Contract Risk and Reality: How to Create the Perfect Balance

“We can’t possibly sign this! How could the client think that this could be considered a fair and balanced contract?” I said, referring indignantly to the thick set of terms and conditions in front of me. The offending term was an atrocious indemnity clause in favour of the client whereby our company would provide the client with an indemnity from and against any and all losses that arose out of any property damage to the offshore asset while our company’s personnel were aboard, without limitation. How could we accept this risk? Strict liability in the plainest term – zero connection to fault, just another attempt to make us a form of insurance against loss.

“Forget it”, I said, “You can escalate this within the decision chain if you want, but we cannot agree to uncapped liability that arises if we happen to have someone there at the same time as property damage occurs- the risk is too great!”

My bid manager nodded, flipping through the papers in his hand, looking for something. Finding it, he cleared his throat and said “The scope of work is a 3-month, desk-based study and modelling with no site visits to either the client’s offices or to any offshore asset.”

I had to smile and roll my eyes at my misplaced overreaction, “Ahhhhhhh, ok - let it fly. But please let the client know that we won’t be in a position to accept these same terms in the future for any offshore work”.

Risk, risk, everywhere and not a drop of comfort to be had

As lawyers, contract advisors, risk professionals, we are trained to see bogeymen everywhere. There, in that darkened room beyond the closed door, is a yawning pit, a pit which goes to the depths, lined with rusty nails and jagged glass (and monsters, probably monsters) – so we review contracts to meet risks on that basis. Where, sometimes, if we can walk up to the door, open it and switch on the light, we will see presented to us a bit of a cracked floor, a window halfway down letting in some rain, and a bit of dust. Not nearly the stuff of nightmares that we imagine and try to mitigate for. 

We’re told that risks should wholly be avoided or mitigated except when there is minimal chance of it actually occurring. Risk, defined here as the “effect of uncertainty on objectives”, isn’t universal – it depends on the environment in which we are looking at it. In order to best serve business interests, a healthy risk methodology should be applied when undertaking the contract review process in order to ensure we’re responding on a practical and realistic basis, rather than to extreme scenarios or, worse, carrying out a tick-box exercise that does not reflect that which is commercial and practical.

So, it begs the question: How do we open the door and flick on the light to make sure that we are achieving the right balance between favourable and commercial terms and having a lean, efficient and reasonable contract process? 

ISO 31000 Risk Management Methodology

Let’s first look at the ISO 31000 Risk Management Methodology (see fig. 1). The purpose of ISO 31000 is to be used by individuals who “create and protect value in organisations by managing risks, making decisions, setting and achieving objectives and improving performance”.  Managing risk is, among other things, about setting strategy and making informed decisions in light of external and internal context factors, as per ISO 31000. 

The stages of risk management are clear (and bear in mind as you go through this that, the more frequently you apply it, the more intuitive and natural it becomes). As a priority, establish the context (i.e. what are we doing? with whom? by when? where will we be doing it?). All risk assessment, evaluation, consideration, treatment, monitor and reviewing of risk should be held up against the context. If we forget the context, we may start seeing monsters everywhere, or be blind to them entirely.

Next is the risk assessment stage. Essentially, identifying risks (sources, causes, events, consequences – everything, big and small, catastrophic in nature to minor in injury), which we will then analyse by considering the likelihood of the event occurring and the seriousness of the potential. At that point, it helps to visualise it on a risk matrix. As per figure 2 below, plot the potential risk in terms of the likelihood or probability of the event occurring and the consequence of it.  Quite obviously, if the risk ends up in the upper right quadrant, it will likely need action or mitigation taken when it gets to the “treatment” phase of the process.                          

Finally, in the assessment phase, evaluate the risk considering what the company’s attitude is to risk using the company’s relevant contracting rulebook, procedures or industry standards for guidance.

Next, now that the risk has been assessed, consider how to treat it. In contract reviews, if potential risks created by a particular clause are too great for a company’s risk appetite, as considered at the end of a risk assessment, it should be treated - either by deleting the clause in its entirety or negotiating a change to it. In other cases, “treatment” of the risk would be to note it for monitor and review, perhaps to communicate the potential issues presented by it to the operational, business, finance, tax or other team but then make no change to the wording.

Throughout applying the risk methodology, it’s important to realise that, while it may feel unduly onerous, burdensome or disproportionate to apply a risk process to every contract, with practice comes fluidity. Applying the risk methodology will become second nature and seamless, the more often someone goes through the steps. It’s the boring adage, repeated once again, that “practise makes perfect”, that holds true in this situation as well.

Applying the Risk Methodology

It’s important to realise that this Risk Methodology can be applied on a macro and micro level. 

On the macro, big picture, level, we have applied the risk approach to examine if our contract review process was fit for purpose in terms of treating contract risks at the right level. Taking into account the sheer volume of contracts that our company enters into annually (circa 75k), it simply was not efficient for every single contract to undergo a full-scale review. While we have an excellent team of contract professionals, without digital tools or a filtering process, this volume of contracts would take a total of around 21,500 days to review – completely impractical.

To address this, we created a new contract handling process. At the beginning of any new work, the type of contract, service, duration and several other context related factors are considered in order to decide in which tier the contract belongs. For certain service areas or where contractual factors indicate that the perceived risk levels are low, the contract will sit either at Tier 1 (no treatment) or Tier 2 (minimal treatment handled by the business). Only where the risk factors move the potential risks in the contract up further to the right/upper-right hand quadrant on the risk matrix (see fig. 2), does the contract become a Tier 3 contract (subject to a review by contracting professionals) or a Tier 4 contract (escalated to the legal team to assess treatment needs).

On a micro level, once a contract has been escalated to be a Tier 3 or Tier 4 contract, we still utilise the Risk Methodology to assess the risks presented by the contract but, actually, when we are reviewing contracts, individual clauses will be broken down and put through the Risk Methodology process. This often occurs so rapidly and automatically by those that are carrying out reviews that we will not necessarily realise that we are doing it.

Contract Review Application – a little bit of balance

When it comes to contract review, understanding the context is everything. Prior to even looking at the terms and conditions, consider the elements, this will include the contract value, duration, jurisdiction, scope, payment terms, tax regulation, insurance needs, and the identity of the client. The environment, that this contract will be sitting in should be the background to every other assessment that is being made about the terms and conditions. Contracts cannot be reviewed in a vacuum as we often lose sight of what is an actual, realistic risk, if we do so.

Above all else, we must create balance. There is little value-add to carrying out a full-scale review of a 20-page contract for a 3-day site survey as to do so would kill any margins that would come from the work.  Just as there is little benefit to drafting the most perfect contract review, consisting of 15-20 contract exceptions for a ￡5,000.00 contract. On the flip side, we cannot afford to ignore and treat lightly higher-level risks. These could be presented by long-running framework agreements, services that are higher in operational risk, huge potential liability where we are not at fault, or simply a failure to appreciate the obligations that we are committing ourselves to as an organisation. There is, however, a middle ground. Through a constant reminder that we do not seek “perfect” but instead, “balanced” we are likely to move closer to that reasonable ground with every review made or decision made.

Client contracting requires that we actively consider the client contracting approach before we can form our own strategy.  The organisational size of a company will likely impact how it is perceived by its clients - some will be regarded as a small company by some of its larger clients, whereas for other clients, it may be considered a massive company. When faced with a larger client company, that entity's ingrained, efficiency driven contracting processes together with the disparity of contracting power (in the larger company's favour (situational dependent, obviously)) usually dictates that terms and conditions will be based on their own. When faced with smaller client companies, there is a better opportunity to negotiate a mutually beneficial set of terms and conditions with the client.   This is not to say that a party could unilaterally demand their terms and conditions in one situation, and have to accept clients that will not negotiate at all, on the other. 

The contracting approach and power disparity should be balanced against the ideal outcome. When considering contract reviews, service area or deliverable dependent, it does make a great deal of sense to approach it from the practical basis of: the lower the contract value, the fewer the comments. It is absolutely the case that the value of a contract does not impact the potential liabilities that could arise under it. There is no such thing as the doctrine of fairness in a contract. Between two sophisticated parties (i.e. companies), the courts will not limit the liability of a party if its actions give rise to loss of another party. Basically, "you break it, you buy it" – unless the agreed contract wording states otherwise.  Once a fair and proportionate liability regime is achieved under a contract, it’s important to again assess if there is value being added through a bare gap analysis between a company’s contracting standards and the contract, without taking the context or proportionality of the review into account.

Implementation and Support

Crafting a risk-based contract review process that is fit for an organisation is labour intensive and requires effort in terms of balancing the theoretical risk with the material risks. A complete risk assessment of all potential sources - from jurisdiction to scoping, potential consequences to regulatory issues, market risk to strategic risk – needs to be documented and considered. At the end of this (ideally ultimately rewarding) exercise, should be a bespoke risk process that fits an organisation’s operations. Once finished, through the glowing fog of pride in accomplishment, bear in mind that implementation is next.

Everything can be wonderful and perfect in a beautifully crafted risk approach, however, unless care is taken and the following three things are prioritised, it may all be for naught:

1.      Stakeholder management - very few people embrace change actively. We find it confronting, scary, tiring and confusing if not executed properly. People that will be impacted by change must buy into the benefit of it, usually in practical, time and financial related, terms. No one wants to hear about process change on the day of implementation. 

This issue can be addressed through early stakeholder involvement and management. Involve individuals from units impacted by the potential change when it is still at the “potential” stage. Ignore this aspect and you risk marginalising the individuals that you will rely on to implement and follow the new system. The goal is positive early engagement with the process, with full awareness of the challenges but an enthusiastic belief that the change will be of value.

2.      Support – With great power, comes great responsibility and a good decision-maker will feel the weight of it on their shoulders. Too often, however, we foist this power onto people without adequate preparation. This will simply set them, or the new process, up for failure.    We know that there are two sides to a contract, the legal risk and the operational/technical risk. Frequently, those in the business are called upon to decide on legal risk, just as there are contracting professionals that will make judgements to accept operational or technical risks.

In the absence of training and clear authority structure, there is the too common scenario where decisions are being escalated higher in the organisation until someone with knowledge, or a willingness to decide in the absence of knowledge, is reached. Training and communication, executed early, thoroughly and pitched at the right level, will not only create confidence in key personnel, but will also foster collaboration and an aligned purpose between those in the business and those carrying out the contracting function.

3.      Empowerment Culture –  One of the biggest obstacles to implementation success of a risk-based approach is the hesitation and/or resistance of those that are expected to make the risk decision. This is often due to organisations linking consequences of a decision to the individual that has made that decision. When a project is pulled off without a hitch, is profitable, no claims are received and the contract is not tested, the contract reviewer does not directly benefit from such success and is not congratulated for it. Why, then, should we fault or censure that professional where negative action arises out of a project that they reviewed?  It is hardly just to hold someone responsible for making a decision that later results in a negative impact, where such authority to make decisions was granted by the organisation and the individual acted within their authority.  

Individuals tasked with implementing the risk methodology must have the confidence that the company will support the decisions that they are tasked with making. People must have the confidence to act and decide. Failure to do so will simply result in no decisions being made at all – or the lower-risk level decision-making being pushed to progressively more senior (and usually expensive and time-constrained) personnel, therefore costing a great deal in time and resources.  Support, communicated consistently through process documentation, written and oral feedback, for decision-makers acting within their authority level is vital to ensure the success of risk-based decision making being implemented in an organisation.

Finally

A perfect contract does not guard against all eventualities, but is a commercial and practical document that sets out both parties responsibilities and expectations. It deals, without grey zones, with how the parties will treat everything going terribly, terribly wrong. To achieve this perfect contract on behalf of internal and external clients, you need to open the door and flick on the light and have a good look around the room – something you can only do if you are aiming for a balanced, practical and commercial end contract with a realistic view of the risks, being implemented by individuals that can act with the confidence that their organisation values and supports their decision.