Loading...
 
 
 

Risk Management

 
Options
IACCM Council Representatives
Network Leads

This is the home page for the Risk Management Group.

 
 
Network Updates

Mastering contract complexity for greater regulatory compliance and risk management - IACCM Americas Conference 2019

All organizations need to address industry or government regulations as well as internal governance and compliance mandates. This can create added complexity to completing transactions, managing risk and keeping down cost. Changes in regulation requirements such as GDPR and SOX create challenges in keeping current language in place at renewal or onset of new business. In this session learn how large organizations operating in a highly regulated environment delivered innovative contract management solutions to reduce contract cycle time, increased speed of audits and aligned functions for better planning and insight into the business.

Read More...

WHY SHOULD WE INCLUDE OPPORTUNITY? Five C's

Many of the pieces are now in place to support widespread adoption of inclusive risk management that addresses both threats and opportunities. International standards define risk as double-sided, and this is supported by professional bodies, recognised thought-leaders, expert practitioners, and leading-edge organisations. All that's needed is for more people to start doing it! But why should we?

Read More...

Limitation of Liability

I was recently having coffee with four other individuals involved in contracting for IT Professional Services. During the course of conversation one of the participants suggested that rather than having unlimited direct liability for certain aspects (breach of confidentiality, indemnification of third-party claims, gross negligence and willful misconduct) that EVERYTHING be limited to the extent permitted by law -- but then increase the limitation to a number that would cover the majority of potential issues ($5,000,000 USD was a suggestion). When questioned, the participant stated that when it comes to contracting parties where one has "deep pockets" and the other does not, having the unlimited liability may sound nice on paper, but in reality it is a one-way protection that benefits the party that does not have deep pockets. Effectively, if the party that does not have deep pocket had a very large claim against them, they could declare bankruptcy and later reorganize as a different business concern - while the deep pocket party with the same claim would be obligated to pay. Their perspective was in essence: No consequential damages; limit all direct damages to a pre-defined/agreed amount ($5,000,000 or amount that will cover 90%-95% of historic claims in the industry); and include indemnification from third-party claims in the cap. Thoughts?

Read More...
 

AM Contract P1 and P2 assignment based on User category

Hi, I am dealing with a contract wherein Priority 1 and 2 is assigned based on user category who raised it. If user raising Incident is VIP user then it will be raised as P1 or P2 irrespective of severity of Incident. It leads to exposure to liability to my company when any breach of single incident raised by VIP impose liability on me. Also there is no defined process as minimum number of P1 & P2 tickets quota for applicability of penalty on breach. Is there any workaround to come out of this trap ? Can I propose some changes to this arrangement ?

Read More...

Additional resources

Hello everyone, Following our webinar at the end of October, I am coming back with few recommendations on the available resources on IACCM: - Ask The Expert: Mitigating Cyber Risks with Third Parties - Asia Pacific Ask The Expert: Cyber Resilience - The role of contract in the Fourth Industrial Revolution - Ask The Expert: Data Protection - the global impact of GDPR In addition to presentations above, there are few white papers that can provide more details on what what ransomware is and how it works. See, for example: - Mcafee Understanding Ransomware and Strategies to Defeat it: https://www.mcafee.com/uk/resources/white-papers/wp-understanding-ransomware-strategies-defeat.pdf - The Wannacry Ransomware: http://cert-mu.govmu.org/English/Documents/White%20Papers/White%20Paper%20-%20The%20WannaCry%20Ransomware%20Attack.pdf It would be great to see your own thoughts or resources you find useful. Kind regards, Daniela

Read More...

Mitigation of Risk - Hive-Up

Company A enters contract with X for £0.5M (Implementation of IT system). No written agreement. Therefore implied terms and possible "fit for purpose" onerous obligation at common law. No liability cap. Very high risk. 18 months later. Co. A is acquired by Co. B who later wishes to hive-up A`s assets but does not wish to take on the contract with X. So Co. A remains a going concern. Staff are TUPE`d over and the work (to try to close out contract) is subcontracted to Co. B who exclude all liability to X (they would not be liable anyway - no privity). Thus Co. A is rendered a shell with the risk of being sued by X. If they did, co A has PI insurance to rely on. If that insurance policy falls over they would enter administration. This is a mitigation of risk strategy. Does anybody see any IA1986 issues or any other issues (Co. A has no creditors and as of now it is solvent and trading).

Read More...
 
 
 
Network Members