Make compliance your domain

GREGG BARRETT THE CGF Research Institute (www.cgfresearchinstitute.com) will be releasing its report on contract management and its role in Governance, Risk Management and Compliance (GRC) soon. Having done the Peer Review for the report, I can say that it should be a useful strategic overview on the topic for senior executives and hopefully, a wake-up call to many. The report has been spurred by market demand and I am pleased that CGF has drafted the report. CGFs chief executive Terry Booysen is passionate about GRC matters and is extremely knowledgeable about the topic. Judging by the recent headlines that crossed my computer screen, the report could not have come at a more appropriate time. Some headlines include: Sita bungles smart ID card tender, Controversy hits R153m Cipro tender, Telkom defends tender actions and Transnet corruption damages rail deal. I covered the topic of governance in the context of procurement in an earlier article and thought it would be wise to delve into what compliance means in the context of organisational contracts and agreements. I would like to refer to the book, Enterprise Contract Management (ECM): A Practical Guide to Successfully Implementing an ECM Solution by Anuj Saxena. Co-sponsored by the International Association for Contract and Commercial Management (IACCM), it arguably serves as the de facto guide on the topic. In the book, Saxena says: Compliance involves an organisations behaviour in its relationships with its employees, shareholders, customers, suppliers and the public. Since the terms of such relationships are documented in a spectrum of contracts (including legislation, agreement, resolutions and the like), enterprise contract management is an essential compliance function. Myths and illusions Before I deal with the compliance domains relevant to organisational contracts, I would like to highlight a few of the myths and illusions many organisations live by and, in so doing, expose themselves to substantial risk. The myths and illusions are from my colleague, Brian Henry, at Caridon Business Solutions and are the comments he has received from the marketplace over the years. I can identify with each of these points some of them I have heard verbatim. They are: ) Contracts are easy to manage I sent all mine to legal.

)Theres a lot of paper here. Better look into getting a proper document management system.

) IT must get their act together and up their systems. Its time we put in SAP. ) All are signed and therefore under control. ) To be avoided safer not to enter into contracts. ) Should never sign if you can help it. Let someone else sign. )Contracts are legal issues and nothing to do with me. ) Something to do with procurement and suppliers, not my department. )Responsibility of the boss. ) Kept centrally by someone in head office. Such thinking has disastrous consequences and corrective action should be taken as a matter of urgency, I suggest that you should at least get your hands on the CGF report. The compliance domains There are three major ones in an enterprise. They are the: )Regulatory compliance domain (governmental and legislation) )Procedural/operational compliance domain (in an organisations business functions) )Contractual compliance domain (between an organisation and other entities) When people talk about compliance, it must be determined what domain they are referring to because different domains have different actions and outcomes. For example, if people talk of Accounts Payable or Accounts Receivable, this is transactional compliance and is part of the procedural/operational domain. Demystifying each domain Regulatory compliance domain: Regulatory compliance is defined as the compliance to mandates imposed by outside organisations or government. Contractual management must address regulatory compliance in detail as the consequences of not meeting such regulations is grave and results in costly penalties or a cessation of business opportunities. Procedural/operational compliance:

Saxena says this is an organisations attempt to self-govern and impose guidelines so that each transaction is in line with the boundaries it has created to ensure success. Such procedures govern the type of sales an organisation conducts, the type of vendors it procures

goods and services from and the type of communication it makes available to inside and outside audiences. Contractual compliance domain: Contracts have life terms and stipulations that must be heeded to make the contract effective. This includes proper payment, reporting and renewal. As contracts continue to determine issues that include employment, sales, vendors, grants, loans and supplies, they must be monitored so that the organisation and the party to which it binds fulfil their responsibilities for mutual profitability. Contracts must also remain visible while remaining secure against unlawful access or changes. The real world You may be saying this sounds good but that a real-world example is needed. I wrote about the rail company Burlington Northern and Santa F (BNSF) Railway previously so lets check there. BNSF says its contract management initiative allowed the organisation to better define and enforce many corporate policies and business processes something that sparked the start of its corporate governance initiative. This allows BNSF to track and audit these processes and the responsibility of the people participating in each step. This ensures proper diligence and allows people to take personal responsibility for their actions. BNSF is just one example of many companies that understand the importance of contracting and its impact on governance, risk management and compliance efforts. The bottom line is that if you are not in control of your contracts, you are not in control of your business and governance, risk management and compliance is nothing but a pipe dream. BNSF Railway presentation, NCMA (www.ncmahq.org) ) Gregg Barrett is a director at Cylon Technology www.cylon.biz ) E-mail margaret.botha@media24.com with any queries or suggestions