Contract risk management: Focus on these 6 areas

Inspecting vendor contracts for risk is increasingly important as CIOs scramble to stay nimble in a volatile economy. ClearEdge Partners explains how to protect your interests.

Negotiating with vendors remains a tough job for CIOs. Many struggle to gauge the value their IT providers deliver to their organizations.

Consider these figures: 89% of CIOs said it's either very or somewhat challenging to ensure efficiency in IT spending, 72% said the same when it comes to negotiating best prices and 83% said as much when dealing with increased prices from vendors, according to the Flexera 2020 State of Tech Spend Survey.

The findings come as no surprise to Meghan Smith, senior analyst at ClearEdge Partners, a Needham, Mass., consulting firm that specializes in IT contract risk management. Vendor contracts often incorporate obscuring and confusing language, Smith said, making it difficult and time-consuming for IT buyers to comprehend complex clauses.

Furthermore, language that would protect IT buyers from risks, such as price increases at the end of a deal, are often excised from contracts. As IT organizations scramble to invest in technology that will help their businesses compete in today's fast-changing environment and as companies obtain capability through mergers and acquisitions, they are increasingly vulnerable to contract risk.

But there are steps CIOs can take to protect their interests, Smith said. In a webinar on inspecting contracts for risk, Smith and former ClearEdge colleague Katie Cibulka, now at Pegasystems, laid out six areas CIOs need to focus on to effectively manage contract risk.

How to negotiate a contract with a vendor: 6 ways to mitigate risk

Highlights of their presentation on mitigating risk in vendor contracts are as follows:

  1. Meghan SmithMeghan Smith
    Price transparency. "This risk really has to do with your deal structure," Smith said. A good software contract, for example, has itemized pricing with costs listed for the number of licenses, license descriptions, quantity of licenses, list prices, discounts on licenses, etc. CIOs should be wary of contracts that don't have detailed breakdowns but list instead one price for items bundled together. Such contracts make it hard for IT executives to benchmark the costs, as well as to plan for and to negotiate additional items. "For example, what will happen if you want to purchase additional licenses during the [contract] term? What will your price be?" Smith said.

    Bottom line: Lack of pricing detail exposes your organization to considerable risk. "Your proposals and agreements should contain product numbers, descriptions, the metrics, quantities, your unit list price, your net price and your annual maintenance [costs], if applicable," Smith said.
  2. Renewal rates. "This [risk] has to do with what your end-of-term rates are, what your increases look like and how long your rights will last," Smith said. Many contracts address the issue by saying that the client's renewal price will be based off then-current prices and will call for renewal rates to be determined by "good faith negotiations." Such language sounds benign, even promising, Smith said, but it actually doesn't promise anything and, in fact, gives the vendor more leverage when it comes renewal time.

    Bottom line: "Your agreement should state what your [renewal] rights are," Smith said. "It should say exactly what your increase cap will be and [whether] it will be tied to a set percentage or will be tied to the consumer price index (CPI)." Also, pin down when exactly the renewal rate kicks in after the initial term ends.
  3. Price holds. Price holds allow an IT department to purchase additional quantities at the unit net price specified in the contract drawn up at the time of purchase. Standard contract language included by vendors generally states that the client "can purchase additional quantities at the unit price specified." However, Smith said she sees some clients add more specific language and price points to clear up ambiguities and, thus, take risk out of the scenario.

    Bottom line: When negotiating with vendors, IT executives need to ask for additional, detailed terms for the price holds that they want. "You don't know how far that supplier will go, so we really recommend that you ask for the moon and then have the supplier push back," she said. CIOs should know the details of the price holds, what products are covered, the metrics used, what the discount is and how long the price holds will be valid.
  4. Control rights. This area encompasses assignment rights, divestiture language, and any buffered terms and termination clauses, Cibulka said. IT leaders who negotiate these terms can build more value and more flexibility into their contracts. For example, having a well-written divestiture clause would allow a portion of the company that's being sold off to use licenses for a set period of time. (ClearEdge recommends six to 12 months as a good goal.)

    A favorable contract should also address who would pay the bill after the divestiture period has expired; this is where assignment language -- which enables the ability to move licenses -- comes into play. CIOs should make sure they have the ability to assign licenses in connection with a merger, acquisition, corporate reorganization or sale. And IT leaders should also ask for an excluded entities clause -- that is, a clause allowing your organization to exclude an acquired entity from your agreement and continue operating without paying extra fees.

    Bottom line: Make sure your contract is clear on assignment rights and related issues, such as enterprise agreements and a mergers and acquisitions buffer.
  5. License rights. IT leaders should know whether a contract has any usage restrictions, whether the software can be used in test and development environments, whether there is any data sovereignty and other similar limits. "If your contracts are not inspected and the license rights are not clearly defined and understood, you may find yourself out of compliance," Cibulka said. Moreover, it's important to understand how terms and metrics can vary among suppliers -- for example, how suppliers define user differently and which definitions and metrics might be most cost-effective in the CIO's own IT environment.

    Bottom line: Know whether there are restrictions on licenses, whether the vendor can limit how licenses can be used, what the license metrics are and whether there's a definition of the metric in the contract.
  6. Compliance and audit clauses. Standard audit clauses are "designed to favor the supplier and assume that supplier audit findings are 100% accurate, which is absolutely not the case," Cibulka said. For example, many contracts don't specify when vendors can perform an audit, don't address who is responsible for audit costs and don't detail a process for disputing audit findings.

    Bottom line: You should have the right to challenge audit findings, be able to engage in good faith negotiations and continue to receive technical support as long as you make good efforts to resolve the compliance findings. ClearEdge further advises IT leaders to address the costs, parameters, timing and other logistics associated with audits in the contract.

To learn more about contract risk management, the full presentation on "Inspecting Contracts for Risk" is available here on the ClearEdge website.

About ClearEdge Partners

Founded by senior sales executives from large IT suppliers and informed by current market analytics, ClearEdge enables CIOs and their teams to make more competitive IT investments. By combining rigorous inspection and IT financial expertise, they identify risk and opportunity, align internal teams and maintain leverage throughout the lifecycle of supplier relationships. As a result, their clients maximize the value of their investments by unlocking millions of dollars from legacy spending and redirecting funds toward IT modernization, digital and cloud transformation with confidence and speed.

Next Steps

Icertis raises $80M for AI-powered contract management

Manage your IT service contracts to save money

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG