Rise of outsourcing makes third-party compliance essential
Enforcing contracts with third-party providers should always be top of mind, but interest in contract compliance is “countercyclical,” according to Bruce Orr, a Director in Grant Thornton LLP’s Risk practice.
If the economy is strong, revenue is rolling in, and profits are high, vigilance on contract compliance tends to slip. But in times like these, when the economy is shaky and organizations are clawing furiously to preserve every last dollar, there’s an intensified desire to maintain contract compliance.
“When you get a downturn, business leaders soon start to say, 'Are we getting the expected financial value out of our third-party agreements?'” Orr said.
The growth of outsourcing for everything from back-office finance work and IT to manufacturing has increased organizations’ exposure to third-party risk. Furthermore, licensing, profit-sharing, and joint venture arrangements continue to proliferate where organizations are relying on a third party to accurately and fairly pay its share with little inherent transparency. Contract compliance hazards for companies related to third parties include the risks that:
- Revenue data related to third-party agreements is not capturing all the right amounts, perhaps because of underreported sales by a sub-licensee, miscalculated royalty volume or fees, or non-compliant/out-of-territory sales.
- Vendors and suppliers are being overpaid, paid for services that are not provided, or simply billing incorrect rates because complex vendor pricing cannot be managed by a standard three-way match.
- Products are being sold that aren’t authorized under the contract.
- Licensed products are being bundled inappropriately with unlicensed products.
- Clerical errors are occurring.
- The third party is interpreting vague contract terms to their favor.
“There are different things that a company can do to manage those risks, and that centers around first having a complete understanding of those agreements with the third parties,” Orr said. “A lot of companies don’t even have a good inventory of those agreements or an understanding of where there’s inherent higher risk.”
Categorizing the risk
To gain a comprehensive understanding and effectively manage the risk, an organization can analyze its entire population of contracts and take a programmatic approach to categorizing the agreements that contain the most risk. A heat map can often be helpful for this exercise. It can assist in identifying the highest-risk (high probability and high severity) and lowest-risk (low probability and low severity) contracts, along with those that are somewhere in between.
“You put them in the different buckets and then say, ‘How do we design a programmatic approach we take to be better able to manage that risk?’” Orr said.
This chart shows a heat map diagram where contracts can be evaluated based on probability and severity. The contracts with high-probability, high-severity risks pose the largest threat, while low-probability, low-severity risks may need less scrutiny.
The highest-risk contracts are typically revenue-side agreements because they are often the least transparent and they’re often dealing with the highest dollar amounts. These can include:
- Licensing agreements
- Revenue-sharing or profit-sharing agreements that are operated by the other party
- Channel agreements
- Distribution agreements
Additionally, the following types of procurement areas are typically high-risk:
- Best pricing and supply agreements
- Large cost-plus supply or service agreements
High risks may also be posed by certain cost-side contracts, particularly those without a three-way match such as a purchase order where fulfilled obligations can be easily checked off and verified.
In addition to considering the types of agreements and their financial terms with regard to the higher risk, it may be important to consider other dimensions such as regulatory compliance, business continuity, execution, and quality.
To enhance risk management, organizations can:
- Develop data analytics platforms and dashboards to monitor key metrics associated with the most significant risks as part of an ongoing contract review process.
- Conduct contract audits, either internally or by engaging a third-party provider.
- Create a process for a thorough review of contracts each time they come up for renewal.
- Ensure the contracts are drafted using precise and clear language.
Although mismanagement of funds or outright fraud can be a cause of noncompliance with third-party contracts, most of the time the errors are either unintentional or involve contract interpretation differences. Regardless of the reason, it’s important for companies to get what they’re owed in their contracts.
When resources are limited, the urgency often increases.
“In a constrained market and economy, companies are looking at where to spend their resources and what type of return that expenditure is going to have,” said Nathan Dreyfus, a Principal in Grant Thornton’s Risk Practice. “If I’m going to spend money, I want to make sure I’m going to recoup everything I’m entitled to receive.”
Our featured insights
No Results Found. Please search again using different keywords and/or filters.