Leveraging contracts to keep your organization safe and secure

Legal and risk are inseparably intertwined across the spectrum of business activities, and contracts are essential to reduce enterprise risk, whether it’s liability, cybersecurity, intellectual property, or privacy concerns. Contracts and legal risk play a crucial part of Enterprise Risk Management (ERM) systems, ¹ whether you use a formal risk assessment system such as ISO 31022² or just general risk principles to resolve challenges.  Clear contractual language and processes can help you avoid risk, promote risk awareness and information sharing, and improve collaboration between legal, procurement and financial stakeholders.

So, how can contracts help frame risk and clarify risk burden sharing?  This article demonstrates how to best write contracts to address risk issues and explains why well-envisioned and up-to-date contracts are essential for managing and reducing enterprise risk in a volatile global economy. 

Contracts clarify the roles, responsibilities, and expectations of all parties to reduce ambiguity and the potential for disputes. For example, vendor and supplier agreements specify delivery schedules, quality standards, and payment terms to prevent operational disruptions and enforce accountability.

Force Majeure clauses³ are also important risk-reduction clauses.  This was made abundantly apparent during the COVID-19 global lockdown. A collaborative contracting process, with multiple stakeholder reviews, also ensures alignment of all parties on key risk provisions and promotes internal dialogue around risk management.

Other ways to ensure smart risk management

• Allocating and limiting liability – Well-drafted contracts include liability and indemnity clauses that allocate risk between parties, protecting the enterprise from excessive exposure in the event of a breach or unforeseen event. Insurance requirements are intended to support this risk allocation and burden sharing.

• Protecting proprietary information – Non-disclosure and background Intellectual Property (IP) content in an agreement enforce confidentiality obligations, clarify what is being fenced off and protect sensitive business information and intellectual property from misuse.
• Ensuring performance standards – Service level agreements (SLAs) and Key Performance Indicators (KPIs) set measurable performance benchmarks and corrective procedures to minimize the risk of service failures and ensure recourse if standards are not met. On a more basic level, delivery expectations, and terms such as fit for purpose ensure that buyer expectations regarding timing and quality of goods or services are clearly spelled out so that the buyer can rely on the seller to support the buyer’s overarching business requirements.
• Managing termination and dispute resolution – Contracts typically outline the conditions for termination, remedies for breach, and preferred dispute resolution actions (e.g., arbitration, mediation), which reduce litigation risk and provide clear exit strategies. As a best practice, such conditions should be written so that parties are forced to collaboratively discuss solutions within an agreed deadline before any suggestion of third party (or potentially costly) review is initiated.
• Supporting regulatory compliance – Contracts should be structured to ensure compliance with relevant laws and regulations to reduce the risk of regulatory penalties and reputational damage. This can range from conflict minerals or human trafficking concerns to data privacy requirements.  The key is to ensure that your contracts are tailored to address the most relevant regulatory concerns without putting an undue burden on your business partner.

How can you best design contracts to resolve risk and counteract volatility

Recognizing that contract terms and processes are fantastic ways to identify and reduce enterprise risk, how can you best draft and negotiate the terms to ensure that the terms are most effective?

The first step is to identify the risk that is relevant for the specific organization. What do practitioners need to include in their terms to protect the cybersecurity environment, the company’s reputation, or a product’s competitive viability? Oftentimes the templates practitioners use are inherited from other sectors or industries and little thought is put into tailoring the templates to match the products and services that they are intended to sell or buy. Contracting experts should ask themselves, does my company have an ERM system?  And do our contracting processes, templates and negotiations actually line up with issues arising within that system? If not, it is likely time to thoughtfully reconsider this.

The second step is, once you have alignment, consider how the contract is written and evaluate its structure.  Contracts should be carefully written and managed using clear language, collaborative risk management, and a dry-eyed (comprehensive) evaluation of all relevant issues and potential secondary impacts affecting the existing business environment.  That’s why contracting experts should do the following:

• Use clear and unambiguous language – Select precise terms and explicitly define key concepts to minimize interpretation disputes. Clarity ensures that all parties to a contract understand what their actual obligations are in a commercial transaction. Trying to leverage legalese or vague language to cover unknown contingencies will inevitably lead to dispute and finger pointing, if not litigation. Obviously, this is the opposite of risk reduction!
• Perform a comprehensive risk assessment – Identify and address potential risks during contract drafting, including legal, financial, and operational vulnerabilities. This includes reviewing past contracts for recurring risk patterns and modifying templates accordingly. The contracting group must have a robust audit process, which can be challenging to emphasize when the high-volume input and throughput of agreements is the inevitable priority, but even a small audit sample and long-term review of risk found in contracts (especially third-party terms) can bring tremendous risk reduction value to an organization.

• Include tailored versus mere boilerplate clauses – Standard clauses such as force majeure (for unforeseen events), assignment rights, severability, and non-waiver provisions provide essential legal safeguards and flexibility in the face of unexpected developments. The key is to ensure that these clauses match the product and the work contemplated in the contract. This can be challenging in master agreements that cover a wide range of work, since the risk of individual projects cannot be foreseen at the time of the master negotiation.  Tailoring these key clauses to reflect the actual activities done under the contract will help to accurately target risk reduction for all parties.
• Encourage collaboration and balanced terms –  It can be tempting to draft contract language that is one-sided and shifts burdens to the other party, but the benefits of negotiating more balanced terms are substantial. Not only do collaborative approaches encourage future business by establishing a non-zero-sum relationship, but they also facilitate open and transparent discussions on risk concerns and burden sharing. Companies that incorporate structured governance and collaboration frameworks into their contracts enjoy more productive, strategic relationships.

• Ownership and compliance monitoring – Assign responsibility for each contractual obligation to specific individuals or teams and implement systems for regular compliance monitoring and reporting to ensure ongoing adherence. This is a good opportunity to pull other stakeholders (finance, safety, or information technology/information systems (IT/IS)) into the contract processes to ensure all stakeholders are aware of the risks within key agreements.

• Contract Lifecycle Management (CLM) – Use contract management systems to track obligations, deadlines, and performances to enable proactive risk identification and mitigation throughout the contract lifecycle. As noted above, carving out the time to do post-execution audits and analysis of key contracts is essential.  These audits will help to ensure that risk is constantly reviewed in accordance with contemporaneous business environment and challenges, not just the moment the agreement was signed.

Maximize the practical use of contracts

Contracts are expected to capture commercial relationships and transactions, including pricing, payment, and warranties. But good contracts are also platforms that deepen buyer and supplier relationships, and address more nuanced concerns such as risk management. By looking at contracts through the prism of risk management, companies can verify that these agreements improve their collaboration and ensure not only practical issues are resolved – such as regulatory compliance and Intellectual Property (IP) protection – but also guarantee that the overall health of their business is constantly reviewed and aligned to the existing risks in a volatile global market.

END NOTES

1. An Enterprise Risk Management (ERM) system is a strategy for assessing risks that could interfere with business outcomes.  This often involves identifying and monitoring risks to preserve value and eliminate ongoing threats to a business.

2. From the ISO Committee “ISO 31022 (the management of legal risk) was published in May 2020 and is a principles-based standard designed to guide companies in the management of legal risk across all their operations and activities, helping them meet the legal and regulatory requirements, manage contractual risk and enhance strategic decision-making in complex legal environments. ISO 31022 explores a separate risk category for contractual obligations and legal responsibilities that now have a higher profile due to increased regulatory scrutiny and cross-jurisdictional legislative updates such as the GDPR, market regulations and duty of care. This includes stakeholders' expectations of the quality of decision-making and the responsibility of senior management to act lawfully in the best interests of the company or organization.”

3. Force majeure is a “legal concept in contract law that allows parties to be excused from their obligations when an unforeseeable event beyond their control prevents them from fulfilling the contract. It is a contractual provision, often translated from French as "superior force," that covers events like natural disasters (acts of God), war, strikes, or pandemics. Invoking force majeure typically requires that the event was unpredictable and that the inability to perform was not due to the party's own fault.” (AI Overview)

ABOUT THE AUTHOR

Kirk Samson, General Counsel at Novaspect and a Fellow at the World Commerce and Contracting Association, is a business leader, experienced legal counsel, veteran, and former diplomat. He has a law degree from the University of Wisconsin, an MBA from Thunderbird School of Global Management, and an MA from the University of Minnesota.  Kirk is an active speaker and commentator on trade, political risk, commercial contracting, and international business trends. He is a director at the International Trade Association of Greater Chicago and Co-Chair of the Chicago Bar Association’s Contract Law Committee

ABOUT NOVASPECT

Novaspect’s core purpose is to improve their customer’s performance through the innovative application of technology.  They do this by engineering, selling, and servicing industrial process controls, valves, and automated control systems. With a commitment to customer success, Novaspect provides a range of services, including valve repair, process automation, and reliability programs. The company is also an employee-owned organization and a member of the Emerson Impact Partner Network.