Ever experienced unexplained contractual cost overruns and supplier’s in-efficiency in delivering goods or services?

In-House Counsel

Ever experienced unexplained contractual cost overruns and supplier’s in-efficiency in delivering goods or services?

Manish Kumar | August 2014

In this century, most of the companies have contract with their suppliers. The Complexity of service contracts/ agreements along with customized good and services makes is extremely difficult for the suppliers to bill and provide services accurately and even more difficult for consumers to validate the accuracy of overbilling as well as the services or goods received, meeting the contractual obligations.

When it comes to contractual obligations, the thumb rule is “Trust the Supplier, but Verify the Facts”.

Moreover, recovery of capital loss is a mere norm with reference to penalty clauses in the contracts/ agreements. Organizations most often lose significant amount of license fee, revenue to be recognized, royalties and end up in paying higher amount to the suppliersfor receiving lesser or poor quality service or goods, then as agreed mutually in the governing contact/ service agreements.

In these case, taking the services of an Internal Audit Team or hiring an external auditing body to perform “Contractual Compliance Audits” not only helps the organization to keep off their losses, over payments and obtain better quality of goods or services, but also helps in improving the mutual partnership and better reporting of information,improvement of contractual language as well as remediation based on documented instance of reported non-compliances. It ensures that the contractual arrangements you have with your vendors align with the products and services they deliver, leading to a healthier and more productive vendor relationship. Contractual compliance audits are quite common in almost every industry including retail, technology, financial, professional services, and manufacturing.

A well planned and executed contract compliance audit can provide the following benefits:

Greater financial savings and improved income revenue l Better ROI (Return on Investment)
Standardization and enhancement of contracts
Accuracy of the data/ information reported by the vendor
Exclusive requirements, data privacy, IT & other controls
Business Continuity l Keeping Vendor contract on track l Effective Management Intellectual Property
Managing Software Assets effectively
Effective Software License Agreement Management
Effective Royalty benefits, distribution right management, usage of digital content
Better recommendations to strengthen contract language, improve financial terms, and enhance internal controls
More productive vendor and business partner relationships
Identification and establishment of preferred vendors

THE “BEST” TIME FOR CONTRACT AUDIT :

The cumulative project tenure, milestones payments and the project lifecycle phases to be executed etc. provide an optimal range of period to conduct contractual compliance audit. The Objective, context, scope and approach of the audit varies differently through the range. I suggest to have following two audits during the engagement:

CONTROL AUDITS : Auditing during the primary or early phase gives the customer a better overview of the supplier systems, implemented control and monitoring, supporting objective evidences and documents for the deliverables (services or goods) against the mutual agreed requirements as per the master service agreement. An audit during this phase is known as “Control Audit” as this ascertains the supplier systems and controls implemented to execute the project. The Control Audit indicates findings and issue with a focus of improvement, streamlining and avoiding repeated mistakes.

RECOVERY AUDITS : Audits performed during the last phase of the engagement tenure or nearingcompletion of requested services are termed as “Recovery Audit”, where the key objective is to determine if the vendor provided deliverable are of acceptable quality, confirm to the requirements, SLAs or timelines have been met without impacting the business and are in compliance to the MSA terms. Review of the liability, indemnity and penalty clauses are quite common to avoid any undue situation. It is also recommended to determine whether any vendor requested charges are not a part of the project and invalid, were either duplicated or paid on a prior invoice or are overstated. It is recommended to execute Recovery Audit at a point where the Client still has leverage to collect any negotiated overpayment amounts from the Vendor. Future projects or contracts with the Vendor also provide opportunities for process improvement as well as negotiating recovery of overpayments.

In an IT Industry, the typical MSA or Contractual Compliance Audit would consist of following key activities:

Collection of the latest & physically signed off version of the Master Service Agreement, related annexures, exhibits, amendments followed by a thorough review of contract terms and conditions for selected supplier.
Preliminary analysis of historical data & live contract review for identification of primary supplier, expense categories, key controls for business continuity/ disaster recovery and data security, infrastructure and confidentiality, personnel policy requirements, regulatory requirements, governance clauses, liability, indemnity and penalty clauses, payment milestone andcorresponding acceptance terms for the deliverables, program/ project management etc.
Review of past relationship with selected supplier to identify sensitivities and ensure support and desire to pursue refunds/ replacements in case of non-compliances. l Confirmation of the primary supplier to undergo the audit
Collection and detailed line item analysis and review of invoices, subinvoice data, payment records, purchase orders and other billing support documentation and records for milestone payments against the deliverables
Confirmation that contract provisions and industry standards have been accurately applied and honored
Identification, substantiation and submission of overcharge claims, expeditious recovery of cash refunds of overpayments to applicable supplier
Compliance of the delivery standards against the MSA and the corresponding signed copies of the Statement of Work
Review of compliance towards key requirement, standard specific requirements e.g. BCMS, ISMS, HIPPA etc.
Review of compliance towards statutory and regulatory requirements
Compliance to SOX, if applicable and other country specific legal requirements including export and import laws.
Safety and environmental regulations and standards
Compliance to tax obligations, employment and labor laws etc.

Once the audit exercise is finished, a details summary and documented draft ismade available to both the parties (Customer and Supplier) for internal review, followed by a mutually agreed timeline of closure of the identified nonconformities.The audit group review the closure actions along with the objective evidences and preventive action plan to ensure that the identified risks do not reoccur in future.

About Author

Manish Kumar

Manish is currently an Audit Program Manager with the Corporate Audits, Assessments and Certification team of Infosys Limited, which is an independent entity at the Infosys Headquarters in Bangalore. He is responsible for driving IP Audits across all the legal entities of Infosys. He has worked extensively on identification of IP Commercialization risks in the field of Information Technology. Additionally, his core strengths are IP risk profiling for M&A (Mergers and Acquisitions), Digital Rights Management (DRM) technologies and Identification of Contractual IP risks. He is an established lead Auditor by his profession in the field of ISO 9001, ISO 27001 and ISO 20000, ISO 22301, ISO 15489 & has participated as Assessment team Member (ATM) in his previous organizations for various CMMI - SCAMPI Assessments. He started his career from a Public sector unit - Hindustan Aeronautics Ltd. and later worked with various it majors like Hewlett-Packard and Wipro Ltd.