1 / 25

Risk Management in Vendor Selection

Learn about the different types of risks, including external and internal risks, in vendor selection and contract management. Understand how to proactively manage risks and make informed decisions.

foxh
Download Presentation

Risk Management in Vendor Selection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information systems security association (ISSA) OttawaRISK MANAGEMENT IN VENDOR SELECTIONNovember 30, 2017 Rosa Mauro rmauro@millerthomson.com 416.597.4389 @RMauroMT

  2. Agenda • Types of Risk • Vendor Selection Overview • Contracts/Contract Management • Q and A

  3. Part 1 – Types of Risk • The basis of this part of the presentation is to help guide you in identifying risks generally within your organization that impact vendor selection and contracting approaches in order to manage risk proactively rather than reactively.

  4. What is Risk? Definition of Risk: The probability or threat of damage, injury, liability, loss, or any other negative occurrence which may be caused by external or internal vulnerabilities, and that may be avoided or mitigated through proactive action.

  5. Types of Risk • EXTERNAL RISKS • External risks generally are risks that are out of your control but for which you can prepare • External risks include supply and demand (economic), environmental risks (climate/force majeure), or social (labour unrest/reputation). • INTERNAL RISKS • Internal risks generally are risks for which you have a great degree of control over and for which you can prepare • Internal risks include weak business processes, planning and control risks (inadequate planning), or ineffective management (top down).

  6. Types of Risk (cont’d) • Source: http://www.decisioncraft.com/dmdirect/supplychainrisk.htm

  7. Types of Risk (cont’d) WHAT ARE TYPICAL RISKS? • Process Risk • Compliance Risk • Financial • Operational/Organizational

  8. Types of Risk (cont’d) • PROCESS RISK • If you are an Owner and issue procurements on a regular basis, you will have processes in place that drive procurement planning, the procurement process, and the award of a contract • If you are a vendor/supplier that responds to procurements on a regular basis, you will have (or should have) a process in place for assessing and responding to those procurements • A process risk is anything that disrupts the above-mentioned processes • An example of process risk include change in personnel or management on the part of either owner or vendor.

  9. Types of Risk (cont’d) • COMPLIANCE RISK • Compliance refers to an organizations adherence to established internal or external guidelines and requirements that relate to risk in the supply chain • An organization’s ability to meet or exceed the expectations/commitments to stakeholders with regard to sourcing, manufacturing and delivery

  10. Types of Risk (cont’d) • COMPLIANCE RISK cont’d • Examples of areas vulnerable to compliance risk: • Approval authorities (can be internal or external) • Supplier code of conduct • Federal, provincial and local mandatory regulatory requirements • Industry standards (e.g., ASTM, ISO, CSA) • Trade agreements (e.g. CFTA, CETA, NAFTA) • Contractual obligations • Customer requirements

  11. Types of Risk (cont’d) • FINANCIAL RISK • Financial risk is simple: negative impact on profits and growth • This is critical • Includes: • customers not getting their products • customer receiving low quality products or services • companies losing revenue

  12. Types of Risk (cont’d) • OPERATIONAL/ORGANIZATIONAL RISK • Operational risk is the risk associated with the execution of a company’s business functions • Very similar to process risk but influenced quite heavily by organizational structure • Examples of areas where you are vulnerable: • personnel (do you have the right people with the right skill set working for you?); • management structure (are your decision-makers knowledgeable enough about the industry you’re in?)

  13. Assessing/Mitigating Risks • Regular risk assessment and due diligence • Establishing standards, policies and procedures • Training and communications • Employee reporting (not just whistleblowing, but gatekeepers) • Random internal audits • Continuous improvements (internal and external stakeholder engagement)

  14. Part 2 – Vendor Selection Overview • WHO? WHAT? WHERE? WHEN? HOW? WHY? – W5H • WHO? – Target Vendor / Industry • WHAT? – Qualifications / Background of Vendor • WHERE? – On-Site or Off-Site • WHEN? – Project Specific / Long-Term Services Contract • HOW? – Procurement Process / Informal Quotations / Direct Negotiation • WHY? – Necessity. Can it wait?

  15. Qualifications/Background of Potential Vendor • Consider requesting some or all of the following information from a potential supplier whether or not running a procurement: • How long has the supplier been in business in Canada specifically providing the services being sought? • What types of services does the supplier provide? • Where are the potential supplier’s servers located? Within Canada or elsewhere? • What is the supplier’s approach and methodology to the provision of services? • Provide examples of services of similar size, scope and complexity provided within the last 5-years. Describe the scope of the services provided and whether services are ongoing. • Provide references and if running a procurement, include consent language in the tender document to contact references other than those listed.

  16. Part 3 – Contracts/Contract Management • TYPES OF CONTRACTS • Contracts can be either verbal or written • Verbal Contracts • Enforceable just like written contracts • Problem is proving it exists/terms • Parties may disagree on the terms and conditions • Written Contracts • Terms and conditions are detailed in writing • All parties know what was agreed to

  17. Most Important Contract Terms • Most important parts of a contract to know and keep track of include: • Start and end date (i.e. the term of the contract) and renewal dates, if any • Payment provisions • Termination clause • Which provisions survive the expiry or termination of the contract • The scope of work and scheduling • Dispute resolution

  18. Term • The term of a contract is determined by: • Start/commencement date • Date of expiry • Renewal/extension clauses • Tickler system • Identify who is responsible for overseeing the contract on behalf of the company

  19. Payment Provisions • Should set out how and when one party is to invoice the other • Payor to issue payment in accordance with contract • Ensure time to review work/approve payment • Ensure all backup documents are readily available to verify content of invoice • What conditions would result in holding back payments?

  20. Termination Provisions • Termination for cause • List of default events in contract that lead to termination • Incentive to perform contract • “Curing” the default • Termination for convenience • Many contracts don’t contain this, but it allows one party to terminate the contract for any reason • Pros/cons • Limit liability in both instances

  21. Obligations That Survive Contract • Confidentiality • Warranty

  22. Scope of Work / Services • Ensure scope of work / services is detailed • Detailed scope of work / services minimizes risk of disputes over costs for additional work / services • All changes to scope of work to be in writing with Owner’s written approval

  23. Contract Completion • Confirm in writing that contract is completed whether project specific or long-term services agreement • When issuing last payment, consider having the other party execute an acknowledgement confirming that they have received all payments in accordance with the contract, and nothing remains due and owing

  24. Final Thoughts • Ensure contract terms represent parties’ expectations • Ensure person managing contract performance knows the contract • Determine whether KPIs/Performance Metrics are required • Respond to and deal with issues as they arise – don’t delay • Don’t forget: common sense!!!

  25. QUESTIONS

More Related