Loading...
 
 
 

Risk Management

 
Options
IACCM Council Representatives
Network Leads

This is the home page for the Risk Management Group.

 
 
Network Updates

Ask The Expert: Contract rights and obligations - How to get teams on the same page and sharpen awareness.

Many organizations encounter problems immediately after the contract is signed to deliver services to its customers or to demand what services it expects to be delivered by its suppliers. This is a very common point within many organizations worldwide causing customer and supplier misalignment which results in dissatisfaction, delivery failures and, consequently, to contract value erosion.

Read More...

Getting to grips with complexity

'An organisational tendency to cultivate complexity.' That expression comes from Australian Bank Westpac in a self-assessment into its internal culture, governance, and accountability.

Read More...

Limitation of Liability

I was recently having coffee with four other individuals involved in contracting for IT Professional Services. During the course of conversation one of the participants suggested that rather than having unlimited direct liability for certain aspects (breach of confidentiality, indemnification of third-party claims, gross negligence and willful misconduct) that EVERYTHING be limited to the extent permitted by law -- but then increase the limitation to a number that would cover the majority of potential issues ($5,000,000 USD was a suggestion). When questioned, the participant stated that when it comes to contracting parties where one has "deep pockets" and the other does not, having the unlimited liability may sound nice on paper, but in reality it is a one-way protection that benefits the party that does not have deep pockets. Effectively, if the party that does not have deep pocket had a very large claim against them, they could declare bankruptcy and later reorganize as a different business concern - while the deep pocket party with the same claim would be obligated to pay. Their perspective was in essence: No consequential damages; limit all direct damages to a pre-defined/agreed amount ($5,000,000 or amount that will cover 90%-95% of historic claims in the industry); and include indemnification from third-party claims in the cap. Thoughts?

Read More...
 

AM Contract P1 and P2 assignment based on User category

Hi, I am dealing with a contract wherein Priority 1 and 2 is assigned based on user category who raised it. If user raising Incident is VIP user then it will be raised as P1 or P2 irrespective of severity of Incident. It leads to exposure to liability to my company when any breach of single incident raised by VIP impose liability on me. Also there is no defined process as minimum number of P1 & P2 tickets quota for applicability of penalty on breach. Is there any workaround to come out of this trap ? Can I propose some changes to this arrangement ?

Read More...

Additional resources

Hello everyone, Following our webinar at the end of October, I am coming back with few recommendations on the available resources on IACCM: - Ask The Expert: Mitigating Cyber Risks with Third Parties - Asia Pacific Ask The Expert: Cyber Resilience - The role of contract in the Fourth Industrial Revolution - Ask The Expert: Data Protection - the global impact of GDPR In addition to presentations above, there are few white papers that can provide more details on what what ransomware is and how it works. See, for example: - Mcafee Understanding Ransomware and Strategies to Defeat it: https://www.mcafee.com/uk/resources/white-papers/wp-understanding-ransomware-strategies-defeat.pdf - The Wannacry Ransomware: http://cert-mu.govmu.org/English/Documents/White%20Papers/White%20Paper%20-%20The%20WannaCry%20Ransomware%20Attack.pdf It would be great to see your own thoughts or resources you find useful. Kind regards, Daniela

Read More...

Mitigation of Risk - Hive-Up

Company A enters contract with X for £0.5M (Implementation of IT system). No written agreement. Therefore implied terms and possible "fit for purpose" onerous obligation at common law. No liability cap. Very high risk. 18 months later. Co. A is acquired by Co. B who later wishes to hive-up A`s assets but does not wish to take on the contract with X. So Co. A remains a going concern. Staff are TUPE`d over and the work (to try to close out contract) is subcontracted to Co. B who exclude all liability to X (they would not be liable anyway - no privity). Thus Co. A is rendered a shell with the risk of being sued by X. If they did, co A has PI insurance to rely on. If that insurance policy falls over they would enter administration. This is a mitigation of risk strategy. Does anybody see any IA1986 issues or any other issues (Co. A has no creditors and as of now it is solvent and trading).

Read More...
 
 
 
Network Members