Congratulations - you have engaged a supplier and even have a contract which details what the roles and responsibilities are for each of you. The legal team disappears into their offices and the contract is given to the operations people to manage on a day-to-day basis. The Operations person then puts the contract in a drawer or file the contract and forget about it. The only time that most organisations will look at the contract again is when something goes wrong.
There are a number major problems with this filing approach:
1. That operations person can move on to another company or into another department and although they know what the contract says, they are busy with their new job or are not there for the new operations person to inform about the contract. Your organisation will then rely on the supplier to continue doing what they do. This is not the best way to do things as you are working from a position of not knowing exactly what needs to happen with the supplier, the contract or operationally.
2. The SLAs/KPIs or agreed terms of the contract are no longer front of mind to the new operations person and the supplier can do whatever they want or deliver the minimum service and still get paid for a "full service". (This actually happens every day. Please read the Case Study : "Learning to Fly" on our website).
3. The contract may make allowance for price increases/decreases under certain conditions, but since the new operations people do not know about these, suppliers can push through these increases and you won’t be any the wiser.
4. Suppliers are all in a similar position as you, they are also on the look out to evolve their business and perhaps what they had been supplying to you are no longer their core business and they have not informed you about this change. For example the services pertained to information management or marketing activity. If they outsource this to another supplier, there may be issues of data security that the 1st generation outsource supplier had not made clear need to be in place or if in the case of Marketing, the 2nd generation outsourcing organisation may be or have direct competitors to your business and they, when receiving your information can leak this to the competition. etc
This scenario is by no means rare and it behoves you, as part of your Third Party Risk Management Process, to have a contract management system in place, understand the clauses of the contracts and have regular reviews internally within the organisation and with the supplier so that a forum of openness and mutual interests are fostered. You certainly do not want to wait until the proverbial hits the fan before you engage meaningfully with your suppliers.
Emeryst have assessed a number of contract management, Compliance and Risk Management software and advise our clients on the best systems available for their requirements
Call us to discuss Strategies for Third Party Risk Management so that we can help you be ahead of the game and in a position of knowledge. tap into this invaluable resource.
Sid & Team
