Loading...
 
 
 

Risk Management

 
Options
IACCM Council Representatives
Network Leads

This is the home page for the Risk Management Group.

 
 
Network Updates

Limitation of Liability

I was recently having coffee with four other individuals involved in contracting for IT Professional Services. During the course of conversation one of the participants suggested that rather than having unlimited direct liability for certain aspects (breach of confidentiality, indemnification of third-party claims, gross negligence and willful misconduct) that EVERYTHING be limited to the extent permitted by law -- but then increase the limitation to a number that would cover the majority of potential issues ($5,000,000 USD was a suggestion). When questioned, the participant stated that when it comes to contracting parties where one has "deep pockets" and the other does not, having the unlimited liability may sound nice on paper, but in reality it is a one-way protection that benefits the party that does not have deep pockets. Effectively, if the party that does not have deep pocket had a very large claim against them, they could declare bankruptcy and later reorganize as a different business concern - while the deep pocket party with the same claim would be obligated to pay. Their perspective was in essence: No consequential damages; limit all direct damages to a pre-defined/agreed amount ($5,000,000 or amount that will cover 90%-95% of historic claims in the industry); and include indemnification from third-party claims in the cap. Thoughts?

Read More...

Ask The Expert: 5 things you need to know about emerging tech.

Most of us are aware of the new technologies that are starting to impact business operations, but to date the scale of impact on contract and commercial management is limited. Is that because we undertake tasks that can only be performed by humans, or do we face imminent and disruptive change? IACCM has built strong relationships with many of the leading companies and organizations at the forefront of emerging tech, because it is core to our purpose of helping members understand, adjust and - where needed - re-skill for the future.

Read More...

Ask The Expert: How To Manage The Risks You Didn't Know You Were Taking

Most people think of risks as uncertain negative future events, but they include much more than that. If you don't recognize all the risks, you end up taking them with your eyes shut. Find out what risks you're missing, together with practical strategies for addressing them.

Read More...
 

Vendor financing agreements

Some (small and cash strapped) oil and gas operators are resorting to vendor financing agreements with major hardware suppliers / service providers as a way of raising the funding for their development projects. Is it really possible for the small operator, who may have limited alternatives for raising capital for his project, to negotiate a fair deal out of such arrangements. Does anyone have any experience of a vendor financing arrangement between a small operator and a major vendor which worked out well for the operator in the long run.

Read More...

Limitation of liability Clause in License Agreement

Our customer is not accepting limitation to direct damages stating that "failure of the Software means we won't be able to fulfill our obligation towards customers and our liability to them. Also any limitation to direct damages is not acceptable." They are demanding 150% CAP for LoL. Can you suggest some argument or some standard guidelines on the same? How can I secure my organisation interest?

Read More...

AM Contract P1 and P2 assignment based on User category

Hi, I am dealing with a contract wherein Priority 1 and 2 is assigned based on user category who raised it. If user raising Incident is VIP user then it will be raised as P1 or P2 irrespective of severity of Incident. It leads to exposure to liability to my company when any breach of single incident raised by VIP impose liability on me. Also there is no defined process as minimum number of P1 & P2 tickets quota for applicability of penalty on breach. Is there any workaround to come out of this trap ? Can I propose some changes to this arrangement ?

Read More...
 

Additional resources

Hello everyone, Following our webinar at the end of October, I am coming back with few recommendations on the available resources on IACCM: - Ask The Expert: Mitigating Cyber Risks with Third Parties - Asia Pacific Ask The Expert: Cyber Resilience - The role of contract in the Fourth Industrial Revolution - Ask The Expert: Data Protection - the global impact of GDPR In addition to presentations above, there are few white papers that can provide more details on what what ransomware is and how it works. See, for example: - Mcafee Understanding Ransomware and Strategies to Defeat it: https://www.mcafee.com/uk/resources/white-papers/wp-understanding-ransomware-strategies-defeat.pdf - The Wannacry Ransomware: http://cert-mu.govmu.org/English/Documents/White%20Papers/White%20Paper%20-%20The%20WannaCry%20Ransomware%20Attack.pdf It would be great to see your own thoughts or resources you find useful. Kind regards, Daniela

Read More...

Mitigation of Risk - Hive-Up

Company A enters contract with X for £0.5M (Implementation of IT system). No written agreement. Therefore implied terms and possible "fit for purpose" onerous obligation at common law. No liability cap. Very high risk. 18 months later. Co. A is acquired by Co. B who later wishes to hive-up A`s assets but does not wish to take on the contract with X. So Co. A remains a going concern. Staff are TUPE`d over and the work (to try to close out contract) is subcontracted to Co. B who exclude all liability to X (they would not be liable anyway - no privity). Thus Co. A is rendered a shell with the risk of being sued by X. If they did, co A has PI insurance to rely on. If that insurance policy falls over they would enter administration. This is a mitigation of risk strategy. Does anybody see any IA1986 issues or any other issues (Co. A has no creditors and as of now it is solvent and trading).

Read More...

Scope Creep Issues

How to handle scope issues ?

Read More...
 

Infrastructure Security Audit Report

Can anyone help me with Service Provider's Infrastructure Security Audit Report?

Read More...

Freight Forwarder's Liability for Cargo Loss

Hello, We are currently negotiating a contract for international freight forwarding services and would appreciate suggestions and feedback regarding liability for cargo loss/damage. Will freight forwarders agree to assume such liability and, if so, how much? And will they agree to provide cargo insurance? We understand there are international conventions and laws governing this matter which tend to limit the freight forwarder's liability, but we also understand that parties are free to contract differently if they so choose. What we don't know, are the industry norms. Any advice you may have would be greatly appreciated. Thanks

Read More...

Qatar: Return of Performance Guarentee

Having an interesting debate with a PMC here just now. Our contract is NEC3, the clause regarding the return of our performance guarantee states that we will receive it "Upon completion of the contract" which is a term not clearly defined in the document (elsewhere the terminology is NEC3 and refers to "completion of delivery of the goods and services"). My view is that as with FIDIC we should be receiving our guarantee back upon completion of the works (goods and services) whereas the PMC state that it should be held for the 2 year defects liability period. Question: Is this lack of clarity sufficient to show an ambiguity and therefore as per Qatar civil code this should be interpreted in my favour?

Read More...
 
 
 
Network Members