Optimizing Value From Your Business Relationships Trust, But Verify

Organizations increasingly rely on contract-based relationships to support their strategies and advance their goals. Unfortunately, a contract cannot guarantee the success of a relationship, nor does shifting tasks to a counterparty decrease responsibility. Indeed, accountability for performance under the contract falls on both parties. Given global business conditions, fulfillment of contractual obligations has become more critical and challenging. Many enterprises rely heavily on other parties to deliver on their behalf. This calls upon parties to contracts to scrupulously meet cost control, revenue generation, and risk management goals. Yet parties face increasing pressures, and even temptations, that can subvert intentions and undermine performance. Accordingly, efforts to verify that parties to agreements perform as expected have taken on greater importance. Those efforts go by various names, such as vendor management, contract management, contract compliance, revenue assurance, or compliance programs. To explicitly include both their risk management and compliance dimensions, Deloitte uses the term Contract Risk & Compliance (CRC) for such programs. Despite its importance, CRC is often overlooked by executives intent on securing favorable contract terms, and by risk managers focused on the insurance, regulatory, security, and legal aspects of contracts. After signing a contract, many executives assume that all parties will perform as expected or that relationship management and risk monitoring mechanisms are in place and functioning properly. Some even behave as if contracts transfer risks to another party, when in fact they may generate new risks, further underscoring the need for CRC programs. Business relationships depend on trust, but trust is earned over time through dependability, fairness, and sharing of accurate information. Thus, the byword in business may be President Ronald Reagan’s saying, “Trust, but verify.” In that vein, a contractual relationship can provide the context in which parties build trust as they validate and deploy their contract as an ongoing guide rather than a one-time documentation of intentions.

This paper describes the nature, rationale, and practices of CRC programs and updates our initial paper on the subject, More than a Matter of Trust: Managing Risk in Extended Business Relationships, published in 2006. We’ve issued this update because current business conditions have elevated a CRC program from “something to think about” to a fiduciary responsibility and a business imperative. Why CRC now? Most industries and entities face the prospect of slowing growth—if not contraction—yet executives must continually strive to preserve revenue, control costs, and manage risks. To preserve revenue, the organization must collect all amounts due under new and existing contracts. To control costs, management must verify that business relationships target and achieve cost containment goals. To manage risks, the enterprise must identify and mitigate the risks to which relationships can expose it. Further, regulatory matters over the past several years, such as the SarbanesOxley Act in the United States and similar regulations elsewhere, have focused companies inward, yet the risks that can most impact the bottom line are primarily external to the organization. A CRC program helps you realize the benefits you aim to achieve in a relationship, while identifying and managing the risks. Such goals are always important, but a CRC program is now among the most advantageous uses of an organization’s resources because: 1. In a slower growth environment, senior managers must capture all of the revenue due and all of the cost savings attainable in business relationships. 2. Business relationships and thus risks multiply with increasing use of outsourcing, joint ventures, and other methods of employing outside entities. 3. Companies must defend their intellectual property and brands from increasingly aggressive pirates and poachers. 4. Management must work to avoid potential liabilities associated with counterparties and their respective activities.

As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. 2

5. Amid workforce reductions, business partners can lose personal relationships and “institutional memory” when people involved in a contract leave their jobs. 6. In hard times, business partners may be tempted to take shortcuts, cut costs, reduce service, or increase their revenue at your organization’s expense. 7. The financial viability of counterparties may become an issue of increasing importance in a stressed economic environment, as may the financial prospects of an industry, a region, or a nation. 8. CRC programs encourage parties to develop and deliver on commitments based on mutual goals, complementary capabilities, and realistically defined costs and benefits. 9. A CRC program’s importance increases in regulated industries, where counterparties’ actions may create exposure in areas such as security, data protection, and business practices. 10. The returns on CRC programs that limit revenue leaks and secure cost savings may far outweigh those of other available investments, particularly during periods of slow growth. 11. The benefits of a first-rate CRC program are not only important now, but will continue when robust growth returns. CRC practices never go out of fashion and always characterize the well-managed enterprise. In sum, this is an ideal time for CFOs, CROs, audit committees, and other executives responsible for revenues, costs, intellectual property, brand equity, and any outsourcing, joint venture, supply chain, or similar relationship to consider the state of CRC in their enterprises and to quickly bring its functionality to a high level. The business case for doing so is, as we will show in this paper, extremely strong. First, however, we provide background on CRC gained through formal and informal surveys we have conducted, and from relevant client engagements.

What Exactly is CRC, and Why is it Important? As the name implies, CRC is a set of practices for addressing the risks the enterprise encounters in contracts and agreements that define business relationships and for validating performance under them. Of particular importance are contracts involved in licensing, product development, sales channel and other alliances and joint ventures, and outsourcing arrangements that extend the enterprise. The relationships take many forms, under the rubric of the extended enterprise, and they are summarized in Figure 1. Figure 1: Typical Contractual Relationships that Benefit from CRC
Supply-side Relationships • Suppliers • Manufacturers • Replicators Demand-side Relationships • Franchisees • Distributors • Resellers Licensees • OEMS • Co-brand partners • Joint developers • IP licensees Infrastructure • IT outsourcing • HR services • Travel agencies • Legal services • Benefit providers • Transaction processing

• Integrators and • Advertising installers agencies • Retailers • Fulfillment providers • Warranty, maintenance, and repair providers

In Deloitte’s experience with thousands of companies, we find current awareness of CRC and its importance lower than we would expect. While executives who oversee relationships attempt to negotiate favorable contracts, they usually view each one as a discrete event. For instance, licensing a patent or a brand is one thing, outsourcing the call center is another, and a joint product development agreement yet another. This limited view can be problematic. Clearly, each relationship and contract presents its own characteristics and challenges. But a CRC program helps you discern common contracting goals, activities, and risks, and organizes risk and compliance management into a repeatable, reliable approach. In fact, involving CRC specialists in the drafting of a contract can provide a structured, validated process that will serve the organization well throughout the lifecycle of the relationship.

Optimizing Value From Your Business Relationships Trust, But Verify


A CRC program provides methods for dealing with the activities and issues that arise around all contracts, including: • analyzing the economic structure of relationships, the costs and rewards on each side, and how these can be apportioned for mutual benefit • defining activity and service levels • agreeing on the content, form, and frequency of reports on activity, service levels, revenues, costs, and other key data • agreeing on a contract compliance monitoring process— including type and number of metrics—and defining the access of each party to the other’s information and operations and the right to “audit” information and activities • establishing an internal process to detect significant changes in the original objectives and expected risk profiles • understanding the risks and responsibilities that each party assumes, while clarifying boundaries • securing the right to renegotiate the contract and recast the relationship as new information becomes available and conditions change, and including escape clauses and exit strategies for each party • preventing or resolving conflicts, disagreements, and reporting inaccuracies associated with the contract terms.

A CRC program combines the above activities within a framework for conducting the following activities after the contract is signed: • managing the relationship to achieve objectives, mitigate risks, monitor controls, and secure targeted benefits • creating and maintaining awareness of compliance and noncompliance with contracts • validating the accuracy of information from external parties, and ascertaining that actions of the other party are appropriate • performing onsite or offsite risk inspections and control reviews. CRC activities are performed inside and outside the company. Internally, a company must analyze its contract and vendor management practices, communication protocols, and review procedures—and establish processes to monitor information and behaviors of the other party. Externally, a company should discuss its compliance program with its counterparties. In other words, external parties should know you have a CRC program, understand its goals and rationale, and realize that you actively manage it—although, as explained below, not necessarily in a punitive or “investigatory” manner. Rather, they should understand that the program not only aims to execute fiduciary responsibilities, but also to optimize the relationship by verifying that its benefits accrue to each party.


The Importance of Objectivity The CRC program should generally be considered a risk management responsibility, with the same strong ties to financial and operating management that successful risk managers maintain. Program managers must understand the objectives, rationale, and risks related to each business relationship. However, they must understand that they play an advisory role and the risks remain those of the business managers. Objectivity enables CRC program managers to render sound judgments about performance under contracts. That objectivity also insulates business managers from the compliance function so they can conduct the relationship apart from it. Thus, the business managers focus on the operational aspects while the compliance managers focus on the compliance aspects of the relationship. That’s important because a Deloitte survey1 revealed that many companies are concerned that CRC activities could damage relationships. In that survey, 61 percent of respondents expressed a high level of concern about this. (We summarize the key findings of this survey in Figure 2; the full report of results is available at www.deloitte.com/us/ crc.) Yet we also found that setting expectations, communicating clearly, and taking a consistent, collaborative approach to CRC generally allays such concerns. There is also strong evidence that a CRC program will improve relationships. Not only did the survey support this, but anecdotal evidence from hundreds of projects shows that CRC programs can do so. Contract monitoring becomes much simpler and expeditious when the “facts are agreed and visible.” Employing a reputable, objective, outside party can provide further—and even more credible—insulation for an enterprise conducting CRC inspections.

Figure 2: Key Findings of Deloitte’s Contract Risk & Compliance Survey In 2007, the CRC practice of Deloitte & Touche LLP published a survey of executives in financial, compliance, internal audit, sales and marketing, legal, and anti-piracy departments regarding their CRC programs and practices. Given the overall environment, we have every reason to believe these findings are equally, if not more, valid today. Among the key findings were the following: • Companies frequently miss opportunities to increase their return on investment (ROI) from extended enterprise relationships. • Many companies fail to associate contract compliance with positive returns, but monetary and non-monetary ROI is extremely common (and often substantial). • Companies often lack a standard CRC approach and clear ownership, which limits the effectiveness of their CRC efforts. • Implementation of CRC is more widely accepted by counterparties than many executives might assume—almost 70 percent of respondents said their business partners would expect contract-related inspections or audits. • Fears are unfounded—less than 1% of external reviews resulted in legal action related to compliance activities. • Many CRC programs face challenges, ranging from misperceptions about the program to limitations regarding implementation, which can be anticipated and addressed.

1 Contract Risk & Compliance Survey: Addressing the Challenges of the Extended Enterprise, 2007

Optimizing Value From Your Business Relationships Trust, But Verify


CRC programs and contracting itself should be used to define, build, and enhance business relationships. We say this not out of idealism, but because using contracts to apply onerous terms, seek unrealistic levels of service, or gain unfair advantage will not produce a good relationship. Indeed, the contract should not be the vehicle for seeking terms, but rather the means of documenting agreed-upon terms. Further, contracts perceived as one-sided can lead parties to violate terms they see as unfair, generate turnover in your relationships, and erode your reputation. Indeed, most violations stem from a party’s misunderstanding of contract terms, for instance, due to ambiguous wording, or from changes in a party’s circumstances, including changes in personnel. In addition, a CRC program helps your organization perform as specified—as part of sound risk management and to minimize future liabilities. A CRC program can also identify and resolve issues before they damage a relationship or grow into large problems. If anyone in your organization fears litigation, note that the above-cited Deloitte survey found that, over the past five years, over 88 percent of respondents never encountered legal action as a consequence of CRC activities. In that same period, less than 1 percent of execution of contract “audit clauses” resulted in legal action related to compliance activities. Still, it is important to define the scope of inspections, conduct them as specified, and communicate openly about them.

A CRC program does not primarily aim to expose dishonest behavior. When dishonesty, theft, or fraud occur, management, or at least most of management, is typically unaware of it until the CRC program uncovers it. Far more common are unintended performance shortfalls and breaches of contract. Therefore, parties should not consider a contract-related inspection as punitive. However, if transgressions are noted, penalties should be assessed and paid. For example, contracts often specify penalties if exceptions exceed a specified metric. Such arrangements encourage parties to manage the contract properly, while lack of such arrangements often invites lack of attention or, worse, mischief.


CRC Activities and Processes

As illustrated in Figure 3, CRC activities constitute an endto-end process, beginning with identifying external relationships and concluding in strong relationships. Phases of the process include the following: • Identify Relationships: A thorough review of relationships and related contracts can remind companies of their contractual obligations and lead to opportunities to improve controls and operations or to negotiate better terms and upgrades. • Identify Relationship Objectives: Effective risk management begins with articulating objectives, which helps to identify the barriers to achieving them. • Identify Risks: Unique risks accompany extended enterprise relationships, and an organized analysis will identify and prioritize them. • Analyze Compliance Internally and Externally: Either party in a business relationship may contribute to “out of compliance” situations. For instance, inaccurate reporting could stem from manual processes used to comply with the contract on either side of the relationship, and must be addressed. • Mitigate Risk and Build Trust: Steps taken to mitigate risk can improve trust, confidence, security, and controls.

As your organization initiates or modifies its CRC program, it’s useful to determine the suitable mix of preventive and detective activities in the program. • Preventive: Preventive activities, such as communicating expectations or suggestions, should be conducted in advance of contract execution or detective procedures. Clear processes and controls help prevent mistakes and should include some monitoring of contracts and behaviors of the parties. Preventive activities usually involve risk assessment. Although preventive controls can be established in the counterparty’s environment, they typically reside within the company’s own processes. • Detective: Many compliance activities, including monitoring and trending, are “detective” in nature, as are onsite record inspections, control analyses, market data analyses, and secret shoppers2. For example, when a company initiates a compliance inspection of a distributor or licensee, a detective methodology can analyze the historical data and test the systems at the external site. Detection, by definition, involves analyzing historical data, completed activities, and reported amounts and often involves some level of review at the external facility. Although detective activities can be performed apart from preventive activities, combining the two will produce the most effective program.

Figure 3: Risks That Arise or Increase in Business Relationships
Risk Vendor selection risk Strategic risk Regulatory compliance risk Reputational risk Operational/ technology risk Security risk Vendor performance risk Financial risk Country risk Legal risk Business continuity risk Exit strategy risk Issues of business relationship partners Lack of experience, personnel, financial resources, or physical infrastructure to successfully meet requirements Activities inconsistent with strategic and financial goals and objectives Failure to comply with laws, regulations, industry standards, and internal policies, or to provide adequate oversight Activities resulting in loss of public trust, damaging reputation or brand Processes and technology not aligned with business needs for effective and efficient operations Inability to protect assets such as information and intellectual property from unauthorized access, modification, destruction, disclosure, or misuse Failure to meet service-level agreement metrics; failure to provide accurate performance reporting Inaccurate or misallocated invoicing for goods, services, fees, and/or commissions Geopolitical, social, and economic issues specific to geographic location Inability to enforce terms and conditions of the contract due to legal limitations Lack of tested plan to recover and resume critical business process after an unplanned service interruption Lack strategy and/or contract terms allowing for orderly termination of a business relationship

Often called upon in the consumer business and retail industries, “secret shoppers” monitor, evaluate, and report on compliance, quality, physical environment, and customer service. 7

Optimizing Value From Your Business Relationships Trust, But Verify

Specific Areas where CRC Generates Benefits To convey the workings and benefits of a CRC program, we provide a few examples: Revenue Leakage in Sales Channel and Licensing Relationships The Question: Are you getting all the revenue you’re entitled to? The Problem: Revenue leakage is becoming more common given the use of sales channels and licensing agreements for intellectual property, brands, and processes. Usage and sales may be more difficult to track than in ordinary product or distribution contracts, particularly in licensing and royalty arrangements. For example, the royalties due to a pharmaceutical company from its manufacturing licensee are based on the licensee’s reported net sales. If the licensee underreports sales, the pharmaceutical company loses royalty revenue. The Opportunity: A CRC program can increase visibility into the sales reporting process and provide an opportunity to inspect sales figures. Statistical methods can account for sales trends and variances, and corroborate that terms related to sales periods or sliding scales are met. CRC enables a company to use its own data to highlight areas of risk and to quantify potential revenue leakage through analysis of external parties’ records. Cost Control in Supply Chain Relationships The Question: Is the company overpaying suppliers? The Problem: Complex contracts often govern major expenditures, from volume rebates to preferred vendor incentives to advertising agency fees. Yet calculations by vendors often use data not always visible to management. This increases the risk of overcharges, overpayment of rebates, and unwarranted discounts.

For example, are advertising agencies passing on only legitimate expenses? Have distributors met the criteria for claimed rebates? Are favorable pricing mechanisms such as “most favored customer” properly executed? In such situations, the sheer complexity and volume of data and calculations can generate errors. The Opportunity: CRC can reduce the risk of overpayments and promote timely detection and recovery of overpayments that do occur. It can capture lapse dates for offers, identify incorrect allocation of volume to periods for discounts or incentives, and prompt suppliers to exercise more rigorous control in these areas. Enterprise Risk Management The Question: Are relationships’ objectives and risks aligned with the organization’s business strategies, risk appetite, and controls? The Problem: Proliferating relationships and contracts, particularly across a large enterprise, can generate hidden exposures and additional non-compliance costs. The Opportunity: A CRC program can standardize an organization’s approach to all contracting activities as well as to controls and compliance, and help to eliminate duplicate, redundant, or overlapping activities. It can also help the enterprise marshal information technology (IT) support to automate monitoring and control activities.


Control of Warranty Expense The Question: Are warranty claims legitimate? The Problem: Manufacturers lose millions annually due to improper warranty claims. Additionally, indirect losses— related to parts availability and stock levels, biased quality metrics, customer dissatisfaction, and so on—have been estimated by some to be a multiple of several times the direct losses. Warranty exposure takes many forms, including lack of understanding of entitlements, zealous customer service agents, mistakes in third-party processing centers, falsified reports, abuse of entitlement, inflation of services, and parts theft. The Opportunity: CRC efforts involve prevention and detection. For prevention, personnel are trained to recognize and prevent issues by understanding the risks, penalties, and de-accreditation conditions. For detection, an experienced team can monitor data, design mechanisms to flag potential anomalies in data and behavior, and monitor channels where warranty parts and products are resold. Once detected, errors can be addressed—and deterred through improved accreditation and auditing procedures.

Control of Outsourced IT Services The Question: Are IT service providers delivering contracted services at agreed service levels and costs? The Problem: Organizations outsourcing IT functions such as application development, maintenance, and support lose millions annually due to lack of vendor performance. Losses can occur when services are not provided and service-level management processes are inadequate or service-level metrics are inaccurate or incomplete. Exposure can take the form of internal inefficiencies, loss of customers, regulatory noncompliance, and payment for services not provided at levels specified in service level agreements (SLA). The Opportunity: CRC efforts involve identification and compliance assessment of contract provisions. These efforts focus on metrics reflecting strategic and SLA objectives, proper tracking of data, and accurate billing for services. Processes to address contract compliance issues are provided to the company’s vendor management organization, and processes are established for continuous service level improvement.

Optimizing Value From Your Business Relationships Trust, But Verify


CRC Program Design

A sound CRC program recognizes the business’s strategies, identifies relationship goals and risks, and addresses them in contracts. A CRC program leverages the contract terms and gauges compliance to optimize business relationships. Given this, a CRC program design must take the following six factors into account: 1. Business Objectives of the Relationship: Consider and prioritize revenue recovery, cost optimization, controls assurance, operational efficiency, and other goals for each relationship and for your CRC program. 2. Contract Complexity: Identify, analyze, and, to the appropriate extent, standardize contract structure across business functions and external parties, as well as performance metrics and audit clauses. 3. Company Culture: Consider the extent to which the company and counterparty are control-focused, along with cultural characteristics and respective roles. 4. Compliance Program Owner: Sales, internal audit, finance, legal, and other “owners” will establish different business objectives and may hold different attitudes toward compliance—all of which must be balanced and reconciled into a coherent program. 5. Future Relationship and Expectations: Establish shortand long-term relationship goals and build collaboration and trust to achieve them. 6. Timing of Renewals: Consider seasonal variances in volume, new product launches, and similar issues that could affect the contract renewal cycle. Various business objectives will drive various degrees of collaboration within the program. For instance, if counterparties believe that the inspector excessively pursues monetary advantage, they may delay inspections or interrupt their progress. On the other hand, if vendors and counterparties expect that inspections will be objective and perhaps result in shared knowledge or process improvements they may be more open to them.

The Right Fit CRC programs may take one—or both—of two basic forms: Event Driven: An event-driven CRC program is established to address situations as they arise, with responses implemented as needed. This approach is useful for companies that want to address specific issues or incidents, such as a compliance risk or suspected violation. The event-driven program may also interest companies that want to develop proficiency and more robust contracts before embarking on a full-scale program. Program Driven: Most companies aiming to optimize their relationships prefer an ongoing CRC program. A program-driven approach offers a comprehensive yet flexible, highly effective structure. One-size-fits-all schemes should be avoided in favor of programs tailored to the company. Variables to consider include types of risks (see Figure 3), location, and control methodologies.

CRC Challenges Although a well-run CRC program is simply good business, as with any initiative, establishing or strengthening a program calls upon champions and change agents. Among the most significant issues for them to address are the following. Relationship Management Issues Positive ways to frame the program, internally and externally, so as not to damage relationships include: • describing the role of CRC in realizing the advantages to each party as specified in the contract • emphasizing your desire for results-driven management of service delivery and quality control, and your counterparty’s ability to use these methods with their providers


• citing your need for transparency in dealings with external parties and the benefit of transparency to them • discussing the need to maintain the security of information and the privacy of any potentially affected parties, such as customers • describing your requirement for controls, compliance, due diligence, and good governance throughout the extended enterprise • citing experiences that demonstrate that CRC programs help, rather than harm, relationships. Many companies engage an outside party to help establish and conduct their CRC programs. Deploying an objective party to collect information or perform inspections can create the aforementioned “insulation” for the people in the relationship, and many business partners are more comfortable with that arrangement. Indeed, many contracts require that an outside party perform compliance “audits.” Cost Justification: While the costs of CRC may concern some companies, a dramatic return on investment is common. In one case a company recovered US$4 million in royalties for a fee of US$130,000 related to its CRC program. In another case, a company incurred costs of less than US$3 million over a few years and generated some US$100 million in findings. Of course, returns depend on the business objective and the CRC activity. A royalty inspection will typically yield monetary returns, while a vendor risk assessment may deliver less prolific returns but may add important benefits, such as enhanced communication or peace of mind. Either way, CRC provides value that can more than offset its cost.

Contract Issues Another potential hurdle resides in existing agreements. For instance, a contract may lack an audit clause sufficient to authorize a compliance inspection; however, this can be addressed through a request for an inspection or an amendment to the contract. Many opportunities to improve contracts arise upon renewals. In the meantime, companies may consider letting external parties know they are considering enhanced CRC.

Optimizing Value From Your Business Relationships Trust, But Verify


The Case for CRC

Reasons to seriously consider initiating, formalizing, or reinforcing a CRC program include the following: • CRC will help you identify missing revenue your company has earned through a licensee, channel, or other business relationship, and help limit revenue leakage. A leading consumer goods company routinely identifies underreported royalties that are ten times the compliance inspection costs. • A CRC program can help contain costs by preventing unnecessary or inaccurate payments and monitoring relationships more efficiently. One major technology company has identified several hundred million dollars of misreported transactions. • A CRC program can help you rationalize relationships that aim to control costs. For instance, a number of companies have outsourced their IT centers (or brought them back in house) after thoroughly reviewing service levels, quality, and comparative costs and benefits. • CRC increases the transparency of controls and enables you to mitigate risks in relationships, including reputational risk, legal liability, and risks to intellectual property. A global software company discovered 15,000 pirated software licenses in Europe, with a street value of about US$1.5 million. • A CRC program will identify and prioritize the risks of business relationships. Boards of directors are now showing interest in relationship risks, given several publicized incidents of money lost, in part due to trusting without verifying. • In that same vein, you cannot outsource risk. Also, a counterparty’s risk may become your risk. For instance, when a company outsources customer support, customers consider the agency an extension of the company—and regulatory bodies may do the same. Challenging economic conditions strengthen the business case for CRC programs. The ROI will remain healthy and may become more attractive relative to that of alternative investments and other uses of finance, risk management, and auditing resources.

A CRC program can demonstrate that external parties exercise proper diligence and promote trust in the extended enterprise. When contracts state their objectives along with monitoring procedures that aim to achieve them, the relationship has a sound foundation. This does not guarantee perfect performance. Yet it does indicate that each party accepts high levels of accountability for their performance, and that will certainly increase trust. Risk Intelligent Contract Management A CRC program falls within the framework of Risk Intelligence, Deloitte’s approach to managing risk, which comprises a philosophy and a set of practices that: • account for the full spectrum of risks in business decisions and activities • cut across “silos” to provide an integrated, organization-wide view of risk • consider upside opportunities as well as downside possibilities • identify, avoid, mitigate, detect, and report on risks in comprehensive, cost-effective ways • provide a common language and context for risk management • allocate risk management resources based on the importance of the threats and opportunities. A full-fledged CRC program puts Risk Intelligence into practice. It examines contract risk & compliance across the spectrum of decisions and activities, bridges silos, and leverages expertise and processes. It considers upside opportunities, such as revenue capture and cost control, as well as downside possibilities, such as risks to intellectual property and other assets. It provides a context for managing compliance activities based on the relative risks each business relationship poses. For more information on Risk Intelligence, visit www.deloitte.com/riskintelligence.

Realizing the value of CRC

Most organizations implement CRC programs to improve the efficiency and effectiveness of their contract monitoring processes, and to improve processes that involve business relationships. In our experience, the ROI impacts of CRC efforts kick in quickly, often in a matter of weeks. It is natural that some unrealized revenues or cost savings occur after a relationship is up and running, and a CRC program addresses such situations. It is also natural for trust to either increase or decrease over time. When clear expectations are set and facts and figures evidence a record of dependability, trust increases. In the absence of clear expectations and facts and figures, trust can erode. A CRC program also sets a context and becomes a vehicle for each party to communicate about risks, rewards, results, and concerns regarding the relationship, enabling each to realize the benefits of trust in a commercial relationship: faster execution, improved reporting, warning of potential problems, increased peace of mind, and enhanced profitability. Although these practices are always important, in these challenging times it’s vital to validate that your vendors, service providers, and outsourcing partners do

not succumb to pressures to control their costs at your expense. It’s equally important to verify they are delivering on service levels with the quality of deliverables and qualified personnel that they committed to deliver. Similarly, an uncertain economic climate make it more important than ever to verify that revenue due under royalty, licensing, and other agreements is properly accounted for and remitted. A CRC program helps an organization move forward, even under adverse conditions. It provides a framework for diligent application of the basics—defining and implementing the goals, roles, management practices, performance metrics, risk controls, periodic inspections, and occasional course corrections—that keep an extended enterprise on track. Think of it as a game plan for team play in tough times.

Optimizing Value From Your Business Relationships Trust, But Verify


Contacts and Acknowledgements

Contacts David Zechnich Global Leader – Contract Risk & Compliance Deloitte & Touche LLP San Jose, CA +1 408 704 4560 dzechnich@deloitte.com Luis Castro Deloitte & Touche LLP Houston, TX +1 713 982 2970 lcastro@deloitte.com Julie Connors Deloitte & Touche LLP Parsippany, NJ +1 973 602 6098 jconnors@deloitte.com Tim Davis Deloitte & Touche LLP Seattle, WA +1 206 716 7593 timdavis@deloitte.com Tony DeVincentis Deloitte & Touche LLP New York, NY +1 516 918 7750 tdevincentisjr@deloitte.com Barbara Ehlers Deloitte & Touche LLP Baltimore, MD +1 410 576 6709 behlers@deloitte.com Kevin Fried Deloitte & Touche LLP San Jose, CA +1 408 704 2786 kefried@deloitte.com

David Hodgson Deloitte & Touche LLP Parsippany, NJ +1 973 602 6869 dhodgson@deloitte.com

David Maberry Deloitte & Touche LLP Los Angeles, CA +1 213 593 4672 dmaberry@deloitte.com Brent Nickerson Deloitte & Touche LLP San Jose, CA +1 408 704 4786 bnickerson@deloitte.com Steve Revesz Deloitte & Touche LLP San Jose, CA +1 408 704 2421 srevesz@deloitte.com Eric Ringle Deloitte & Touche LLP Detroit, MI +1 313 394 5263 eringle@deloitte.com Tom Toppen Deloitte & Touche LLP Chicago, IL +1 312 486 2137 ttoppen@deloitte.com


Global Contacts Eric Hespenheide Global Managing Partner Internal Audit Services Deloitte & Touche LLP +1 313 396 3163 ehespenheide@deloitte.com Luisito Amper Deloitte Philippines +63 2 8120535 lamper@deloitte.com Hans Bootsma Deloitte Netherlands +31 88 288 1546 HBootsma@deloitte.nl Elizabeth Brown Deloitte Australia +61 2 9322 5372 ebrown@deloitte.com.au Martin Carmuega Deloitte Argentina +54 11 4320 4003 mcarmuega@deloitte.com Simon Chard Deloitte UK + 44 20 7007 2849 schard@deloitte.co.uk Philip Chong Deloitte Singapore +65 6216 3113 pchong@deloitte.com Jan Corstens Deloitte Belgium +32 2 800 24 39 jcorstens@deloitte.com Linur Dloomy Deloitte Israel 972 3 6085 5423 LDloomy@deloitte.co.il

Siviwe Dongwana Deloitte South Africa +27 0 11 806 6052 sdongwana@deloitte.co.za

Andrea Musazzi Deloitte Italy +39 02 8332 2610 amusazzi@deloitte.it

Olivier Dutartre Deloitte France +33 1 40 88 75 11 odutartre@deloitte.fr Hugh Gozzard Deloitte China + (852) 2852 5662 huggozzard@deloitte.com.hk Michael W. Jones Deloitte UK +44 121 695 5826 mwjones@deloitte.co.uk Cuneyt Kirlar Deloitte Turkey +90 212 366 60 48 ckirlar@deloitte.com Raj Krishnamoorthy Deloitte Canada +1 416 601 6245 rkrishnamoorthy@deloitte.ca Jong Ick Lee Deloitte Korea +82 2 6676 1000 jongicklee@deloitte.com Peter Brock Madsen Deloitte Denmark +45 36103605 petermadsen@deloitte.dk Patricia Muricy Deloitte Brazil +55 21 3981 0500 pmuricy@deloitte.com

Jayashree Narayanan Deloitte India +91 80 6627 6109 jnarayanan@deloitte.com Budi Nata Rahardja Deloitte Indonesia +62 21 231 2879 ext.3125 brahardja@deloitte.com Kumiko Umemura Deloitte Japan +81 3 4218 7232 kumiko.umemura@tohmatsu.co.jp Gema Moreno Vega Deloitte Mexico +52 55 5080 6324 gmorenovega@deloittemx.com Heinz Wustmann Deloitte Germany +49 89 29036 8814 hwustmann@deloitte.de Jimmy Wu Deloitte Taiwan +886 2 2545 9988 ext: 7558 jimwu@deloitte.com.tw Yvonne Wu Deloitte China +86 21 6141 1570 yvwu@deloitte.com.cn Yoon Chong Yee Deloitte Malaysia +60 3 7723 6508 ycyee@deloitte.com
Optimizing Value From Your Business Relationships Trust, But Verify 15

Acknowledgements The following made significant contributions to the development of this publication: Elizabeth Brown Simon Chard Jan Corstens Erin Ennis Kevin Fried Hugh Gozzard Eric Hespenheide Kristian Park Terrie Perella Steve Revesz William Ribaudo Henry Ristuccia Jeffrey Schmied Linda Strovink Yvonne Wu Dave Zechnich

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries © 2009 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Item # 9047

Sign up to vote on this title
UsefulNot useful