Upload
fred-travis
View
45
Download
1
Embed Size (px)
Citation preview
Worried About Procurement? Manage Your Organization's Contract Risks!
RIF009
Speakers: • Fred Travis, Director of the RMI Program and Assistant Teaching Professor of Finance
Trulaske College of Business, University of Missouri – Columbia
Learning Objectives(Ariel 44pt bold)
At the end of this session, you will:
• Learn the steps needed to complete a risk assessment of procurement and contracting controls.
• Create a plan to work with procurement and legal counsel to develop standard contract terms and conditions.
• Develop a compelling case for implementing contract risk management policies and procedures
3
3
Purpose of This PresentationOne of the key steps in managing
Supply Chain risks is managing contract risks, particularly risk transfer provisions.Key elements of Contract risk management include:• sound risk transfer and other terms and
conditions for various types of contracts; • formal contract review and exception
processes, documentation, policies and procedures; and,
• buy-in and compliance from procurement functions across the organization.
Background – ERM, Risk Assessment & Procurement Risks
Risk Assessment: the Foundation of an Effective ERM Program• Risk Assessment must be developed as a systematic
process for identifying and evaluating potential events, risks, threats and opportunities that could impact achieving the organization’s objectives
• Risk Assessment must bring together the right parties to identify events and issues, rate these risks, and determine adequate risk responses.
• Risk Assessment is intended to provide management with a view of events that could impact the achievement of objectives.
6
Key Principles For Effective And Efficient Risk Assessment• Clearly establish governance over the Risk Assessment
process• Risk Assessment must begin and end with reference to
specific objectives; risk rating scales must be defined in relation to organization objectives
• Management should form a “portfolio view” of risks to support decision making
• Identify and employ leading indicators to provide insight into potential risks
7
Procurement Has the Potential to Create Many Risks1. Misinterpretation of user needs2. Inadequate statement of requirements3. Failure to identify potential sources4. Impractical timeframe5. No response from known quality suppliers6. Failure to follow effective evaluation procedures7. Selecting an inappropriate supplier 8. Offers fail to meet needs9. Ineffective Contract management
64% related to supply chain
Managing Risk Beyond the Company“Company” and “Supply Chain” views of Risk are fundamentally different.• Supply chains, by involving different organizations,
cultures, languages, locations etc., are far more complex and dynamic than companies.
• Companies often do not even have access to the suppliers of their own direct suppliers – not to mention all the different raw materials suppliers or subcontractors further upstream.
• Fewer risks are under the company’s Control.
What’s So Special About Contracts?
Contracts are the cornerstone to business transactions with suppliers and customers contain – or should contain – terms and conditions that define and regulate Controllable risk issues, including:• Financial structure of the relationship• Risk transfer• Security and warranties to assure a supplier or
contractor fulfills its obligations• Force Majeure• Compliance requirements
What is Risk Management’s Role in Contracts?Risk Management generally has a role in reviewing contracts… or, if not, should have a role.• Risk Management often does not have a role
in other supply chain processes: vendor qualifications, alternate sources; quality; etc.
• As a starting point for assessing and managing procurement and supply chain risks, Contracts are a good place to start!
Supply Chain Risk Management – Contract Risk Issues
Where Should Risk Management Fit Into the Contracts Process?• Supplier Selection process – financial strength,
alternative sources, location/country issues, etc.• Contract Drafting
• Risk Transfer – indemnity and insurance• Force Majeure terms• Bonding, security and liquidated damages• Warranty, compliance and counterparty failure
• Contract revision and execution • Logistics planning and execution
How Contracts can Mitigate Supply Chain Risks
Appropriate contract terms and conditions can eliminate or mitigate many risks:• Indemnity, insurance and other risk transfer provisions• Bonding and other security requirements• Limited Force Majeure provisions• Legally binding standards for safety, security, controls,
compliance, accounting, intellectual property, etc.
16
Assessing Contract Risks
Contract Risks are Often IgnoredSources like IACCM, Gartner & PWC have found the following through surveys:• 60 % of all supplier contracts automatically renew.• 71% of companies can't find even 10% of all their
contracts.• 85% of companies use Excel or a manual process to
manage contracts; often with multiple contract repositories
A recent Aberdeen Group study estimates that ineffective contract controls and risk management costs businesses $150 billion annually!
What is the Status of Your Organization’s Contracting Process?• Are sound contract RM policies and procedures
already in place? Are they working?• Is there a formal, transparent “chain of command” for
approving contracts and exceptions?• What issues or claims have occurred because of
inadequate contract risk management?• How often does work start or product ship without
a signed agreement?• Does RM or Procurement assess supplier and contract
risks – at least to the extent of “what could go wrong?”
Assessing the Current Situation
Begin a Risk Assessment with key stakeholders to understand the key legal and business risk factors associated with each party and contract type:• Who are key vendors? Are those contracts in good
order? How long have they been in place?• Are contracts drafted by legal counsel? • Is there a process for contract review and exception
approval? Is it adequate? • What roles do Legal, Risk Management, Tax and
other departments currently play in drafting, reviewing and approving contracts and exceptions?
Some Risk Management Questions
• Wording: are there standard contract indemnity and insurance clauses based on the risk of products and services procured? How many different ones are used? Why?
• Who can approve exceptions; in what circumstances? Are exceptions noted and reported to management?
• Procedures: who must review; templates for review; time-frame; exceptions?
• Gather Data: # of contracts; # of vendors; # and types of products and services; # of reviews; # of exceptions, etc.
This will take some effort!
22
CONTRACT TYPE
PROFESSIONAL EXPOSURES
Record by rows and cells as necessary.
CONTRACT NAME/ NUMBER
CONTRACT PURPOSE
VENDOR/ LANDLORD /CUSTOMER
EFFECTIVE DATES
IDENTIFY
OTHER
RISKS
REVIEWS EXCEPTIONS OTHER
EXPOSURESINSURANCE; LD's; BONDS; LOC REQUIREMENTS
ANNUAL REVENUE, COST OR LEASE PAYMENTS
CONTRACTS RISK REGISTER
Some Specific Issues To Examine
• “Value” vs Volume: sometimes small vendors, in terms of annual spend, are among the most critical.
• Sole Source vendors where there are few or no alternative suppliers identified.
• Force Majeure: is the definition in your supply contracts too broad?
• Incomplete or inadequate Risk Transfer language.• Are the Indemnity and Insurance clauses complimentary?• What about security, quality, other key issues?
• What steps are required to “fire” a supplier that is not fulfilling contract conditions?
Gap Analysis• How do the answers to the RM questions match up
to “best practices”? Where are the gaps?• How much risk is inherent in those gaps? Which
are the most critical?• What are possible solutions to the most critical
gaps? • What new and/or revised policies, processes, controls,
contract wordings and/or procedures are required? • What resources are necessary?
Implement a Contract Risk Management Program
Formalize Contract Requirements
Establish policies for contract requirements & exceptions.• Set up a process, procedures and chain-of-command for
contract reviews.• Insist on timely contract execution!
What is the “Spectrum” of Contract Risks?
• Identify the highest and lowest risk vendors, products, services, customers and contracts.
• Develop 2-3 middle categories – based on assessment
of contract, product/service and vendor data.• Devise a continuum of risk levels and contract
requirements.
Standardize Terms & Conditions
• Draft contract terms and conditions based upon the risk “spectrum” identified in the Assessment process.
• Create a matrix of procurement risks and contract requirements.
Low Risk Medium Risk High RiskCoverage Criteria
General Liability No Insurance Required $2 Million $5 Million and aboveSponsorship
LevelIndividual charitable or commercial event
total expenditures <$10MIndvidual or series of events >$10M in total
event expenses
Event Type
Charitable Events*-Standard sponsor elements- (cash, merchandise, and/or beer)...proceeds must benefit charity
100%
Commercial Event-Any event staged or sponsored that is commercial in nature
(Need Examples)
Commercial Event-Any commercial event where A-B owns rights and activity is
considered "High Risk" (Need Examples)
Level of Involovement
Pay 3rd party for temporary (single event) sponsorship benefits
Pay 3rd party for permanent series or sponsorship benefits
A-B designs, develops, promotes, and manages all aspects of event
Retail Liquor License
Applicable ONLY when event is defined as "Charitable" and alcoholic beverages
are served via a Permenant Licensee
Any event sponsored by A-B where alcoholic beverages are served via a
temporary license requires indemnity and proof of insurance
Any "high risk" event sponsored by A-B where alcoholic beverages are served via a temporary or permanant license requires
indemnity and proof of insurance
Audience Participation
"NO/Low risk" of bodily injury to amateur participants and/or members of the
audience
"Medium risk" of bodily injury to amateur participants and/or members of the
audience
"High risk" of bodily injury to amateur participants and/or members of the
audienceRisk to
spectatorsSpectators not subjected to harm from
event activity Spectators separated from and offered
reasonable protection from event activity Spectators directly subject to danger from
event activity
Food Service A-B not involved in food service sele activity
A-B selects and hires independent caterer Event catered by A-B owned and operated food service
Fireworks or Pyrotechnics No fireworks or pyrotechnics
Another entity sponsors fireworks at the event
A-B sponsors the fireworks-- Note...if indoor fireworks/pyrotechnics,
then A-B Legal must be consultedAuto Liability No Insurance Required $2 Million $5 Million and above
No private transportation utilized at event3rd Party/Promoter selects and hires
private transporation for guests or attendees (Limo, Bus, Sedan)
A-B selects and hires private transporation for guests or attendees (Limo, Bus, Sedan)
Workers Comp No Insurance Required Required Waiver of Subrogation Required
No A-B involement in physical set up or staging of event
A-B hosts event at non-AB location and provides premises with indemnity and
insurance, A-B must get Workers Comp insurance and indemnity from
agencies/entities
Event takes place on A-B property, Workers Comp insurance and indemnity required from agencies/entities employed
*(Does not include "commercial" event with portion of proceeds going to a charity or group of charities)
Implement a Standard Review Process• Formal policy and procedure for reviews: reviewers,
time frames, exception approvals, etc.• Put together a template for contract reviews.
• Initiated by the operation or procurement department that is purchasing, selling, leasing, or otherwise preparing to execute a contract.
• Risk Management is usually best suited to provide their input next
• Implement formal controls and reporting for exceptions.
Point of Contact InformationName: Company:Department:Title:Phone:Email:Date:
Risk Review DetailsA. Type of Document (provide description as needed):B. Risk Review Due Date:
Operational Information
A. Contract Name/ NumberB. Contract TypeC. Contract DurationD. SupplierE. Lessor Name (if a lease)F. Customer NameG. Statement of WorkH. Country(ies)/ Locations within countryI. Estimated Annual Revenue or CostJ. Estimated Annual Lease AmountK. New contract or replacement
Risk Management and Insurance Review
Insurance Exposure InformationA. Workers Compensation - Number of workers - Estimated Annual Payroll B. Aviation Liability/Flight Operations: - Description of Aviation Operations (if any)C. Construction Operations: - Description of Construction Operations - Builder's Risk Insurance RequiredD. Engineering & Design Operations: - Firm Performing Engineering Services - Description of Engineering/Design Operations - Professional A & E Insurance Required?E. Environmental Operations: - Description of Environmental issues - Is Environmental Liability Insurance required?F. Medical Liability: - Estimated number of Physicians and AHP's - Description of Medical ServicesG. Other Professional Liability: - Description of IT/Software operations - Description of other Professional Operations - Professional Liability Insurance Required?H. General Liability: - Estimated Annual Revenue - Estimated Annual Payroll - Estimated Annual Lease AmountI. Vehicles - Number & classes of Vehicles - Number of Buses and passenger capacity - Physical Damage coverage required?J. Property Coverage: - Estimated value of Our Property - Estimated value of Third Party Property K. Other Insurance Requirements: - Are there any surety requirements? - Is Cargo and/or Marine coverage required? - Are there any additional insurance requirements?
Make Exceptions “Exceptional”
• Identify non-compliant issues and exceptions and necessary corrective actions. Communicate to key parties!
• Business rationale – not just “vendor doesn’t want to do it”.
• Require formal, written sign-off by RM and/or others as appropriate – based on commitment authority.
• Keep formal log of exceptions and publish a periodic summary.
Contractual Risk TransferA. Indemnification Provisions: - Does Contract Meet RM Guidelines? - Provide clarification as neededB. Insurance Clause Provisions: - Does Contract Meet RM Guidelines? - Provide clarification as neededC Financial Risk Provisions: - Does Contract include default/liquidated damages clauses? - Provide clarification as needed
Risk Review Summary A. Overall Risk Exposure RED - Significant Level of Risk to Company YELLOW - Moderate Level of Risk to Company GREEN - Acceptable Level of Risk to Company
Risk Identification (RI)/Corrective Actions (CA):
RM Review Approval Authority - Operations Management - Risk Management - Legal - Tax
RI 1.CA 1.
Train, Audit & Communicate!• Train everyone in procurement,
risk management and others involved in the contract process.
• Establish an audit protocol and schedule.
• Circulate audit results, lessons learned and improvement plans.
• Use lessons learned and feedback to improve!
You are on your way to effective
Contracts Risk Management!
Thank you for your attention!
QUESTIONS?