Optimizing Value From Your Business RelationshipsTrust, But Verify

2

Organizations increasingly rely on contract-based relation-ships to support their strategies and advance their goals. Unfortunately, a contract cannot guarantee the success of a relationship, nor does shifting tasks to a counterparty decrease responsibility. Indeed, accountability for perfor-mance under the contract falls on both parties.

Given global business conditions, fulfillment of contractual obligations has become more critical and challenging. Many enterprises rely heavily on other parties to deliver on their behalf. This calls upon parties to contracts to scru-pulously meet cost control, revenue generation, and risk management goals. Yet parties face increasing pressures, and even temptations, that can subvert intentions and undermine performance.

Accordingly, efforts to verify that parties to agreements perform as expected have taken on greater importance. Those efforts go by various names, such as vendor management, contract management, contract compli-ance, revenue assurance, or compliance programs. To explicitly include both their risk management and compli-ance dimensions, Deloitte uses the term Contract Risk & Compliance (CRC) for such programs. Despite its importance, CRC is often overlooked by execu-tives intent on securing favorable contract terms, and by risk managers focused on the insurance, regulatory, security, and legal aspects of contracts. After signing a contract, many executives assume that all parties will perform as expected or that relationship management and risk monitoring mechanisms are in place and functioning properly. Some even behave as if contracts transfer risks to another party, when in fact they may generate new risks, further underscoring the need for CRC programs.

Business relationships depend on trust, but trust is earned over time through dependability, fairness, and sharing of accurate information. Thus, the byword in business may be President Ronald Reagan’s saying, “Trust, but verify.” In that vein, a contractual relationship can provide the context in which parties build trust as they validate and deploy their contract as an ongoing guide rather than a one-time documentation of intentions.

This paper describes the nature, rationale, and practices of CRC programs and updates our initial paper on the subject, More than a Matter of Trust: Managing Risk in Extended Business Relationships, published in 2006. We’ve issued this update because current business conditions have elevated a CRC program from “something to think about” to a fiduciary responsibility and a business imperative.

Why CRC now?Most industries and entities face the prospect of slowing growth—if not contraction—yet executives must continu-ally strive to preserve revenue, control costs, and manage risks. To preserve revenue, the organization must collect all amounts due under new and existing contracts. To control costs, management must verify that business relationships target and achieve cost containment goals. To manage risks, the enterprise must identify and mitigate the risks to which relationships can expose it. Further, regulatory matters over the past several years, such as the Sarbanes-Oxley Act in the United States and similar regulations elsewhere, have focused companies inward, yet the risks that can most impact the bottom line are primarily external to the organization.

A CRC program helps you realize the benefits you aim to achieve in a relationship, while identifying and managing the risks. Such goals are always important, but a CRC program is now among the most advantageous uses of an organization’s resources because:

1. In a slower growth environment, senior managers must capture all of the revenue due and all of the cost savings attainable in business relationships.

2. Business relationships and thus risks multiply with increasing use of outsourcing, joint ventures, and other methods of employing outside entities.

3. Companies must defend their intellectual property and brands from increasingly aggressive pirates and poachers.

4. Management must work to avoid potential liabilities associated with counterparties and their respective activities.

As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

Optimizing Value From Your Business Relationships Trust, But Verify 3

5. Amid workforce reductions, business partners can lose personal relationships and “institutional memory” when people involved in a contract leave their jobs.

6. In hard times, business partners may be tempted to take shortcuts, cut costs, reduce service, or increase their revenue at your organization’s expense.

7. The financial viability of counterparties may become an issue of increasing importance in a stressed economic environment, as may the financial prospects of an industry, a region, or a nation.

8. CRC programs encourage parties to develop and deliver on commitments based on mutual goals, complementary capabilities, and realistically defined costs and benefits.

9. A CRC program’s importance increases in regulated industries, where counterparties’ actions may create exposure in areas such as security, data protection, and business practices.

10. The returns on CRC programs that limit revenue leaks and secure cost savings may far outweigh those of other available investments, particularly during periods of slow growth.

11. The benefits of a first-rate CRC program are not only important now, but will continue when robust growth returns. CRC practices never go out of fashion and always characterize the well-managed enterprise.

In sum, this is an ideal time for CFOs, CROs, audit commit-tees, and other executives responsible for revenues, costs, intellectual property, brand equity, and any outsourcing, joint venture, supply chain, or similar relationship to consider the state of CRC in their enterprises and to quickly bring its functionality to a high level. The business case for doing so is, as we will show in this paper, extremely strong.

First, however, we provide background on CRC gained through formal and informal surveys we have conducted, and from relevant client engagements.

What Exactly is CRC, and Why is it Important?As the name implies, CRC is a set of practices for addressing the risks the enterprise encounters in contracts and agreements that define business relationships and for validating performance under them. Of particular impor-tance are contracts involved in licensing, product develop-ment, sales channel and other alliances and joint ventures, and outsourcing arrangements that extend the enterprise. The relationships take many forms, under the rubric of the extended enterprise, and they are summarized in Figure 1.

Figure 1: Typical Contractual Relationships that Benefit from CRC

Supply-side Relationships

Demand-side Relationships Licensees Infrastructure

• Suppliers

• Manufacturers

• Replicators

• Integrators and installers

• Franchisees

• Distributors

• Resellers

• Advertising agencies

• Retailers

• Fulfillment providers

• Warranty, maintenance, and repair providers

• OEMS

• Co-brand partners

• Joint developers

• IP licensees

• IT outsourcing

• HR services

• Travel agencies

• Legal services

• Benefit providers

• Transaction processing

In Deloitte’s experience with thousands of companies, we find current awareness of CRC and its importance lower than we would expect. While executives who oversee relationships attempt to negotiate favorable contracts, they usually view each one as a discrete event. For instance, licensing a patent or a brand is one thing, outsourcing the call center is another, and a joint product development agreement yet another.

This limited view can be problematic. Clearly, each rela-tionship and contract presents its own characteristics and challenges. But a CRC program helps you discern common contracting goals, activities, and risks, and organizes risk and compliance management into a repeatable, reliable approach. In fact, involving CRC specialists in the drafting of a contract can provide a structured, validated process that will serve the organization well throughout the lifecycle of the relationship.

4

A CRC program provides methods for dealing with the activities and issues that arise around all contracts, including:

• analyzing the economic structure of relationships, the costs and rewards on each side, and how these can be apportioned for mutual benefit

• defining activity and service levels

• agreeing on the content, form, and frequency of reports on activity, service levels, revenues, costs, and other key data

• agreeing on a contract compliance monitoring process—including type and number of metrics—and defining the access of each party to the other’s information and operations and the right to “audit” information and activities

• establishing an internal process to detect significant changes in the original objectives and expected risk profiles

• understanding the risks and responsibilities that each party assumes, while clarifying boundaries

• securing the right to renegotiate the contract and recast the relationship as new information becomes available and conditions change, and including escape clauses and exit strategies for each party

• preventing or resolving conflicts, disagreements, and reporting inaccuracies associated with the contract terms.

A CRC program combines the above activities within a framework for conducting the following activities after the contract is signed:

• managing the relationship to achieve objectives, mitigate risks, monitor controls, and secure targeted benefits

• creating and maintaining awareness of compliance and noncompliance with contracts

• validating the accuracy of information from external parties, and ascertaining that actions of the other party are appropriate

• performing onsite or offsite risk inspections and control reviews.

CRC activities are performed inside and outside the company. Internally, a company must analyze its contract and vendor management practices, communication protocols, and review procedures—and establish processes to monitor information and behaviors of the other party. Externally, a company should discuss its compliance program with its counterparties. In other words, external parties should know you have a CRC program, under-stand its goals and rationale, and realize that you actively manage it—although, as explained below, not necessarily in a punitive or “investigatory” manner. Rather, they should understand that the program not only aims to execute fiduciary responsibilities, but also to optimize the relation-ship by verifying that its benefits accrue to each party.

Optimizing Value From Your Business Relationships Trust, But Verify 5

The Importance of ObjectivityThe CRC program should generally be considered a risk management responsibility, with the same strong ties to financial and operating management that successful risk managers maintain. Program managers must understand the objectives, rationale, and risks related to each business relationship. However, they must understand that they play an advisory role and the risks remain those of the business managers.

Objectivity enables CRC program managers to render sound judgments about performance under contracts. That objectivity also insulates business managers from the compliance function so they can conduct the relationship apart from it. Thus, the business managers focus on the operational aspects while the compliance managers focus on the compliance aspects of the relationship.

That’s important because a Deloitte survey1 revealed that many companies are concerned that CRC activities could damage relationships. In that survey, 61 percent of respon-dents expressed a high level of concern about this. (We summarize the key findings of this survey in Figure 2; the full report of results is available at www.deloitte.com/us/crc.) Yet we also found that setting expectations, commu-nicating clearly, and taking a consistent, collaborative approach to CRC generally allays such concerns.

There is also strong evidence that a CRC program will improve relationships. Not only did the survey support this, but anecdotal evidence from hundreds of projects shows that CRC programs can do so. Contract monitoring becomes much simpler and expeditious when the “facts are agreed and visible.” Employing a reputable, objective, outside party can provide further—and even more credible—insulation for an enterprise conducting CRC inspections.

1 Contract Risk & Compliance Survey: Addressing the Challenges of the Extended Enterprise, 2007

Figure 2: Key Findings of Deloitte’s Contract Risk & Compliance SurveyIn 2007, the CRC practice of Deloitte & Touche LLP published a survey of executives in financial, compliance, internal audit, sales and marketing, legal, and anti-piracy departments regarding their CRC programs and practices. Given the overall environment, we have every reason to believe these findings are equally, if not more, valid today.

Among the key findings were the following:

• Companies frequently miss opportunities to increase their return on investment (ROI) from extended enterprise relationships.

• Many companies fail to associate contract compliance with positive returns, but monetary and non-monetary ROI is extremely common (and often substantial).

• Companies often lack a standard CRC approach and clear ownership, which limits the effective-ness of their CRC efforts.

• Implementation of CRC is more widely accepted by counterparties than many executives might assume—almost 70 percent of respondents said their business partners would expect contract-related inspections or audits.

• Fears are unfounded—less than 1% of external reviews resulted in legal action related to compliance activities.

• Many CRC programs face challenges, ranging from misperceptions about the program to limitations regarding implementation, which can be anticipated and addressed.

6

CRC programs and contracting itself should be used to define, build, and enhance business relationships. We say this not out of idealism, but because using contracts to apply onerous terms, seek unrealistic levels of service, or gain unfair advantage will not produce a good relation-ship. Indeed, the contract should not be the vehicle for seeking terms, but rather the means of documenting agreed-upon terms.

Further, contracts perceived as one-sided can lead parties to violate terms they see as unfair, generate turnover in your relationships, and erode your reputation. Indeed, most violations stem from a party’s misunderstanding of contract terms, for instance, due to ambiguous wording, or from changes in a party’s circumstances, including changes in personnel. In addition, a CRC program helps your organization perform as specified—as part of sound risk management and to minimize future liabilities. A CRC program can also identify and resolve issues before they damage a relationship or grow into large problems.

If anyone in your organization fears litigation, note that the above-cited Deloitte survey found that, over the past five years, over 88 percent of respondents never encountered legal action as a consequence of CRC activities. In that same period, less than 1 percent of execution of contract “audit clauses” resulted in legal action related to compli-ance activities. Still, it is important to define the scope of inspections, conduct them as specified, and communicate openly about them.

A CRC program does not primarily aim to expose dishonest behavior. When dishonesty, theft, or fraud occur, management, or at least most of management, is typically unaware of it until the CRC program uncovers it. Far more common are unintended performance short-falls and breaches of contract. Therefore, parties should not consider a contract-related inspection as punitive. However, if transgressions are noted, penalties should be assessed and paid. For example, contracts often specify penalties if exceptions exceed a specified metric. Such arrangements encourage parties to manage the contract properly, while lack of such arrangements often invites lack of attention or, worse, mischief.

Optimizing Value From Your Business Relationships Trust, But Verify 7

CRC Activities and Processes

As illustrated in Figure 3, CRC activities constitute an end-to-end process, beginning with identifying external rela-tionships and concluding in strong relationships. Phases of the process include the following:

• Identify Relationships: A thorough review of relation-ships and related contracts can remind companies of their contractual obligations and lead to opportunities to improve controls and operations or to negotiate better terms and upgrades.

• Identify Relationship Objectives: Effective risk manage-ment begins with articulating objectives, which helps to identify the barriers to achieving them.

• Identify Risks: Unique risks accompany extended enter-prise relationships, and an organized analysis will identify and prioritize them.

• Analyze Compliance Internally and Externally: Either

party in a business relationship may contribute to “out of compliance” situations. For instance, inaccurate reporting could stem from manual processes used to comply with the contract on either side of the relation-ship, and must be addressed.

• Mitigate Risk and Build Trust: Steps taken to mitigate risk can improve trust, confidence, security, and controls.

Risk Issues of business relationship partners

Vendor selection risk Lack of experience, personnel, financial resources, or physical infrastructure to successfully meet requirements

Strategic risk Activities inconsistent with strategic and financial goals and objectives

Regulatory compliance risk Failure to comply with laws, regulations, industry standards, and internal policies, or to provide adequate oversight

Reputational risk Activities resulting in loss of public trust, damaging reputation or brand

Operational/ technology risk Processes and technology not aligned with business needs for effective and efficient operations

Security risk Inability to protect assets such as information and intellectual property from unauthorized access, modification, destruction, disclosure, or misuse

Vendor performance risk Failure to meet service-level agreement metrics; failure to provide accurate performance reporting

Financial risk Inaccurate or misallocated invoicing for goods, services, fees, and/or commissions

Country risk Geopolitical, social, and economic issues specific to geographic location

Legal risk Inability to enforce terms and conditions of the contract due to legal limitations

Business continuity risk Lack of tested plan to recover and resume critical business process after an unplanned service interruption

Exit strategy risk Lack strategy and/or contract terms allowing for orderly termination of a business relationship

Figure 3: Risks That Arise or Increase in Business Relationships

As your organization initiates or modifies its CRC program, it’s useful to determine the suitable mix of preventive and detective activities in the program.

• Preventive: Preventive activities, such as communicating expectations or suggestions, should be conducted in advance of contract execution or detective procedures. Clear processes and controls help prevent mistakes and should include some monitoring of contracts and behaviors of the parties. Preventive activities usually involve risk assessment. Although preventive controls can be established in the counterparty’s environment, they typically reside within the company’s own processes.

• Detective: Many compliance activities, including moni-toring and trending, are “detective” in nature, as are onsite record inspections, control analyses, market data analyses, and secret shoppers2. For example, when a company initiates a compliance inspection of a distrib-utor or licensee, a detective methodology can analyze the historical data and test the systems at the external site. Detection, by definition, involves analyzing historical data, completed activities, and reported amounts and often involves some level of review at the external facility.

Although detective activities can be performed apart from preventive activities, combining the two will produce the most effective program.

2 Often called upon in the consumer business and retail industries, “secret shoppers” monitor, evaluate, and report on compliance, quality, physical environment, and customer service.

8

Specific Areas where CRC Generates BenefitsTo convey the workings and benefits of a CRC program, we provide a few examples:

Revenue Leakage in Sales Channel and Licensing RelationshipsThe Question: Are you getting all the revenue you’re entitled to?

The Problem: Revenue leakage is becoming more common given the use of sales channels and licensing agreements for intellectual property, brands, and processes. Usage and sales may be more difficult to track than in ordinary product or distribution contracts, particu-larly in licensing and royalty arrangements.

For example, the royalties due to a pharmaceutical company from its manufacturing licensee are based on the licensee’s reported net sales. If the licensee underreports sales, the pharmaceutical company loses royalty revenue.

The Opportunity: A CRC program can increase visibility into the sales reporting process and provide an opportunity to inspect sales figures. Statistical methods can account for sales trends and variances, and corroborate that terms related to sales periods or sliding scales are met. CRC enables a company to use its own data to highlight areas of risk and to quantify potential revenue leakage through analysis of external parties’ records.

Cost Control in Supply Chain RelationshipsThe Question: Is the company overpaying suppliers?

The Problem: Complex contracts often govern major expenditures, from volume rebates to preferred vendor incentives to advertising agency fees. Yet calculations by vendors often use data not always visible to management. This increases the risk of overcharges, overpayment of rebates, and unwarranted discounts.

For example, are advertising agencies passing on only legitimate expenses? Have distributors met the criteria for claimed rebates? Are favorable pricing mechanisms such as “most favored customer” properly executed? In such situations, the sheer complexity and volume of data and calculations can generate errors.

The Opportunity: CRC can reduce the risk of overpay-ments and promote timely detection and recovery of overpayments that do occur. It can capture lapse dates for offers, identify incorrect allocation of volume to periods for discounts or incentives, and prompt suppliers to exercise more rigorous control in these areas.

Enterprise Risk ManagementThe Question: Are relationships’ objectives and risks aligned with the organization’s business strategies, risk appetite, and controls?

The Problem: Proliferating relationships and contracts, particularly across a large enterprise, can generate hidden exposures and additional non-compliance costs.

The Opportunity: A CRC program can standardize an organization’s approach to all contracting activities as well as to controls and compliance, and help to eliminate duplicate, redundant, or overlapping activities. It can also help the enterprise marshal information technology (IT) support to automate monitoring and control activities.

Optimizing Value From Your Business Relationships Trust, But Verify 9

Control of Warranty ExpenseThe Question: Are warranty claims legitimate?

The Problem: Manufacturers lose millions annually due to improper warranty claims. Additionally, indirect losses—related to parts availability and stock levels, biased quality metrics, customer dissatisfaction, and so on—have been estimated by some to be a multiple of several times the direct losses. Warranty exposure takes many forms, including lack of understanding of entitlements, zealous customer service agents, mistakes in third-party processing centers, falsified reports, abuse of entitlement, inflation of services, and parts theft.

The Opportunity: CRC efforts involve prevention and detection. For prevention, personnel are trained to recognize and prevent issues by understanding the risks, penalties, and de-accreditation conditions. For detection, an experienced team can monitor data, design mecha-nisms to flag potential anomalies in data and behavior, and monitor channels where warranty parts and products are resold. Once detected, errors can be addressed—and deterred through improved accreditation and auditing procedures.

Control of Outsourced IT ServicesThe Question: Are IT service providers delivering contracted services at agreed service levels and costs? The Problem: Organizations outsourcing IT functions such as application development, maintenance, and support lose millions annually due to lack of vendor performance. Losses can occur when services are not provided and service-level management processes are inadequate or service-level metrics are inaccurate or incomplete. Exposure can take the form of internal inefficiencies, loss of customers, regulatory noncompliance, and payment for services not provided at levels specified in service level agreements (SLA). The Opportunity: CRC efforts involve identification and compliance assessment of contract provisions. These efforts focus on metrics reflecting strategic and SLA objectives, proper tracking of data, and accurate billing for services. Processes to address contract compliance issues are provided to the company’s vendor management organization, and processes are established for continuous service level improvement.

10

CRC Program Design

A sound CRC program recognizes the business’s strategies, identifies relationship goals and risks, and addresses them in contracts. A CRC program leverages the contract terms and gauges compliance to optimize business relationships. Given this, a CRC program design must take the following six factors into account:

Business Objectives of the Relationship1. : Consider and prioritize revenue recovery, cost optimization, controls assurance, operational efficiency, and other goals for each relationship and for your CRC program.

Contract Complexity2. : Identify, analyze, and, to the appropriate extent, standardize contract structure across business functions and external parties, as well as perfor-mance metrics and audit clauses.

Company Culture3. : Consider the extent to which the company and counterparty are control-focused, along with cultural characteristics and respective roles.

Compliance Program Owner4. : Sales, internal audit, finance, legal, and other “owners” will establish different business objectives and may hold different attitudes toward compliance—all of which must be balanced and reconciled into a coherent program.

Future Relationship and Expectations5. : Establish short- and long-term relationship goals and build collaboration and trust to achieve them.

Timing of Renewals6. : Consider seasonal variances in volume, new product launches, and similar issues that could affect the contract renewal cycle.

Various business objectives will drive various degrees of collaboration within the program. For instance, if coun-terparties believe that the inspector excessively pursues monetary advantage, they may delay inspections or interrupt their progress. On the other hand, if vendors and counterparties expect that inspections will be objective and perhaps result in shared knowledge or process improve-ments they may be more open to them.

CRC ChallengesAlthough a well-run CRC program is simply good business, as with any initiative, establishing or strengthening a program calls upon champions and change agents. Among the most significant issues for them to address are the following.

Relationship Management IssuesPositive ways to frame the program, internally and externally, so as not to damage relationships include:

• describing the role of CRC in realizing the advantages to each party as specified in the contract

• emphasizing your desire for results-driven management of service delivery and quality control, and your counter-party’s ability to use these methods with their providers

The Right FitCRC programs may take one—or both—of two basic forms:

Event Driven: An event-driven CRC program is established to address situations as they arise, with responses implemented as needed. This approach is useful for companies that want to address specific issues or incidents, such as a compliance risk or suspected violation. The event-driven program may also interest companies that want to develop profi-ciency and more robust contracts before embarking on a full-scale program.

Program Driven: Most companies aiming to optimize their relationships prefer an ongoing CRC program. A program-driven approach offers a comprehensive yet flexible, highly effective structure.

One-size-fits-all schemes should be avoided in favor of programs tailored to the company. Variables to consider include types of risks (see Figure 3), location, and control methodologies.

Optimizing Value From Your Business Relationships Trust, But Verify 11

• citing your need for transparency in dealings with external parties and the benefit of transparency to them

• discussing the need to maintain the security of informa-tion and the privacy of any potentially affected parties, such as customers

• describing your requirement for controls, compliance, due diligence, and good governance throughout the extended enterprise

• citing experiences that demonstrate that CRC programs help, rather than harm, relationships.

Many companies engage an outside party to help establish and conduct their CRC programs. Deploying an objective party to collect information or perform inspections can create the aforementioned “insulation” for the people in the relationship, and many business partners are more comfortable with that arrangement. Indeed, many contracts require that an outside party perform compliance “audits.”

Cost Justification:While the costs of CRC may concern some companies, a dramatic return on investment is common. In one case a company recovered US$4 million in royalties for a fee of US$130,000 related to its CRC program. In another case, a company incurred costs of less than US$3 million over a few years and generated some US$100 million in findings.

Of course, returns depend on the business objective and the CRC activity. A royalty inspection will typically yield monetary returns, while a vendor risk assessment may deliver less prolific returns but may add important benefits, such as enhanced communication or peace of mind. Either way, CRC provides value that can more than offset its cost.

Contract IssuesAnother potential hurdle resides in existing agreements. For instance, a contract may lack an audit clause suffi-cient to authorize a compliance inspection; however, this can be addressed through a request for an inspection or an amendment to the contract. Many opportunities to improve contracts arise upon renewals. In the meantime, companies may consider letting external parties know they are considering enhanced CRC.

12

The Case for CRC

Reasons to seriously consider initiating, formalizing, or reinforcing a CRC program include the following:

• CRC will help you identify missing revenue your company has earned through a licensee, channel, or other business relationship, and help limit revenue leakage. A leading consumer goods company routinely identifies underreported royalties that are ten times the compliance inspection costs.

• A CRC program can help contain costs by preventing unnecessary or inaccurate payments and monitoring relationships more efficiently. One major technology company has identified several hundred million dollars of misreported transactions.

• A CRC program can help you rationalize relationships

that aim to control costs. For instance, a number of companies have outsourced their IT centers (or brought them back in house) after thoroughly reviewing service levels, quality, and comparative costs and benefits.

• CRC increases the transparency of controls and enables you to mitigate risks in relationships, including reputa-tional risk, legal liability, and risks to intellectual property. A global software company discovered 15,000 pirated software licenses in Europe, with a street value of about US$1.5 million.

• A CRC program will identify and prioritize the risks of business relationships. Boards of directors are now showing interest in relationship risks, given several publi-cized incidents of money lost, in part due to trusting without verifying.

• In that same vein, you cannot outsource risk. Also, a counterparty’s risk may become your risk. For instance, when a company outsources customer support, customers consider the agency an extension of the company—and regulatory bodies may do the same.

Challenging economic conditions strengthen the business case for CRC programs. The ROI will remain healthy and may become more attractive relative to that of alternative investments and other uses of finance, risk management, and auditing resources.

A CRC program can demonstrate that external parties exercise proper diligence and promote trust in the extended enterprise. When contracts state their objectives along with monitoring procedures that aim to achieve them, the relationship has a sound foundation. This does not guarantee perfect performance. Yet it does indicate that each party accepts high levels of accountability for their performance, and that will certainly increase trust.

Risk Intelligent Contract ManagementA CRC program falls within the framework of Risk Intelligence, Deloitte’s approach to managing risk, which comprises a philosophy and a set of practices that:

• account for the full spectrum of risks in business decisions and activities

• cut across “silos” to provide an integrated, organiza-tion-wide view of risk

• consider upside opportunities as well as downside possibilities

• identify, avoid, mitigate, detect, and report on risks in comprehensive, cost-effective ways

• provide a common language and context for risk management

• allocate risk management resources based on the importance of the threats and opportunities.

A full-fledged CRC program puts Risk Intelligence into practice. It examines contract risk & compliance across the spectrum of decisions and activities, bridges silos, and leverages expertise and processes. It considers upside opportunities, such as revenue capture and cost control, as well as downside possibilities, such as risks to intellectual property and other assets. It provides a context for managing compliance activities based on the relative risks each business relationship poses.

For more information on Risk Intelligence, visit www.deloitte.com/riskintelligence.

Optimizing Value From Your Business Relationships Trust, But Verify 13

Most organizations implement CRC programs to improve the efficiency and effectiveness of their contract moni-toring processes, and to improve processes that involve business relationships. In our experience, the ROI impacts of CRC efforts kick in quickly, often in a matter of weeks.

It is natural that some unrealized revenues or cost savings occur after a relationship is up and running, and a CRC program addresses such situations. It is also natural for trust to either increase or decrease over time. When clear expectations are set and facts and figures evidence a record of dependability, trust increases. In the absence of clear expectations and facts and figures, trust can erode. A CRC program also sets a context and becomes a vehicle for each party to communicate about risks, rewards, results, and concerns regarding the relationship, enabling each to realize the benefits of trust in a commercial rela-tionship: faster execution, improved reporting, warning of potential problems, increased peace of mind, and enhanced profitability.

Although these practices are always important, in these challenging times it’s vital to validate that your vendors, service providers, and outsourcing partners do

Realizing the value of CRC

not succumb to pressures to control their costs at your expense. It’s equally important to verify they are deliv-ering on service levels with the quality of deliverables and qualified personnel that they committed to deliver.

Similarly, an uncertain economic climate make it more important than ever to verify that revenue due under royalty, licensing, and other agreements is properly accounted for and remitted.

A CRC program helps an organization move forward, even under adverse conditions. It provides a framework for diligent application of the basics—defining and implementing the goals, roles, management practices, performance metrics, risk controls, periodic inspections, and occasional course corrections—that keep an extended enterprise on track.

Think of it as a game plan for team play in tough times.

14

ContactsDavid ZechnichGlobal Leader – Contract Risk & ComplianceDeloitte & Touche LLPSan Jose, CA+1 408 704 4560dzechnich@deloitte.com

Luis CastroDeloitte & Touche LLP Houston, TX+1 713 982 2970lcastro@deloitte.com

Julie ConnorsDeloitte & Touche LLPParsippany, NJ+1 973 602 6098jconnors@deloitte.com

Tim DavisDeloitte & Touche LLPSeattle, WA+1 206 716 7593timdavis@deloitte.com

Tony DeVincentisDeloitte & Touche LLP New York, NY+1 516 918 7750tdevincentisjr@deloitte.com

Barbara EhlersDeloitte & Touche LLP Baltimore, MD+1 410 576 6709behlers@deloitte.com

Kevin FriedDeloitte & Touche LLP San Jose, CA+1 408 704 2786kefried@deloitte.com

David HodgsonDeloitte & Touche LLPParsippany, NJ+1 973 602 6869dhodgson@deloitte.com

David MaberryDeloitte & Touche LLP Los Angeles, CA+1 213 593 4672dmaberry@deloitte.com

Brent NickersonDeloitte & Touche LLPSan Jose, CA+1 408 704 4786bnickerson@deloitte.com

Steve ReveszDeloitte & Touche LLPSan Jose, CA+1 408 704 2421 srevesz@deloitte.com

Eric RingleDeloitte & Touche LLP Detroit, MI+1 313 394 5263eringle@deloitte.com

Tom ToppenDeloitte & Touche LLPChicago, IL+1 312 486 2137ttoppen@deloitte.com

Contacts and Acknowledgements

Optimizing Value From Your Business Relationships Trust, But Verify 15

Global ContactsEric HespenheideGlobal Managing PartnerInternal Audit ServicesDeloitte & Touche LLP+1 313 396 3163ehespenheide@deloitte.com

Luisito AmperDeloitte Philippines+63 2 8120535lamper@deloitte.com

Hans BootsmaDeloitte Netherlands+31 88 288 1546HBootsma@deloitte.nl

Elizabeth BrownDeloitte Australia+61 2 9322 5372ebrown@deloitte.com.au

Martin CarmuegaDeloitte Argentina+54 11 4320 4003mcarmuega@deloitte.com

Simon ChardDeloitte UK+ 44 20 7007 2849schard@deloitte.co.uk

Philip ChongDeloitte Singapore+65 6216 3113pchong@deloitte.com

Jan CorstensDeloitte Belgium+32 2 800 24 39jcorstens@deloitte.com

Linur DloomyDeloitte Israel972 3 6085 5423LDloomy@deloitte.co.il

Siviwe DongwanaDeloitte South Africa+27 0 11 806 6052sdongwana@deloitte.co.za

Olivier DutartreDeloitte France+33 1 40 88 75 11odutartre@deloitte.fr

Hugh GozzardDeloitte China+ (852) 2852 5662huggozzard@deloitte.com.hk

Michael W. JonesDeloitte UK+44 121 695 5826mwjones@deloitte.co.uk

Cuneyt KirlarDeloitte Turkey+90 212 366 60 48ckirlar@deloitte.com

Raj KrishnamoorthyDeloitte Canada+1 416 601 6245rkrishnamoorthy@deloitte.ca

Jong Ick LeeDeloitte Korea+82 2 6676 1000jongicklee@deloitte.com

Peter Brock MadsenDeloitte Denmark+45 36103605petermadsen@deloitte.dk

Patricia MuricyDeloitte Brazil+55 21 3981 0500pmuricy@deloitte.com

Andrea MusazziDeloitte Italy+39 02 8332 2610amusazzi@deloitte.it

Jayashree NarayananDeloitte India+91 80 6627 6109jnarayanan@deloitte.com

Budi Nata RahardjaDeloitte Indonesia+62 21 231 2879 ext.3125brahardja@deloitte.com

Kumiko UmemuraDeloitte Japan+81 3 4218 7232kumiko.umemura@tohmatsu.co.jp

Gema Moreno VegaDeloitte Mexico+52 55 5080 6324gmorenovega@deloittemx.com

Heinz WustmannDeloitte Germany+49 89 29036 8814hwustmann@deloitte.de

Jimmy WuDeloitte Taiwan+886 2 2545 9988 ext: 7558jimwu@deloitte.com.tw

Yvonne WuDeloitte China+86 21 6141 1570yvwu@deloitte.com.cn

Yoon Chong YeeDeloitte Malaysia+60 3 7723 6508ycyee@deloitte.com

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and

independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member

firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries

© 2009 Deloitte Development LLC. All rights reserved.

Member of Deloitte Touche Tohmatsu Item # 9047

AcknowledgementsThe following made significant contributions to the development of this publication:

Elizabeth Brown

Simon Chard

Jan Corstens

Erin Ennis

Kevin Fried

Hugh Gozzard

Eric Hespenheide

Kristian Park

Terrie Perella

Steve Revesz

William Ribaudo

Henry Ristuccia

Jeffrey Schmied

Linda Strovink

Yvonne Wu

Dave Zechnich