IACCM - International Association for Contract & Commercial Management Contracting Excellence Magazine

September 2013 Edition


Contracts and ethics - a dilemma

Tell me what you think!   I've included some 'ethical dilemmas" at the end of this article and invite you to reply.  I may decide to publish a selection of responses in future issues. I question the role of contract managers in how we manage ethical issues. Should we have a more formal code of practice within the concept of a 'license to operate' - very much as all established professions have?  - Tim Cummins

By Tim Cummins, CEO IACCM

Contracts are, by their nature, ethical instruments. They provide a formalization of commitments, enforceable by law. This enforceability depends upon terms that adhere to the law, thereby eliminating illegal acts, ensuring a degree of fairness and – in many cases – incorporating extensive wording related to regulatory compliance.

The contracting process also involves an increasing focus on ethical issues. Corporate concerns over reputational risk have spawned steady growth of diligence in researching and selecting trading partners. Concerns over their ownership, their compliance with international health and safety standards, their use and treatment of labor, the source of their supplies and absence of bribery or corruption represent the type of moral and ethical issues that now feature as part of the selection process and of on-going audits and compliance requirements.

No doubt that contracts -- and by extension -- those who are engaged in their formation and negotiation, play a significant role in establishing and maintaining ethical standards.

  • But to what extent does this actually influence the contracts and commercial professional?
  • Do they have an ethical role that extends beyond simply ensuring the integrity of the contract?
  • Should they, as professionals, subscribe to an ethical code, with oversight by an external body?
  • Indeed, if they wish to be considered 'professionals', is it not a requirement that they should be 'licensed to practice' and that this license can be withdrawn for breaches of established standards which include ethics?

These questions raise interesting issues for those in the world of contracting. Today, they tend to focus on the ethical standards of their counter-party and pay limited attention to those of their own organization. They may challenge commitments that they consider rash or hard to implement, but usually on economic grounds more than ethical. If we were to introduce a Professional Code, what principles might it embrace?

Arguably, the implications on the sell-side are more extensive than for the buy-side. That is because suppliers are generally making more extensive commitments than buyers and the selling process is itself more likely to generate acts of corruption.

  • To what extent, for example, should a professional contract negotiator report instances where they know or suspect that winning a contract has some dependency on acts of bribery?
  • Or, on the buy-side, where achieving supply fulfillment depends on some form of corrupt practices?

Going beyond these issues that are covered by international regulation, what is the role of the contract manager in overseeing the integrity and honesty of their own organization? We know of many instances where executives or target-driven sales managers are deliberately over-committed to customers, or where their inability to meet commitments has been kept hidden. These situations are of obvious detriment to both the buyer and the seller and to their shareholders. Sometimes they are honest misjudgments, but on other occasions they are deliberate deceptions.

  • What is the role of the contract manager in observing and distinguishing between these two conditions?
  • And what duties do they have when they identify them?

A more difficult area for judgment relates to abuse of power. To what extent should a contract manager seek to operate within standards of fairness? In cases where a buyer or a supplier has a high degree of dependency, when do contract terms or contracting practices become abusive? If our actions threaten the livelihood or safety of workers, is that acceptable?

Finally, contract managers may have visibility into broader acts of contract performance that raise ethical questions. An obvious example is of deliberate overcharging – perhaps expanding the hours worked, or claiming the rate for a top consultant when activities were conducted by a trainee.

Actions like this are often justified as 'industry practices'. Just like minor acts of bribery, everyone knows they happen, so they are acceptable so long as they stay within limits. Increasingly, such attitudes are not accepted and it is perhaps time for the contract management community to consider its role in the management and application of ethical standards.

Here are four brief examples of ethical dilemmas faced by contract or commercial managers. Each is based on a real situation. What would you do in these circumstances?

  1. We might not meet customer requirements   You work within an industry business unit in your corporation. The unit head is ambitious and sometimes overbearing. You are involved in the negotiation of a multi-million contract and other members of the team are expressing concerns over the ability to meet customer requirements. The terms demanded by the customer offer no room for maneuver and you feel that either a) the customer should be told that the current scope may not be achievable or b) senior management should be alerted to the risk. Your unit head dismisses these recommendations and insists on pushing ahead with contract signature. Other team members disagree with this position, but simply shrug their shoulders and stay silent.
  2. Supply commitments will not be met  You are managing an extremely high profile contract with a government body. It involves supplying trained personnel to support a major international event. Since the dates of this event are fixed, there is no flexibility over timing. You become aware that targets are slipping and that supply commitments will not be met. However, senior management refuses to acknowledge this and, in meetings with the customer, continues to assert that the contract will be fulfilled. As a result, the customer is not being given an opportunity to mitigate risk and you are very well aware of the reputational damage this failure will cause.
  3. Pressure to terminate the contract without cause  Your purchasing department is under constant pressure to deliver savings. Over recent years, more and more business has been sourced to low-cost countries. Several months ago, you awarded a large supply contract to a manufacturer in a remote region of China. It resulted in substantial savings and included a minimum monthly call-off and a committed two-year term. You have been told that this contract was a major boost to the local community and resulted in significant hiring by your supplier.  

However, due to a temporary drop in demand, your monthly shipments have actually been lower than forecast and you know the supplier has a stock build-up. Now, the category director tells you she has received a lower price offer from another Chinese supplier and she wants to terminate the original contract. When you explain there is no cause for termination, she simply demands that you switch supplier since the chances of the original contractor taking legal action against you are almost nil. You agree with this risk assessment because this action will probably put your supplier out of business.

  1. You were involved in the negotiation and implementation of a large Government contract. Charging under this agreement is use-based. During implementation, you become conscious that the mechanisms for monitoring use are unreliable and may result in significant over-counting. Some time later, you hear that questions are being asked about possible over-charging. The business unit executives deny that this is – or could be – happening, but you know different.

For further review, click on:

Transparency in corporate reporting  

2012 Corruption Perceptions Index


If your moral standards slip, you have no ethics!

The trust of your customers, suppliers, employees, shareholders, and the general public is your most valuable asset. But it's under threat as never before.  Although more businesses are putting stonger value on ethics these days, they are allowing moral standards to drop.  How can we change this?

By David Thorp, CEO and Founder of moralpath.com

Ethics is fashionable.  More than ever before, businesses are becoming more ethical with 93% of larger U.S. companies on the Standard & Poor 500 having a corporate ethics policy[1].  More employees find corporate codes useful in encouraging favourable ethical behaviour[2] and helping them apply the code frequently on the job.

But it's ironic.  If more organisations than ever before practice ethics, why do moral standards in business appear to be slipping? What answer do we have for a stark paradox between ethics and moral standards of modern corporate life?

Past news events have revealed one crisis after another in seemingly relentless sequence worldwide.  As examples, fraudulent activities like these have erupted into scandals from well-respected companies with comprehensive ethical codes for their stakeholders:

  • banks fixing inter-bank lending rates thereby manipulating financial markets in their own best interests;
  • tainted food supplies creeping across Europe, with rogue elements of a supply chain substituting horse meat for beef, pork and lamb in processed foods;
  • global corporations blatantly avoiding taxes in some of their most lucrative national markets;
  • retail chains exploiting inequality of bargaining with their dependent suppliers amounting to legally-sanctioned bullying;
  • turning a blind eye to a series of fatal accidents in poorly-built factories in the developing world, where western brands chase the lowest manufacturing cost in pursuit of the highest margin;
  • ever-present price-fixing, mis-selling and bribery allegations.

Even lawful and ethical practices can hurt consumers when respect for moral standards disappear.  One example applies to privacy and consumer manipulation.     The rise of digital technologies and its erosion of your privacy means it's not just government that knows almost everything about you.  The supermarket has records as does the internet service provider.  Then there's the phone company, the app store, the online music store, streaming service, social media platforms… and so on.

These commercial businesses can use this data to entice us with products or services we'll find increasingly difficult to refuse. Technology enables 21st Century businesses to drill deeply into our consumption patterns, buying behaviour, web search history, social habits and interactions.  And we share the smallest details of our lives freely via social media.

We are manipulated as never before. So too our children: they are in the front line of the battle for consumer mind space. Eager adopters of the latest technology and the hottest social platforms, childrens' unformed minds are vulnerable to ingenious influencing techniques.  Children usually lack the mental sophistication to handle the attack successfully. Companies draw our youth deeper into promise and enticement and do it all within the law and the ethical code of their industry.

Ethical? Apparently. Moral? No!

Market intelligence subtly shapes consumer behaviours  Over time, we spend more than we should on products we might not want. Technology has given corporations the power to explore our inner lives.

Arguably an overarching moral obligation exists for all businesses to conduct their dealings with their many stakeholders in a transparently ethical manner. Abuses of power and moral lapses can go viral globally within minutes. It's time therefore that companies spent less time putting together increasingly complex and detailed ethical codes and focused instead on the developing the personal morality of their workforce.

Morals and ethics go hand-in-hand 

Often we use the terms morals and ethics as though they mean the same thing.  They don't.   At the same time, when management embraces ethics and ignores moral standards, they could put their organizations in jeopardy.  That's why the juxtaposition between moral and ethical standards must be understood and visibly adhered to in any organization. 

First, understand the difference   Your own moral standard is uniquely yours, personal to you, embedded by a process of nature and nurture over your entire life, and once established tends to change little - if at all - over time. Ethics, by contrast, are socially-derived and thus dependent on others. Ethics are not personal to you; you adopt them from some or other group.

Sadly, organisations focus on promoting an ethical code rather than building and reinforcing individual moral characteristics. And therein lies the problem.  When you've adopted five or more ethical codes over the years, you might become desensitised and honour the code more in word than deed. Over time, without appropriate support for the employees' morals, aberrant behaviours can creep in. If your organization has a first rate ethical code but is managed by morally bankrupt, flawed individuals, what good is the code?

The Enron scandal is an example. While publicly espousing the highest ethical standards, Enron was acting in a wholly immoral manner, quickly leading to its spectacular bankruptcy, putting thousands out of work, losing vast sums for its shareholders and ultimately bringing down its auditors, Arthur Andersen, who were simultaneously selling management consultancy to Enron and allegedly participated in the cover up.  The 62 page ethical code was worthless.

Would the outcome have been different If either of the following events had happened?

  • Enron had issued a simple moral statement that staff should adhere to at all times and backed it up with reinforcement activities such as coaching or group discussion?
  • Enron had followed the model of James C Penney who in 1902, founded what he called the Golden Rule Store, "Do unto others as you would have them do unto you." The principle requires all stakeholders within a transaction to be treated equally, in a mutually respectful manner.

If senior employees at Enron and Andersen had been guided by their personal moral compass instead of gradually perverting the internal culture and undermining the ethical foundations of the business to the point of outright criminality, the debacle might have been averted.

The guiding thought behind this brief article is that encouraging and enabling morally-consistent thinking and behaviours in individuals are better safeguards for all stakeholders than an ethical code applicable to the group as a whole. 

  • Business schools should prioritise teaching moral reasoning techniques.
  • Employers should explore the moral orientation of staff when they hire them and create an environment where their personal morality will deliver the ethical behaviours the organisation seeks.
  • Induction processes within these organisations, supported by ongoing training and coaching programmes to underpin moral behaviours should be central to staff development.
  • Appraisal processes should have a moral dimension to them. This will empower the individual, but ultimately it will be the organisation that benefits most from a workforce of autonomous moral thinkers, operating within the corporate ethical structure but retaining the ability to see right and wrong for themselves without needing a multi-page document to point out this distinction to them. A mentality will spread throughout the organisation, permeating every layer of corporate life and beyond to all stakeholder groups – including customers and the wider society. And this buys trust from those wider stakeholders.

When faced with a moral decision over whether or not it's right to do something, don't bring up your organisation's code of ethics. Look inside yourself. We all have that innate sense of what's right and what's wrong and if your organisation's code of ethics varies in any way from your own innate moral sense then you're working for the wrong company.

Ethical codes are essential bonding mechanisms within organisations, just as they are within wider society: honour them but do not allow yourself to become blinded or corrupted by them.  Always follow the golden rule: don't do anything to someone else that you wouldn't want someone to do to you. Whether that be ducking out of the social contract we're all part of by avoiding paying your taxes; adulterating the products you sell; indulging in invasive, unfair or misleading marketing practices; fixing borrowing rates; using inappropriately sophisticated marketing techniques on children; using your unequal bargaining power unfairly; offshoring your suppliers without ensuring a safe working environment exists; or manipulating people in ways that suits you and not them.

My mission is to promote a moral dimension to working lives based on a personal emotional moral response rather than a cognitively-driven ethical one. This requires all employees to live their morals instead of relying unquestioningly on an adopted corporate ethical code. If that code is sound, it won't be at variance with your morals. It is possible to formulate a simple set of guidelines that can be followed by any of us working within any organisation to ensure we do not find ourselves in conflict with the overarching ethical code of that organisation. I call them Thorp's Ten Principles of Moral Business some of them have featured in this article.

Finally, remember this: You should never need to consult a corporate code to tell you the difference between right and wrong! It should be engraved on your heart.


  1. Sustainability Practices: 2012 Edition — a collaboration between The Conference Board, Bloomberg, and Global Reporting Initiative (GRI) Focal Point USA
  2. The Impact of Codes of Conduct on Corporate Culture (2006) LRN, Los Angles

Thorp's Ten Principles of Moral Business

  1. Always follow your own moral intuition: this is the one thing about you that must NEVER be negotiable.    
  2. Ethical codes are essential bonding mechanisms within organisations, just as they are within wider society: honour them but do not allow yourself to become blinded or corrupted by them.    
  3. Never allow your ethical environment to stifle your moral inner voice.      
  4. Ethics permit compromise...morals never should.
  5. Pay close attention to the needs of all stakeholders, but at some point you may need to prioritise in a way that is consistent with the greater good and with your own moral expectations.    
  6. Don't assume others can do your moral thinking for you. A code is a guide, not a set of instructions.    
  7. Be honest: if you believe a practice to be fundamentally wrong, you have a moral duty to say so and keep on saying so until someone listens.                               
  8. Be true to yourself: if the organisation you work for is consistently coming into conflict with your own moral code, you are working for the wrong company.                 
  9. If you manage other people, take the time to get to know and understand their personal values and strive never to compromise those values.
  10. A person will be judged by their actions, not their words: the same is true for organisations.


Without apology or compromise, David Thorp sets a very high standard for morality and ethics in business that too few businesses even consider duplicating.  His career path drew his attention to some disturbing realities he could not ignore.  Today he reaches out to others to teach about the criticality of ethics and how ignoring this issue destroys trust, let alone businesses. 

Before he founded moralpath.com, he led a thought-leadership and policy development for The Chartered Institute of Marketing as Director of Research and Professional Development. His work opened the door for him to identify the changing nature of competitive advantage. He saw that the relationship between a business and its customers was getting more collaborative, more personal.  And this would require more trust by the customer in the business. Looking further, he discovered too that too many organizations lacked ethical foundations.  Further experience and research led to him developing the Ten Principles of Moral Business, which underpin Moral Path's work with organisations and individuals.


The high cost of lying on the job

Step inside the world of bluffing, deception, and misrepresentation to uncover the truth about contract management's 'grey area.' Learn how to deal with the signs of dishonesty before they engender heavy costs.  Keld Jensen dispels the zero-sum negotiation approach which is based on conflict and power struggles. He compares it with the benefis of a strategy known as SMARTnershipTM .

By Keld Jensen, CEO and Corporate Officer of MARKETWATCH® Centre for Negotiation, Denmark, adjunct professor at Thunderbird School of Global Management.

You've been duped.  Few feelings are worse than the embarrassment of signing an agreement you thought was valuable for your company, but quickly festered into fraud. And your company is left with the expense and media exposure of what a third party did to deceive. 

As a contract manager, negotiator, or sales professional, understanding the truth about contract management's grey area can help your career and business immeasurably. It can save your business from a bad supplier. More importantly, it can help you create more trusting, open, and profitable relationships with the countless well-intentioned ones.

Startling Facts about Dishonest Behavior

It's critical to be aware of the pervasiveness of the issue. Dishonesty manifests regularly in our personal and professional lives, regardless of what industry we are in. We must own up to the culture we've all had a hand in creating.

An environment of doubt slows business transactions and profitability. We used to complete an agreement with a single handshake. Now, even the simplest business deal requires contracts the size of a small phone book. And despite the increasing regulations and legal precautions, trust remains low.

We all engage in deceit, at some level. According to a survey by psychotherapist and consultant Dr. Brad Blanton, 93% of respondents out of forty thousand Americans admitted to lying “regularly and habitually in the workplace.”1 Personally, I think the other 7% are lying to themselves!

People stretch the truth frequently. Dr. Paul Ekman, a renowned American psychologist and the author of Telling Lies, found that people are untruthful an average of three times per 10-minute conversation2

We tend to believe we are more trustworthy than others. For 20 years, Karen Walch, professor of international business and negotiation at Thunderbird School of Global Management, has conducted an ongoing negotiation study among her students. “What we've generally found so far is that 40% of people tend to believe that they are cooperative and trusting,” says Walch. “Yet, when asked about the counterpart, people tend to believe that the other party is just looking to win.”3 Does that sound like your last negotiation?

People believe it's okay to tell small, white lies.  One laboratory research experiment found that participants used misrepresentation in 28% of their negotiations.4 This meant intentionally misleading the counterpart about common-value issue preferences or omitting information. Also, a Wall Street Journal article discussed the cost of cheating. An experiment showed that while hundreds of dollars were lost to a few big cheaters, the little cheaters cost thousands!5 

It's typically not one contracting relationship that destroys your bottom line; it's the 98% of mostly honest suppliers that look for an extra percentage point or two.

Rethinking Your Approach to Commercial Relationships

There is nothing more important to the success of a contract manager than his or her reputation. As technology has leveled the playing field for small and medium sized businesses, it's become far more difficult to compete based on product quality and price alone.

In 20 years of research compiled by my firm, Marketwatch Center for Negotiation, we've found that negotiators can unlock up to 42% more value in commercial transactions by negotiating in SMARTnership™, a relationship based upon seamless cooperation and shared information.  This is a stark contrast to the argumentation, power struggles, and manipulation that plague some contract relationships. It sounds simple, but, as research shows, it's not how we are hardwired to behave.

In a zero-sum mentality, there is not enough trust for fully transparent communication and collaboration to take place. However, this is exactly what is required in order to expand variables beyond just price. Parties can leverage the differences they have in values, but only when intentions are clear and conversation is candid. Imagine a construction company purchasing a large order from a drywall manufacturer. It may be cheaper for the supplier to store the drywall at their own factory, but only an open discussion regarding the storage costs to each party can reveal this. In this situation, the construction company may then be able to afford to pay more for the product because reduced storage costs would bring their total cost down. It's a win-win for both parties.

An excellent strategy is never built by accident. It makes serious demands on both parties to build a trusted relationship. There are specific steps you must follow.

First, you must come to the table prepared. This means not only knowing your objectives for a particular contract relationship, but also bringing creativity, a problem-solving mindset, and understanding of the goals of the other party. If a contract is valued at a million dollars, you should be thinking, “How can we work together to make this worth $1.5 million?”

It's critical to set the right tone from the start of the relationship. Before entering any agreement, talk with the other party about the need for openness, honesty, and fair play. In my negotiations, we agree to the Rules of the Game™ at the beginning of the relationship, and then sign a code of conduct that cements how we agree to move forward. We deal with the issue upfront instead of wasting energy speculating as to the ethical standards that will govern the conversation. 

As you build your business relationship, demonstrate trust in the other party, but avoid being naïve. When ambiguous statements arise or questions are unanswered, ask for clarity. If your counterpart cannot offer an answer, find out why. To ensure comprehension, make a habit out of summarizing their words back to them. And, of course, document all agreements. While none of these methods guarantee a successful contract, they do create the best possible environment for one to evolve. 

Taking the Road Less Traveled

Over the years, trust has eroded throughout the business world due to unethical behavior and ego-centric business objectives. These practices are increasingly unsustainable. We must change our perspective to focus on long-term value where honesty, integrity, and transparency are viewed as qualities that are not only right, but also profitable.

We cannot afford to wait around for other people to change before we do. It takes courage, but you are the one who must take the road less traveled. Doing so will allow you to reap rewards far greater than you have ever imagined. As author Marianne Williamson said, “As we let our own light shine, we unconsciously give other people permission to do the same. As we're liberated from our own fear, our presence automatically liberates others.” It all starts with you!


1. Here's a radical idea - tell the truth!

2. Anatomy of a lie

3. Walch, K. (2013 February). Telephone Interview

4. A Nasty but Effective Negotiation Strategy: Misrepresentation of a Common-Value Issue

5. Why we lie


Keld Jensen, CEO and Corporate Officer of MARKETWATCH® Centre for Negotiation, Denmark, is a negotiation and leadership expert, speaker, and author of the bestselling book SMARTnership: The Third Road - Optimizing Negotiation Outcomes (Acanthus Publishing, 2012) and The Trust Factor – Negotiating in SMARTnership, to be published by Palgrave Macmillan in late 2013. He is the COO of the Global Summit on Negotiation & Trust conference, and a regular contributor to Forbes.

Learn more at www.KeldJensen.com or email him at keld@marketwatch.dk.


Is there a right way to handle bribery? - the Siemens story

As an employee at Siemens, witnessing its time of scandal and recovery, the author recalls how diligence and hard work led to an ending no one expected... 

By Graeme Sloan, Director, Contract Toolkit Limited

In November 2006 Siemens1 suffered a dawn raid. Several employees had created phony consultants' contracts, false bills and shell firms to pay massive bribes to win contracts. As UK employees in a different division, we could not believe any part of Siemens could be involved in bribery and corruption2. Unfortunately we were wrong.

If we could have foreseen a favourable outcome through a crystal ball, the account that follows would have made sense.  But when this struck, it didn't look good.  Who could have been prepared? Is there such a thing as handling bribery the right way?  Many of us feared worst case results. 

The initial response was denial: play it down as a few rogue individuals. Unfortunately the truth kept pouring out and the initial response seemed to be self-serving.

  • Stakeholders and employees lost faith in the integrity of the Board.
  • CEO Klaus Kleinfeld and Chairman Heinrich Von-Pierer departed.
  • Kleinfeld's successor, Peter Löscher, announced a month-long amnesty for employees to come forward, explicitly excluding former directors, but about 40 whistleblowers gave incriminating evidence, which extended the scandal's reach into the previous board. 

Four international investigations ensued. Siemens assisted with its own rigorous internal inquiry by New York law firm Debevoise & Plimpton.

As UK employees, we watched aghast at the developments.  We could not understand how it had come to pass, given the controls we operated under.  However, it should be noted that bribes were common practice in German business at the time, and even tax-deductible!

The intervention

Early on, Siemens appointed Michael Hershman, co-founder of Transparency International, to serve as its adviser.  Both Siemens and Transparency International  went to work on recovery.  It would entail scrutiny of existing processes and changes in departmental orientation.  Once rolled out, the results looked like this:

Transparency International…

  • rolled out strict new rules and anti-corruption/compliance processes. I
  • hired over 500 full-time compliance officers (up from just 86 in 2006)
  • established compliance hotlines, and an external ombudsman based worldwide and online.
  • created a web portal for employees to evaluate risk in their client and supplier interactions.


  • transferred all Contracts staff to work for legal
  • launched a comprehensive training and education programme on anti-corruption practices for its employees. By 2008, Siemens had trained more than half its 400,000-strong global workforce on anti-corruption issues.
  • stopped competing in known hotspots for corruption or unethical practice, such as Sudan.
  • voluntarily suspend our applications for funding from the World Bank for two years.
  • agreed to a €75 Million programme to pay to non-profit organisations fighting corruption over fifteen years.
  • took over 900 internal disciplinary actions, including dismissals.

What did the scandal and correction process mean to the majority of Siemens?  Like many such events, “medicine” for the cure usually goes too far. Those of us doing normal business suddenly were immersed in lawyers.  In fact on one bid we had a personal lawyer for each member of the bid team who would rewrite the technical as well as the commercial submissions. We had then to rewrite them to make them capable of submission. We lost the bid.   

Overall, the scandal cost Siemens at least €2.5bn, including €2bn of fines. The firm was also barred from dealings with certain clients. The cost to employees of two years of shame under intense public scrutiny, especially in Germany, is difficult to calculate.

Peter Löscher should be commended for his approach to ending corruption and giving staff back a pride in their company. Mr Löscher argued that changing the corporate culture to one driven by ethical standards "is a marathon for us, not a sprint" and I think it is for all of us in whatever organisation we work.

Siemens' full response to the scandal has been widely praised by many independent anti-corruption and ethics experts, including the Organisation for Economic Co-operation and Development, and U.S. Federal authorities.


1. Siemens home page

2. Article - Siemens Corruption Scandal Deepens


As a contracts and commercial director, Graeme Sloan leads large scale Business Process Outsourcing, IT Outsourcing and Business Transformation opportunities together with large capital installation projects.

  He operates within all levels of organisations, developing and building relationships based on an entrepreneurial spirit, delivery and trust.

  He has extensive experience across many industries, sectors, and geographies managing operations in UK, Ireland, Belgium and Spain -- applying best practice to each specific opportunity.


Risks of corruption - avoid being victimized

Research shows a typical organization loses an estimated 5% of its revenues to fraud each year.   Have you been victimized by third parties – like vendors, distributors, joint-ventures and customer organizations?  With a thorough due-diligence program, you can avoid the pitfalls that can compromise your ethics policy.


Steve Kuzma Americas Leader for the Corporate Compliance Advisory Services group within Ernst & Young LLP’s Fraud Investigation & Dispute Services practice


Joshua Andrews, Manager within Ernst & Young LLP’s Fraud Investigation & Dispute Services practice


Staying ethical and surviving is an increasing threat to organizations for many reasons. No wonder companies worldwide are still cautious in accounting for various growth strategies as the economic conditions continue to stagnant in many parts of the world. In this environment, the pressure to grow profits conflicts with ethical business conduct, stressing all levels of the organization, particularly those managing third-party relationships.

As mature economies struggle and some growth markets in Asia and South America decelerate, it is increasingly common for businesses to roll  back ethics to spur growth, especially in the developing markets. Further, management and boards are increasingly focusing their attention on new and rapid-growth markets. Whether it is Indonesia, Nigeria, Mexico or Turkey, the opportunities to secure new revenues in rapid-growth markets are significant.

But these opportunities cannot be evaluated without understanding the associated risks. Many of these markets may have high levels of fraud, bribery and corruption, committed by both the organizations pursuing business in these markets and the third-parties with whom they contract.

Staggering losses and risk

According to Ernst & Young’s 12th Global Fraud Survey1, despite companies’ heightened awareness of the various risks posed by fraud and corruption, significant weaknesses and loopholes remain in their fraud mitigation efforts. Companies now realize that developing highly effective compliance programs is key to mitigating the fraud and corruption risks of doing business, especially in emerging and developing markets.

As noted in the 2012 Report to the Nations2 released by the Association of Certified Fraud Examiners, a typical organization loses an estimated 5% of its revenues to fraud each year. Applied to the estimated 2011 gross world product, this figure translates to a global fraud loss of more than US$3.5 trillion.

Risk of third parties   Companies are often compelled, or required by local practice, to use third parties when navigating new markets. In so doing, they are exposed to significant risks.

A single case of a third-party agent bribing an official -- even without the knowledge or approval of the contracting company -- can cost the contracting company heavy fines and taint its reputation with criminality. Yet many businesses have not taken sufficient measures to understand the activities of their third-party agents, and procedures for monitoring the anti-corruption controls used by third parties are often underdeveloped.

Further, only 59% of respondents in EY’s fraud survey reported using an approved supplier database (vendor master database) — an alarming percentage for such a simple mechanism which helps ensure that only legitimate and bona fide third parties provide the company with services. The apparent lack of controls around third parties presents a real problem.

The EY survey also highlights how Chief Financial Officers (CFOs) are uniquely positioned to override payment and contracting process controls, because company boards, regulators and stakeholders all rely on CFOs for financial, operational and compliance details.

Responses among the nearly 400 CFOs interviewed seemed to be a cause for alarm, because 15% of CFO respondents said that they would be willing to make cash payments to win business. These payments, made through a company process, should be monitored to see if any bribes were paid under the guise of legitimate payments.

More often than not, company boards are adopting a check-the-box approach to managing risk, because they are increasingly overwhelmed by complex risk management and compliance information, along with detailed anti-bribery and corruption policies such as the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act.

This is surprising.  A recent EY study3 found that 51% of foreign direct investment projects in India come from the U.S., Germany, UK and France, where awareness of fraud, corruption, and bribery risk and regulation are high. In recent years, international businesses in sectors such as mining, construction, food and manufacturing have been sanctioned for breaches of the FCPA in India, often relating to the award of licenses or payments for sales contracts. The trends are similar in other high-risk markets.

The importance of third-party due diligence in contracting

When global corporations and their audit committees recognize the risks, they take a closer look at how they manage and conduct their due diligence around vendor, distributor, joint-venture and customer organizations, defined broadly as third parties.

Organizations with due diligence programs are finding they have not kept pace with the increased global risks of third-party vendors, particularly in the areas of anti-bribery and corruption, leaving many companies to wonder what constitutes a reasonable due diligence program and how much research and documentation are enough.

When entering new markets, the need for local contacts leads many companies to engage the support of third-party agents. Such relationships expose companies to significant compliance risks, as illustrated by the many publicized enforcement actions by regulators that highlight the significant costs to companies of breaches by their third parties. In fact, more than 90% of reported FCPA cases involve third-party intermediaries.

In an effort to combat the bribery of foreign public officials in international business transactions, the Organisation for Economic Co-operation and Development has established good practice guidance that includes ethics and compliance measures to prevent and detect foreign bribery applicable to third parties, including agents and other intermediaries, consultants, representatives, distributors, contractors and suppliers, consortia and joint venture partners.

Creating a due diligence program

Taking this guidance into consideration, four key principles become apparent, which serve as a strong frame of reference for creating an effective global due diligence program.

  • Consistency: Is the process followed consistently? Can you link the vendor request forms to each vendor in the vendor master? Is it globally deployed? Are the rules and contract language consistent from country to country? Ask these questions to achieve a consistent and robust platform that allows your company to effectively and efficiently manage a decentralized program. Strive to have one system that everyone uses on a consistent basis.
  • Management oversight: It is important that management’s intent and actions provide for a robust third-party due diligence process.
  • Objectivity: Each due diligence investigation should be independently performed with its own case file, notifications, investigative findings, remediation actions, education and representations between the company and its agent, partner, distributor, third parties and others. A defined case management work flow integrating people, process and technology can be particularly useful to ensure an objective process.
  • Reasonableness: Reasonableness addresses the question, “How much is enough?” In your efforts to avoid doing business with the wrong people, a prudent and well-thought-out process is important. A thoughtful and reasonable compliance program that is risk-based is the best preventive strategy for making sure that compliance is both practical and defensible.

These four components are predicated on a critical first step: a credible, risk-based assessment of a company’s third parties. The process of conducting regulatory-related due diligence activities for those higher-risk third parties can be broken down into three general levels:

  • Level I analysis includes a comprehensive check of available sanctions and embargo and watch lists.
  • Level II analysis involves additional public database searches with a specific focus on localized public records databases, such as court filings, media, litigation, company profile including shareholder searches.
  • Level III analysis may include on-site inspections; reviewing corporate, civil and criminal documents; and validating financial records.


It is evident from the findings of our Global Fraud Survey that companies continue to face significant challenges when tackling risks of fraud, bribery and corruption. Many of them have failed to enact sufficient measures to manage risks. The issue becomes more acute as management and boards increasingly focus their attention on pursuing new revenue in rapid-growth markets.

Growth requires a nuanced view of individual markets and cultural norms balanced against the statutory language of an increasing number of anti-corruption laws. Organizations need to make concerted, risk-focused efforts that target areas of potential exposure, and management needs to lead by example.

Today’s global companies should evaluate their current third-party due diligence programs in the context of a risk-based framework that incorporates attributes of consistency, management oversight, objectivity and reasonableness.



1.  Ernst & Young’s (EY’s) 12th Global Fraud Survey   Between November 2011 and February 2012, EY researchers, in collaboration with Ipsos Mori, a global market research agency, conducted 1,758 interviews with senior decision-makers of the largest companies in 43 countries. The polling sample was designed to elicit the views of executives with responsibility for managing fraud, bribery and corruption risk: mainly CFOs and leaders of legal, compliance and internal audit. To read the survey, click on www.ey.com/globalfraudsurvey2012.

EY also assisted in development of the recent Open Compliance and Ethics Group eBook “Anti-corruption Illustrated.” This eBook provides in-depth discussion and useful visual placemats describing key elements of a comprehensive anti-corruption program including managing risk, third party, issue management, M&A, investigations, and data analytics.

2.  “Key Findings and Highlights of the 2012 Report to the Nations,” Association of Certified Fraud Examiners, http://www.acfe.com/rttn-highlights.aspx.

3.  Ready for the transition, EY’s 2012 India attractiveness survey



Steve Kuzma, Americas Leader for the Corporate Compliance Advisory Services group within Ernst & Young LLP’s Fraud Investigation & Dispute Services practice, helps companies identify and prioritize compliance risks related to legal, regulatory or business requirements. In addition to his experience with corporate compliance, Steve has more than 30 years of experience providing Fortune 1000 companies and large law firms with investigative services; corporate compliance services; financial, accounting and economic analyses; valuation assistance; and complex commercial dispute resolution support. He has testified in deposition, arbitration, and in federal and state courts throughout the US.

Steve is a certified public accountant, a certified fraud examiner and certified in financial forensics. He holds a BBA from Florida Atlantic University and an MBA from Rollins College, both in finance and accounting. He completed postgraduate studies at Northwestern University’s Kellogg Graduate School and Harvard Business School.

Joshua Kelly Andrews is Manager within Ernst & Young LLP’s Fraud Investigation & Dispute Services practice.  Leading the Washington, DC, forensic data analytics practice, he specializes in assisting clients facing litigation, internal investigations and prosecution. His areas of focus include forensic accounting and analytics, computer forensics, eDiscovery, and corporate compliance.

Joshua has been a speaker at numerous conferences and training programs for organizations including the Federal Bureau of Investigation, the Association of Certified Fraud Examiners, the Institute of Internal Auditors, the American Accounting Association, and the Institute for Fraud Prevention.

Joshua graduated from Mississippi State University with degrees in both Accounting and Business Information Systems, and has an advanced studies certificate in Forensic Accounting from Georgetown University. He is a Certified Information Systems Auditor and a Certified Fraud Examiner. He is also a contributor to the 5th edition of the Litigation Services Handbook.

The authors wish to express their thanks for the assistance of Yash Hiranandani and Abhishek Misra in preparation of this article.

The views expressed are those of the authors and do not necessarily represent the views of Ernst & Young LLP.


The NSA, Snowden and Third-Party Risk: Preliminary Lessons Learned

This article examines the importance of extensive, third-party background investigations and lists 10 background investigation considerations.

By MacDonnell Ulsch, CEO & Chief Analyst
Reprinted by permission from ZeroPointRisk Research, LLC

Remember this: Edward Snowden Worked for a Third-Party Vendor.  While it remains uncertain what exactly Mr. Snowden shared with other nations, we do know this: he wasn't authorized to disclose classified information.  Some may believe he is a hero, others believe he is a villain.  It is clear, though, that his employer, consulting firm Booz Allen, is the recipient of unwanted publicity.  The company is one of the more prominent government contractors supplying personnel to the intelligence community.

It is also clear that the third-party background investigation firm that vetted Mr. Snowden is under examination.  Northern Virginia-based USIS, which advertises that it is “the leader in federal background investigations ” is on the hot seat.  U.S. Senator Claire McCaskill (D-Mo.) said during a Senate hearing in June that USIS is “under active criminal investigation.”

The Senator also noted that there appears to be “systemic failure to adequately conduct investigations under its contract.”  In a statement that should resonate with every company engaging with third-party background investigation services, Sen. McCaskill commented that this should serve as “a reminder that background investigations can have real consequences for our national security.”  The problem extends to companies outside of the Washington Beltway and the defense and intelligence arena.

While it is unlikely that third-party employee behavior will rise to the level of policy violation exhibited by Mr. Snowden, it doesn't have to compromise information integrity, breach corporate governance and contracts, and violate regulatory requirements in the forms of identity theft, trade secret theft, brand hijacking, blackmail, and extortion.  The background investigation doesn't always work.

The annals of background investigation history are rich with examples of failed policy, procedures, and even strategies associated with understanding the truth about a candidate's past.  Criminals have passed background checks. 

There is a reason that top secret security clearances can take up to nearly two years to conduct and may cost several thousands of dollars—and sometimes much more--depending on a number of variables relative to each case.  Of course, not every candidate needs this level of background investigation.  But companies should examine the background investigation process used by third-parties that have physical, logical, or administrative access to information.

It's always good to conduct a more extensive background investigation on the basis of access.  Sometimes organizations initiate background checks only on some candidates.  One executive remarked that “we only conduct checks on positions with the title of vice president or above.”  This can convey a false sense of security.  While senior executives may have access to critical sensitive information, many lower level positions come with high level of access to this same information.

Here are ten background investigation considerations:

  1. Assess how the third-party under consideration may pose risk to your company, not by the title or level of a position, but rather the level of access to information.
  2. Make sure the third-party is open and responsive to questioning about the background check process.  Trust but verify, as the saying goes.
  3. Ask about their background investigation vendors, and then conduct your own due diligence on those firms used by the third-parties.  Examine the processes and methods used to investigate candidates.
  4. Don't hesitate to ask to see background check forms.  We've seen background reports where certain information contained in the report didn't seem right—and it wasn't.  Maybe it was a phone number that didn't seem correct, perhaps an area code that doesn't exist.  Yes, people actually make up telephone numbers and addresses.  It may be worth knowing what type of telephone number was used by the candidate.  Is it a temporary, prepaid number?  Is it a registered mobile number, a home telephone, or maybe even a business telephone number?  Is it the number of a family member, a friend, or other person?
  5. Have the third-party firm supply references.   And make sure that the references are consistent with your company.  For example, if the third-party is going to handle regulated data, check out companies that have engaged the third-party to manage that type of information.  The security and privacy requirements may be industry or jurisdiction specific.
  6. Check the third-party breach history and the cause of any breaches.  Were any breaches linked to failures in the background investigation process?
  7. Ask what lessons were learned after any breaches and if those lessons were incorporated into the background analysis process.
  8. Are employees ever reinvestigated?
  9. What is the reinvestigation frequency and scope?
  10. Are reinvestigations triggered by certain life events, or corporate events, such as a merger or acquisition?

The accuracy and effectiveness of background investigations of third-party employees is one of the best defenses against a breach and its consequences.  Knowing who has access to your data, and whether they are trustworthy, is a mandatory tenant of strong corporate governance.

© Copyright 2013.  ZeroPoint Risk Research LLC.  All rights reserved.

Please visit ZeroPointRisk series blog for the series.

Contact: Lorie Skolski, President & COO

Email: Lorie.Skolski@ZeroPointRisk.com

Telephone: 617-517-0063


MacDonnell Ulsch is the CEO and Chief Analyst at ZeroPoint Risk Research, based in Boston.  A subject matter expert in information risk and cyber breaches, he is the author of “THREAT! Managing Risk in a Hostile World,” published in 2008 by The Institute of Internal Auditors Research Foundation and the upcoming book “CYBER THREAT! How to Control the Growing Risk of Cyber Attacks,” to be published in 2014 under the John Wiley & Sons Inc. imprint.  He advises a broad range of clients, including the U.S. government, and served on the U.S. Secrecy Commission.  Ulsch has worked with former U.S. Senator Sam Nunn on security policy.  He is a former executive specializing in security and risk at the National Security Institute, Dun & Bradstreet, Manpower, and PricewaterhouseCoopers LLP.  Ulsch is a Distinguished Fellow of the Ponemon Institute and serves on the TechTarget/Information Security editorial advisory board.



Snowden and outsourcing - a cybersecurity tangle?

No doubt the effects of the Edward Snowden story are forcing us to ask yet again several questions: Among them, how can we improve our services in outsourcing, audits and security?  An approach to consider follows..

By Edward Willey, Lead Contract Manager, Commercial Management, Ericsson, Dallas, TX

While the United States government seeks the return of Edward Snowden to U.S. shores, businesses, government agencies, and non-government organizations (NGOs) have been forced to reevaluate their policies and actions when outsourcing their business-critical operations. Broadly speaking, the post-Snowden era of cybersecurity is likely to see a renewed focus on:

  1. Effective Contract Management in Outsourcing
  2. Audits as a Demonstration of Quality and Compliance
  3. Evolution of Information Security Resources in the Security Marketplace
  4. Permanent Place for Information Security Provisions in Commercial Contracts

What type of audit helps to prevent a data breach?

Audits in this space are of two general types:

  1. assessing whether an appropriate process or control exists; and
  2. assessing whether the process or control is sufficient to protect the security of an information asset.

These types of audits have a very different scope. The cost and time for completion will vary greatly.

The first type will not examine whether a control is likely to be an effective way to prevent or mitigate a risk. What counts is that the organization has identified (and usually documented) a process or control that addresses all principle risk areas.

By contrast, an audit concerned with the sufficiency of a process or control its likely to assess its effectiveness in preventing the risk. The second type looks deeper into the organization's processes, trying to find weaknesses and gaps.

Exercising diligence is recommended since this is an emerging area of concern for enterprises. Commercial and contract management practitioners should be aware of the difference between these two types of audits when including them in commercial contracts. However, they should understand that an employee could click on a phishing email the day after an organization successfully passes an audit, exposing the organization's network to the risk of a major attack.

What information security solutions or practices exist in the marketplace to guarantee security from threat vulnerabilities? 

Organizations are now asking what steps they can take to protect information assets from similar breaches. A contract drafter can require SOX compliance (Sarbanes–Oxley Act of 2002) from its outsourcing partner or insert a compliance with laws provision into a contract, but there is no single security standard in North America that comprehensively covers all industries and technologies.

Hundreds of tools, vendors, and consultants exist in the North American market alone. Many security tools provide similar functionality. Selecting the best tools is a challenge. Determining which solutions will work best for an organization as part of a total program requires resources and expertise, which translates directly to cost.

The truth is that no commercially available solution today is 100% effective at eliminating information security threats, and most especially “zero-day” threats, which are known only to hackers. Also, maintaining information security requires that organizations follow security best practices in addition to implementing IT tools. These security practices require not only monetary resources but also persistent efforts to ensure compliance with identified practices by individuals in the organization.

A key employee's mobile device or a sticky note with the CEO's login and password left behind in the local airport could put millions of dollars of information into the hands of a bad actor in minutes. The U.S. Department of Homeland Security acknowledges the importance of mobile device security and threats are now being turned to phones, tablets, and other mobile devices.2,3

How important is information security protection in commercial contracts?

Information security is a relatively recent concern for the commercial and contract management community. Some commercial contracts already contain information security provisions, especially transfer of consumer or business data is concerned, but many still do not.  With each incident like the Snowden case, commercial organizations, governments, and NGOs will have more reasons to include information security protection in their commercial contracts.

In the United States, no single federal standard exists today for information security practices. The U.S. Government, through the National Institute for Standards and Technology (NIST), is consulting with private industry to develop a program for improving the nation's cybersecurity framework. A full draft will be released in October 2013 for public review.4 The final version of the voluntary framework is expected in February 2014. From a best practice perspective, all commercial and non-commercial organizations in the United States should remain up to date with the progress of the NIST-led process.

Some concern has been expressed, notably by the U.S. Chamber of Commerce, that making a federally developed program mandatory would result in threats to privacy for citizens and increased liability for businesses without leading to increased protection for those business or consumers.5,6 Current indications from the Obama administration reveal that the resulting NIST framework will not be a legal mandate.

Can we really protect ourselves?  In the wake of the Snowden scandal and increasing overall awareness of cybersecurity risks, standards and audits are likely to receive the greatest focus by organizations attempting to protect sensitive data. However, the Snowden case itself calls into question the value of traditional contract compliance measures in preventing catastrophic, malicious data breaches.  

Particularly relevant to a specifically US-based audience is Snowden's ex-employer, especially to the extent that they illustrate how an ostensibly carefully scrutinized, well administered, long-term outsourcing contract might be no more “secure” in the end than a haphazardly assembled and poorly policed contract.  

So, the enduring lesson for commercial and contract management community – especially those involved in national intelligence and intellectual property – is that the best efforts of the most sophisticated organization can be circumvented by a rogue actor. Failing to find a dangerous leak in its midst can happen to any organization.  How can the rest of us protect ourselves?  We may not have answers yet, but that doesn't mean giving up.



1 Zero-day attacks: how to fight back

2 Data loss from missing mobile devices ranks as top mobile device threat by enterprises

3 Importance of security in mobile platforms

4 NIST releases draft cybersecurity framework to more public scrutiny

5 The Impact of Cybersecurity Legislation and Policy

6 Key Vote letter on S. 3414, the "Cybersecurity Act of 2012” 


Edward Willey III is a transactional attorney and contract management professional based in Dallas, Texas.  Edward is currently Lead Contract Manager in the Commercial Management group at Ericsson where he supports a range of global strategic initiatives, including dispute resolution on major accounts, improvements to software contracting, and security compliance initiatives for key accounts. Endorsed by the International Association for Contract and Commercial Management (IACCM) as a Certified Expert (CCME), he a key contributor to IACCM's international contracting forum.



Contracting in crisis - the Satyam story

While the Statement of confession by Satyam's chairman (Reuters account) was shocking, it was the high level managers remaining with the company that would have to deal with the fall-out from the surprise.  Monu Iyappa was there...

By Monu Iyappa, Director on the Board of IACCM

Within hours of the confession, Monu had pulled his legal team together to cooperate with investigators and begin the process of making difficult decisions to help ensure the survival of the business.

Although his memory is as fresh as if it happened yesterday, Monu's perspective and hindsight dig deeper still with answers to questions like these:

  • What was it like to do contracts after the event?
  • What were the major challenges and what could have been done differently?
  • What measures helped you deal with the crisis?

Monu's Account

When Satyam chairman, Ramalinga Raju's four page confession hit the news, I offered to resign from my role on the board at IACCM.  Tim Cummins, IACCM CEO, responded saying “Monu, your company isn't the first and it will not be the last, so hang in there …”  I appreciated Tim's words, recalling ample precedents like Enron.  But I wondered whether the time had come for an Indian IT flagship enterprise to join those ranks.  

Warning Signs

I had joined as Global Legal Head and General Counsel three years prior to that fateful day.  Satyam was showing quarter on quarter growth of 20 to 25%.  When management began clamping down on business travel and holding back on employee raises, employees like me, unwittingly assumed these measures were in response to the anticipated effect of the economic slowdown.

In mid-December 2008, an email arrived from the CEO announcing the merger of the Raju family's construction company Maytas with Satyam.  It alarmed even for the most unsuspecting.  The next day the media broke the news of how Raju suddenly reversed the merger decision.

On January 7, 2009, the big news hit. Raju had resigned and confessed to a one billion plus fraud. The moment I heard it, I felt like an enormous sinkhole was opening up under my desk.  A few anxious fellow team members urged me to start a law firm.  Knowing that I wouldn't want any lawyer that deserts his/her clients in time of crisis, my advice was clear to the team: “I need you in Satyam and Satyam needs you.”

Within 24 hours, we reviewed the relevance of our legal department's four practice areas: Contracts, Employment, Litigation and Intellectual Property.

Contract reviews would disappear for awhile

Anticipating the flurry of termination notices that would be coming at us, we knew there would be no new contracts; hence, no contract reviews and those that survived would be pulled and reviewed in light of our customers' terms and conditions. We would need a response team to advise our business teams.

Litigation began almost immediately.  News of the first class action suits from NYSE ADR investors began trickling in. Customer communication and briefings commenced.  Account managers were being summoned into customer headquarters to identify where we stood on our capability to withstand the shock and deliver on their contracts. Governance and ethics were of first importance to our clients.

Indian government dissolves the board.  

Nobody dreamed that 72 hours later the Government of India -- working directly under instructions from the Prime Minister's office -- would dissolve the now diminished board and appoint three independent directors. Such federal intervention had no precedence.  In response, I formed a core team of senior in-house counsel who would liaise with the new board.  We made ourselves available any time they needed us. We had two reasons for doing this.

First, prior to the scandal, Satyam's first promoters – Ramalinga Raju (Raju) and Rama Raju (Ramu) along with its then CFO Srinivas Vadlamani and President Ram Mynampati – always dealt exclusively with the board and external directors. The rest of the leadership was insulated from any kind of direct contact with the board and that included me, the General Counsel.  Therefore, we had to set up a management conduit that would work efficiently.

Second, if we were to be effective we needed to be visible and available.   We needed to establish trust with the newly appointed directors. This new appointed board understood the value of their legal advisors and we briefed them on all existing and emergent issues.

Two key previously implemented initiatives were instrumental in dealing with the crisis. 

In 2006, I had suggested that Satyam move away from the offshore services model for legal support and position a legal resource among the business and sales teams in their respective geographies. It gave us a greater visibility and insight into business and in return we provided quicker response time.  By 2009, Satyam's lawyers were present in London, New Jersey, Sao Paulo and Dubai. When the crisis broke we were in every critical client meeting and dealing with emerging contract issues. Had this not been the case, front line account managers would have had to make independent decisions, adding to the chaotic situation.

The second initiative that helped us was our Deal Central database.  We created this database and repository in 2008 that included every live contract from the year 2000.  From it we could retrieve close to 135 data points and clauses at a simple command. Deal Central was an invaluable tool for interpreting termination, change in management, force majeure, penalties, liabilities and indemnification clauses when the flood of queries hit us from the 66 countries where we had a business presence.

What was it like to do contracts at Satyam afterwards?

We had to convince the doubting customers of the value left in the company.  We found ourselves conceding discounts in the negotiations which the same customers previously had to fight for.   Contract negotiations in the pipeline dried up with prospective customers walking away.  Other customers put negotiations on hold indefinitely while looking at other options. 

What were your biggest challenges?

The biggest challenge was dealing with the human psyche and the different responses of team members. We also had to act quickly to respond to the requests from the new board.  Our goal was survival of the organization.  Our job was to retain customers, deal with the Independent board, respond to many management advisors, deal with more than seven investigating authorities, and communicate with the banks, forensic auditors, class action suits, the courts, claims, and lawyers while also responding to public opinion.

What we learned.

  • Realize that true value is long term.  Both sides are tempted to push for quick wins but this can be counter-productive.  Exercising your long-term business values will prove far more valuable in the long run. 
  • High quality performance must accompany trust and faith.  No matter how solid the deal, if the relationship and personality driving the award of the contract is larger than the organization itself, the deal is going to be treated very personally and as a result will be negatively impacted in such a crisis.  Raju was personally at the helm of closing some of the largest deals for Satyam and they fell with him or very soon after.
  • Good governance and transparency in organizations makes a healthy contracting partnership. Satyam leadership had operated with the utmost secrecy.  Greater transparency of senior leadership's activities would have enabled the appropriate oversight, advice and counsel to be rendered before serious business mistakes were made.

Silver linings

In an unprecedented move, the Government of India successfully rescued and ultimately auctioned Satyam to the Mahindra group four months after Raju's confession.  This diffused the effect of the scandal and kept other Indian companies in the IT Industry insulated from the negative publicity. For me and the team we were grateful to have survived the demands of the crisis and determined to move forward.

For further reading:  Download an Ernst & Young presentation on fraud prevention, detection and response


Monu Iyappa has been Vice Chair Asia Pacific on the Board of Directors of The International Association for Contract & Commercial Management (IACCM) from February 2008 to the present.  He was previously the General Counsel and Global Legal Head for Satyam, where he provided strategic inputs during contract review and advised on issues related to employment in areas of policy and strategy. He currently is an Independent practitioner and Advisor in his areas of specialty.


Who are we at IACCM?

Our featured IACCM employee this month is Carina Kuhl, VP Events and Partnerships. Carina’s main role is to organize IACCM’s annual member conferences. Carina is lead coordinator for IACCM’s Americas Forum coming October 8-10, 2013.  It will prove once again what a fabulous job she does working with her colleagues to roll out a seamless, profitable result for participants.  Don’t miss it!

Carina has tried on many “hats” throughout her career: as a circus supervisor on a European tour and as a student chef in popular New York restaurants.  She enjoyed each “hat” as she journeyed toward the one that had her name on it: organizing conferences where members can find ways to get better at what they do best.

Q       What prompted you to join IACCM?

I have developed conferences and exhibitions for many (12+) years in both Europe and North America. The past six years, I developed a portfolio of procurement events and had established a partnership with IACCM. When Tim decided to move event development and management back in-house, he asked if I cared to join the team.

Q       In brief summary, what is your role at IACCM?

I develop programs for IACCM’s annual conferences globally and manage end-to-end execution. I also develop partnerships with complimentary third parties (associations, publications, event organizers) and am involved in projects to enhance the IACCM brand and reach.

Q       What do you like most about working with IACCM?  What has been most challenging?

I love working with a team of knowledgeable, driven and passionate professionals. Although I work from a home office and only joined the team late January of 2013, I feel connected to my colleagues and know they are working as hard as I do to realize the common goal of ensuring IACCM is the unquestionable global authority on contract and commercial management – and the best resource for our members to help them advance and evolve the function.

We do have a very small core team, which means we all wear many hats and have a lot of strategic and operational tasks to perform. I am sure all our members recognize the struggle to ensure the day-to-day runs smoothly but to also find time for new ways and to drive activities to advance IACCM at large.

Q        What contribution to IACCM are you most proud of and why?

To be honest, all I can take credit for at this point is that I’ve taken some pressure off the plates of some of my peers.  They don’t have to worry about pulling the annual events together.

My goal is to raise the profile and value of our annual events. This won’t happen overnight, but I know from experience that if we…

  • truly listen to our member’s needs and reflect these in our event programs;
  • set the bar for speakers and topics high – offering both tangible advice and thought leadership;
  • execute and market the events effectively;
  • attract the right caliber of both attendees and service providers and ensure they all find value; and
  • offer great networking opportunities – both formal and informal

…then the annual conferences will become an activity members look forward to attending, year after year.

Q       Would you share one incident you remember the most in in being part of IACCM?

IACCM had outsourced event management to a third party event organizer for the past four years and the 2013 Berlin conference was the final event they ran for us. On closing day, Bob ran out to get some massive boxes of bonbons and Tim asked the ladies who ran the event onto the stage to genuinely thank them for their efforts. I thought that was thoughtful and very illustrative of the internal IACCM culture; my colleagues are cognizant and appreciative of all contributors to IACCM. It’s a small example, but its representative of the association in my mind.

Q       Describe your career path and name one thing you loved the most.

I joined the circus right out of college. Isn’t that a great opening line? It’s true – I landed a job with Cirque du Soleil on the European Tour as a general supervisor (F&B, Security, Box Office, etc.) and traveled with them from major city to major city, living in hotels, for a couple of years.

Eventually, I decided to return to a regular life and obtained a conference manager job a business-to-business conference organization in Amsterdam. I developed agendas for a wide range of conferences. First one I ever developed was about ‘maintenance for above-ground storage tanks’ (for chemicals and crude oil). I have an innate curiosity and quite enjoy learning about the professional challenges within different functions and industries.

As a side note: In the early years, I mostly developed manufacturing related events, than developed a new product development portfolio working with the Product Development and Management Association (PDMA). I moved into creating a number of healthcare related exhibitions followed by e-commerce events, procurement and now contracting.

I transferred to New York, continued developing conferences, moved into organizing exhibitions and took a break from events to enroll in a full-time chef’s training program and I worked at some great NYC restaurants to develop speed and gain more knowledge. It was more an interlude rather than a new career and I returned to developing conferences, this time with a focus on procurement for another six years. And then IACCM contacted me.  I’ve been here since!

Q       If there is one thing you could change about your world, what would it be? 

My world is pretty good…fewer administrative tasks.

Q       What do you want most for readers of our website or from Contracting Excellence?

To be value contributors to their respective organizations – and to be acknowledged as such, and all that comes with it.

Q       Describe one highlight about your earliest years that you remember the best – something humorous or best learned?

Cycling – it’s true; we graduate from diapers to tricycle…

Q       Regarding your education, what aspect of school do you remember most vividly?

Actually, it has little to do with school…In the Netherlands, living on a college campus is rare. I had a little apartment in the city with my own kitchenette. I was most excited to choose what’s for dinner every day. I guess I didn’t move up the Maslow Pyramid all that much…


2013 Editorial Board

Maria Arraiza-Monteux, Capability Program Manager, Dupont Contract Manufacturing Center of Competency, US
Guillaume Bernard, Contract and Claim Manager, Schneider Electric, France
Flora Cabean, Contracts Supervisor, Global Business Technology, Procurement & Contract Services, VF Corporation, US
Grant Collingsworth, General Counsel, SciQuest, Inc., US
Stephen Davis, Contracts & Commercial Manager, CGI, UK
Famil Garayev, Supply Chain Category Manger, Chevron Canada Business Unit 

Rene Franz Henschel, Professor, Aarhus University, Denmark
Melissa Jansen, Contract Management, Accenture, South Africa
George Neid, Manager, Program Contracts, Missile Systems, Raytheon, US
Fayola Yeboah, Contracts Manager, Entrprise Rent-a-Car, Europe



This newsletter is intended to keep readers abreast of current developments in the field of contract and commercial management. It is not, however, to be used or relied on as a substitute for professional advice. Before acting on any matter in the areas, readers should discuss matters with their own professional advisers.

This site is provided by IACCM on an 'as is' basis. IACCM provides this web site as a service to those people seeking contracting and commercial news and information. IACCM assumes no responsibility for consequences resulting from the use of information on the site or information obtained through links. IACCM will not be liable for any damages of any kind arising out of use, reference to, or reliance on any information contained in the site. IACCM is not responsible for the accuracy or content information contained in the site or in the links provided on its site. Links to and from IACCM do not constitute an endorsement by IACCM of the parties or their products and services.


The content in this publication is copyright. Excepted as permitted, no part of this publication may be reproduced by any process, electronic or otherwise, without the specific written permission of the copyright owner.

All content included on this site, such as text, graphics, logos, button icons, images, audio clips and software, is the property of IACCM, or its content suppliers or an identified third party and is protected by international copyright laws. The collection, arrangement and assembly of all content on this site are the exclusive property of IACCM and are also protected by international copyright laws. Any reproduction, modification, distribution, transmission, republication, display or performance, of the content on this site is strictly prohibited.

Use of this site

This site or any portion of this site may not be reproduced, duplicated, copied, sold, resold or otherwise exploited for any commercial purpose that is not expressly permitted by IACCM. Unauthorized attempts to upload information or change information are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986.

Published by IACCM, 90 Grove Street, Ridgefield, CT 06877, USA www.iaccm.com