15 May 2015
The election presents a good time for organisations to take a fresh look at the issues affecting their business
With the results in, and the Conservative Party having achieved an unpredicted majority, we can see that there is limited value in speculating the outcome of a General Election. In every election there is inherent uncertainty. This uncertainty creates risk, the management of which is a key responsibility for boards up and down the country.
From a governance and compliance perspective, however, it is questionable whether we really need to worry about the risks that may arise from a General Election. The simple fact remains: if your business had weak controls, limited governance or non-compliance on 6 May, your business will also have weak controls, limited governance or non-compliance on 8 May.
With that in mind, the maelstrom of the General Election can be reduced to background noise. This provides the opportunity for governance and compliance professionals to focus not upon uncertainty in the wider commercial environment, but whether they are certain that their organisation’s operational environment benefits from strong governance and robust process and controls.
Just as the election is a cause for politicians to reflect on the past five years, and consider the priorities for the next five, it provides organisations with the opportunity to take stock and consider a holistic look at operations, assessing key risks and cultivating the agenda for testing compliance.
Although a number of these activities fall under the umbrella of internal audit, engaging elements across the business can help inform analysis and identify risks ‘off the beaten path’.
Three frequently overlooked areas in which we see clients face the biggest challenges and costs when risk impacts are realised include: outsourcing performance, contract dependencies and major technology change.
Outsourcing procurements can easily fall foul of ‘find and forget’ procurements, whereby the right price and the right scope are not complemented by the right performance metrics and monitoring. For example, contracts that fail to include measurable metrics in an environment which benefits from well-structured governance is unlikely to achieve maximum value and drive the right supplier behaviours. The table below outlines some examples of the common issues and impacts.
These issues can arise at all stages of the contract lifecycle, however, these can be tackled effectively at the point of contract execution. This is achieved through ensuring a robust and flexible regime of performance indicators, and service levels which are monitored through regular reporting and meaningful customer-supplier forums.
Supplier awareness of customer dependencies is particularly prevalent within technology and outsourcing contracts. A dependency is ultimately an obligation on the customer to perform an activity in order to enable the supplier to perform its activities. Essentially, customer dependencies transfer some of the supplier’s risk back onto the customer, which is usually paying to transfer or mitigate its risk.
In many instances this is justified and customer obligations are a necessary and useful tool to achieve successful outcomes. However, failure to effectively govern customer dependencies and achieve compliance can result in direct capital costs to the business, project delay, scope change or interruption to business as usual. Such risks can arise at the point of execution or during operations, and primarily result from a failure in the two following areas:
Robust controls around contract management, negotiation and execution can significantly mitigate the risk of non-compliance in relation to customer dependencies. This will also avoid risks of additional cost or interruption at the hands of the supplier.
Organisations of all sizes are becoming increasingly aware of the risks posed by major technology change. The IT resource and expertise required to deliver wholesale technology change, such as an enterprise-wide software implementation, is rarely found internally. A business must therefore rely upon a single supplier to achieve its objectives. The risk of failure is compounded by the sheer size and value of technology projects and, as a result, has swiftly moved up on management’s watch list. Key risks to look out for in relation to technology change include: spiralling supplier costs as a result of a failure to fix costs; business interruption resulting from technical failure; delays against the agreed timeframe; and excessive change and increased costs as a result of a failure to sufficiently define project scope, objectives and functional outcomes.
In these types of relationships, supplier and customer teams tend to work closely together, so robust and impartial governance is vital. One of the most effective ways to identify, manage and mitigate risk is to embed an independent governance function throughout the project lifecycle. Independent quality assurance provides challenge to project stakeholders and holds parties to account for compliance with key processes and controls, which is essential to managing risks, achieving objectives and realising business case benefits.
In truth, the election changes nothing. Organisations across the country still have to deal with existing operational risks. With the government looking ahead to the next five years, it is a good time for governance and compliance teams to take a fresh look at issues in their business, before risks materialise into business impacts.
Qadir Marikar is Partner and Tom Sykes is a manager within PwC’s IT Commercial Assurance Practice