Aligning strategy decisions with risk appetite, presented by David Shearer, 1...
Manage Your Organization's Contract Risks Final
1. Worried About Procurement? Manage Your
Organization's Contract Risks!
RIF009
Speakers:
• Fred Travis, Director of the RMI Program and Assistant Teaching Professor of Finance
Trulaske College of Business, University of Missouri – Columbia
2. Learning Objectives(Ariel 44pt bold)
At the end of this session, you will:
• Learn the steps needed to complete a risk assessment of
procurement and contracting controls.
• Create a plan to work with procurement and legal counsel to
develop standard contract terms and conditions.
• Develop a compelling case for implementing contract risk
management policies and procedures
4. Purpose of This Presentation
One of the key steps in managing Supply
Chain risks is managing contract risks,
particularly risk transfer provisions.
Key elements of Contract risk
management include:
• sound risk transfer and other terms and
conditions for various types of contracts;
• formal contract review and exception
processes, documentation, policies and
procedures; and,
• buy-in and compliance from procurement
functions across the organization.
6. Risk Assessment: the Foundation of an
Effective ERM Program
• Risk Assessment must be developed as a systematic
process for identifying and evaluating potential
events, risks, threats and opportunities that could
impact achieving the organization’s objectives
• Risk Assessment must bring together the right parties to
identify events and issues, rate these risks, and determine
adequate risk responses.
• Risk Assessment is intended to provide management
with a view of events that could impact the
achievement of objectives.
6
7. Key Principles For Effective And
Efficient Risk Assessment
• Clearly establish governance over the Risk Assessment
process
• Risk Assessment must begin and end with reference to
specific objectives; risk rating scales must be defined in
relation to organization objectives
• Management should form a “portfolio view” of risks to
support decision making
• Identify and employ leading indicators to provide
insight into potential risks
7
8. Procurement Has the Potential to
Create Many Risks
1. Misinterpretation of user needs
2. Inadequate statement of requirements
3. Failure to identify potential sources
4. Impractical timeframe
5. No response from known quality suppliers
6. Failure to follow effective evaluation procedures
7. Selecting an inappropriate supplier
8. Offers fail to meet needs
9. Ineffective Contract management
10. Managing Risk Beyond the
Company
“Company” and “Supply Chain” views of Risk are
fundamentally different.
• Supply chains, by involving different organizations,
cultures, languages, locations etc., are far more
complex and dynamic than companies.
• Companies often do not even have access to the
suppliers of their own direct suppliers – not to
mention all the different raw materials suppliers or
subcontractors further upstream.
• Fewer risks are under the company’s Control.
11.
12. What’s So Special About Contracts?
Contracts are the cornerstone to business transactions
with suppliers and customers contain – or should
contain – terms and conditions that define and regulate
Controllable risk issues, including:
• Financial structure of the relationship
• Risk transfer
• Security and warranties to assure a supplier or
contractor fulfills its obligations
• Force Majeure
• Compliance requirements
13. What is Risk Management’s Role
in Contracts?
Risk Management generally has a role in reviewing
contracts… or, if not, should have a role.
• Risk Management often does not have a role
in other supply chain processes: vendor
qualifications, alternate sources; quality; etc.
• As a starting point for assessing and managing
procurement and supply chain risks, Contracts are a
good place to start!
15. Where Should Risk Management Fit
Into the Contracts Process?
• Supplier Selection process – financial strength,
alternative sources, location/country issues, etc.
• Contract Drafting
• Risk Transfer – indemnity and insurance
• Force Majeure terms
• Bonding, security and liquidated damages
• Warranty, compliance and counterparty failure
• Contract revision and execution
• Logistics planning and execution
16. How Contracts can Mitigate
Supply Chain Risks
Appropriate contract terms and conditions can
eliminate or mitigate many risks:
• Indemnity, insurance and other risk transfer provisions
• Bonding and other security requirements
• Limited Force Majeure provisions
• Legally binding standards for safety, security, controls,
compliance, accounting, intellectual property, etc.
16
18. Contract Risks are Often Ignored
Sources like IACCM, Gartner & PWC have found the
following through surveys:
• 60 % of all supplier contracts automatically renew.
• 71% of companies can't find even 10% of all their
contracts.
• 85% of companies use Excel or a manual process to
manage contracts; often with multiple contract
repositories
A recent Aberdeen Group study estimates that
ineffective contract controls and risk management
costs businesses $150 billion annually!
19. What is the Status of Your
Organization’s Contracting Process?
• Are sound contract RM policies and procedures
already in place? Are they working?
• Is there a formal, transparent “chain of command” for
approving contracts and exceptions?
• What issues or claims have occurred because of
inadequate contract risk management?
• How often does work start or product ship without
a signed agreement?
• Does RM or Procurement assess supplier and contract
risks – at least to the extent of “what could go wrong?”
20. Assessing the Current Situation
Begin a Risk Assessment with key stakeholders to
understand the key legal and business risk factors
associated with each party and contract type:
• Who are key vendors? Are those contracts in good
order? How long have they been in place?
• Are contracts drafted by legal counsel?
• Is there a process for contract review and exception
approval? Is it adequate?
• What roles do Legal, Risk Management, Tax and
other departments currently play in drafting,
reviewing and approving contracts and exceptions?
21. Some Risk Management Questions
• Wording: are there standard contract indemnity and
insurance clauses based on the risk of products and services
procured? How many different ones are used? Why?
• Who can approve exceptions; in what circumstances?
Are exceptions noted and reported to management?
• Procedures: who must review; templates for review;
time-frame; exceptions?
• Gather Data: # of contracts; # of vendors; # and types of
products and services; # of reviews; # of exceptions, etc.
This will take some effort!
22. 22
CONTRACT
TYPE
PROFESSIONAL
EXPOSURES
Record by rows and
cells as necessary.
CONTRACT
NAME/
NUMBER
CONTRACT
PURPOSE
VENDOR/
LANDLORD
/CUSTOMER
EFFECTIVE
DATES
IDENTIFY
OTHER
RISKS
REVIEWS EXCEPTIONS OTHER
EXPOSURES
INSURANCE; LD's;
BONDS; LOC
REQUIREMENTS
ANNUAL REVENUE,
COST OR LEASE
PAYMENTS
CONTRACTS RISK REGISTER
23. Some Specific Issues To Examine
• “Value” vs Volume: sometimes small vendors, in
terms of annual spend, are among the most critical.
• Sole Source vendors where there are few or no
alternative suppliers identified.
• Force Majeure: is the definition in your supply
contracts too broad?
• Incomplete or inadequate Risk Transfer language.
• Are the Indemnity and Insurance clauses complimentary?
• What about security, quality, other key issues?
• What steps are required to “fire” a supplier that is
not fulfilling contract conditions?
24. Gap Analysis
• How do the answers to the RM questions match up
to “best practices”? Where are the gaps?
• How much risk is inherent in those gaps? Which
are the most critical?
• What are possible solutions to the most critical
gaps?
• What new and/or revised policies, processes, controls,
contract wordings and/or procedures are required?
• What resources are necessary?
26. Formalize Contract Requirements
Establish policies for contract requirements & exceptions.
• Set up a process, procedures and chain-of-command
for contract reviews.
• Insist on timely contract execution!
27. What is the “Spectrum” of Contract
Risks?
• Identify the highest and lowest risk vendors, products,
services, customers and contracts.
• Develop 2-3 middle categories – based on assessment
of contract, product/service and vendor data.
• Devise a continuum of risk levels and contract
requirements.
28. Standardize Terms & Conditions
• Draft contract terms and conditions based upon the
risk “spectrum” identified in the Assessment
process.
• Create a matrix of procurement risks and contract
requirements.
29. Low Risk Medium Risk High Risk
Coverage Criteria
General Liability No Insurance Required $2 Million $5 Million and above
Sponsorship
Level
Individual charitable or commercial event
total expenditures <$10M
Indvidual or series of events >$10M in total
event expenses
Event Type
Charitable Events*-Standard sponsor
elements- (cash, merchandise, and/or
beer)...proceeds must benefit charity
100%
Commercial Event-Any event staged or
sponsored that is commercial in nature
(Need Examples)
Commercial Event-Any commercial event
where A-B owns rights and activity is
considered "High Risk" (Need Examples)
Level of
Involovement
Pay 3rd party for temporary (single event)
sponsorship benefits
Pay 3rd party for permanent series or
sponsorship benefits
A-B designs, develops, promotes, and
manages all aspects of event
Retail Liquor
License
Applicable ONLY when event is defined
as "Charitable" and alcoholic beverages
are served via a Permenant Licensee
Any event sponsored by A-B where
alcoholic beverages are served via a
temporary license requires indemnity and
proof of insurance
Any "high risk" event sponsored by A-B
where alcoholic beverages are served via a
temporary or permanant license requires
indemnity and proof of insurance
Audience
Participation
"NO/Low risk" of bodily injury to amateur
participants and/or members of the
audience
"Medium risk" of bodily injury to amateur
participants and/or members of the
audience
"High risk" of bodily injury to amateur
participants and/or members of the
audience
Risk to
spectators
Spectators not subjected to harm from
event activity
Spectators separated from and offered
reasonable protection from event activity
Spectators directly subject to danger from
event activity
Food Service
A-B not involved in food service sele
activity
A-B selects and hires independent caterer
Event catered by A-B owned and operated
food service
Fireworks or
Pyrotechnics
No fireworks or pyrotechnics
Another entity sponsors fireworks at the
event
A-B sponsors the fireworks--
Note...if indoor fireworks/pyrotechnics,
then A-B Legal must be consulted
Auto Liability No Insurance Required $2 Million $5 Million and above
No private transportation utilized at event
3rd Party/Promoter selects and hires
private transporation for guests or
attendees (Limo, Bus, Sedan)
A-B selects and hires private transporation
for guests or attendees (Limo, Bus, Sedan)
Workers Comp No Insurance Required Required Waiver of Subrogation Required
No A-B involement in physical set up or
staging of event
A-B hosts event at non-AB location and
provides premises with indemnity and
insurance, A-B must get Workers Comp
insurance and indemnity from
agencies/entities
Event takes place on A-B property,
Workers Comp insurance and indemnity
required from agencies/entities employed
*(Does not include "commercial" event with portion of proceeds going to a charity or group of charities)
30. Implement a Standard Review Process
• Formal policy and procedure for reviews: reviewers,
time frames, exception approvals, etc.
• Put together a template for contract reviews.
• Initiated by the operation or procurement department that
is purchasing, selling, leasing, or otherwise preparing to
execute a contract.
• Risk Management is usually best suited to provide their
input next
• Implement formal controls and reporting for
exceptions.
31. Point of Contact Information
Name:
Company:
Department:
Title:
Phone:
Email:
Date:
Risk Review Details
A. Type of Document (provide description as needed):
B. Risk Review Due Date:
Operational Information
A. Contract Name/ Number
B. Contract Type
C. Contract Duration
D. Supplier
E. Lessor Name (if a lease)
F. Customer Name
G. Statement of Work
H. Country(ies)/ Locations within country
I. Estimated Annual Revenue or Cost
J. Estimated Annual Lease Amount
K. New contract or replacement
Risk Management and Insurance Review
32. Insurance Exposure Information
A. Workers Compensation
- Number of workers
- Estimated Annual Payroll
B. Aviation Liability/Flight Operations:
- Description of Aviation Operations (if any)
C. Construction Operations:
- Description of Construction Operations
- Builder's Risk Insurance Required
D. Engineering & Design Operations:
- Firm Performing Engineering Services
- Description of Engineering/Design Operations
- Professional A & E Insurance Required?
E. Environmental Operations:
- Description of Environmental issues
- Is Environmental Liability Insurance required?
F. Medical Liability:
- Estimated number of Physicians and AHP's
- Description of Medical Services
G. Other Professional Liability:
- Description of IT/Software operations
- Description of other Professional Operations
- Professional Liability Insurance Required?
H. General Liability:
- Estimated Annual Revenue
- Estimated Annual Payroll
- Estimated Annual Lease Amount
I. Vehicles
- Number & classes of Vehicles
- Number of Buses and passenger capacity
- Physical Damage coverage required?
J. Property Coverage:
- Estimated value of Our Property
- Estimated value of Third Party Property
K. Other Insurance Requirements:
- Are there any surety requirements?
- Is Cargo and/or Marine coverage required?
- Are there any additional insurance requirements?
33. Make Exceptions “Exceptional”
• Identify non-compliant issues and exceptions and
necessary corrective actions. Communicate to key parties!
• Business rationale – not just “vendor doesn’t want to do
it”.
• Require formal, written sign-off by RM and/or others as
appropriate – based on commitment authority.
• Keep formal log of exceptions and publish a periodic
summary.
34. Contractual Risk Transfer
A. Indemnification Provisions:
- Does Contract Meet RM Guidelines?
- Provide clarification as needed
B. Insurance Clause Provisions:
- Does Contract Meet RM Guidelines?
- Provide clarification as needed
C Financial Risk Provisions:
- Does Contract include default/liquidated damages clauses?
- Provide clarification as needed
Risk Review Summary
A. Overall Risk Exposure
RED
- Significant Level of Risk to Company
YELLOW
- Moderate Level of Risk to Company
GREEN
- Acceptable Level of Risk to Company
Risk Identification (RI)/Corrective Actions (CA):
RM Review Approval Authority
- Operations Management
- Risk Management
- Legal
- Tax
RI 1.
CA 1.
35. Train, Audit & Communicate!
• Train everyone in procurement,
risk management and others
involved in the contract process.
• Establish an audit protocol
and schedule.
• Circulate audit results, lessons
learned and improvement plans.
• Use lessons learned and
feedback to improve!
36.
37. You are on your way to effective
Contracts Risk Management!