Contract review and negotiation is a crucial risk management task, but sometimes we must accept terms we do not like for any number of reasons. Perhaps the client refuses to make changes to their form of agreement. Maybe the project is critical to your firm and your operations team is willing to take on the risk. Whatever it is, a lack of input from the risk management department or a similar contract review process should never be the reason your firm accepts poor contractual terms and conditions.
When something goes wrong during project execution, a clear scope of services as well as a reasonable schedule and price, as stipulated in the contract, are your firm’s first defense. In such matters, the risk management department must defer to the expertise of the operations team. But the rest of the contract is ultimately about risk transfer and mitigation, meaning both the risk management and operations teams need to understand how terms in the contract can increase or decrease risk to the firm. Therefore, it is crucial that your operations team be comfortable coming to you before, during and after contract negotiation to discuss risk management and mitigation.
The following eight steps can assist risk managers in reviewing and negotiating contracts:
Step 1: Evaluate the technical scope of services.
Consider whether the anticipated scope of services is within your firm’s standard technical expertise to ensure your operations team can deliver, whether in-house or through subcontracting to a third party. Your team will also need to review the scope to ensure it is reasonable, clear and fully defined. Additionally, your operations team must have input on whether gray areas exist within the scope. For example, if it includes all “matters reasonably inferable from” the request for proposal, that may include tasks your team did not anticipate performing. If gray areas exist, your operations team may be able to request clarification from the client.
Step 2: Review the performance schedule.
Assess whether the project schedule is reasonable. If your team is delayed in completing the services, does the contract provide for damages? Understanding such concerns will help you craft the most reasonable schedule and contractual language possible to address any unique project risks.
Step 3: Review pricing and payment terms.
Understanding whether your client is the end client or somewhere in the middle will impact payment negotiations. Is your firm able to select its desired pricing structure and payment time frame? If not, can your team arrive at an acceptable agreement?
Step 4: Discuss the project location and risks stemming from providing services there.
Either an internal travel management tool or a third-party vendor can provide updated research on potentially risky locations and practical advice on the risks, particularly if your firm is working abroad. The IT or security departments can also advise on any risks or challenges associated with working in a particular location.
Step 5: Assess your customer/client.
Do others in your industry consider your client to be fair? In addition to your own industry knowledge, your firm can use a third-party vendor to research a potential client’s history. If a client has a reputation for treating partners harshly, odds are someone in your industry knows about it and will share their knowledge if you ask.
Your team should assess whether the project is something your client normally handles or whether it is a new area or market. You must also decide if your firm is willing to work with a client who may expose your firm to rework or reperformance risk, refuse to pay in accordance with the terms of the contract, or generally be unpleasant to work for.
Step 6: Review the contract for your firm’s “mandatory” provisions.
Mandatory provisions are those contractual terms and conditions that your firm views as especially important when reviewing and negotiating contracts. Depending on the client and the nature of the work, these provisions could include:
Scope, schedule and price. Ensure the proposed scope, schedule, price and payment terms are acceptable. Your operations team’s input is crucial to assess whether any clarification or changes are needed.
Standard of care. Review the standard of care to ensure that it is reasonable. If your firm performs professional services, they cannot be “warranted,” as this presents an insurability issue. Clients also often request that services be performed in accordance with the “highest degree of care.” Consider whether your firm’s insurance coverage will respond to a claim that is above your industry’s normal standard of care. The answer is often “no” or “maybe not.” If your client requires you to accept a higher standard of care, your operations team needs to understand the increased risk this places on project execution.
Limitation of liability. Whether the limitation of liability is to your firm’s fee, a multiple of the fee, insurance required under the agreement or another mutually acceptable amount, including a limitation of liability helps define the total risk to your firm and your client. Public entities like federal clients, states, municipalities, cities and universities cannot include a limitation of liability in their contracts. In those cases, how will your firm mitigate the risk of potentially unlimited liability?
Waiver of consequential damages. A mutual waiver of consequential damages increases the likelihood of your firm’s insurance responding to a claim. It also increases the likelihood that your client will work with you to mitigate damages.
Mutual indemnification. Both your firm and your client should indemnify each other for your own negligence. Like the limitation of liability, federal clients, states, municipalities, cities and universities cannot indemnify your firm. Your team should consider how likely it is that the client will behave negligently and cause damage to your firm.
Your firm may have additional contractual terms that it considers crucial to successful project execution. As the risk manager, you should have relationships with your legal and operations teams that allow you to understand where those “pain points” are and what your firm wants to do about them. Keep in mind how hard of a line your firm is willing to take on these provisions. When would the firm be willing to walk away because a mandatory term is not included in the contract?
Step 7: Review the contract for “nice to have” provisions.
Nice to have provisions are terms that help your team manage risk but are not required, such as “notice of error” or the “opportunity to cure.” Your team should consider whether the client will work with you to address and correct any mistakes you make during project execution.
Many client contracts do not provide you with the opportunity to suspend services or terminate the agreement if your client breaches it. Your team should consider the likelihood that your client will breach the agreement in some way and, if it does, how you will want to respond.
Step 8: Review the contract for heightened risk provisions.
Some contract provisions can increase the risk to your firm. For example, performance guarantees and bonds are generally difficult for professional services firms to provide. If your client requires either, do they truly understand the nature of your services? If you agree to include either in a contract and your firm cannot meet it, are you now in breach of contract?
Another potential concern is the risk of liquidated damages, which are often related to schedule issues. If your operations team is delayed in providing a deliverable to the client, is your firm willing to be subject to potential liquidated damages to be paid daily until the delay is rectified?
The risk management team should also review any flow-down clauses from any of your client’s clients. Often, when flow-downs are included, they take precedence over a conflicting term in your agreement with your client. This could negate much of your team’s hard work in arriving at a reasonable standard of care, for example.
For the most part, the risks your team identifies during a preliminary review will not be deal-breakers. The risk management department will bring great value to the contract review and negotiation process by working with the operations team to identify and mitigate risks. Ultimately, it is about providing a solution to your internal clients that facilitates project execution while also protecting your firm from unreasonable risks.