Grappling with the complexities of operating in the modern world, IT and professional services companies (like many others) hope to navigate the industry built on disperse operations, amplified expectations, and increasing security needs.
Put simply, IT and professionals services organisations need to be able to deliver their solutions to clients anywhere.
“With these trends come imperatives to move faster, realise maximum value across all commercial activities, and proactively track customer obligations and fulfilment. Each of these imperatives carries with it unique risks,” commented Icertis.
With IT and professional services operating on a global level, contracts play a critical role in the industry. They define the role of the company, the obligations they have to other, and the obligations they are owed.
“As such, contracts represent a kind of double-edged sword that can create risk and insulate from it since contracts are the linchpin for all such business relationships,” noted Icertis.
Types of contracts
- Most in the industry are governed by master service agreements (MSAs) outlining the key information for a relationship: business units, customer details, legal entity details, contract value, services, payment terms, and pricing terms.
- There are also statements of work (SOWs) which define projects operation under MSAs. These identify performance benchmarks to reach throughout a contracts lifecycle.
- Finally there are engagement letters (ELs) and general business terms (GBTs) which are commonly used for tax, audits, and assurance projects.
“In other words, the entire commercial motion of these service providers is dictated by an ecosystem of contracts, with information that must flow down from the top-line MSA or EL to delivery documents to ensure all contractual obligations are fulfilled,” explained Icertis.
What are the risks?
Anywhere along this process risk can surface. Icertis uses the example of poor contract visibility, should this be the case work could be performed against an SOW that has expired. Happening to a real IT service provider, the company determined that it had done US$1.5mn worth of work that couldn’t be billed.
“While this is one example of a contract-related error, professional services providers are even more vulnerable to risks associated with missed contractual obligations and—due to the geographically diverse nature of the industry—regulatory issues based on which jurisdiction they are operating in,” commented Icertis.
For those that operate in multiple jurisdictions, it is critical to ensure all contracts meet regulatory requirements in order to avoid penalties. General Data Protection Regulation (GDPR) is a good example of this. Should companies lack the contract language for proper data-handling provisions companies could expose themselves to huge fines.
“And because a client-focused business often requires signing agreements on third-party paper, IT and professional services providers have the additional challenge of identifying these risks in contract templates and clauses that originate outside of their own legal department,” noted Icertis.
Managing risk with contract lifecycle management (CLM)
Gartner defines contract lifecycle management (CLM) as: “a solution and processes for managing the life cycles of contracts and agreements created and/or administered by, or affecting, an organisation.”
They can include both third-party or internal contract agreements such as outsourcing, procurement, sales etc. and spans all processes from initial request through to eventual archiving.
Due to the contractual risks associated with IT and professional services companies, many are turning to advanced CLM solutions for enterprise contract risk management.
An organisation-wide CLM solution establishes a rules-driven contract system that reduces risk by ensuring governance and compliance while allowing self-service contracting to reduce overhead and improve cycle times,” said Ixcertis. “CLM allows organizations to turn their contract repositories into the single source of truth for business risk, compliance, and performance.”