Loading...
 
IACCM - International Association for Contract & Commercial Management Contracting Excellence Magazine
 

Contracting Excellence Magazine - Jun 2008

 
 

 

Losing touch with the market

 
Are current approaches to risk management placing western companies at risk? Risk is high on every executive agenda, as the uncertainties of new markets and global supply chains supplement traditional sources of risk. The maturity of risk management systems is today recognized as a defining characteristic for a company’s competitiveness; and contracting and commercial practices represent key weapons in the risk management armory. But are they in fact enhancing competitiveness, or do they risk driving companies into the ground? This introduction to the risk management theme of this issue will briefly review the major categories of risk and will then summarize the findings of IACCM’s latest risk maturity study, reporting on the extent to which risk regimes have adapted to the pressures of current market conditions. TIM CUMMINS, CEO, IACCM
 
 

by TIM CUMMINS, CEO, IACCM

Are current approaches to risk management placing western companies at risk?

Risk is high on every executive agenda, as the uncertainties of new markets and global supply chains supplement traditional sources of risk. The maturity of risk management systems is today recognized as a defining characteristic for a company’s competitiveness; and contracting and commercial practices represent key weapons in the risk management armory. But are they in fact enhancing competitiveness, or do they risk driving companies into the ground? This introduction to the risk management theme of this issue will briefly review the major categories of risk and will then summarize the findings of IACCM’s latest risk maturity study, reporting on the extent to which risk regimes have adapted to the pressures of current market conditions.

Background to risk management

All companies seek to anticipate risks so that they can be selective in their acceptance and effective in their management. To the extent that some risks cannot readily be anticipated, they endeavor to develop early warning systems and mechanisms for containment. But these methods largely focus on risks of things going wrong, such as natural disasters, market failures, new regulations and shortages of supply.There is of course another category of risk — and that is the failure to spot or exploit opportunities. This is the field of innovation and change, and covers new markets, new customers, new products or services, new routes to market or new business capabilities. A truly mature risk management regime is of course one that addresses all three categories.
 
The role of contracts and contracting strategies

Many contracts, sourcing and legal groups have tended to focus their efforts on anticipating failure and, frequently, to develop business terms and negotiation strategies that allocate risk to their trading partners. There is growing evidence that this approach is not effective; it creates a confrontational relationship where the absence of trust undermines openness and accountability. As a result, ‘surprises’ are more likely and such relationships lack incentives for the types of information exchange and partnering that lead to new ideas. The consequence of this is that ‘risk averse’ organizations tend to be worse at handling incidents when they occur and also tend to be less innovative.This observation is especially important today for several reasons. One reason is the simple fact that business is surrounded by unparalleled uncertainty. The openness of markets, speed of change, and unpredictable emergence of new competitors or new ideas represent remarkable challenges for any manager. But this environment has been supplemented by complex regulatory and governance regimes, as well as significant shifts in public expectations of corporate responsibility. It is these that have generated for many companies a robust — and potentially inflexible — ‘rules-based’ compliance regime in their handling of risk.

The risk maturity survey

The emergence of this rules-based compliance regime is evident in the risk maturity survey results. These show the dramatic impacts of US regulation on the attitudes and capabilities of US-based companies — and a major reversal of our 2004 survey findings, when European firms recorded a healthy lead in their approach to risk management. But the data also reveals areas for concern; in particular, the extent to which risk management is dominated by a mentality of control and compliance.In the short term, compliance is a good thing. But if the rules and principles are not subject to constant review and change, they can rapidly become a source of risk in themselves. Inflexibility or ‘risk blindness’ will result in the loss of competitiveness. So what does IACCM’s latest risk maturity study tell us about corporate reactions to this exciting but complex business environment? In all geographies, there has been a major improvement in the extent to which ‘economic decisions consider potential and historical risks’. Today, over 50 percent of respondents declare this is ‘always’ or ‘generally’ true, compared with just 28 percent in 2004. Corporate governance principles appear to have been at play in this area, but it is the only field in which there was universal agreement on improvement.



Europe

Overall, European input shows a situation where risk management has either remained static or declined. In some cases, this may simply be because of greater awareness — for example, today just 35 percent feel that ‘risk is fully quantified to support informed business decisions’ — down 12 percent on the result four years ago. And there has been a drop of 18 percent (from 59 to 41 percent) in those who state ‘risk identification is a systematic, integrated activity across the entire business’. On a positive note, however, there is apparently growing coordination across business functions, with 77 percent feeling that this does now occur on a more regular basis (up 14 percent).Other areas of concern regarding the European picture are the decline in decisions being made with ‘good understanding of the correlation among risks’ (down 11 percent — perhaps an indicator of the growing complexity and range of risks encountered); and the failure to escape from ‘narrow and silo-based’ risk identification, with 46 percent feeling this is generally or always the approach within their organization.

North America

These areas of weakness are present in the North American results. In fact, the issue of narrow and silo-based risk identification is even more pronounced, with 54 percent saying it is normal. Otherwise, the position in North America generally shows substantial improvement, with almost 60 percent stating that ‘risk identification is a systematic, integrated activity across the entire business’ (up 17 percent) and a similar strong showing in areas such as ‘we have a full portfolio-based view of risk’ (up 26 percent); and in the understanding of correlation between risks (up 13 percent).

But is Asia any different?

The survey sample for the Asia-Pacific region is not large enough to draw firm conclusions, but the results do suggest substantial variations from North America and Europe. In general, they imply a less rigorous and well-defined risk management process, with limited use of economic or financial analysis. But of course, in today’s fast moving markets, and without the same pressure of regulatory requirements, it may be that this absence of formal process (or bureaucracy) is extremely helpful; enabling Asian companies to be the new risk-takers, the test-bed for new products, new ideas and new trading practices. The danger of this approach, in today’s networked world, is the potential damage to reputation and image, not only for individual companies, but potentially to entire countries if ‘failures’ (of reliability, quality, safety and so on) are seen as regular or endemic.

Conclusion

The focus on risk management — doubtless driven by regulatory conditions — has certainly had a major impact on the belief that there are robust risk systems in place (North America), or in some cases the awareness that there may be significant holes (Europe). However, the data confirms that further improvements can be made — in particular in the extent of cross-functional coordination and portfolio-based analysis. It is also clear that economic analysis tools and methods remain weak, with less than half of respondents being able to state that ‘risk is weighted against opportunity’ — confirming the observation that risk management remains too focused on avoiding failure, rather than delivering success. Indeed, in further confirmation of this point, 55 percent of respondents feel that their risk analysis takes greater account of ‘adherence to the corporate compliance process’ than it does to the needs of the market.In a question that was new this year, we asked respondents whether they felt that their contract commitments and relationship management policies offered a ‘strong and immediate linkage to corporate strategy’. Just 35 percent were able to state that this was either always or generally true — so in almost two thirds of organizations, there is a disconnect between the corporate strategy and the terms and practices of contracting and relationship management. That disconnect is itself quite clearly a source of risk — not only to the corporation, but also to the practitioners who allow such a gap to exist. 

Tim Cummins,CEO, IACCM.

 
 

 

 


 

 

 

 


 

Risk and compliance: contention or competitive advantage

 
It is clear that risk is at the heart of business. It is equally clear that a company’s view of, and appetite for, risk changes from those innovative, ‘try most things’ start-up days to the time when a business is settled, mature and structured. The creation of a company demands a ‘bet the business’ approach that in most established organisations is seen as completely unacceptable.   MARK DAVID CommitMentor, with collaboration from ROSS MCKEAN and DAVID HALLIDAY Baker & McKenzie LLP
 
 

by MARK DAVID CommitMentor, with collaboration from ROSS MCKEAN and DAVID HALLIDAY Baker & McKenzie LLP

 

Main points

• We need to assess why our professional worldview, in combination with wider worldviews, is leading to involved compliance processes and voluminous contract documents without providing better business results.

• Too much law encourages check-box compliance, often at the expense of what really matters.

•   It is rare for companies to assess the risks which they are best-placed to address, and to look for more creative ways to deal with management of risk in the contractual framework. While a contract may look good, it may not the best environment for trust, problem solving and positive incentives to perform. It seems clear that any move away from this approach will require a significant cultural change

• Risk in a multifaceted, complex project is best served by creating a cultural environment within which there is the best opportunity for the required performance levels to be achieved.

• The capability to transform culture cycles combined with leading edge commercial contracting capability, provides the key to delivering business objectives and creating more value.

 

It is clear that risk is at the heart of business. It is equally clear that a company’s view of, and appetite for, risk changes from those innovative, ‘try most things’ start-up days to the time when a business is settled, mature and structured. The creation of a company demands a ‘bet the business’ approach that in most established organisations is seen as completely unacceptable.

It may, of course, be easier to lose everything when there is little or nothing to lose, other than dreams of business success. The shift of risk perspectives and business growth over time is, however, frequently accompanied by the challenge to continue innovating or the need for radical corporate re-invention to recapture the creative sparks cocooned within an organisational and process structure that is subject to formal risk and compliance processes.

In parallel, risk is also higher up society’s agenda. Risk permeates news coverage, political pronouncements, and in many cultures the legal profession is seen as increasingly driving the view that there must be someone to blame, and there must be consequences if something untoward occurs. In popular culture, some aspects of risk management have become the subject of ridicule; for instance, the refusal to permit a single lit candle on a birthday cake at the champagne bar of a railway station in London because a risk assessment could not be performed.

Risk plays into what Seth Godin <http://sethgodin.typepad.com> calls ‘worldview’. Seth describes this phenomenon in a marketing context, noticing that, ‘for whatever reason, human beings are hyper-alert to certain things’. He gives the example of the way shark attacks are covered in the media and the steps that are taken at beaches to ease people’s concerns that a shark attack might happen. The reality of the real risk involved is, however, somewhat different from popular perception. In the words of Bruce Schneier <http://www.schneier.com>, a globally recognised security guru, ‘More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.

’A couple of other quotes from Bruce Schneier provide a useful perspective as we consider the approach that commercial contract professionals can bring to risk and compliance and assess the opportunity for strategic contribution to the next phase of a company’s existence:

If the goal is to protect against yesterday’s attacks, we’re really good at it. … people make bad security trade-offs when they’re scared.

Commercial contract professionals have their own worldview. In part this is a function of the types of individual who are attracted to working with contracts. We like to dot the I’s and cross the T’s and deliver an excellent contract document. In part, this is a result of the training contract professionals receive. And in part this is due to the expectations other functions have of commercial contract professionals. We’re expected to dot the I’s and cross the T’s and deliver an excellent contract document which allocates risk in the most precise way possible.

For the third year in a row, limitation of liability and indemnification are first and second in the IACCM’s ‘Top Ten Most Negotiated Terms’. It seems that this may be a natural phenomenon. Is not managing risk by negotiating it onto the other party what is traditionally expected of professional commercial and contract managers?
 
In the meantime, there is a threat appearing from the emerging economies and new technologies — not only from low prices and increasingly innovative products and services, but also from a different mindset to doing business. It appears that the North American and Western European companies, with their cautious ‘rules and procedures’ approach to risk, are facing competition from an alternative approach characterized by a more relaxed way of doing business. Policies and procedures are flimsy protection when they are used as protection against an individual trader ‘betting the bank’ or child labour being used somewhere in the supply chain.

We need to assess why our professional worldview, in combination with wider worldviews, is leading to involved compliance processes and voluminous contract documents without providing better business results. Failure rates (ranging from failure to deliver planned business benefits, significant delays or cost increases, and fundamental failure) continue to affect the majority of complex contracts.

Technically, we are more astute than we used to be at how we contract — we have developed more sophisticated means of managing risk, and an increasing number of third-party companies provide specialised expert capabilities to assist the contracting process. The issue, however, is that by and large we are refining, or significantly improving, how we deliver within the framework of our worldview — providing better protection against shark attacks while ignoring the pigs.

We need, therefore, to challenge our worldview to understand what we can do to address risk and regulation in a more effective manner. A starting place is to understand how we react to the uncertain nature of the future and the certainty that disasters will happen.
 
When disasters happen, there is a clamour to do something to avoid future disasters. Legislators legislate, regulators regulate and commercial contract professionals draft. Despite excellent initiatives, like the Scottish & Newcastle Breweries Pathclearer approach, <http://www.iaccm.com/loggedin/library/search.php?query=pathclearer>, contracts get longer and longer. The route to getting to contract needs to navigate the increasing volume and complexity of law. Too much law encourages check-box compliance, often at the expense of what really matters.

The view of the legal profession, who are sometimes held accountable for the challenges of increasing legal and regulatory complexity, gives an interesting perspective on this. Ross McKean, a Partner in Baker & McKenzie LLP’s outsourcing group, describes the issue as follows:

When clients ask us to construct contracts, the traditional brief is to push as much risk onto the other party as is possible in negotiation. This is understandable because it is what lawyers historically do well. It is relatively unusual for a client to take a more holistic view — assessing what the real risks are in practice, which they are actually best-placed to address, and whether there are more creative ways to deal with management of risk in the contractual framework. The result can be a contract which looks good on the surface but which can be inflexible and difficult to manage, and which does not necessarily create the best environment for trust, collegiate problem solving and positive incentives to perform.

It seems clear that any move away from this approach will require a significant cultural change. Part of the problem might be the distance between the evaluation of the ultimate success of a project, and those who create the contract. When a project is a success story, few are likely to go back to the contract documents and remark on how well they created a framework for success. By contrast, if things turn sour, it will be human nature to try to put some of the blame with those who were responsible for structuring the contract. Put simply, few people ever got sacked for dotting the I’s and crossing the T’s, and few people ever got promoted for taking an alternative approach.
 
As Ross McKean says:
Traditional contracts are very good at telling the parties who is to blame when something goes wrong: they are less good at telling the parties how they should work together to identify what is going wrong and to find a solution to it early on in the cycle. The traditional route has its own drawbacks. It may actually have the reverse effect of that which is intended — it can encourage defensive behaviour which may allow problems to remain buried until it is too late to do very much about them. A contract which pushes all the risk onto the other party can also encourage complacency in dealing with risk in practice, because one party may think that the legal consequences are all nicely tied up.

Are the legal risks ever nicely tied up? The heavily regulated sectors provide an interesting case in point here. Security issues are a good example of the lessons coming, to some extent, after the fact. Security risks are now something that everyone is bound to focus on in contractual terms, and new and complex provisions to deal with them are commonplace. Five years ago, however, it was difficult to anticipate the possible scale of this issue. Detailed risk allocation is partly founded on the idea that it is possible, looking forward, to define the universe in terms of risk areas and their significance. As Ross McKean says:

The fact that some risks cannot be identified up front is not of itself a good reason for ignoring the ones which we can identify, but it does demonstrate the limitations of the approach. There is always the next thing waiting to come along.

So is there a better way? The first step is to recognise that addressing risk in a multifaceted, complex project is served best by creating the cultural environment within which there is the best opportunity for the required performance levels to be achieved. This, as referenced in Contracting Excellence (1.2 December 2007 p 3), was the route taken by British Airports Authority (BAA) for the London Heathrow Terminal 5 (T5) construction project. (Whereas the success of the T5 construction project has been overwhelmed by the abject failure of the transfer to operations when T5 opened for business, it is worth noting both that the construction was a remarkable success and that the disastrous transfer to operations had as its root-cause British Airways’ failure to consider the cultural dimension; for instance, the poor attendance at T5 training programs due to low morale).
 





BAA realised that the culture of the T5 construction project would determine whether or not it would be delivered to time, cost, quality and safety. It assessed the major determinant for this would be the way in which risk was treated and contracted. BAA took the unusual step of assuming the project risk, realising that, in practice, regardless of what liability it could negotiate a general contractor to accept, it would end up facing the consequences if things went wrong — being able to litigate if tunnels subsided and disrupted flights into and out of Heathrow is no real business solution. Long-term, the right to sue may give some comfort, but the real damage is normally done long before a court can unpick the legal consequences.

Consulting People Ltd. <http://www.consultingpeople.co.uk>., experts in culture change and team dynamics, use their culture cycle model to represent BAA’s approach as shown above:

The ability to analyse existing culture cycles provides companies with the opportunity to design small changes in behaviour or interventions to provide large changes in the cultural dynamic, deliver the right type of behaviours and provide the environment with the best opportunity to deliver the required business results. It puts the focus on a positive feedback cycle which enhances the chances of success, rather than on the essentially negative consequences of failure. David Halliday, a litigation specialist in Baker & McKenzie LLP’s outsourcing group, thinks that too much stock may sometimes be put in how well negative consequences can be catered for in any event.


Fat contracts do tend to give the appearance of contractual certainty, but obviously few things in life are guaranteed. If you are asking a court to unravel a contract which is enormous in terms of its detail, the effect on the outcome can be equivocal. On the one hand, you may have more to point to in terms of fixing the other party with liability — on the other hand, they will probably be able to find something buried inside to throw back at you. High complexity increases the risk that in practice neither party truly follows the contract. The result can be a long hard slog in litigation which requires further cost and a strong nerve. And regardless of how detailed you were in the contract originally, governance, conduct and changes in circumstance during the contract lifecycle will always have some impact on the outcome anyway.


A strategic, collaborative relationship between the customer, the supplier and along the value chain demands conscious choices from the commercial contract professional as to the rules of the game that will be established. The traditional ‘fat contract’ route achieved through challenging, arm’s-length negotiations is unlikely to achieve this. A strategic, collaborative relationship is more likely to be achieved by understanding how to address the aspects that really matter — trust, the approach to dealing with problems, meeting stakeholder needs of stakeholders, and providing incentives to perform.

Tim Cummins, in his Commitment Matters blog <http://tcummins.wordpress.com/2008/04/12/opportunity-versus-responsibility-finding-the-balance/>, quotes a statement from Tim Cowen, General Counsel and Commercial Director of BT Global Services and Chairman of the IACCM: ‘When it is a battle of rules versus culture, culture always wins’. We need to take the lead in moving away from a rules-first approach to risk and compliance. The capability to transform culture cycles combined with leading edge commercial contracting capability provides the key to delivering business objectives and creating more value.

Mark David, Principal, CommitMentor,
Email: mark@commitmentor.com.<http://www.commitmentor.com>

This article was written with the kind contribution of Ross McKean and David Halliday of Baker & McKenzie LLP.

Ross McKean, Partner, Baker & McKenzie,
Email: ross.mckean@bakernet.com.<http://www.bakernet.com>

David Halliday, Senior Associate, Baker & McKenzie,
Email: david.halliday@bakernet.com.<http://www.bakernet.com>

About the author  Mark David is the founder and principal of CommitMentor, a consultancy providing innovative commitment management coaching, training and operational services. Mark has over 25-years’ commercial experience living and working in multiple cultures in 31 countries. Mark has been involved with IACCM since its inception, was a board member from 2000 to 2007, the association’s chairman in 2003 and 2004, and is an honorary vice chairman of the IACCM.
 
 

 


 

 

 


 

Cooperative risk management: creating opportunities out of uncertainties

 
To convert what previously were viewed as purely negative risks into powerful benefits that can create cooperative and profitable relationships, sellers and buyers alike need to take a new approach to their contractual environments. At the foundation of this approach is the recognition that the products and/or services that are being bought or sold do not represent the entirety of a transaction. Robert A. ENDRES Synaptic Decisions
 
 

by  ROBERT A. ENDRES Synaptic Decisions

Summary 
• There is a general perception in the business world that all risks are bad. Regulatory risks, demand-side risks, and revenue risks, for example, typically conjure up visions of significant costs, investments, and losses that should be simply avoided. But the reality can be far different.
• With a technique called cooperative risk management, many risks can become essential negotiating points that can be leveraged to provide benefits to all parties in all transactions. As this paper will discuss, the key to achieving these benefits is an ability to identify, analyze, shape, treat, and price risks.
What is cooperative risk management?
To convert what previously were viewed as purely negative risks into powerful benefits that can create cooperative and profitable relationships, sellers and buyers alike need to take a new approach to their contractual environments. At the foundation of this approach is the recognition that the products and/or services that are being bought or sold do not represent the entirety of a transaction.
Take the situation, for example, of two companies — Company A and Company B — that sell identical widgets at identical prices to a reseller. Company A recognizes that if it is to meet its objective of dominating the market for widgets, it has to differentiate its products in some way. And so it decides to allow resellers to return 50 percent of their unsold widgets at the end of each quarter. In other words, Company A assumes some of the reseller’s risk of excess inventory in exchange for the potential to garner increased market share — in essence trading a risk for an opportunity. Since it now has the better offer, Company A is able to dominate the market for widgets even though their product is identical to that of its competitor.
This short scenario is illustrative of the concept of cooperative risk management. It’s just one example of the endless opportunities that can accrue by viewing risks as uncertainties which can be controlled to mutual benefit through skillful negotiations.
As another example, consider demand risk. In a conventional relationship, Company A may contract for delivery of an uncertain number of widgets in any given month. But this relationship forces the seller to accept the full risk for the inability of the buyer to clearly define his demand. As a result, the seller has to increase the widget unit price — and the buyer ends up paying for a risk it may well be unaware that it has created.
On the other hand, if the buyer and seller recognize this situation, the buyer could agree to purchase a minimum number of widgets each month — say 100 — with a set maximum level of 125. This will have the effect of decreasing revenue risk for the seller in exchange for the seller lowering its price. In other words, the buyer addresses its variable demand issue itself rather than forcing the seller to do so for it, and in exchange, both parties benefit.
Identify risks
To identify the risks that could be used to create opportunities in transactional negotiations requires that these transactions be viewed through a critical lens. The entire contractual environment needs to be evaluated in a search for areas of uncertainty that could be leveraged to create new opportunities and sustainable profitable relationships. In this search, no area should be left unexamined. Consider factors such as:
• pricing of raw materials;
• service levels;
• order complexity;
• quantities;
• resource utilization;
• liability exposure;
• subcontracting rights;
• work scope;
• delivery locations and schedules;
• contract duration; and
• intellectual property ownership.
Note well that these categories of risk are only meant to be representative, and by no means should be considered to be a comprehensive list. Furthermore, it must also be stated that risks can be complex, drawing elements from multiple categories.
Analyze risks
Having identified risks, the next step in cooperative risk management is risk analysis, a process that all too often results in either an over- or under-estimation of both risks and their impacts. Erroneous analyses can be avoided by carefully evaluating the minimum, expected and maximum likelihoods of risk occurrence and the impacts should the risk occur.
When analyzing risks, both objective and subjective data must be considered — objective data should include probability assessments based on history and experience, and subjective data should include probability assessments based on expert judgments. By considering the likelihood and impact of the full complement of risks previously identified, over a full range of possibilities, a true risk evaluation can be determined, and negotiations can focus on pricing and trading these risks in a way that benefits both buyer and seller.
Shaping risks
Once risks are identified by either the buyer or the seller, they can be shaped — that is, offers can be made that alter the structure of a transaction in a way that benefits both parties. For example, assume that a buyer has forced a seller to accept a full form indemnity, loading the seller with full responsibility for any claims resulting from a failure relating to the product being sold. This leaves the seller very exposed and, perhaps, unwilling (or at least unhappy) to do business with the buyer. As a result, the seller raises unit prices.
To get the seller to lower prices, the buyer may offer to accept the first $20 million of loss linked to an event associated with a product failure. For a $100 million claim, this means that the seller will have an $80 million exposure rather than the full amount of the claim. Furthermore, the seller recognizes that since most claims fall in the range of $5 million to $30 million, the actual exposure is dramatically reduced, since in these cases its maximum exposure is just $10 million.
By buyer and seller working together to shape the liability risk this way — without either side taking any actual action — an offer can be structured that meets the real requirements of each party.
Treating risks
It is also important to note that that buyers and sellers can also manage risks by treating them with pre-emptive actions that lower the likelihood of a risk occurring, or with planned recovery actions that will be taken in the event a risk does occur to lower its impact. These actions most commonly occur after shaping, but best practice dictates that treating risks is more effective when completed in advance of shaping, before they are allocated to either the buyer or seller. In so doing, risk shaping can be simplified and residual risks minimized for both parties.
In the scenario above, for example, the parties could have minimized liability exposure by agreeing, in advance, to treat liability risk by re-packaging products with a warning notice to lower the likelihood of risk of liability claims. By doing so, the buyer would presumably incur fewer claims, the seller would reduce its liability exposure, and a more sustainable relationship will be forged.
In shaping and treating risks in new ways, there may be counter-risks. For example, the most economically logical solution may not in fact fit today’s standard procedures — so doing it in a non-standard way may have both a cost and a greater risk that it could go wrong. Those are considerations that must be taken into account as well.
Pricing risk
The key to successful cooperative risk management is accurately pricing the impacts of the various strategies outlined above. If the costs of shaping or treating risk in a certain manner are not clearly defined, it will be difficult for buyers and sellers to fully comprehend their benefits — and residual risks — and to complete successful negotiations.
To price risks in a way that enables both parties to achieve their respective goals is a difficult task, and can only be done with the right mathematical modeling techniques. These can be performed internally or with the assistance of third-party vendors.
Next generation contracting
The objective of cooperative risk management is to elevate contract negotiations to the point where there is a mutual understanding between all involved parties that success is not a measurement of how much one side benefits at the expense of the other. Rather, the goal is to ensure that transactions, relationships and profitability codified in contractual agreements meet the requirements of all sides.
 
Robert A Endres, Partner,
Synaptic Decisions,
Email: rendres@SynapticDecisions.com.
About the author
Robert Endres is a pioneer in the field of contract-based financial risk management. In 2004 he founded Synaptic Decisions, an independent management consulting firm dedicated to helping its clients lower the costs and improve the margins associated with their contracts, where he currently serves as its CEO.
Prior to founding Synaptic Decisions, he was President and CEO of Shell Chemical Risk Management Company for six years. He built the business into a global market maker and risk management consultancy, helping refiners, chemical buyers and suppliers structure contracts, optimize production assets, evaluate investment opportunities and manage financial risks. His experience in contract structuring spans sales, procurement, alliance, franchise, real estate, joint ventures and engineering and construction agreements. He has been a speaker at industry conferences on risk management, most recently at IACCM Americas in Scottsdale, Arizona.
 
 

 


 

 

 


 

Taking charge of supplier risk

 
In the 21st Century, global businesses find themselves faced with a new set of challenges and opportunities that few would have foreseen little more than a decade ago. Increasingly, companies’ customer and supply bases are more globally distributed and disperse. Regulatory requirements and accompanying pressures have increased 10-fold. Demands for improved diversity, environmental sustainability and alignment with corporate social responsibility goals have driven internal pressures. All these factors are contributing to increasing supplier risk — and a need to manage and mitigate that risk. MARK SEVERNS Emptoris
 
 
by MARK SEVERNS Emptoris

Main points
• The first step in developing a supplier risk management program is to prioritize its focus.
• Consult stakeholders who play important roles in supplier risk management and then use the data from these efforts to help make more informed business decisions.
• Sourcing, scorecard and contract management software solutions can help improve the efficiency and effectiveness of a risk management program.
• Getting greater visibility and control over existing contracts can be the quickest, most substantial contribution your organization can make to mitigating supplier risk. Once existing contracts are under control, risk management can expand to new supplier agreements.
• Regulatory factors are driving leading companies to develop systematic and readily accessible records and verifiable certifications of suppliers.
• Proper supplier monitoring allows companies to identify when target or key milestone dates are not met, indicating an impending problem, thus mitigating and minimizing risk.
 
 
In the 21st Century, global businesses find themselves faced with a new set of challenges and opportunities that few would have foreseen little more than a decade ago. Increasingly, companies’ customer and supply bases are more globally distributed and disperse. Regulatory requirements and accompanying pressures have increased 10-fold. Demands for improved diversity, environmental sustainability and alignment with corporate social responsibility goals have driven internal pressures. All these factors are contributing to increasing supplier risk — and a need to manage and mitigate that risk.
Historically, when the topic turned to supplier risk management, the discussion was around those processes that a company employed to limit unforeseen supply disruptions and to guarantee that its operations had supplies in the right quantity and quality to meet the demand for its end products or services.
In a Global 2000 company, the definition of supplier risk management has expanded to include practices that protect the business from supplier events that can impact the company operationally, legally, reputationally and financially.
With the recent headlines of costly recalls of toothpaste, pet food and toys, and the damage those recalls caused to the brands of several well-known companies, the value behind supplier risk management becomes clear.
Recent surveys underscore the new attention being given to supplier risk management. According to one survey by Supply Chain Management Review Magazine and Emptoris, the supply nearly two-thirds of Global 2000 companies (64 percent) said they are preparing to more actively address supplier risk management in 2008.
When embarking on the development, or evolving, a supplier risk management program, the first step is to prioritize its focus. What are the core goals and objectives of the organization? How can the contracts organization or the supply management organization help drive the risk management agenda?
As part of this evaluation and prioritization, companies will need to determine which factors they want to examine in their suppliers. This may include financial health; operational and quality performance; and risk factors — whether industry, geographical or company specific. A formal risk management program must also segment suppliers based on the level of expected risk impact and probability of occurrence, and evaluate the impact of an incident with each key supplier.
A number of stakeholders play important roles in supplier risk management and should be consulted in the program’s development or expansion. The contracting and procurement groups should work with other functional groups, such as legal, finance and operations to define risks, and appropriate mitigation and remedies. The data yielded from these efforts will help all involved make more informed business decisions. For instance, defined risks and mitigating factors will help formulate best in class terms for use across the organization’s contracts.
One of the key challenges of effective supplier risk management involves the control of information, specifically information from dispersed sources and covering a supply base that exceeds 20,000 suppliers for the average Global 2000 company. Of course, contracts and contract data are a key component in this information chain.
Companies are usually surrounded with data, but it is not readily accessible. Technology, existing or new, can help companies manage and share data more effectively. Sourcing, scorecard and contract management software solutions can help improve the efficiency and effectiveness of a risk management program exponentially. The use of technology does not necessitate a massive ‘big bang’ implementation to get to value quickly. A few very manageable steps can bring immediate impact and encourage and empower future expansion.
One of the greatest opportunities for immediate cost savings in supplier risk management is, of course, enforcing compliance to current contracts, which are written to reduce and mitigate risks. As we know, contracts are the foundation of every business, and getting greater visibility and control over contracts can be the quickest, most substantial contribution your organization can make to mitigating supplier risk.
Once existing contracts are under control, risk management can expand to new supplier agreements. Visibility to prior supplier performance can help determine the optimal terms of the new contract. For instance, while negotiating a contract with a supplier, the contract professional may see the supplier’s weak performance in on-time delivery and choose to negotiate more stringent quality or delivery terms. Of course, a high-functionality contract management software solution employed enterprise wide will give great leverage to your success in this area.
A more formal supplier risk management program can find immediate impact starting with supplier certification, then expanding to supplier monitoring and supplier development.
Certification
A number of factors, from regulation to LCCS, are motivating companies to more actively manage certification of suppliers. In the regulatory field alone, there has been an increasing need to certify suppliers around environmental, fair labor, financial and health and safety issues. Some leading global manufacturers facing government, non-profit organization and customer pressures are pushing suppliers to commit in writing that neither they nor their core partners are committing any inappropriate or unethical business practices. In the financial services industry, regulations such as Basel II and Sarbanes-Oxley are driving banks to push initiatives to assess the risk of suppliers. Finally, businesses that have implemented ‘green’ initiatives are demanding that suppliers have a plan to become more environmentally friendly.
These factors are driving leading companies to develop a centralized, systematic, and readily accessible record of suppliers and verifiable certifications of the supplier. Of course, contracting and technologies play an important enabling role in certifications by providing a central point of acceptance and visibility. In the supplier qualification process, technology allows for the use of templates and auto-scoring to assign ratings to suppliers against criteria such as corporate social responsibility. A supplier risk solution can provide a searchable repository with supplier profiles and scorecards, as well as a documented audit trail to show that that supplier has met the require certifications.
A recent European Union regulation, called REACH, put forth requirements for companies related to the registration, evaluation and authorization of chemicals used in manufacturing. The regulation requires that certain chemicals are registered by the manufacturer and importer before being used. A leading European pharmaceutical company, using supplier management technology, was able to comply with the regulation to register and certify more than 600 chemical suppliers in less than three-weeks, resulting in no impact or disruption to production.
Monitoring
Monitoring helps ensure the strength and safety of the supply chain and helps lead to better supplier development and collaboration. Monitoring identifies potential risks in supplier performance and compliance and assists in identifying problems before they occur. Supplier performance management technology provides the ability to set baseline goals, to tie those to performance scores, and to create alerts if those goals are not met. Proper supplier monitoring allows companies to identify not just when a target is not met, but also key milestone dates, indicating an impending problem, thus mitigating and minimizing risk.
Development
Supplier development goes beyond any current supplier problem to determine the root causes of that problem, to mitigate and help eliminate future risks and to maximize the value of a supplier. Supplier performance management provides companies the ability to work with their supplier to help them improve. Technology enables automation of joint work processes, and auto-links project steps and certifications as necessary, as well as provides the uniform mechanism to provide feedback throughout the development process.
One interesting illustration is that of a well-known manufacturing company that experienced significant supplier issues that impacted the delivery of a new product (and delayed a new source of revenue), while a competitor using contract and supplier performance management technologies was able to work in harmony with hundreds of diverse suppliers and reduce their cycle times by more than 50 percent. Their supplier performance management processes helped to reduce their assembly time from months to days — and helped them beat a competitor to market with their new product.
In summary
In a climate of economic uncertainty, the importance of mitigating such risks and the associated financial and reputational losses is heightened. Thus, the case for taking immediate action on supplier risk management is clear. Contracting and procurement professionals should act accordingly, and take immediate steps to lessen their company’s risk profile.
 
Mark Severns, Emptoris, Provider of supply and contract management software.
About the author
Mark Severns is a co-author of Taking Charge of Supplier Risk: The Roadmap to Success and an expert in contract management and supplier performance management software solutions. For a free download of an expanded whitepaper on supplier risk management by Mark Severns and Professor Donavon Favre of North Carolina State University, visit: <http://www.emptoris.com/newsroom/library.asp>.
 
 

 


 

 

 


 

Top Contractual Risks in 2009

 
The perception of risk is relative. To some, risk is simply an element in a financial model used to predict reasonable economic decisions but to others, risk is a broader concept — a key business interest — used to maximize profit through effective capital management. Contract professionals must embrace the broader view of risk due to the rising profile of supply chain risks within our organizations. FM Global published a recent study, Managing Business Risk through 2008 and Beyond, finding that more than 500 financial executives cited competition and supply-chain disruption as top risks. BRIAN FRANK Ariba
 
 
by BRIAN FRANK Ariba
‘What, me worry?’ — Alfred E. Neuman
 
The perception of risk is relative. To some, risk is simply an element in a financial model used to predict reasonable economic decisions but to others, risk is a broader concept — a key business interest — used to maximize profit through effective capital management.
Contract professionals must embrace the broader view of risk due to the rising profile of supply chain risks within our organizations. FM Global published a recent study, Managing Business Risk through 2008 and Beyond, finding that more than 500 financial executives cited competition and supply-chain disruption as top risks.
Some contract professionals still look at risk as an enemy of their client and approach it with a singular determination to eliminate or shift its impact, but this narrow view does not serve the true business needs of the enterprise. In fact, risk managers are just like other managers within the organization.
Checklist for top five risk areas
If we agree that we assume the role of risk managers within our organizations, it’s fair to ask what contractual areas will generate the most risk for our business. Hopefully, you are already thinking about some of these areas in developing strategic plans for the coming year. If not, here is a checklist of the top five risk areas contract professionals need to look out for in 2009 and how best to address them.
Electronic contracts
Improper use and maintenance of electronic agreements and incorporation of electronic agreements into wet instruments will be a major risk in 2009. Courts have only started to scratch the surface in this burgeoning area. Issues arise from the separation of those who draft the terms and those who publish them on the web. While electronic contracting provides numerous benefits via greater transparency, control, consistency and process efficiencies, contract authors must draft with precision and understand how the terms are presented to customers.
Dynamic pricing
Global markets are in a state of instability. Look for commercial risks that may cause problems with clauses designed to protect against rapid currency and raw material fluctuations. These sections, often tied to some sort of indices, are extremely difficult to draft, implement and enforce, especially when contracts are authored in a manual, one-off fashion. Pre-approved legal language residing in existing clause libraries can empower contracting teams to create contracts and enable legal and contract management teams to manage contract approvals on an exception basis. An increasing number of companies are hedging long-term fixed-price agreements. A Kellogg company executive at a recent Spend Management Town Hall <http://www.ariba.com/townhall> said that they make their hedging decisions based on the ‘risk profile’ of the particular market or trading relationship.
Service level provisions
There was a time when service level meant accurate and timely delivery of a good or service, but that language has been ‘lawyered’, having little meaning. Concurrently, dramatic increases in outsourcing and offshoring of everything from manufacturing to medical record processing have created the need for new contractual language to ensure performance levels and mitigate risks. Yet most service levels today are a mix of good intentions, targets, and meaningless penalties. If you think your service levels are protecting your company, think again. More important than service levels is language that allows parties to innovate and grow together; that focuses on results and asks questions rather than mandating actions, thus providing a real benefit to each party.
Lost contract value
Ask yourself these questions:
• Are you getting the most value out of your contracts?
• Do you have aggregate data about the key business terms in your contracts?
• Could you articulate the detailed risk of your contracts to executive management?
• Are you getting the benefit of the contract you negotiated?
If you do not have all of your global contracts in an online, electronic repository with effective reporting capabilities, you will likely be challenged to locate your contracts, let alone manage risk out of them. Consider one large US transportation company that spent two years reengineering its supply chain strategy to negotiate $300 million in savings through greater spend leverage. Yet, an audit by finance revealed that the company realized less than 40 percent of those savings. The reason was lack of contract visibility and compliance controls.
Measuring negotiator effectiveness
Most organizations measure the effectiveness of their contract negotiators by
• what they get, and
• how little they give up.
Danny Ertel, co-author of The Point of the Deal, made this point at the 2008 IACCM Americas conference. The reality, however, is that getting trading partners to over-commit will not be beneficial to them or you — and may raise your risk level should they be unable to deliver. As reported on the Supply Excellence blog over the past 12 months, leading companies like Hewlett-Packard (HP) and Dow Chemical have established disciplined frameworks that balance risk, cost and performance with trading partners based on uncertainty of demand, cost and supply. One HP executive sums up his company’s risk management philosophy as, ‘The company that bears the risk in the relationship gets paid for it.’
We all expect a quick rebound of our economy from looming recession (after all, this is an election year). However, contractual risk must be managed effectively to even out the peaks and valleys of a volatile global economy. 2009 is just around the corner. Don’t wait to provide more value to your organization in the coming year — address these key areas now.
 
Brian Frank,
General Manager,
Contract Management Solutions, Ariba. <www.ariba.com>
About the author
Brian has been with Ariba for over 10 years in various roles including Associate General Counsel and Director of Licensing, as well as Regional CFO of Ariba’s North American Division. He is a member of the California bar
 
 

 


 

Making Sense of Opportunity and Risk: The Journey to Contracting Excellence

 
IACCM's next conference will be in London on September 22nd - 24th. Its theme will be "Making Sense of Opportunity and Risk: The Journey to Contracting Excellence".   We are all aware of the increased risks that our organizations face. But smart commercial experts are well aware that a risk focus can quickly turn to risk aversion. Programs that concentrate on 'compliance' and 'standardization' can eliminate flexibility and creativity.   Top performing commercial and contracts groups are those which understand the need for innovation and which enable new opportunities to be grasped. The speed of change in today's markets has made this element of our work especially demanding - but also especially rewarding. Our conference will focus on how to achieve balance in risk judgment. It will explore the organizational and operational structures that lead to success, as well as presenting a range of case studies and specific initiatives. Tim Cummins, CEO, IACCM
 
 
IACCM's next conference will be in London on September 22nd - 24th. Its theme will be "Making Sense of Opportunity and Risk: The Journey to Contracting Excellence".
 
We are all aware of the increased risks that our organizations face. But smart commercial experts are well aware that a risk focus can quickly turn to risk aversion. Programs that concentrate on 'compliance' and 'standardization' can eliminate flexibility and creativity.
 
Top performing commercial and contracts groups are those which understand the need for innovation and which enable new opportunities to be grasped. The speed of change in today's markets has made this element of our work especially demanding - but also especially rewarding. Our conference will focus on how to achieve balance in risk judgment. It will explore the organizational and operational structures that lead to success, as well as presenting a range of case studies and specific initiatives.
 
The conference is broken into four sub-themes, each populated by a range of top international speakers and companies.
 
  1. Innovation & Trends, which looks at how we can innovate and add value through creativity
  2. Organization, which studies the best models for internal organization, collaboration between functions and the development of commercial skills and competence
  3. Risk & Automation, which explores the latest thinking on ways to assess, evaluate and manage risk and the tools that can assist us 
  4. Contracting & Negotiation Practices, which dives into the meat of our work - the latest ideas on terms and conditions and negotiation practices that drive superior results
In the words of Mark Loughridge, Chief Financial Officer at IBM Corporation: "World class companies manage risk through headlights, not tail lights". The aim of this conference is to equip our community - commercial managers, contract managers, lawyers and procurement executives - with the tools and abilities to transform their management of risk.
 
In the end, our success matters not only because of its contribution to the competitiveness of our company, but also because of our personal and functional value, status and career opportunities. Those who can get the balance right represent an invaluable asset in these times of such uncertainty.
 

For more information, visit www.iaccm.com/emea

Tim Cummins, CEO, IACCM

 
 
 
 

 


 

Leveraging automation to enhance your risk management

 
We go through life, personally and in business, either trying to avoid risk or coming up with sound principles for understanding and mitigating risks. However, in most cases, risk management is handled manually — which actually adds a layer of risk — because we are human and, as they say, ‘to err is to be human’. Automation can be used to accurately capture and forecast risk early on the process, meaning less time spent in managing risk and, more importantly, the adverse effects of poor risk management. This article will explore in detail the available functionality in contract management software, and how an organization can go about implementing it. ASHIF MAWJI Upside Software
 
 
by ASHIF MAWJI Upside Software
 
Main points
• Contract management software has the ability to scan contracts for elements of risk, track the items, report on them and send appropriate alerts to all relevant parties.
• Risk elements can exist at the contract level, the clause level and even at the supplier level, or be tied to specific clauses, so that when a clause is used in a contract, the associated risks are automatically attached to that contract — and whatever workflow and notification was tied to that risk will be automatically a part of the contract process.
• Risk elements should be regulated within the organization so that those risks that are deemed material and significant can be automatically associated with suppliers, contract language and even the purchase or sale of commodities.
• Organizations can now allocate points to risk, as well as pricing, vendor stability and all the other parameters that define good value.
We go through life, personally and in business, either trying to avoid risk or coming up with sound principles for understanding and mitigating risks. However, in most cases, risk management is handled manually — which actually adds a layer of risk — because we are human and, as they say, ‘to err is to be human’.
Automation can be used to accurately capture and forecast risk early on the process, meaning less time spent in managing risk and, more importantly, the adverse effects of poor risk management.
This article will explore in detail the available functionality in contract management software, and how an organization can go about implementing it.
Risks hide in contract language
There are several clauses within a contract that have various elements of risk associated with them. Typically, the ‘deliverables’ section has a large number of risks for the supplier and/or the customer. An example would be when a major computer chip manufacturer is buying a large majority of their silicon wafers from a supplier who makes 100 percent of its wafers in a plant that sits on a known fault line in India. So, if a clause exists that indicates the supplier will provide 1 million silicon wafers per month upon two weeks’ notice, the obvious risks are:
• What are the odds of an earthquake occurring at the supplier’s plant and, if it were to occur, what would be the delay in getting a shipment?
• The supplier only has one plant and no backup or contingency in place.
• What would be an acceptable time delay before missed shipments affect the customer’s ability to meet their market demands?
These are just three of the over 30 risk elements that reside in this one clause.
Organizations need to assess risks and assign the probability factors of each risk element, as well as the impact in monetary terms and time. Risks can have contributing factors (for example, natural disasters, and raw materials shortage) and probabilities need to be assigned for these elements as well. Once a risk element has been identified, appropriate workflow needs to be established to indicate at what percentage level notification emails need to be sent and to which parties? When the alert levels are escalated (for example, green to yellow to red), what process steps need to be followed and are there any material impacts? (This needs to be reported under the US Sarbanes-Oxley Act 2002 for companies listed on US stock exchanges).
The risk elements in a contract can have devastating effects on an organization if they are not assessed and, worse, not tracked and reported on. By being proactive, organizations can often alleviate risks and apply contingency plans (in the silicon wafer example, a contingent supplier would be part of the resolution process and would get the order if a specific risk element was escalated for the original supplier).
Some CM software packages have a risk management component that allows for scenarios, like the one shown above, to be reported, tracked, governed and acted upon. Risk elements can exist at a contract level, a clause level and even at the supplier level. When tied to specific clauses, the associated risks are automatically attached to that contract, and whatever workflow and notification was tied to that risk will automatically be a part of the contract process. It is important that the risks you want to track are reported on, just as you would want to know when contracts are coming to expiry.
Regulating and managing risk
Risk elements should be regulated within the organization so that those risks that are deemed material and significant can be automatically associated with suppliers, contract language and even commodities (goods and/or services) being bought or sold. Management should meet with the appropriate departments (for example, sourcing, accounting, risk, audit and legal) to brainstorm on all the risk elements that could have an unacceptable level of disruption, then document and assign thresholds for notification (for example, at what percentage level should a director, vice president or a ’C’ level be notified?). The departments responsible for creating contracts and templates should then ensure that the risks can automatically be associated when a new contract is being created.
It is important to evaluate the CM software to ensure that the risk elements can be completely managed by the organization and that it has the flexibility to add new risk elements, assign probabilities, indicate risk cause potentials and, most importantly, have the ability to indicate specific workflow and notification when a risk element reaches a certain threshold. Within the CM software, risks can be managed and reported based on the impact on either monetary values or time (for example, time lost). Some CM software also allows for the tracking of risk at the supplier level as well as the contract level. This is important, as an organization should know what the risks are of a supplier going bankrupt and, if it were to go bankrupt, what impacts that would have on the organization.
Integrating risk into your strategic sourcing
Typically, strategic sourcing within organizations is limited to reviewing pricing or value offered by suppliers across commodity or spend codes. However, there is a growing trend to include risk and performance records as a key part of deciding which suppliers are deemed able to supply a specific product and/or service.
Organizations can now allocate scoring points to risk, as well as pricing, vendor stability and all the other parameters that define good value. Some CM software packages allow for calculations that can derive scoring based on pricing, past records of performance and risks as well as other criteria as defined by the customer. This enables companies to run reports on a scheduled basis that shows their top suppliers by category and decide if they want to limit any future buying to a list of accredited suppliers for a given commodity.
Happy auditors, risk jockeys and the good folks in sourcing
The ability to manage risk with CM software provides certainty and makes for happy auditors, risk management and sourcing professionals. The task of managing risk is complex and time-consuming, so using software will not only assist in the overall creation and management of contracts, but also for an automated risk management process. This lightens the burden on the organization, allowing its professionals to focus on the strategic and forward-thinking elements of their jobs.
 
Ashif Mawji, President and CEO, Upside Software Inc, Provider of contract lifecycle management software,
Email: ask@upsidesoft.com.
About the author
Upside Software is the ‘2007 Supply & Demand Chain Executive Top 100 Company & 2006 Deloitte Fast 50 Company’. Ashif was named the Entrepreneur Year by the Business Development Bank of Canada in 2007 and also the 2002 Ernst & Young Entrepreneur of the Year® recipient (Prairies Region – Young Entrepreneur), recognized as the 2008 Supply & Demand Chain Executive Pro to know, ranked as Canada’s Top 40 under 40TM (2004), a member of the Financial Executives International and was recently awarded the Queen’s Golden Jubilee Medal.
 
 

 


 

 

 


 

How can we analyze contractual risk?

 
How can we use risk management methods to assess a contract draft? This article presents a structured method for analyzing risk based on a detailed analysis of a contract text. TOBIAS MAHLER Norwegian Research Center for Computers and Law, The Faculty of Law, University of Oslo, Norway
 
 

by TOBIAS MAHLER Norwegian Research Center for Computers and Law, The Faculty of Law, University of Oslo, Norway

How can we use risk management methods to assess a contract draft? This article presents a structured method for analyzing risk based on a detailed analysis of a contract text.

Main points

A contractual risk analysis can consist of the following steps.

• Specify the context, target and scope of the risk analysis (what exactly do you want to analyze?).
• Identify risk, that is, describe possible events based on the contract clauses as applied to the contractual relation (reading the contract clauses, what may happen?).
• Estimate the likelihood and consequences (for example, monetary) of each identified risk. You should consider both the likelihood of facts and the likelihood of a relevant interpretation of the contract clauses.
• Evaluate the risks, distinguishing between acceptable risks and those risks that should be considered for treatment. This evaluation should be based on both the risk values (that is, high or low risk) and a suitable set of decision criteria.
• Consider how risks can be treated through practical measures or a suitable contract amendment.
• The decision about treatment implementation depends on a cost-benefit analysis. 

Consider the following scenario. A supplier requests that a lawyer assess the general purchasing terms and conditions of a car manufacturer. Let us assume that the supplier’s management has had positive experiences with risk management in other contexts, and suggests that the lawyer use a standard risk management methodology. The overall objective is to negotiate a side letter, containing more beneficial terms and conditions regarding those contract clauses that imply too much risk. As a preliminary step in preparing and negotiating this side letter, the lawyer has to clarify how risk management can be applied to contract drafting.
The idea of relating contracting with risk management is not new, but there is relatively little literature on how contractual risk management should be carried out in practice.1 This article attempts to propose some key elements of such a method which, due to space limitations, are rather superficially described. The method has been applied in practical case studies, including the above-mentioned scenario.2
The risk management method
The method discussed below is based on an adaptation of existing international standards for risk management, most prominently the Australian Standard AS 4360/2004, to the requirements of a contract analysis. The process of risk management consists of a continuous assessment and treatment of risk, which is carried out through risk analyses. The second part of this article focuses on the particular situation in which a single contract is examined in a formalized risk analysis, with particular focus on those aspects of the analysis that require different, or more specialized, steps than those specified in the Australian Standard. This article may therefore be complemented with literature on the use of the Australian Standard, which explains details of the general process which can not be sufficiently covered here.
Context, target and scope
Every risk analysis should start with specifying its exact scope and target, which in our context needs to be related to the rules in a contract. Depending on the time available and the importance of certain issues, the risk analysis could target the whole contract or selected parts of it. Of course, if parts of the contract are excluded from the formal risk analysis, they should still be assessed less formally outside the risk analysis. The scope of the analysis depends on the organization’s requirements to cover, for example, certain types of risks or to analyze a particular set of documents. It is often necessary to spend a considerable amount of time establishing the context and describing what the contract aims to regulate. Preferably, this information should be well-documented and available for review during the remaining analysis.
The quality of the risk analysis results depends to a large extent on the available experience about, and knowledge of, the domain in question. Typically, few individuals have a comprehensive understanding of all relevant aspects of a complex business contract. A lawyer is competent to analyze the contract clauses, but often lacks detailed operational knowledge. Similarly, technical experts may lack detailed information about financial and legal consequences of technical problems. For complex commercial contracts, it may therefore be advisable to carry out a contractual risk analysis with a suitable inter-disciplinary team of experts, covering, for example, legal, financial, technical, market and other perspectives. A lawyer with experience in risk management could lead the analysis if the main focus is on legal aspects.
Every risk analysis focuses on identifying events that may impact the organization’s objectives or key assets. Therefore, the analysis should specify what the organization wishes to protect, by listing relevant objectives and assets. It is also useful to initially set out how risk will be documented and measured (for example, quantitative or qualitative risk values) and what criteria for risk evaluation the organization wishes to use. Guidance on the latter questions is available, for example, in literature on the use of the Australian Standard for risk management.
Risk identification
The second step consists in identifying the risks. This involves identifying what, why, where, when and how events could impact the achievement of the organization’s objectives or the value of its assets. In the context of a contract draft, we are particularly interested in events that have their source in the contractual relation or the contract text. Therefore, one possibility for risk identification is to analyze one clause at a time, seeking to find out how each clause could impact the organization’s objectives or assets. In practice, this involves brainstorming about how the clause could negatively impact the organization’s objectives.
The risk identification then needs to consider the interplay between different rules in the contract. At this stage, the analysis should seek to identify how the interplay between different clauses in the contract could lead to an event. In many cases, the contract clauses’ effect will only be identifiable once several clauses are assessed in a suitable combination. For example, the contract may include a ‘time is of the essence’ clause, implying the risk of damages in case of delay. In order to assess the risk, the analysis also needs to include aspects such as available remedies or possible exceptions; for example, in the case of force majeure situations, because these clauses may also impact the likelihood and the consequence of the event. The outcome of this step is a list of possible events.
Risk estimation and evaluation
The analysis should subsequently make an effort to estimate the likelihood and consequence values for all identified events. The consequence value is an estimation, for example, of the monetary consequence, if the event arises. The likelihood value is an estimation of the frequency or probability of the event. In our context, the likelihood of the event may directly depend on the rules contained in the contract. Because the interpretation of the rules is not always certain, this uncertainty should be directly included in the analysis. The likelihood of the event may thus depend on likely facts and a likely interpretation of the contract. For example, the analysis can combine the assessment of the factual likelihood of a delay with an estimation of the legal likelihood of a particular contract interpretation that implies a payment obligation in case of delay. This implies that if it is unlikely that the contract can be interpreted to the effect that the organization has to pay damages for delay, it will reduce the likelihood value.
The combination of likelihood and consequence values renders the risk value, according to which the analyst can prioritize the risks. Subsequently, the team should evaluate which risks can be accepted based on their low risk value, and which need be considered for treatment. This evaluation should be based on the organization’s risk appetite, the balance of risks and benefits in the contract, and other criteria, for example, the degree of influence the organization has on the manifestation of the event.
Risk treatment and cost-benefit
The final phase focuses on how the identified risks can be treated. There are two key types of treatment of particular relevance to contracts. First, the risk may be treated by practical measures that ensure that the event is less likely to happen, or be less costly. Second, the clause may not be considered acceptable, and should be amended during contract negotiation. For example, if the contract includes the clause ‘time is of the essence’ and the team considers that there is a risk that the supplier will have to pay a substantial sum of damages for delay, then the treatment options include both contract amendment (for example, deletion of this clause or limitation of liability) and practical measures to reduce the likelihood of delays. The choice among the treatment options depends on a cost-benefit analysis. The benefit corresponds to the anticipated effect of the treatment on the risk level. This benefit needs to be related to the estimated cost of implementing the treatment. The cost-benefit analysis thus results in a recommendation of actions to manage the identified risks which can be presented to the decision-maker.

Practical implications
This risk analysis method can be used in a situation where:
• there is a need or desire to get a more comprehensive and detailed understanding of the risks inherent in a contract compared to a traditional non-formalized analysis;
• the contract text is stable during a sufficient time to carry out the analysis; and
• sufficient time is available for a detailed analysis — the necessary time depends on how selectively the analysis scope is chosen, but the required time for a detailed risk analysis could easily be several times the duration of a traditional contract analysis.
Acknowledgement
The work presented in this article was kindly financed by the Norwegian Research Council under the ENFORCE project grant.
 
Tobias Mahler LL.M, Research Fellow,
Norwegian Research Center for Computers and Law (NRCCL),
The Faculty of Law, University of Oslo, Norway,
Email: tobias.mahler@jus.uio.no.
<http://folk.uio.no/tobiasm/>
Endnotes
1. See in detail, Mahler Tobias, ‘The State of the Art of Contractual Risk Management Methodologies’ in H Haapio (ed) A Proactive Approach to Contracting and Law (Turku University of Applied Sciences, Turku 2008), p. 58-72.
2. Case studies about the use of this method are available on the author’s web pages at <http://folk.uio.no/tobiasm/>.
About the author
Tobias’ research focuses on the development of methods for legal risk management. His research interests include contract law, data protection law, intellectual property law, legal theory and decision theory. He also holds a part-time position as an in-house lawyer in the automotive industry, where he applies risk management methods for the analysis of automotive supply chain contracts.
 
 

 


 

 

 


 

Reducing risk in complex IT projects requires careful contract drafting

 
Failed IT projects are often in the news — currently SAP and Waste Management seem to be headed for litigation,1 the Los Angeles Unified School District (LAUSD) may spend $40 million or more than budgeted for a payroll system2 and the U.S. Census Bureau may incur billions of extra expenses for the 2010 census because its plans to use handheld computers failed.3 What role does the contract play in these failures? Are the basic ‘terms and conditions’ at fault or are the specifications and detailed project plan at the root of the failure? We may not know until court records or investigative reporters provide detailed stories on the public projects, but experience shows that both parts of the contract can lead to failure for the inexperienced, careless or hasty drafter and negotiator. BOB SCHMITT Technology Contracts
 
 

 by BOB SCHMITT Technology Contracts

Main points
• Information technology (IT) projects require extra care at all drafting stages.
• The ‘terms and conditions’ and ‘project requirements’ are equally important.
• Plan for changes and have a good communications plan.

 
 
Failed IT projects are often in the news — currently SAP and Waste Management seem to be headed for litigation,1 the Los Angeles Unified School District (LAUSD) may spend $40 million or more than budgeted for a payroll system2 and the U.S. Census Bureau may incur billions of extra expenses for the 2010 census because its plans to use handheld computers failed.3
What role does the contract play in these failures? Are the basic ‘terms and conditions’ at fault or are the specifications and detailed project plan at the root of the failure?
We may not know until court records or investigative reporters provide detailed stories on the public projects, but experience shows that both parts of the contract can lead to failure for the inexperienced, careless or hasty drafter and negotiator.
The ’agreement’ section of the ‘terms and conditions’ (Ts & Cs) should minimally include:
• provisions for supplier ‘deliverables’ which are subject to owner ‘acceptance’;
• payments based on ‘milestones’ for these deliverables;
• supplier warranty for all deliverables and services to best industry practices; and
• fair clauses for changes to the contract, project plan and specifications.
The ‘statement of work’ (that is, the requirements, specifications or service levels) should be extremely detailed at each stage of the contracting process and seek to represent a true ‘meeting of the minds’ between the supplier and the owner.
Let’s consider the complete contract — the terms and conditions and statement of work. What part of the contract has the highest risk for project failure? I think the statement of work should be considered as a first priority.
Statement of work
For complex IT projects, such as outsourcing or software development (including the software license and modification of the standard software package to fit the licensor’s unique business processes), the statement of work requirements — the licensor’s/owner’s specifications for the desired system — are most frequently the cause of project delay, cost overruns or outright failure.
How can this aspect of risk be minimized? Here’s anapproach for drafting a statement of work.
• Use a comprehensive methodology to analyze and document your existing business processes that involves all stakeholders, from management to end-users. For customer-facing systems, ensure the processes are documented from the customer’s perspective. This is a task for your business analysts, or outside experts if appropriate.
• Using a similar procedure, document the detailed changes to the existing processes that will be in the final, desired system.
• The combination of the documentation of your current business process and the ‘new’ system should be the complete ‘project requirements’. Be careful to retain the ability to distinguish between existing and desired features, and know the source (who) responsible for each requirement.
• During the internal review stages, the project manager should seek stakeholder consensus to prioritize requirements and resolve conflicts. Managerial or executive decisions should be sought if the project manager cannot get resolution of these problems.
• Whether you use an open request for purchase (RFP) process or decide to limit discussions with a few (or sole) supplier(s), the supplier(s) should review and address each requirement in some quantifiable manner, such as ‘fully complies’, ‘partly complies’, ‘does not meet’.
• Use the detailed RFP response for your selection of a supplier. Score each requirement response. Involve representatives of all stakeholders in the review process and any supplier discussions.
• Confirm the chosen supplier’s response by reviewing its software documentation.‘No documentation’ or a supplier reluctance to supply documentation are serious warning flags!(For outsourcing agreements, request an example of the supplier’s internal outsourcing handbook.)
• Expect the supplier to bring some expertise and a different perspective to the table. Use the supplier discussions/negotiations to possibly revise or clarify the project requirements and certainly create the (desired, final) system software specifications. This is the heart of the contract statement of work.
• The RFP or other selection process should require the supplier to provide a project plan that will be an integral part of the statement of work. The project plan may be then further developed from the (updated) project requirements. This plan should include deliverables, milestones (for deliverables and the completion of certain service tasks) and payments for either or both. The parties should acknowledge that the project plan will evolve.
• The project plan should include an early supplier duty to confirm the original project requirements (through a business process review) and deliver a matrix that shows the (supplier’s) software documentation relation to the requirements and the (desired) system software specifications.
• The ‘gaps’ between the project requirements, software documentation and system software specifications are, in effect, the supplier’s development work and are added to the project plan.
• Each deliverable must be subject to owner acceptance, based on specific acceptance criteria.
In the terms and conditions, several clauses are extremely important for IT projects.
• Provisions for supplier ‘deliverables’ subject to owner ‘acceptance’. This includes the basic acceptance concept, acceptance criteria and the acceptance process. Acceptance should be in stages, with ‘final acceptance’ only occurring after the developed software is used for a specific time period in the complete ‘production’ system (that is, ‘Final acceptance will occur after 30 days of error-free software use in the final production system.’) If a supplier resists the ‘acceptance’ criteria, suggest that the bare minimum will be conformance to supplier’s software documentation. In other words, does the software do at least what the supplier claims?
• Payments should be tied directly to the deliverables’ ‘milestones’. Payments should be made in stages, with a partial payment withholding for all deliverables until final acceptance.
• The supplier should warrant all deliverables and services to best industry practices and be expected to warrant (fix) any software system errors for a reasonable period even after final acceptance. This is not the same level of correction service the owner should expect from any (optional) software maintenance agreement. A maintenance agreement is typically a part of the contract from the earliest (RFP) acquisition stages.
• IT projects and outsourcing are inherently complex and there should be no expectation that the ‘best laid plans of men (or women)’ at the beginning of an IT project will endure beyond a few weeks. IT agreements (and perhaps all contracts) must have a ‘changes’ clause which applies to the terms and conditions, the project plan, requirements and, of course, payments.
— Both parties must have a clear and immediate responsibility to notify the other party of any circumstance where a ‘change’ is likely. For example, if the supplier cannot access the owner’s system, if interviews with owner’s business experts are missed or if a third-party software package is not delivered when required by the project plan, the supplier will incur costs and this situation must be quickly addressed by both parties and remedied.
— The ‘changes’ clause and process must respect basic contract principles of authority and ‘writing’. All changes must become part of the agreement, the statement of work and the project plan. Verbal directions must be regarded as temporary and quickly confirmed in writing by the proper contract authority.
— Changes which may affect the contract payments should also be addressed in stages if there isn’t a quick agreement on the financial impacts. Progress on the project should continue while any compensation is negotiated.
• A ‘disputes’ clause is needed. Although this contract provision may seem to have a negative image (for example, ‘No news is good news’), this can be neutralized by focusing on the escalation aspects of the clause to settle any disagreement between a supplier and an owner. The clause should spell out a communications plan and meetings between project managers, IT mangers and executives as being encouraged and open — the alternative is a clear path to project failure.
• A ‘terminations’ clause is necessary. As with almost any complex endeavor, IT projects quickly create a life of their own. It seems that most troubled projects continue to some form of completion in spite of extreme cost-overruns or delays long beyond the planned schedule. But termination should always be considered a possibility and some ‘failed’ projects should be terminated. The contract should give both parties the right to terminate under certain conditions, but always give the owner the unconditional right to terminate the agreement. This ‘unexplained’ termination right may result in a dispute, but the dispute itself — mostly useless software, the lack of an improved business process, a wasted budget, litigation and bad publicity, should all be weighed against continuing down a ‘bad road’.
   Good advice for making tough termination decisions is hard to find when considering the original project expectations and the current reality, but the party which has diligently practiced good business and project analysis, and has adhered to good contract procedures, including ongoing documentation, should not fear this decision.
In summary, it may seem that taking steps to minimize risk for IT contracts requires an incredible effort in time and resources before and during the contract process. Yes, it does! But perhaps the opposite of the cliché ‘The devil is in the details’ really applies — if you’ve worked on the details, you may wind up on the side of the angels!
 
Bob Schmitt,
Technology Contracts, Burbank, California,
Email: Bob@tech-contracts.com.
Endnotes
1. Kanaracus, Chris ‘Waste Management sues SAP over ERP implementation’, InfoWorld, March 27, 2008, <http://www.infoworld.com/article/08/03/27/Waste-Management-sues-SAP-over-ERP-implementation_1.html> (accessed April 28, 2008.
2. Rubin, Joel ‘Payroll system beset from Day 1’, Los Angeles Times, February 11, 2008 <http://www.latimes.com/news/local/la-me-payroll11feb11,1,1699379> (accessed May 5, 2008).
3. Nagesh, Gautham ‘Census Bureau facing huge cost increase, possible delays in 2010 effort’, <Government Executive.com> March 5, 2008; <http://www.govexec.com/dailyfed/0308/030508n1.htm> (accessed May 5, 2008); Krigsman, Michael ‘Billion-dollar IT failure at Census Bureau‘, ZD Net, March 20, 2008, <http://blogs.zdnet.com/projectfailures/?p=660> (accessed May 5, 2008); Chan, Wade-Hahn ‘Late Requirements Sank Census Handhelds’, Federal Computer Week, April 10, 2008, <http://www.fcw.com/online/news/152199-1.html> (accessed May 6, 2008).
About the author
Bob has extensive IT contracts experience with Disney Worldwide Services, Wellpoint, Inc. (Blue Cross), PacifiCare Health Systems, Inc. and Toyota Financial Services. He is an Attorney admitted to the Hawaii and California bars; MS in Information Science, University of Hawaii.
 
 

 


 

Outside Contracting

 
Paul Mallory’s London Marathon
 
 

 

Paul Mallory’s London Marathon

Congratulations to Paul Mallory, currently with Oxygen Learning in Watford, England, who ran his very first marathon in April, completing the famous London run in a commendable 4 hrs, 15 minutes and 22 seconds. He says that the it was a fabulous experience with the highlight crossing the finishing line, as well as overtaking four Masai warriors at mile ten (not every day you can boast that achievement!); and the low point being overtaken by a ‘Borat’ in a ‘mankini’. He also says the focus and determination to train and complete has interesting psychology, analogous to completing a major project — and when he has some energy back, he’ll be happy to respond in an IACCM Ask the Expert conference call to take on all questions! Paul also ran for his charity, the Samaritans, who work tirelessly to support those in need of a friend in times of stress and despair. Friends can find his link at <www.justgiving.com/paulmallory>  

 



Outside contracting— contribute to this new column
Do you have a special activity or achievement in your life outside of contracting? If so, send photos and a 100-word description to Suzanne Birch at <sbirch@iaccmresourcing.com> for consideration to publish in this column.

 
 

 


 

 

From the front line...

 
Your questions and answers  
 
 

Risk management — various insurance limits for high tech contracts

Question

Sharon Sippel (on 02 May 2008)

… Could we get some inputs on how others manage insurance requirements and do their contracts contain insurance limits (not based on $ amount of deal)? We work in a fairly high volume contracting area supporting for the most part internal requirements to the company. Just as an example, our E&O limit is set at $10M! Also, do your contracts contain actual $ limit requirements or do [they] contain language something like ’Vendor is required to carry adequate insurance coverage for the engagement. Lack of insurance does not negate vendor’s liability to …’

Responses

Jim Moran: In working with our risk management group we have found that specific coverage amounts are based on worst case risk to company. So E&O for some engagements would be higher and E&O for some would be lower. Case in point, we had one engagement were E&O standard was $5 million and applicable to portion of the spend, but another portion of the spend only required $2 million in E&O. Because this particular engagement required subcontractors we were able to flex the requirement.

Gina De Los Angeles: We also specify $ limits in the insurance clause of our general service agreements. However, we do have some commodity specific boilerplate agreements, which allow for reduced coverages appropriate for the industry (i.e. training services).

Dr. René Franz Henschel: … in these times of credit risk a clause like ‘vendor is required to carry adequate insurance coverage for the engagement. Lack of insurance does not negate Vendor’s liability to … ’ is worth nothing; there should be an insurance with a defined amount (this way the buyer can mirror with his own insurance if necessary and make cover for the rest) and proof should be presented as a certified copy of the insurance directly from the insurance company to the buyer; otherwise the risk is, that there is no adequate insurance in place.

Tony Oliver: We generally specify minimum insurance coverage in all our agreements (generally around $2 million), but will raise that amount if the nature of the contract and risk involved is significantly greater. If the vendor does not have sufficient insurance, that is generally a sign to us that this is not someone that we should be doing business with because their business (and thus our business) is at risk if they get hit with a big liability. Also, remember that the vendor could have a big liability claim via one of its other customers that if they don’t have adequate insurance to cover could jeopardize their financial viability and ability to perform under your agreement. So this is not just about covering your contract, but making sure you have a vendor that can provide uninterrupted services.

Cynthia Hollinsworth: In my experience, as a seller, sometimes buyers do not specify limits, other times they specify limits which are too high when you consider the value of the contract and the potential risk. As a seller, it is important never to offer more insurance cover than necessary. Remember that all policies are subject to exclusions and excesses, and some policies, such as product liability, in the aggregate and not per occurrence. As a buyer, you need to insure that the seller has adequate insurance cover taking into account not just the value of the subcontract but also the amount of damage the seller could cause. The insurance cover required will most likely far exceed the value of the subcontract.

Georgia Siegfried: We always include required levels of insurance in our agreements, by approved carriers. We also require a Certificate of Insurance that names us as an ‘additional insured’ (as opposed to a ‘named insured’, which may carry liability for premium payments). In addition, we require an endorsement of our ‘additional insured’ status by the carrier, otherwise, there’s no coverage. Also, FYI, ‘commercial general liability insurance’ is the correct term, as opposed to ‘comprehensive’, which went out in the 90’s. :)

Bob Endres: The management of insurance requirements is one aspect of a holistic approach to managing risks

Assess the risks of the particular contract to determine 1) risk treatment/ control measures (how you will manage and monitor the supplier) and 2) appropriate insurance limits. The insurance requirement should reflect the actual loss that might arise and hence is dependent on the nature and complexity of services, and whether they are truly being relied upon. Ask the question- How bad could it be? But don’t over insure. The costs are being passed on to you. Consider segmenting deals according to risk and creating commercial menus of differing insurance requirements e.g 2, 4, 6, 8, 10 MM limits) and testing for how it impacts the price of the rendered service. Weigh the price against the cost of risks and self insuring (in tandem with other contract risk control measures employed).

Some other considerations

• In order for the supplier’s E&O to be triggered, you have to establish their legal liability for your losses, the process of which can be lengthy, expensive and uncertain. Differences between policies matter, e.g. E&O policies can be on a ‘costs inclusive’ or a ‘costs in addition’ basis (the former means that legal costs are paid out of the insured amount before paying the claimant).

• Understand exceptions and exclusions, e.g. contract guarantees not subject to negligence test.

• Last comment fairly well known, but just in case, an E&O policy only covers the acts of the insured (professional). This type of policy will never name another entity as ‘additional insured’.


Risk reserve

Question

Tim Cummins (28 April 2008)

Are you perhaps aware about any ‘Best practice in adding a risk reserve to protect contracts against liability risks?’

We would like to understand whether a certain % of the Annual Contract Value is aligned or not with something that the market recognizes as reasonable

Responses

Diane Homolak: Our organization would typically only do a risk reserve or accrual for penalty type provisions based on probability of event or for extra ordinary performance obligations where costs were projected. We would not typically take such a reserve on ordinary liability or indemnity terms or similar common provisions

Deepankar Ghosh: Generally this concept of keeping certain percentage as risk or contingency reserve is more relevant to contractor side entity, as in most contracts the balance of risk management is tilted towards the contractor than the client. Based on my past experience while working from the contractor side once, while fixing this percentage both risks and opportunities were considered so that the return margins are not allowed to be compromised unduly and also the company does not lose its competitive edge. Project Risk and Opportunity Management (PROM) is a whole subject in itself, and every company needs to visit this area, not only during the tendering stage, but throughout the contract life cycle to capture both fixed and variable, predictable or probabilistic risk and opportunity sets, and monitor the PROM matrix on a periodic basis.

Jacqui Crawford: Seems sensible best practice is to only hold reserve for known contingent liability that has a high probability of occurrence, and therefore requires mitigation on account or for those high high risks with no plan.

 

Full postings of responses can be found at the discussion forum section of the IACCM website at www.iaccm.com

 
 

 


 

 

 

 


 
 
 

Editor
Kerrie Tarrant

Consulting editor

Tim Cummins, CEO, IACCM

Vice President of Research and
Advisory Services, and Advertising
Sales enquiries

Katherine Kawamoto

Editorial Panel
Mark David, CommitMentor, UK.
Rose Gazarek, BAE Systems, US
Craig Guarente, Oracle, US
Helena Haapio, Lexpert Ltd, Finland
Christof Hoefner, IBM, Germany
Bruce Horowitz, Attorney/Arbitrator, Ecuador
Doug Hudgeon, Macquarie Bank Ltd, Australia
William Knittle, BP, UK

Automation and technology panel
Mark Darby, Alliantist, UK
Ashif Mawji, Upside Software Inc, Canada
Tim Minahan, Procuri, US
Terry Nicholson, Selectica, US

Address: International Association for Contract & Commercial Management (IACCM), 90 Grove Street, Ridgefield, CT 06877 USA. Ph: (1) 203 431 8741, www.iaccm.com
Editor: ktarrant@iaccm.com
Sales enquiries: kkawamato@iaccm.com

This issue may be cited as (2008) 1(5) Contracting Excellence.
ISSN: 1937-9765; ISSN: 1937-9757

Disclaimer

This newsletter is intended to keep readers abreast of current developments in the field of contract and commercial management. It is not, however, to be used or relied on as a substitute for professional advice. Before acting on any matter in the areas, readers should discuss matters with their own professional advisers.

This site is provided by IACCM on an 'as is' basis. IACCM provides this web site as a service to those people seeking contracting and commercial news and information. IACCM assumes no responsibility for consequences resulting from the use of information on the site or information obtained through links. IACCM will not be liable for any damages of any kind arising out of use, reference to, or reliance on any information contained in the site. IACCM is not responsible for the accuracy or content information contained in the site or in the links provided on its site. Links to and from IACCM do not constitute an endorsement by IACCM of the parties or their products and services.

Copyright

The content in this publication is copyright. Excepted as permitted, no part of this publication may be reproduced by any process, electronic or otherwise, without the specific written permission of the copyright owner.

All content included on this site, such as text, graphics, logos, button icons, images, audio clips and software, is the property of IACCM, or its content suppliers or an identified third party and is protected by international copyright laws. The collection, arrangement and assembly of all content on this site is the exclusive property of IACCM and is also protected by international copyright laws. Any reproduction, modification, distribution, transmission, republication, display or performance, of the content on this site is strictly prohibited.

Use of this site

This site or any portion of this site may not be reproduced, duplicated, copied, sold, resold or otherwise exploited for any commercial purpose that is not expressly permitted by IACCM. Unauthorized attempts to upload information or change information are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986.

   

Published by IACCM, 90 Grove Street, Ridgefield, CT 06877, USA www.iaccm.com