Category Archives: contract management

Hidden Risks are Everywhere!

In yesterday’s post, we noted that one of the workshops being offered in the 2nd NLPA Conference is on the Hidden Risks of Terms & Conditions. We noted that this is an important topic because terms and conditions are the concealed weapons of the legal world and a big hidden risk in your supply chain that you are likely not aware of.

There are more risks in an average set of terms and conditions then just the one-two knock-out punch of just Force Majeure and sole-source. Other risks that can be hiding in your contracts include:

  • buyer beware
    if you do not take the time to properly specify acceptance (testing) procedures, the goods will be yours the minute they are unloaded into your warehouse and/or a warehouse worker issues a goods receipt
  • non-compliance
    if you do not insure that there are no appropriate no-subcontracting clauses, your supplier could be sub-contracting services that are only to be supplied by certified companies or individuals (which is critical in health care, etc.), critical services could be subcontracted out, leaving you liable
  • weak confidentiality clauses
    if the clause doesn’t specifically indicate that confidential information may only be revealed to non-identified parties in the case of an official legal request, and that any request must be reported to you before such information is revealed, who’s to say that the information won’t be released without your knowledge upon an informal inquiry by someone asking for related information
  • increased liability
    if the contract does not specify a minimum insurance requirement for your supplier, who is performing sub-contracted services on your behalf, and does not mandate that they provide proof of such insurance on a regular basis, then a mistake on their part could result in increased liability on your part, beyond any limits specified in the contract
  • no termination clause
    just because you think you can end the contract for non-compliance doesn’t necessarily mean that you can, if it is sole-source for a guaranteed time, the supplier can argue Force Majeure, lack of quality requirement, etc. to negate any non-compliance claim you may bring forth

And this is just the tip of the iceberg. That’s why poorly negotiated contracts are note just the concealed weapons of the legal world, they are minefields!

iValua: Proving Their Mettle with Source to Settle, Part II

Yesterday, in Part I, we noted that when we last covered iValua in 2010, they were one of the few providers tackling end-to-end sourcing and procurement in a single suite of integrated modules built on one common platform. We noted in Tackling End-to-End Sourcing and Procurement, Part I that this French company had capabilities that, at least to some degree, addressed each of the core phases of the basic sourcing-and-procurement cycle except decision optimization and tax reclamation. Since then, they have added advanced tax tracking capability, and a boatload of other features that include SIM/SPM, Risk Management, Project Management, Enhanced Analytics, and Extensive UI customization. Today, we will continue our coverage of the platform, which includes a module for Supplier Management, that we covered in Part I; Sourcing, Contract Management, and Catalog Management, that we’ll cover today; and Procurement, Invoice Management, Expense Management, Reporting, and Administration that will be covered in the remainder of the series.

Sourcing

Sourcing consists of sourcing project creation, schedule and workflow creation, RFX, and e-Auctions. As noted above, there is no decision optimization, but that is literally all that is missing in their sourcing module.

Project creation in iValua is very powerful as you can not only define the project, but set up the end-to-end workflow, define a schedule, assign team members, and track every step. A project has an identity which captures basic project information, associated documents, a sequence of tasks or actions that will fulfill the project, an assigned team, a schedule, and a forum where team members can collaborate and discuss issues. The tasks and actions supported are quite extensive – and include all of the standard source-to-settle steps such as requirements gathering, supplier selection, RFX preparation, response tracking, proposal evaluation, response analysis, award, and contract. From each task, the users can jump off to the appropriate module in the iValua suite to complete the task. The workflow engine is quite fine-grained.

Contract Management

Contract Management is the creation and management of contract templates, contracts, and signature transactions for e-signing. The gem here is iValua’s online drag-and-drop contract creation capability (with complete audit trail functionality) that works in the browser and fully integrates with Microsoft Word. The view, which has the section index on the left, the section texts on the right (each in their own editable box), and Word-compatible editing options on the top, makes it really easy to construct a contract. The tabs allow for quick access of the header, the team involved in the process, deadline (and auto-renewal) dates, exhibits, main clauses, items and services, negotiated terms, the associated contract scorecard, and the current status of the contract with respect to the defined lifecycle.

Catalog Management

Catalog Management is the process of importing catalogs, creating and managing catalog items, and managing services procurement. Catalog management works as you would expect, and the hidden gem in here is the extensive services procurement management capability, including timesheet capability. The services procurement module allowed for the creation of services profiles (like templates for services requisitions), price structures, and requisitions — which could be fee-based or timesheet-based. The platform has extensive support for services requisitions, and the unique requirements for services requisitions, that require proposed delivery details, schedules, proposed team members, rates, payment schedules, and insurance requirements. It’s not quite as extensive as the capabilities in the Contingent Workforce Management platforms (like FieldGlass) or Agency Lifecycle Management platforms (like DecideWare), but is more than sufficient for the majority of services-based sourcing projects that a typical Supply Management organization will need to address. It is definitely the 80% solution.

We’ll cover the remaining parts of the platform in the remainder of this series. Come back tomorrow!

Hiperos – It’s So Hip To Be Square with 3rd Party Management! Part II

Hiperos provides a SaaS platform that allows an organization to manage the entire 3rd party lifecycle, which consists of registration, data collection, segmentation, control automation, assessment, management, and collaborative issue resolution.

Hiperos includes your standard SIM (Supplier Information Management) functionality that allows for supplier self-service registration and profile maintenance and data integration from third party sources. On top of that it implements a user-configurable rules-based workflow that allows third-parties to be segmented into different buckets that represent the different programs that they need to be subjected too – be it FCPA, REACH, WEE, HIPPA, or some other type of compliance or monitoring program. Each bucket has its associated monitoring rules that notify the third party when more information is needed and that automatically alerts the user when a violation is detected or when information is not provided by the third party in a timely fashion. Assessments are automatically run every time new data becomes available and can be run by a user at any time. The fact that all relevant third party information is available at all times allows users to pro-actively manage third parties, and associated risks, and then either work with third parties to mitigate risks, if the potential infraction can be corrected, or cut them loose if the risk of association is too great (because they showed up on a denied party list or use child labour in their supply chain).

The application, which loads the default user-defined dashboard, allows a user to manage third parties, engagements, relationships, products, and programs and to define programs, vendor communities, reports, and analytics.

The dashboard is multi-tabbed and allows a user to define relevant views on each of the application areas defined above, as well as a default dashboard that allows the user to see the information most relevant to him or her. At the top of the dashboard is a link to current action items that allows a user to quickly see what needs to be done in third party management, engagements, programs, etc. The dashboards can be configured using hundreds of pre-defined (reporting) widgets or the user can define their own widgets by defining appropriate reports in the reporting module. And the user can bring in real-time news and data feeds from sites of interest.

The application can track any compliance, performance, sustainability, or risk data elements of interest and, like any good SIM platform, is preconfigured to track hundreds of relevant data items, depending upon the programs you define as relevant for a given compliance, performance, or risk program (which minimizes the amount of configuration required to track custom fields). And not only is all relevant data available from any view that is program or user defined, but it’s all interlinked so a user can click on a third party included in a program, see the relevant report(s), and then dive into the third party data management screen to examine the raw data elements, and then run a report on just a data subset.

Program definition is flexible and allows for any type of compliance, risk, sustainability, or performance program you can think of. In addition, the fact that Hiperos also supports contract meta-data and third-party data feeds allows financial impact reports to be generated. That way, a user always knows what the impact of a third-party falling out of compliance is to the organization. Knowing that a tier-one supplier might be buying from a tier-two supplier that might be using child labour is one thing, but knowing that the organization is spending 20 Million across 5 categories on that tier-one supplier is something else. In the first case, the supplier is put on the “investigate” list and someone gets around to it when they get around to it. In the second case, the user knows that it is a high priority and an investigation has to be started immediately as the public backlash will be extremely damaging to the organization if it gets out that 20 Million is being spent on products and/or services that were partially produced by child labour.

Hiperos has also included extensive color-coded geo-mapping capabilities so that you can quickly see, for any program, where the highest risk areas are globally and dive in. While Hiperos is not the first company to do this, they have latched on to the fact that the visual representation of risk or non-compliance by region allows one to quickly see what regions have to be monitored. This allows resources to be properly applied, especially since proper monitoring will typically require subscriptions to appropriate data feeds for those regions.

The Market Intelligence capabilites are quite extensive too, and they have pre-configured watch-lists, diversity monitoring, parent-subsidiary monitoring, subcontractor monitoring, REACH/WEE monitoring, and dozens of other feeds of interest which can be enabled as required by the client.

And the analytics piece supports the full suite of slice-and-dice capabilities found in most sourcing products today, so that you can dive into the data and find out which suppliers, categories, or programs represent the highest risk to your organization.

There’s quite a bit of data, and the application can be quite busy at times, but Hiperos has one thing right, where compliance is concerned, it’s Hip to be Square.

Hiperos – It’s So Hip To Be Square with 3rd Party Management! Part I

When we last checked in with Hiperos, they had evolved from a Risk Management platform to an “Extended Enterprise Management” platform that integrated Contract Management, Compliance Management, Performance Management, and Sustainability Management into a 360° solution platform for an organization that wanted to get these various facets of risk under control.

However, as they have continued to roll-out their platform and work with clients in different verticals (beyond finance, which was their initial core strength and where they appear to be dominating the market), they have found that as enterprises get their internal(ly controlled) risks under control, their clients realize that typically the biggest risks they face are from their suppliers and vendors who provide then with all sorts of direct and indirect product and services. As a result, 3rd Party Management (3PM) has become critical to their operational success. How critical?

Consider these statistics. Forty-four percent of data breaches involve third parties, and the most expensive data breach has cost 35.3 Million dollars to resolve. And while this is atypically high, a data breach will cost an organization millions to resolve (as even the cheapest data breach cost $780,000). And if there turn out to be traces of blood money or drug money in your supply chain, it could cost you as much as $160 Million to settle the resulting probe. In short, 3rd Party Risk, if not properly managed, is likely to end up costing your organization millions. The only question is when.

And if you believe that preventative spending to manage risks that might not happen is unwise in this economy, consider this. Organizations that implemented Hiperos 3rd Party Management saw a 75% reduction in customer impact incidents due to sole sourcing. One organization was able to eliminate a seven-figure spend of 4 Million in annual subscription fees that it was paying just to insure that it wasn’t using blacklisted or banned suppliers (and that it wasn’t working with suppliers who were known to bribe and/or be involved in anti-corruption investigations) as the Hiperos 3rd Party Management solution contained all the functionality they needed. And, overall, Hiperos’ clients saw a 300% increase in the assessment of 3rd parties with a high-breach potential — allowing them to be vetted or eliminated before a costly incident occurred.

And this is jus a short-list of costly compliance and reputational risk facing an average organization that operates globally and has to deal with ISO, SAS 70, Anti-Bribery, Anti-Money Laundering, FCPA, SOX, OCC, CFPB, REACH, WEEE, OSHA, HIPPA, and W9 security and reporting obligations, just to name a few. A third party management solution tracks all of this, and more.

So what does Hiperos do to help you with your 3rd Party Management? Stay Tuned for Part II.

Iasta: Smart Source-Style! Part I.

Iasta: Smart Source-Style! Part I.

It’s 2012 and your fiscal year is coming to an end.
It’s time to get a handle on organizational spend.
Because if you don’t, you will find that the Mayans were dead on.
And in 2013, your organization will be gone.

But there’s no need to worry because, Iasta’s got (To the tune of Gangnam Style)

Sourcing Smart-Source Style.
Smart-Source Style.

Sourcing platform for users and bosses too. Sweet.
SaaS on the cloud, always on, real-time reporting complete. L33t.
Analyze this. Auctions, Performance. Real time data.
Optimize It. Contracts, and vendor schema.
One. Two. Smart-Source Success!

So what’s changed since we last covered Iasta in depth in 2008/2009? Especially since the solution footprint looks the same from a cursory review of their web site? If you’re taking a thirty-thousand foot view, not much. But if you take the time to get down in the weeds, everything!

The biggest changes are:

  1. Native Analytics Capability
  2. Improved (Native) Contract Management Capability
  3. Better, Integrated, SIM and SPM Capabilities
  4. Extensive Support for Third Party Data Feeds
  5. P2P Integration Capabilities
  6. Customizable Reporting and Dashboards for Users and Executives
  7. A Broader Services Offering

Native Analytics Capability
A few years ago, Iasta was dependent on third parties like BIQ, now part of Opera Solutions and Spend Radar, now part of SciQuest for their spend analytics capability. And while they still make use of third parties for initial cleansing and classification in new initiatives, they now have the same slice-and-dice reporting capability that you’ll find in any other sourcing suite on the market. (And while it doesn’t have the data analytics power of best-in-class solutions like BIQ, it is the 80% solution for most sourcing departments, especially in the mid-market, which typically have very little insight into spend.)

Improved (Native) Contract Management Capability
A few years ago, Iasta’s contract management capability was limited to the definition of a few meta-data elements. Now, it’s a fully featured contract management offering that allows for storage and indexing of all your contracts, authoring of new contracts, and automated reporting for SOX (Sarbanes-Oxley) to keep you out of stripes like Fox.

Better, Integrated, SIM and SPM Capabilities
You wouldn’t know it from their web-site, but Iasta has developed some fairly extensive built-in SIM/SPM capabilities that your organization can use to track compliance, performance, sustainability, and risk data elements that can have an impact on your sourcing events. In addition, this is integrated with the supplier data that has always been collected in the RFX module and the contract data in the contract module and all of this data can be sliced and diced by Iasta’s built-in analytics and reporting modules.

In Part II we’ll cover the remaining significant changes.