ManagingRisk.ppt
Transcript of ManagingRisk.ppt
![Page 1: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/1.jpg)
Managing Risk on IT Projects - A
Legal Perspective
April 19, 2006
By:Matthew Peters, PartnerMcCarthy Tétrault LLPBarristers & Solicitors1300 – 777 Dunsmuir StreetVancouver, B.C. V7Y 1K2Direct Line: (604) 643-7162Direct Fax: (604) 605-5265E-mail: [email protected]
![Page 2: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/2.jpg)
2
Overview
Context for discussion Deal Risks Generally Detailed review of the Risks: The
Problems and Some Solutions The Economic Model and Risk Q&A
![Page 3: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/3.jpg)
3
Context for Discussion
Assumptions: We are talking about medium to large scale
IT projects, with an emphasis on large scale projects
Focus: On the customer side (but not exclusively) Rationale: The customer is typically the
side that must ensure risks are managed
![Page 4: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/4.jpg)
4
What Risks?
RFP Risk Project Completion Risk Service Delivery Risk Legal Liability Risk Regulatory Risk Relationship and Governance Risk External Risks
![Page 5: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/5.jpg)
5
RFP Risk
Some Problems:RFP does not complete Customer picks the wrong vendor Not enough Vendors respond Vendors perceive the process as unfair Vendors waste time and money bidding on
projects they cannot or should not win Vendor consortium falls apart or slows the
process down Vendors “run all over” the customer
![Page 6: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/6.jpg)
6
RFP Risk (continued)
Some Solutions:Have a clear vision of the project Customer needs to do early due diligence to
validate the project Run a fair, transparent process with
knowledgeable procurement people involved
Transparency into the vendor bids so that there can be meaningful negotiations
Vendors need to do due diligence on the customer and the project before bidding
![Page 7: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/7.jpg)
7
RFP Risk (continued)
Customer needs to obtain its approvals as early as possible
Customer needs to do sufficient due diligence on the vendors
Customer needs to have visibility into the vendor consortium to the level that the customer is comfortable that the relationships are being properly managed
![Page 8: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/8.jpg)
8
Project Completion Risk
Some Problems:
• IT projects tend to be over budget, late or worse, they don't complete at all
• The wrong people are involved or the right people leave part way through
![Page 9: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/9.jpg)
9
Project Completion Risk (continued)
Some Solutions:Over budget, late or worse . . .
milestone payments holdbacks performance guarantees using license fees as a "holdback" detailed specifications attached to original
agreement tight change control process with "ordinary
course" carve out contingencies fixing realistic dates
![Page 10: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/10.jpg)
10
Project Completion Risk (continued)
• People Risks:Ensure that you have the right people from
the beginning: customer team vendor team externals including:
lawyers stakeholders SMEs
![Page 11: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/11.jpg)
11
Project Completion Risk (continued)
Ensure that you do not lose the right people during the project:
key personnel provisions subcontractor provisions
![Page 12: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/12.jpg)
12
Service Delivery Risk
Some Problems:
• Service levels are left until after signing
• The vendor is not delivering the services in accordance with the service levels
![Page 13: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/13.jpg)
13
Service Delivery Risk (CONTINUED)
Some Solutions:
•Service levels should be attached to the agreement. If this is not possible, the customer needs an exit ramp.
![Page 14: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/14.jpg)
14
Service Delivery Risk (CONTINUED)
•What will incent the vendor to deliver the services in accordance with the service levels?Traditional approach:
Service Level Credits per service weightings and point process
Think outside the box: Ask the vendor what motivates their
people internally
![Page 15: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/15.jpg)
15
Service Delivery Risk (CONTINUED)
Other ideas include: dashboards and other reporting processes executive compensation/performance bonus
tied to service delivery governance and meetings root cause analysis and remediation plans SLA credits directly applied to problem (note
that cash should be in the customer's hands until approved)
incentives for over-performance SLA adaptability over time and due to
different circumstances
![Page 16: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/16.jpg)
16
Legal Liability Risk
Some Problems: • Who bears the risk of loss if things go
wrong? • Vendors want to limit legal liability
Some Solutions:• What risks should be borne by the
customer?Things within the customer’s control (such
as approvals)
![Page 17: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/17.jpg)
17
Legal Liability Risk (continued)
• What risks should be borne by the vendor?Things within the vendor’s control (such as
delivery) IPOthers
• What risks should be shared?Cap on liabilityConsequential damages Insurance as a way to share liability
![Page 18: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/18.jpg)
18
Regulatory Risk
Some Problems:• Both the customer and the vendor may be
subject to certain regulatory or policy requirements. Who bears the risks of non-compliance? This is particularly relevant in situations where there continue to be dependencies between the parties. e.g. privacy laws, consumer protection, FI laws
• Consequences include both legal liability and perception risk
![Page 19: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/19.jpg)
19
Regulatory Risk (continued)
Some Solutions:• Ensure that baseline compliance is met in the
contract• Ensure that each parties responsibilities are
clearly delineated with processes to identify, early on, when a failure has or will occur and attribute appropriate responsibility
• Know when the baseline is not enough determine this in advance signal this to the vendor early in the process address PR issues associated with that
![Page 20: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/20.jpg)
20Relationship and Governance Risk
Some Problems: • Relationship cannot adapt over the
length of the contract• Parties cannot effectively communicate
and address difficulties in the relationship
• No process to escalate problems and resolve them before they become bigger problems
![Page 21: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/21.jpg)
21Relationship and Governance Risk (continued)
Some Solutions:
• Establish a clear, tiered governance structure that is also used for dispute resolution
• The process should accommodate regular meetings, including at the highest levels
• The right people need to be involved. Neither party should let the other party get away with appointing the wrong people to this process
• Arbitration/Mediation
![Page 22: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/22.jpg)
22
External Risks
Some Problems:• External factors (such as a labour disruption)
affect the project • Political will of both parties over the course of
the relationship
Some Solutions:• The Force Majeure trap:
Often overlooked Vendor slips in “any other factors beyond the vendor’s
reasonable control” You can drive a truck through a clause like that
![Page 23: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/23.jpg)
23
External Risks (continued)
Be specific – what is in and what is out. This determines who bears the risk on these issues and who should have alternative arrangements in place
Acts of God Labour disputes Subcontractor problems
• When can the parties pull the plug?• BCP/DRP• Political Will Risk
What if a party’s “political will” changes? Address with exit ramps and appropriate allocation of risk and economic costs
![Page 24: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/24.jpg)
24
The Economic Model and Risk
There should be transparency into the economic model in order to determine risk premiums, contingencies and other costs associated with risk
The parties need to determine what risk premiums are appropriate in the economic model and what risk premiums are not appropriately reflected in the model
![Page 25: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/25.jpg)
25The Economic Model and Risk (continued)
For example, if SLA contingencies are being layered on top of the economic model then the customer needs to ask itself why the vendor is assuming it will fail to deliver the services.
• Watch out for duplicated risk premiums:e.g. insurance costs, SLA contingencies, and
overhead can all be covering the same risk
![Page 26: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/26.jpg)
26
QUESTIONS?
![Page 27: ManagingRisk.ppt](https://reader035.fdocuments.net/reader035/viewer/2022070315/5551133cb4c905b1138b49ec/html5/thumbnails/27.jpg)
27
VancouverP.O. Box 10424, Pacific CentreSuite 1300, 777 Dunsmuir Street Vancouver BC V7Y 1K2Tel: 604.643.7100 Fax: 604.643.7900
CalgarySuite 3300, 421 – 7th Avenue SWCalgary AB T2P 4K9Tel: 403.260.3500 Fax: 403.260.3501
LondonSuite 2000, One London Place255 Queens AvenueLondon ON N6A 5R8Tel: 519.660.3587 Fax: 519.660.3599
TorontoBox 48, Suite 4700 Toronto Dominion Bank TowerToronto ON M5K 1E6Tel: 416.362.1812 Fax: 416.868.0673
OttawaThe ChambersSuite 1400, 40 Elgin StreetOttawa ON K1P 5K6Tel: 613.238.2000 Fax: 613.563.9386
MontréalSuite 25001000 de La Gauchetière Street WestMontréal QC H3B 0A2Tel: 514.397.4100 Fax: 514.875.6246
QuébecLe Complexe St-Amable1150, rue de Claire-Fontaine, 7e étageQuébec QC G1R 5G4Tel: 418.521.3000 Fax: 418.521.3099
New YorkOne New York Plaza, 25th Floor New York NY 10004-1980 U.S.A. Tel: 212.785.6410 Fax: 212.785.6438
United Kingdom & Europe5 Old Bailey, 2nd FloorLondon, England EC4M 7BATel: +44 (0)20 7489 5700 Fax: +44 (0)20 7489 5777
mccarthy.ca