumables, medical equipment, service providers that provide patient-facing activity and maintaining our estate, it is all about making sure the hospital is a safe place for people to come and receive care. That’s our main focus in relation to risk management. But the biggest single risk that any of our suppliers can pose to us is if something happens at their end that impacts on our patients in some way. That’s our operational risk.

I’m going to have to mention financial risk as well, because it’s no secret that the NHS is going through challenging times in terms of budgetary pressures. We don’t have that on our own, look at inflation and cost of living, but we have to think very strategically about how we try to manage that operational side and deliver patient care while handling the bottom line at the end of the year as well. Our third-party suppliers have a big part to play in that, but it’s balancing those two at the same time. For me, personally, that’s our biggest challenge.

PJ: I’m sure a lot of procurement experts would share those concerns, whatever sector they’re in. How do those considerations affect your third-party relationships? 

CW: If we have a good relationship with a vendor we can try to mitigate the impact of inflationary increases through negotiations, and sometimes it relies on having a strong contract to fall back on. But how we manage that, especially when inflation’s as high as it is right now, is often by looking at what kind of flexibility we have in the contracts with our suppliers.

PJ: When it comes to your RFP processes, for example, if you’ve got a strong pre-existing relationship with someone, does that give them a bit of an edge in the tender process? Or are you always looking at whose bid is better, regardless of the pre-existing relationships?

CW: Our procurement processes are really heavily regulated, which means we’re always looking at who the most economically advantageous tenderer is on any given project. We don’t take into account that past experience as part of the procurement process. I think one of the things that I’ve definitely seen a shift to over the course of my career is the trend towards developing consistency and leveraging longer term relationships, and it seems to me that’s where we’re going as a sector.

So instead of going out for a short-term contract, do you go out for slightly longer one that helps you to build a relationship with that more strategic partner and that helps you weather storms as they come? And then try to manage that risk a little bit differently.

PJ: Does that increase the risk of over-reliance on one party? I’m thinking about the Post Office’s Horizon scandal, which partly came about because Fujitsu was so heavily embedded throughout the entire Post Office infrastructure that it just became too expensive to replace them.

CW: I think in the IT space, that’s a really valid question. You know you often get the pushback of, “Well, it’s going to cost a lot of money to rip this system out.”

You’ll often get someone saying, “This will be a lot of money. It’s a lot of effort. It’s not what we need to do right this second.” And the challenge I generally give to that is, “We’re going to change it at some point, right? Because otherwise we’d all still be working on Windows 95.”

The cost/benefit analysis of implementing something new works, but I think there’s two sides to that. The question is, how do you procure something with an eye on phasing it out in future, because you’re going to have to end that contract sometime. And how do you procure something for an appropriate amount of time?

PJ: How do you approach that?

CW: Let’s say it takes you three years to embed an extensive, new system. Maybe, in that case, you don’t have a four-year contract term because you’ll have to start again before you’ve even got your feet under the table. If it takes you a couple of years to put that system in place, and you’ve got a 5, 6, or 7-year contract, maybe even a 10-year contract, actually by the end of that, you’ll be ready to do something new.

A really big risk might seem to you a small risk simply because you don’t understand it.

Having an eye on the exit at the beginning is important, but you also need to be reasonable and realistic about how long are you going to be in this contract with the supplier for. Build in enough flexibility so that you can change things as you need to, and keep your contracts fit-for-purpose. That would be my advice as to how to avoid becoming locked into a supplier relationship that ultimately doesn’t benefit you.

PJ: That’s interesting. Is that how you’re approaching your vendor relationships from the start? By thinking about the off boarding process from the very outset?

CW: Yes. I urge people to think that way. In an ideal procurement world, that would be the approach on every single contract.

PJ: What are what are some of your unique challenges in healthcare, would you say?

CW: I think the thing that separates us from a lot of different industries is that we must prioritise patients. One of the ways we ensure that we’re meeting that obligation is by constantly asking, Do we have the right sort of checks and balances in the organisation?

It can make procurement even more challenging than it is in other sectors, because we have to factor patients and patient care into whatever we’re trying to do to make our Trust an efficient and effective organisation. 

We also have quite extensive governance processes, to make sure that we’re doing the right thing. Having lots of governance is probably not unique to us – in my experience, it’s very similar in other public sector organisations – and it’s there to ensure that you’re not just buying something because it looks good on paper, but it actually does what it needs to do. 

Sometimes value-for-money means buying something that’s a bit higher quality and therefore a bit more expensive than another option, because it means you’ll achieve a reduction in waste, or you’ll be able to have more control over a project – all that sort of thing.

PJ: You mentioned that shift to leveraging longer-term relationships – are there any other trends that you’ve noticed during your years in procurement and contracts?

CW: I’ve worked in procurement and contracts for 11 years, and the last two of those have been in the NHS. But I was in local government before that, so it’s all very similar and I think that’s the main trend I see in procurement – moving to more strategic partnerships, while also trying to have a positive impact on local communities.

We have all the challenges we’re dealing with, but our communities that we serve are dealing with those challenges as well. That can have an impact on people’s health and wellbeing. I think the trend is broadly towards being more collaborative to meet those challenges. 

PJ: What does that look like?

CW: We’ve got our Integrated Care Boards that have been set up now for, I think just over a year, so that’s moving us to think more as a system. For example, in southeast London the NHS Trusts now think about how we work collaboratively together, rather than just focusing on the provider basis. That’s going to help us manage financial and supply risks going forward.

We look at things that could actually happen in one space rather than another, and how to balance that efficiently without having a single point of failure.

Those are really important questions that we’re always asking ourselves – how can we be clear about what our main risks are, operationally, and how do we get the right things at the right time and in the right place?

How can we collaborate and use our collective resource if we’re having difficulty with the supplier over here? Can we use someone else? Can someone else step in and give us a hand, or move products or equipment around? We do that pretty well, but it’s how we take that to the next level.

... it’s no secret that the NHS is going through challenging times ... we have to think very strategically about how we try to manage that operational side and deliver patient care while handling the bottom line ...

And I’m particularly thinking of [NHS] pharmacy stores around London. They’re really good at moving stock to manage fluctuations in stock levels where there are supply chain challenges. So how can we take some of that to the next level in terms of our operational resilience? 

It needs to be balanced by your levels of efficiency and efficacy as well. You can be really resilient by having something replicated ten different times, but it’s going to be really expensive and probably a bit clunky. You have to achieve operational resilience, and maintain your pace, without losing efficacy and effectiveness. Where that line is will be different in different contexts. 

It’s about taking those general approaches and then applying them to the individual categories or areas, rather than saying, “we’ve got a ‘one size fits all’ strategy to risk management and we apply it to everything.”

You have to take a slightly different view on different things depending on how strategically significant they are – if this thing doesn’t arrive, is it a major, major problem? Or are there lots of alternatives we can look at?

We have a lot of stock in-house anyway, so that we can weather the storm for a little bit and try to plug that gap in a different way. It’s a really valuable risk management tool, or business continuity tool.

PJ: How valuable, would you say?

CW: You know, if we’re struggling to get something but a partner up the road or across the River Thames has it, how can we get that here effectively and efficiently? If we can get that piece of equipment here quickly without damaging it, does that mean that an operation that would otherwise be cancelled can go ahead? That has a massive impact on someone’s life.

But sharing resources can’t be the only solution in the toolbox, because I think if we all rely on that too much, if there is a supply chain issue that’s more significant and it’s not a small delay, you all end up rushing for the same stock.

There’s something around finding that balance between these two things. They don’t have to be exclusively around having sort of longer term arrangements, but maybe having that diversified supply, either within an organisation or within a region or a system.

PJ: And do you have an internal system for, for want of a better term, managing inventory? Or do you just send out an email to everyone and say, “hey, we’re short of insulin?”

CW: We do, yes, we have systems that help manage our stock. Some of them are more automated than others. And we’ve got some devices that automatically reorder products and things like that. One day we’ll be able to push a button and see exactly how much we’ve got of something specific on every single shelf in the hospital. I’m sure that’s coming.

And then you’ve got the space constraints and everything else. You know, hospital sites are always crammed, I think it’s safe to say – or ‘busy’ is probably a nicer way of saying it. There’s always a lot to fit into a relatively small space.

You’re wrestling with how much would you like to have in stock and how much can you have in stock? Something that I’ve started to do in southeast London is keep an offsite hub that has more stock in it that can help mitigate that risk. That’s not been completely rolled out across the whole region yet.

PJ: When you’re looking at a third-party supplier, what are the top risks that you’re assessing them for? Or will it depend on a range of factors?

CW: It can vary. Under the procurement rules, especially if it’s a high-value requirement, there are specific things we have to check – if the company has links to terrorism, or if one of the directors has been convicted of tax evasion, things like that. Some of that comes out in self-declarations, but there are other due diligence checks we do elsewhere.

In the main, aside from all of those standard requirements, financial standing’s really important. Does the organisation look like it’s really struggling? Does it look like it’s really stable and secure? And I think it’s important that we don’t have a one-size-fits-all approach to that. What a stable company looks like can be really different in different sectors and different fields. Your exposure to that risk of a company going bust is really different depending on what they’re doing.

PJ: Can you say a bit more about that?

CW: If you’re building something on an NHS estate, and you’re working with a contractor that’s not in a good financial state, you have to wonder, “What will I do if we end up with a half-built building?”

Or maybe there’s a service provider in an area where there are a lot of alternatives out there and actually you’re paying arrears. What is your risk exposure? If you’ve got a backup plan in place, you’ve probably got much smaller risk exposure. It’s about having a holistic view of that risk.

I remember I had an old manager of mine, in a different sector, say, “the surefire way to make sure someone goes bust is to stop giving them contracts because they look a little bit wobbly.” That’s a really important attitude to have when it comes to how we work with local suppliers or small to medium enterprises. They might not look as robust as some other suppliers on paper, but that doesn’t mean they can’t do the job.

It’s the same principle as the one I was talking about earlier, in terms looking ahead to what your exit from a long-term agreement with a software provider would be. In this context, you’d be thinking about having a robust contingency plan in place for contracts with smaller organisations, so that if something did go wrong, you can move quickly without excluding them from the market.

I think there can sometimes be that desire to get rid of all risk. And it’s not about getting rid of the risk, necessarily. It’s more often about managing it.

PJ: Using smaller local suppliers, is that an ESG consideration for you when it comes to the part that the NHS plays in its local communities?

CW: Yes, in other sectors that would be ESG, so we’re talking about environmental, social and governance issues. But in the NHS we refer to ‘social value’ and that includes all of those areas for us. We see social value in being a more sustainable operation, for example, so it covers our carbon reduction plans and things like that. Supporting economic development in our communities as they recover from the covid lockdowns, or people’s health and wellbeing more broadly – social value is an umbrella term for all of that.

It’s now been mandated by NHS England that we consider social value when we’re entering into contracts, so local suppliers and our local economy have got a massive part to play in helping us to achieve those social value objectives.

But it’s not just small and medium enterprises that help us meet our goals. I think it’s something we all have to share in, even if we’re working with large multinational or international companies. We talk a lot in the NHS about being an ‘anchor institution,’ I don’t know if you’ve heard that term before?

I think it started in America to refer to large institutions, often in the public sector – though they don’t have to be – that are big employers. That’s what we are. We are a big employer in the area, we’ve got a big presence in the area, we are really important to our local community, and we have an outsized impact on it.

Some suppliers might not look as robust as some others on paper, but that doesn’t mean they can’t do the job.

Lewisham and Greenwich NHS Trust, for instance, is a London Living Wage employer and that goes down our supply chain as well, which is something we’re really proud of. It’s one of the ways we’re able to have a positive impact on the lives of people in our community. 

It’s a different way of looking at things. But again, it’s not letting that one-size-fits-all approach creep in. It’s thinking about it at the beginning of the supplier relationship and getting that plan right, so if you’re maybe contracting with smaller organisations, do you need two of them? Or do you have a backup plan in place? Can you get some sort of cover or are you asking for something that’s too much?

PJ: That sounds like avoiding concentration risk, when you’ve got too many eggs in one basket. I can immediately see how for the NHS that would be undesirable.

CW: Yeah. It’s a balancing act though, because then sometimes there are real efficiencies you can get by working with a particular supplier, if all of their equipment works together perfectly and there can be some benefits to it, but it’s how you manage that.

We’re like lots of organisations. For example, I’ve got some fairly substantial contracts and long-term contracts that I think in some ways could be viewed as having all your eggs in one basket, but actually it’s allowed us to develop a really positive working relationship with those suppliers and find efficiencies there as well.

PJ: I can’t talk to someone in the NHS without asking about the pandemic and how that changed your risk management landscape. I’m assuming that you’re working on your book about that at the moment.

CW: What covid has done is helped evolve my thinking around risk. I don’t think it’s completely changed it, but I think some things have definitely been driven home. I’m probably not going to say it quite the right way, but it’s about focusing on resilience and flexibility rather than anticipating every eventuality and having a written plan for every single tiny little thing that could ever go wrong.

Because you can have all the plans in the world and something like a pandemic happens and, you know, the Trust does have contingency plans for things like pandemics and a myriad of different elements, but there’ll always be something you weren’t quite expecting. And I think from a procurement and contract point of view, it was about that flexibility and that resilience.

How could we deploy people in a different way to provide support where it was needed? How could we change our processes to be a bit quicker or to deal with the changing market forces that were around? How can we collaborate to make sure that we’re all getting what we need?

I think that’s really important, but rather than trying to manage risk away so it doesn’t exist, it’s being that resilient, flexible organisation that has all of the right things in place but can move with the times when it needs to.

What you don’t want to do is rip a contract to shreds because of the force majeure clause and then suddenly things are back to normal, you need some service provision, and you don’t have any contracts in place. You’d had the suppliers, but you got rid of them all, and now you’re probably holding a bigger risk there because you’re not able to deliver what you need to deliver. So can you get things delivered in a different way? How can you show that flexibility and keep that operational resilience in place?

And that’s something we’ve really focused on in the local authority. That was a particular concern during lockdowns with social care: How can we keep things running until the world can reopen again?

PJ: Yes. And you mentioned the collaboration that you’ve got going with other NHS Trusts to ensure supplies of vital medicines and equipment along with a whole host of other things, and the systems you have in place for that, and making your processes a bit quicker. Have you seen a greater reliance on automation coming in in procurement?

CW: Yeah, particularly around the stock management side of things. I think there are a lot of opportunities in terms of automation and a lot of data, but we have to retain the human touch. Otherwise it just becomes another system that people will find the quickest way to get around to get what they need without necessarily doing what they’re meant to.

PJ: Do you use automated questionnaires and things in your RFP processes or in your due diligence at all or is that still very much a human, hands-on process?

CW: There are elements of automation, but I’d say overwhelmingly it still is still human. You can do some of that [automation], especially when it comes to scoring, but it still requires people coming into the system and making changes. Again, I think there are still a lot of untapped opportunities for us there.

We’ve been doing some robotic process automation that the Trust has implemented in our pharmacy department, around processing invoice payments, and that’s saved a load of manual processing and we’re quite excited to see what comes next in terms of how we can automate some of these more tedious tasks that we do and focus our attention on the fun stuff and making a difference.

PJ: That’s the dream. Give the robots the drudge work so you can do the fun, creative, interesting, intellectually challenging things.

CW: Yes. I don’t remember that particular Terminator film, but sure.

PJ: It might not have had the action sequences needed to be a blockbuster! But let’s imagine that there’s an android who needs to learn the A to Z of vendor risk management and you’re in charge of training it. What top tips would you give it?

CW: I’ve already talked about one of the things I thought about, which is around that resilient, flexible approach, rather than trying to mitigate every single eventuality you could ever think of, but I think the other one for the healthcare sector is you can’t do it alone.

In my area, you need to work with clinicians. You need to work with other people in and around the Trust, with other organisations, and I think it’s something that we all have to do together to really manage risk appropriately.

And listen to the people that know stuff that you don’t know about. A really big risk might seem to you a small risk simply because you don’t understand it. Or something that actually sounds like a big risk has a lot going on behind it that means it’s actually really well managed and you might not need to spend as much time worrying about it as you do.

Whether you’re in a procurement department or the finance department, whatever department, stop thinking that your role ends at the door. Take a whole organisation approach and figure out how to work across departments together to manage risk properly.

PJ: You may have just opened up a new career path for yourself as a machine learning specialist. Before you move on to that from contracts and procurements, can I ask you to share what 11 years in the field has taught you? As you sit here now, what has most surprised you over the course of your career? 

CW: Overall, it’s been something I probably wouldn’t have guessed at, which is that the easiest route can also be the most effective. Sometimes the solutions to fairly difficult problems are really simple and you don’t have to overcomplicate things all the time. Don’t be afraid to suggest something that might seem a bit simple because you’re worried it won’t sound complex or clever enough.

Sometimes the simple way of doing it is the right way of doing it. That’s my big closing statement.

PJ: What an excellent note to end on, with a lesson that I think I can use in most situations! Thank you so much, Chris.

CW: Thank you! 

Orbit Diligence

Orbit Diligence

Automate your DDQ and RFI processes for a wide range of use cases, accessing a library of off-the-shelf questionnaires and risk frameworks.

Learn more

Contact an expert

Sarah Nelson

Sarah Nelson

Senior SaaS Sales Executive | SaaS sales

Phoebe Jordan , Managing Director | TPRM

Phoebe Jordan

Managing Director | TPRM