With the rapid pace of business technology, companies have seen both colossal gains and crushing losses. Data breaches, compliance issues, and IT failures have populated headlines for the last decade with names like Yahoo, Equifax, Uber, and Marriott becoming synonymous with security failures. But no company can compare to Facebook, which saw $150 billion dollars in market value disappear almost instantly in response to the Cambridge Analytica scandal.
If you don’t know the story, in 2013, an academic named Dr. Aleksandr Kogan created a Facebook app called “This is your digital life” which asked users questions for a psychological profile. In violation of Facebook’s contractual terms, he then sold users’ responses and personal data to Cambridge Analytica, which then used it for political campaigns. The ensuing scandal cost the social media giant the trust of its users who reacted by leaving the platform in droves. The stock plunged, erasing $150B of market value in 90 minutes, quickly turning a contractual breach into an existential threat to one of the worlds largest companies.
While most companies may not be at risk of a $150 billion loss, today’s business technology regularly exposes your business to risks that could threaten its reputation, financial position, and overall survival. In 2019, the most obvious of these risks continues to be security, but as we learned from Facebook, risks involving contracts and compliance can be just as damaging as a data breach. And when you consider that Gartner estimates 85% of companies do not have an effective contract lifecycle management (CLM) system, it’s clear that these risks are not being fully addressed. Fortunately, there are powerful automated tools and systems that can mitigate these risks and even add revenue to tired, inefficient contract processes. Below we discuss how to assess the six biggest contract management risks to businesses in 2019 and how to address them with today’s leading technology.
1. Data Security
Let us begin with the top of mind issue of data security. Security risks related to digital data are among the most difficult to police. Digital systems enable incredible efficiency but make it easier than ever to steal information. Whether it’s valuable IP, pricing information, or confidential customer and employee data, once the perimeter is breached, the potential damage is catastrophic.
If your company stores contracts and other documents with a treasure trove of confidential information on individual computers, you are basically sending an open invitation for theft, especially if the information is accessible to anyone. To safeguard against data breaches by current or former employees as well as outside actors, the executives on Forbes Financial Council recommend restricting data permissions to ensure that employees only have access to data that’s required to do their jobs.
For today’s businesses, a CLM system that manages access with well-defined permissions is critical to ensuring data security. Leading CLM software allows organizations to configure access permissions down to the document field level and apply varying levels of permissions based on location, group, or individual user. In addition to standard CLM features like two-factor authentication and data encryption, these features can ensure your most valuable IP, customer data, and contracts do not end up in the wrong hands.
An example of a company securing its IP with well-defined permissions is Aviation Technical Services. One of the country’s leading aircraft and maintenance services companies, ATS has more than 9,000 sensitive contract documents in various locations. Its CLM system ensures each document can only be accessed by properly authorized personnel based on specific criteria such as primary department and location. The system preserves security and gives employees and contractors immediate access to the information they need.
2. Regulatory Compliance
The second major risk involves managing compliance, specifically regulatory compliance. Regulatory compliance refers to government mandates that govern the business such as HIPPA or Sarbanes Oxley. These complex requirements are generally included in contract documents with each party’s obligations clearly spelled out. When managing large volumes of contracts, the challenge is to ensure that the appropriate clauses are included and to monitor internal and external compliance. And if you are attempting to monitor compliance manually, you are exposing your company to tremendous risk of compliance failure.
Contract management software simplifies the process by digitally auditing current contracts to ensure they have the appropriate clauses related to data privacy, arbitration, confidentiality, or other regulations that affect your business. Once you’ve identified the gaps, your legal team can update the contracts with the appropriate language and contact any third-party signatories. A CLM system also includes a central digital repository for all your contracts, which helps track other types of compliance and allows advanced systems to trigger business process automation to aid future operations.
3. Operational Compliance
Operational compliance risk relates to the terms and conditions of your contracts. Facebook is a cautionary tale of what can happen when you are lax about monitoring compliance with contract terms, but for most companies, most of the operational risk revolves around revenues and expenses. As a basic best practice, contracts should clearly define performance obligations that your contract management system can track and manage.
A simple example is payment terms. Most companies outline payment due dates in contracts with penalties for missing the deadline. How many companies track those late payments, let alone enforce the penalties? What about contract renewals? Do you keep track of when contracts are expiring and send renewal notifications to ensure there’s no slippage in payments? On the supply side, a common form of operational non-compliance results in overpayment due to poor tracking of volume or other discounts negotiated in the contract. Of course, putting performance metrics in place is the easy part. The hard part is matching real-world behavior to contractual obligations and taking timely action. Doing this is impossible without automating contract management.
A good example of a comprehensive, automated approach to compliance is OB Hospitalist Group (OBHG), a provider of healthcare services with more than 120 programs covering 560 doctors in 28 states. OBHG faced a massive challenge in tracking the contract expirations and renewals associated with hundreds of vendors in addition to accounting for discounts and other contract obligations. And on the revenue side, matching insurance payments against the services delivered was equally daunting.
Automating its CLM gave OBHG accurate, up-to-date cost and renewal information, eliminating overpayments and providing visibility into its revenue cycle. The result has been not just cost savings and better use of resources. It has also contributed to business insights that have helped OBHG make better strategic decisions and continue to grow profitably.
4. Revenue Leakage Risk
Revenue leakage, most commonly due to unauthorized discounts and overpayments, can also include lost revenue due to errors and inefficiencies in contract processes. This is a major risk to companies as it is effectively sending missed profits down the drain. Take for instance a report by International Association of Contract and Commercial Management (IACCM) that determined the average company loses 10 percent of revenue due to poor contract management practices. When typical profit margins hover around 10 percent, even halving this loss can increase profit margins by 50 percent. That is a huge potential for any organization, and when you consider that revenue leakage often spills over into other business processes, it is imperative that businesses utilize automation to eliminate leakage.
In addition to managing compliance, automated CLM software reduces revenue leakage by streamlining operations. For example, if you don’t use standardized contract templates and language, you’re going to end up with long lead times and longer negotiation cycles, which will lead to stalled projects and missed opportunities. Automation also ensures a standard workflow with well-defined protocols and procedures for approvals. This alone can speed up business operations and greatly reduce the time and effort required for audits.
In 2019 and beyond, artificial intelligence (AI) in contract management will enable powerful new tools to streamline processes and stop revenue leakage. For example, today, businesses can save common contract clauses in a central repository and then later find and use them in upcoming contracts. If driven by AI, a draft of a contract might be proactively created based on an email flagged to the contract management system and, drawing upon the organization’s full history of contracts, completed without human intervention except during a final review. Natural language processing would allow legal departments to generate draft contracts using the right templates and clauses based solely on the contents of an email. Additionally, AI will help in data analysis to ensure negotiators have the best pricing information as well as point out discrepancies in terms and ensure that guidelines are being followed.
5. Reputational Risk of Associating with Bad Actor
The risk of a bad business deal has been around since the dawn of commerce, but the large number of contracts and agreements flowing through the modern enterprise has elevated the risk of signing a bad contract or dealing with a bad actor. Aside from obvious financial implications, this can result in serious reputational damage to a company if found to be associated with nefarious businesses or foreign powers. In the age of instant global news and social media, bad press like this can sink the biggest companies. Again, take for example Facebook and Cambridge Analytica.
Most contract management software can efficiently track and monitor contracts, giving companies the ability to find and edit or dissolve contracts quickly. But wouldn’t it be better to be able to prevent these risky contracts in the first place? Leading contract software offers risk scoring based on a set of parameters established by a company, where contracts are imported or scanned and scored based on the level of risk they present. Contract managers and legal departments can then make edits and recommendations based on that score, filtering out bad actors and contracts based on pre-determined risk factors. In 2019 and beyond, AI might take this even further by proactively suggesting alternative clauses, terms, and edits to the contract to reduce the risk score.
6. Technology Failure Risk
Technology failures associated with contract software can result in missed contract renewals/expirations and missed business opportunities or, worst case, lost customer data and a huge hit to brand reputation and revenue. Whether it’s a failure on the vendor side or in your IT department, the consequences are the same and must be avoided at all costs.
System scalability should be a priority for any business relying on automation for contract management or other services. If the system is not able to handle at least double an average peak load, then you may be at risk of a major outage or performance issue. On Cyber Monday 2014, Best Buy found this out the hard way when its online shopping platform crashed due to exceptionally high traffic, costing hundreds of thousands of dollars in lost revenue. To mitigate this risk for contract software, businesses can rely on in-house IT staff to ensure system stability or select a hosted solution with a vendor that guarantees uptime and redundancy in the event of a disaster or unplanned outage.
Also, if the system is not able to scale as quickly as an organization grows, then you are signing up for months or years of costly code revisions. And if the system is not able to easily configure new process workflows, contract clauses, or software integrations, then you run the risk of outgrowing the software before deployment and never meeting the changing business needs of its users. Fortunately, many of these issues are addressed by applications built on low-code platforms. Because these platforms eliminate custom coding, they are highly flexible, can add capabilities on the fly and allow non-technical people to administer and configure them.
Lastly, any software implementation exposes a business to a certain level of risk. But when selecting an outside vendor, you can mitigate this risk by asking the vendor to take on some of that risk of implementation through a guarantee on software and services. After all, if the vendor is not able to guarantee their work, how can you trust that they will deliver the product you want? The value of the guarantee is not that you’ll get your money back, it’s that you won’t need to ask for it. While rare in the industry, this type of guarantee is worth seeking out as it can greatly reduce the risks of implementing automated software that can defend against today’s top contract and compliance risks.
