New Procurement Manager in 90 Days: 5 Decisions That Stop Contractor Risk From Landing on Your Desk

A new procurement manager often inherits a buying system that looks efficient on paper but still lets contractor risk arrive late, vague, and expensive. The role is not to buy cheaper services faster. The role is to make sure the work enters the site with clear competence, clear scope, clear escalation, and a mobilization gate that operations can actually trust.

That matters because procurement is one of the earliest control points in the safety chain. Long before a contractor steps through the gate, the purchase request, supplier screen, contract language, and change order rules have already decided how much risk the site is willing to absorb. Across 25+ years leading EHS at multinationals, Andreza Araujo has seen that weak buying decisions often survive because nobody names procurement as a risk owner.

In Safety Culture: From Theory to Practice, Andreza Araujo argues that culture shows up in repeated decisions, not in slogans. In The Illusion of Compliance, she warns that paperwork can look complete while the field remains fragile. Procurement sits right in that gap, because a supplier file may look clean even when the contractor is not ready for the work the site is asking them to do.

What the new procurement manager needs to understand before starting

The first lesson is that contractor risk does not begin at mobilization. It begins when the organization decides what can be bought, from whom, under which assumptions, and with which exceptions. If the procurement manager only reviews price, lead time, and basic insurance, the site has already accepted a shallow definition of control.

ISO 45001:2018 requires operational control, competence, change management, worker participation, and the control of outsourced processes. Those clauses matter to procurement because the buying process decides whether the supplier can meet the control expectations once the work starts. A contract is not only a commercial document. It is also a safety boundary.

The role should therefore be read as gatekeeping, not administration. The manager does not own every field hazard, but the manager does own the decisions that decide which hazards are allowed to enter the operation. That is why the first quarter must move from vendor paperwork to field-relevant controls.

This is also where the article on risk acceptance authority becomes useful. A scorecard only matters when it changes who gets considered competent enough for the work. If the scorecard never changes an award decision, it is just decoration.

First week: map where risk enters through buying decisions

The first week should not be spent reorganizing folders. It should be spent mapping the points where buying choices create exposure. Review emergency purchases, preferred suppliers, scope changes, rush orders, local exceptions, contractor substitutions, and any category where operations regularly asks procurement to move before the risk review is complete.

Write the map in operational language. Name the service, the worksite, the control that should have existed before award, and the person who can stop the transaction when the control is missing. The useful question is not whether the vendor can deliver. The useful question is whether the vendor can deliver without forcing the site to lower its control standard.

During the first week, the procurement manager should also listen to operations, maintenance, EHS, and supervisors. They will tell you where vendor promises usually break down. In more than 250 cultural transformation projects, Andreza Araujo has seen that organizations learn quickly when they expose the decision that created the risk, because the decision is easier to change than the injury that follows it.

If the site already uses a permit audit trail, add procurement to it immediately. That prevents the buying process from sitting outside the risk loop until the next incident forces attention.

First 30 days: rebuild supplier screening around real controls

The first 30 days should replace generic screening with control-based screening. Insurance, certificates, and basic HSE policy statements can still appear in the file, but they should no longer be treated as proof that the contractor is ready. Readiness depends on competence in the exact job the site is buying.

A stronger screen asks whether the supplier can describe the work method, the critical controls, the supervision ratio, the language used on site, the stop-work trigger, the emergency response path, and the interface with site leadership. If the supplier cannot explain those points clearly, the risk has already surfaced before mobilization.

Across 25+ years of executive EHS practice, Andreza Araujo has seen that leaders gain trust when they verify the condition that protects people, not only the document that records compliance. During the PepsiCo South America period, where the accident ratio fell 50% in six months, the lesson was not that paperwork disappeared. The lesson was that field verification became more important than paper comfort.

The article on contractor prequalification scorecard is a useful companion here because it shows why contractor safety fails when the site knows the vendor name but not the field condition the vendor is entering.

Month 2: install a mobilization gate that field leaders respect

Month 2 is the right time to install a mobilization gate. The gate should sit between award and site entry, because that is where the organization can still prevent weak handoffs, unclear scope, and rushed starts. A mobilization gate that comes after the contractor is already on site is no gate at all. It is a reminder.

The gate should require a clear scope statement, named site owner, supervisor contact, emergency route, control requirements, permit needs, and confirmation that the contractor understands the stop conditions. If the gate is too easy to bypass, it will be bypassed. Procurement should therefore own the commercial side of the gate while operations and EHS own the field side.

The article on contractor mobilization gate fits directly here because the gate only works when the site respects the same rules on every mobilization. The best gates are boring. They do not surprise anyone, and they do not disappear when schedule pressure rises.

Andreza Araujo's Make The Difference: Be a Leader in Health & Safety is useful for this stage because it treats leadership as visible decisions repeated under pressure. Procurement leadership is similar. If the manager makes one exception every time the job is urgent, the site learns that the gate exists only for calm days.

Month 3: control change orders, exceptions, and rush orders

Month 3 should focus on the buying exceptions that quietly create the most risk. Change orders, rush orders, scope drift, subcontractor substitutions, and last-minute material swaps often look like commercial details. In practice, they are exposure changes, because they alter the people, methods, sequence, and supervision that the site expected.

The procurement manager should create a simple exception log with one question attached to every deviation. What changed, who approved it, what risk did it create, and what control changed before the work continued? If the answer is unclear, the exception should not be treated as routine.

That logic connects well with pre-job change brief in 12 minutes work, because contractor changes often need a short, explicit reset before the job continues. Procurement is usually the first function to know that the scope moved, which means procurement can prevent the surprise from reaching the field unannounced.

The article on safety decision rights matrix is also relevant, because exceptions fail when nobody knows who can approve the change, who must be consulted, and who can stop the work. When decision rights are vague, the fastest person wins, and that is a bad way to manage contractor risk.

Month 4 onward: turn procurement into a risk cadence

After the first 90 days, procurement should no longer be a passive handoff function. It should participate in a regular cadence with operations, maintenance, and EHS so the site can review supplier performance, exception patterns, repeat controls, and recurring pressure points. The cadence does not need to be long. It does need to be predictable.

A useful monthly review asks four questions. Which suppliers created the most friction, which exceptions were accepted, which controls were verified in the field, and which decisions are drifting toward convenience instead of control? Those questions keep procurement tied to actual work instead of to commercial abstraction.

Across 30+ countries and more than 250 organizations supported by Andreza Araujo's work, one pattern repeats. The operations that improve fastest are the ones where leadership can name the decision owner early and keep that owner visible until the control is verified. Procurement should be part of that ownership chain, not just a sender of purchase orders.

The article on risk review cadence helps here because the review should become part of normal management, not an emergency meeting after a weak contractor event.

Common mistakes in the first quarter

The first mistake is to treat low price as proof of smart buying. Cheap is only smart when the work is still controlled. If the site saves money by hiring a contractor that cannot supervise the task, the savings are fake because the exposure has merely moved downstream.

The second mistake is to treat certificates as competence. A folder full of documents does not prove that the crew can work safely in the actual environment, with the actual supervisor, under the actual time pressure the site will create.

The third mistake is to outsource risk ownership to EHS. EHS should challenge, verify, and support. Procurement still owns the buying decision, and that decision includes whether the contractor can meet the site standard without hidden exceptions.

The fourth mistake is to let exceptions become culture. A single rush order may be unavoidable. A recurring rush order means the organization has designed a process that rewards bypasses. Andreza Araujo's The Illusion of Compliance is relevant here because paper discipline can hide repeated field shortcuts until an event exposes the gap.

Resources to deepen the role

For this role, Safety Culture: From Theory to Practice is the best starting point because it explains why repeated decisions create the real operating culture. The Illusion of Compliance helps procurement see how a clean file can still hide fragile control. Together they give the manager a practical lens on buying, ownership, and verification.

Andreza Araujo's Safety School and ACS Global Ventures work are also natural next steps when the organization wants procurement, EHS, and operations to use the same language for control, escalation, and verification. That alignment matters because contractor risk is rarely a supplier problem alone. It is a leadership design problem.

The first 90 days do not need to solve every vendor problem. They need to prove that procurement can stop weak work from entering the site, reset exceptions before they become habit, and make field leaders confident that the gate means something. Once procurement owns that boundary, contractor risk stops arriving as an unpleasant surprise and starts looking like a managed decision.