Worried About Procurement? Manage Your Organization's Contract Risks!

RIF009

Speakers: • Fred Travis, Director of the RMI Program and Assistant Teaching Professor of Finance

Trulaske College of Business, University of Missouri – Columbia

Learning Objectives(Ariel 44pt bold)

At the end of this session, you will:

• Learn the steps needed to complete a risk assessment of procurement and contracting controls.

• Create a plan to work with procurement and legal counsel to develop standard contract terms and conditions.

• Develop a compelling case for implementing contract risk management policies and procedures

3

3

Purpose of This PresentationOne of the key steps in managing

Supply Chain risks is managing contract risks, particularly risk transfer provisions.Key elements of Contract risk management include:• sound risk transfer and other terms and

conditions for various types of contracts; • formal contract review and exception

processes, documentation, policies and procedures; and,

• buy-in and compliance from procurement functions across the organization.

Background – ERM, Risk Assessment & Procurement Risks

Risk Assessment: the Foundation of an Effective ERM Program• Risk Assessment must be developed as a systematic

process for identifying and evaluating potential events, risks, threats and opportunities that could impact achieving the organization’s objectives

• Risk Assessment must bring together the right parties to identify events and issues, rate these risks, and determine adequate risk responses.

• Risk Assessment is intended to provide management with a view of events that could impact the achievement of objectives.

6

Key Principles For Effective And Efficient Risk Assessment• Clearly establish governance over the Risk Assessment

process• Risk Assessment must begin and end with reference to

specific objectives; risk rating scales must be defined in relation to organization objectives

• Management should form a “portfolio view” of risks to support decision making

• Identify and employ leading indicators to provide insight into potential risks

7

Procurement Has the Potential to Create Many Risks1. Misinterpretation of user needs2. Inadequate statement of requirements3. Failure to identify potential sources4. Impractical timeframe5. No response from known quality suppliers6. Failure to follow effective evaluation procedures7. Selecting an inappropriate supplier 8. Offers fail to meet needs9. Ineffective Contract management

64% related to supply chain

Managing Risk Beyond the Company“Company” and “Supply Chain” views of Risk are fundamentally different.• Supply chains, by involving different organizations,

cultures, languages, locations etc., are far more complex and dynamic than companies.

• Companies often do not even have access to the suppliers of their own direct suppliers – not to mention all the different raw materials suppliers or subcontractors further upstream.

• Fewer risks are under the company’s Control.

What’s So Special About Contracts?

Contracts are the cornerstone to business transactions with suppliers and customers contain – or should contain – terms and conditions that define and regulate Controllable risk issues, including:• Financial structure of the relationship• Risk transfer• Security and warranties to assure a supplier or

contractor fulfills its obligations• Force Majeure• Compliance requirements

What is Risk Management’s Role in Contracts?Risk Management generally has a role in reviewing contracts… or, if not, should have a role.• Risk Management often does not have a role

in other supply chain processes: vendor qualifications, alternate sources; quality; etc.

• As a starting point for assessing and managing procurement and supply chain risks, Contracts are a good place to start!

Supply Chain Risk Management – Contract Risk Issues

Where Should Risk Management Fit Into the Contracts Process?• Supplier Selection process – financial strength,

alternative sources, location/country issues, etc.• Contract Drafting

• Risk Transfer – indemnity and insurance• Force Majeure terms• Bonding, security and liquidated damages• Warranty, compliance and counterparty failure

• Contract revision and execution • Logistics planning and execution

How Contracts can Mitigate Supply Chain Risks

Appropriate contract terms and conditions can eliminate or mitigate many risks:• Indemnity, insurance and other risk transfer provisions• Bonding and other security requirements• Limited Force Majeure provisions• Legally binding standards for safety, security, controls,

compliance, accounting, intellectual property, etc.

16

Assessing Contract Risks

Contract Risks are Often IgnoredSources like IACCM, Gartner & PWC have found the following through surveys:• 60 % of all supplier contracts automatically renew.• 71% of companies can't find even 10% of all their

contracts.• 85% of companies use Excel or a manual process to

manage contracts; often with multiple contract repositories

A recent Aberdeen Group study estimates that ineffective contract controls and risk management costs businesses $150 billion annually!

What is the Status of Your Organization’s Contracting Process?• Are sound contract RM policies and procedures

already in place? Are they working?• Is there a formal, transparent “chain of command” for

approving contracts and exceptions?• What issues or claims have occurred because of

inadequate contract risk management?• How often does work start or product ship without

a signed agreement?• Does RM or Procurement assess supplier and contract

risks – at least to the extent of “what could go wrong?”

Assessing the Current Situation

Begin a Risk Assessment with key stakeholders to understand the key legal and business risk factors associated with each party and contract type:• Who are key vendors? Are those contracts in good

order? How long have they been in place?• Are contracts drafted by legal counsel? • Is there a process for contract review and exception

approval? Is it adequate? • What roles do Legal, Risk Management, Tax and

other departments currently play in drafting, reviewing and approving contracts and exceptions?

Some Risk Management Questions

• Wording: are there standard contract indemnity and insurance clauses based on the risk of products and services procured? How many different ones are used? Why?

• Who can approve exceptions; in what circumstances? Are exceptions noted and reported to management?

• Procedures: who must review; templates for review; time-frame; exceptions?

• Gather Data: # of contracts; # of vendors; # and types of products and services; # of reviews; # of exceptions, etc.

This will take some effort!

22

CONTRACT TYPE

PROFESSIONAL EXPOSURES

Record by rows and cells as necessary.

CONTRACT NAME/ NUMBER

CONTRACT PURPOSE

VENDOR/ LANDLORD /CUSTOMER

EFFECTIVE DATES

IDENTIFY

OTHER

RISKS

REVIEWS EXCEPTIONS OTHER

EXPOSURESINSURANCE; LD's; BONDS; LOC REQUIREMENTS

ANNUAL REVENUE, COST OR LEASE PAYMENTS

CONTRACTS RISK REGISTER

Some Specific Issues To Examine

• “Value” vs Volume: sometimes small vendors, in terms of annual spend, are among the most critical.

• Sole Source vendors where there are few or no alternative suppliers identified.

• Force Majeure: is the definition in your supply contracts too broad?

• Incomplete or inadequate Risk Transfer language.• Are the Indemnity and Insurance clauses complimentary?• What about security, quality, other key issues?

• What steps are required to “fire” a supplier that is not fulfilling contract conditions?

Gap Analysis• How do the answers to the RM questions match up

to “best practices”? Where are the gaps?• How much risk is inherent in those gaps? Which

are the most critical?• What are possible solutions to the most critical

gaps? • What new and/or revised policies, processes, controls,

contract wordings and/or procedures are required? • What resources are necessary?

Implement a Contract Risk Management Program

Formalize Contract Requirements

Establish policies for contract requirements & exceptions.• Set up a process, procedures and chain-of-command for

contract reviews.• Insist on timely contract execution!

What is the “Spectrum” of Contract Risks?

• Identify the highest and lowest risk vendors, products, services, customers and contracts.

• Develop 2-3 middle categories – based on assessment

of contract, product/service and vendor data.• Devise a continuum of risk levels and contract

requirements.

Standardize Terms & Conditions

• Draft contract terms and conditions based upon the risk “spectrum” identified in the Assessment process.

• Create a matrix of procurement risks and contract requirements.

Low Risk Medium Risk High RiskCoverage Criteria

General Liability No Insurance Required $2 Million $5 Million and aboveSponsorship

LevelIndividual charitable or commercial event

total expenditures <$10MIndvidual or series of events >$10M in total

event expenses

Event Type

Charitable Events*-Standard sponsor elements- (cash, merchandise, and/or beer)...proceeds must benefit charity

100%

Commercial Event-Any event staged or sponsored that is commercial in nature

(Need Examples)

Commercial Event-Any commercial event where A-B owns rights and activity is

considered "High Risk" (Need Examples)

Level of Involovement

Pay 3rd party for temporary (single event) sponsorship benefits

Pay 3rd party for permanent series or sponsorship benefits

A-B designs, develops, promotes, and manages all aspects of event

Retail Liquor License

Applicable ONLY when event is defined as "Charitable" and alcoholic beverages

are served via a Permenant Licensee

Any event sponsored by A-B where alcoholic beverages are served via a

temporary license requires indemnity and proof of insurance

Any "high risk" event sponsored by A-B where alcoholic beverages are served via a temporary or permanant license requires

indemnity and proof of insurance

Audience Participation

"NO/Low risk" of bodily injury to amateur participants and/or members of the

audience

"Medium risk" of bodily injury to amateur participants and/or members of the

audience

"High risk" of bodily injury to amateur participants and/or members of the

audienceRisk to

spectatorsSpectators not subjected to harm from

event activity Spectators separated from and offered

reasonable protection from event activity Spectators directly subject to danger from

event activity

Food Service A-B not involved in food service sele activity

A-B selects and hires independent caterer Event catered by A-B owned and operated food service

Fireworks or Pyrotechnics No fireworks or pyrotechnics

Another entity sponsors fireworks at the event

A-B sponsors the fireworks-- Note...if indoor fireworks/pyrotechnics,

then A-B Legal must be consultedAuto Liability No Insurance Required $2 Million $5 Million and above

No private transportation utilized at event3rd Party/Promoter selects and hires

private transporation for guests or attendees (Limo, Bus, Sedan)

A-B selects and hires private transporation for guests or attendees (Limo, Bus, Sedan)

Workers Comp No Insurance Required Required Waiver of Subrogation Required

No A-B involement in physical set up or staging of event

A-B hosts event at non-AB location and provides premises with indemnity and

insurance, A-B must get Workers Comp insurance and indemnity from

agencies/entities

Event takes place on A-B property, Workers Comp insurance and indemnity required from agencies/entities employed

*(Does not include "commercial" event with portion of proceeds going to a charity or group of charities)

Implement a Standard Review Process• Formal policy and procedure for reviews: reviewers,

time frames, exception approvals, etc.• Put together a template for contract reviews.

• Initiated by the operation or procurement department that is purchasing, selling, leasing, or otherwise preparing to execute a contract.

• Risk Management is usually best suited to provide their input next

• Implement formal controls and reporting for exceptions.

Point of Contact InformationName: Company:Department:Title:Phone:Email:Date:

Risk Review DetailsA. Type of Document (provide description as needed):B. Risk Review Due Date:

Operational Information

A. Contract Name/ NumberB. Contract TypeC. Contract DurationD. SupplierE. Lessor Name (if a lease)F. Customer NameG. Statement of WorkH. Country(ies)/ Locations within countryI. Estimated Annual Revenue or CostJ. Estimated Annual Lease AmountK. New contract or replacement

Risk Management and Insurance Review

Insurance Exposure InformationA. Workers Compensation - Number of workers - Estimated Annual Payroll B. Aviation Liability/Flight Operations: - Description of Aviation Operations (if any)C. Construction Operations: - Description of Construction Operations - Builder's Risk Insurance RequiredD. Engineering & Design Operations: - Firm Performing Engineering Services - Description of Engineering/Design Operations - Professional A & E Insurance Required?E. Environmental Operations: - Description of Environmental issues - Is Environmental Liability Insurance required?F. Medical Liability: - Estimated number of Physicians and AHP's - Description of Medical ServicesG. Other Professional Liability: - Description of IT/Software operations - Description of other Professional Operations - Professional Liability Insurance Required?H. General Liability: - Estimated Annual Revenue - Estimated Annual Payroll - Estimated Annual Lease AmountI. Vehicles - Number & classes of Vehicles - Number of Buses and passenger capacity - Physical Damage coverage required?J. Property Coverage: - Estimated value of Our Property - Estimated value of Third Party Property K. Other Insurance Requirements: - Are there any surety requirements? - Is Cargo and/or Marine coverage required? - Are there any additional insurance requirements?

Make Exceptions “Exceptional”

• Identify non-compliant issues and exceptions and necessary corrective actions. Communicate to key parties!

• Business rationale – not just “vendor doesn’t want to do it”.

• Require formal, written sign-off by RM and/or others as appropriate – based on commitment authority.

• Keep formal log of exceptions and publish a periodic summary.

Contractual Risk TransferA. Indemnification Provisions: - Does Contract Meet RM Guidelines? - Provide clarification as neededB. Insurance Clause Provisions: - Does Contract Meet RM Guidelines? - Provide clarification as neededC Financial Risk Provisions: - Does Contract include default/liquidated damages clauses? - Provide clarification as needed

Risk Review Summary A. Overall Risk Exposure RED - Significant Level of Risk to Company YELLOW - Moderate Level of Risk to Company GREEN - Acceptable Level of Risk to Company

Risk Identification (RI)/Corrective Actions (CA):

RM Review Approval Authority - Operations Management - Risk Management - Legal - Tax

RI 1.CA 1.

Train, Audit & Communicate!• Train everyone in procurement,

risk management and others involved in the contract process.

• Establish an audit protocol and schedule.

• Circulate audit results, lessons learned and improvement plans.

• Use lessons learned and feedback to improve!

You are on your way to effective

Contracts Risk Management!

Thank you for your attention!

QUESTIONS?