Deloitte & Touche’s David Zechnich and Martha Benshoff say robust contract risk and compliance controls are crucial in today’s interdependent marketplace.

In a global business environment of intertwined entities, almost every company maintains extended business relationships with service providers, vendors, distributors, and resellers, along with other outsourcing arrangements, including licensing of intellectual property and joint marketing arrangements. But how well is this complex web of contractual relationships monitored, tracked, and managed?

The question is far from academic. Unless diligently managed, these arrangements can result in revenue leakage, creeping costs, operational and quality challenges, and regulatory compliance complications.

And in this Sarbanes-Oxley world—with greater expectations for strong controls throughout the extended enterprise—executives are under pressure to identify and address the risks associated with their contractual relationships.

Not surprisingly, executives are demanding greater visibility and accountability for potential risks in extended business relationships and more assurance regarding benefits. To do so, they often require contract risk and compliance (CRC) activities, which can help verify the accuracy of data reported by business partners and assess the effectiveness of internal and external processes and controls.

Such activities can deliver critical information about risks and provide data on how well business relationships are serving the needs of your company. Not only can CRC activities help you maintain an agile and competitive organization, but demonstrating such diligence can send a message to the marketplace about how much your company values good governance, effective risk management, and strong asset protection.

The risk/benefit paradox
More than ever, companies rely on extended relationships to perform core business processes in support of key business objectives. Paradoxically, business relationships that have the potential to create great value for the company can cause significant loss if not managed properly.

If companies neglect to identify and mitigate risks, they may fail to capitalize on value-adding opportunities—worse, they may endanger their viability. Executives should ask tough questions about common risks inherent in contractual relationships, such as:

• Are we paying too much for contracted services or raw materials?
• Are we receiving less revenue than we are entitled to?
• Is the quality of our branded products that are produced, sold, or managed by others meeting our company standards?
• Are our products or intellectual property distributed to unauthorized parties?
• If our partners fail to comply with our expectations (and contractual terms), will our brand be damaged?

It’s well known that every year billions of dollars in royalties, commissions, sales incentives, licensing fees, R&D cost sharing, contract manufacturing, and warranties are exchanged between business partners. Surprisingly, many of these transactions are conducted entirely on the honor system.

Although trust is a critical aspect of doing business, trust should be accompanied by verification. Given that management may have limited access, visibility, and control over its partners’ processes and systems, verification through contract compliance reviews provides a responsible alternative.

In a legal trade opinion, Oliver Wendell Holmes wrote, “Truth is the only ground upon which [mutual] wishes can be carried out.” Indeed, agreed-upon truths can foster trust, build relationships, and further business objectives.

CRC activities help you manage risk by clearly communicating business objectives, risks, and controls associated with business relationships; validating compliance or identifying potential noncompliance; determining the accuracy of information received from external sources; and performing on and off-site risk assessments and control reviews.

If reducing risks that threaten the viability of the enterprise isn’t reason enough to examine your contract risk and compliance program, remember that there are substantial bottom-line benefits. Real dollar returns are quite common for CRC investments—while ROI depends on the specific review and particular business objective, reviews can often return value that well exceed the costs, sometimes by multiples.

Know thyself
Although companies may be aware of the need for effective CRC activities, many have yet to adopt contract compliance reviews as a business priority. Here are some key considerations:

Know thyself. Ask your business unit managers about contract compliance, controls, and monitoring around your business relationships. How (and how frequently) are key relationships evaluated? What practices are in place to validate information issued to and from business partners? What monitoring processes and reporting mechanisms exist in your organization? What assumptions are you making when collecting and disseminating cash? Are there any processes that are prone to error?

Ask key questions. Are you getting the most value from your contracts? Are your business partners complying with your contracts or are they introducing new risks to your objectives? Are your business relationships contributing to strategic goals?

Take a risk intelligent approach. A risk intelligent approach considers and manages the full spectrum of risk the organization faces, minimizes siloed behavior that can obscure an integrated view of risk, anticipates and prepares integrated responses to risks, and manages risk with a view toward maximizing the upside of strategic decisions while minimizing the downside.

Preserve good working relationships. CRC activities need not be confrontational. In fact, performing these reviews in many cases will enhance relationships. Maintaining a positive tone in your business relationships should be high on your list of objectives.

Acknowledge the elevated importance of contract compliance. Contract compliance is linked to financial performance, security, risks, and controls. Information stemming from contract reviews can enlighten directors and executives on whether business relationships are aligned with business goals. Contract compliance activities can help obtain improved visibility into the state of the extended enterprise.

Consider the role of internal audit. Inquire about internal audit’s current or planned role in designing and implementing a contract compliance program. Internal audit is often a key player as its existing competencies complement the skills needed for contract reviews.

Consider engaging an outside party. Many companies will enlist an outside party to help efficiently and effectively execute the necessary CRC activities. Some business partners are more comfortable providing an objective, outside party access to its records.

Leverage the findings resulting from CRC activities. Information delivered from CRC activities can help you identify opportunities to establish process efficiencies, increase cost savings, enhance contract performance, optimize revenue, reduce operational expenses, negotiate better contracts, improve metrics, enhance business relationships, mitigate risks, and make more informed decisions.

Today, it’s no longer sufficient to let a figurative handshake govern your business relationships.

A contract risk and compliance program can help strengthen extended business relationships and support the realization of benefits, such as greater efficiency and lower costs, for all parties involved.

Martha Benshoff is a senior manager in the Audit and Enterprise Risk Services practice for Deloitte & Touche. She has managed worldwide contract risk and compliance programs for clients in a variety of industries. Dave Zechnich is a partner in the Audit and Enterprise Risk Services practice of Deloitte & Touche and serves as the national contract risk and compliance leader.