Contract Management: Improving Corporate Governance

The Sarbanes-Oxley act places stringent guidelines on corporate governance, and many executives are hurrying to bring their companies into compliance. How can a contract management system help?

The Sarbanes-Oxley act places stringent guidelines on corporate governance, and many executives are hurrying to bring their companies into compliance. How can a contract management system help?

The business press in recent months has been dominated by waves of corporate scandals, and several well-respected companies have had to dramatically restate their earnings. It's not surprising then that a poll of corporate executives taken by Kennedy Information, publisher of Shareholder Value magazine, found that 46 percent said these scandals have harmed the way investors viewed their companies. ("In Corporate America It's Cleanup Time," Fortune Magazine, September 2,2002, By Jerry Useem.)

"Investors increasingly demand full transparency of accounting policies and their effects," ("Firms Still Fall Short on Disclosure, SEC says," Washington Post, February 28,2003 by Kathleen Day) the SEC noted in a "guidance" that detailed its expectations for annual reports. In July of 2002, legislators passed the Sarbanes-Oxley Act to help re-establish trust in corporations. The most sweeping change in corporate governance since the Great Depression, the Sarbanes-Oxley Act is designed to prevent corporate and accounting fraud by increasing the transparency of corporate finances, policies and practices.

The Sarbanes-Oxley Act mandates that corporations develop sound internal controls as well as provide timely and accurate disclosure of financial information to investors. The Act also specifies oversight and penalties to enable enforcement of these requirements. While most corporations focus on aspects of the Sarbanes-Oxley Act that govern financial transactions, the Act also has implications for the commercial contracts that underlie each financial transaction. This is an area that most companies today are ill prepared to manage. Contract management software has emerged as a powerful solution that provides organizations with greater visibility into contracts, enabling the control and disclosure necessary to comply with the requirements of the Sarbanes-Oxley Act.

The Role of Contract Management in Improving Corporate Governance

Good contract management is critical for enabling corporations to fully comply with several key Sarbanes-Oxley Act provisions including certification requirements, rules requiring enhanced internal controls and disclosure mandates. "Sarbanes-Oxley is sending a wake up call to many executives who realize they had better get a handle on the commitments being negotiated in their corporations," according to Tim Cummins, executive director of the International Association of Contract and Commercial Managers. "Yet even now, many are turning to the General Counsel in the expectation this will fix the problem and provide instant answers. In come cases, it probably will; but in many it is going to lead to frustration. There is a world of difference between 'contracts' and 'contracting'  one is a document, the other is an end-to-end business process."

The Sarbanes-Oxley Act's certification requirements place tremendous responsibility on CEOs and chief financial officers (CFOs) to guarantee the accuracy and reliability of all financial information in their 10K and annual reports. The financial information that appears in these reports is a snapshot of what actually happened in the previous financial period. This, in turn, is often driven by a set of underlying contracts that detail what should have happened.

Consider the example of a software company signing a complex five-year agreement comprised of licensing, professional services, maintenance and training fees. The contract may have several milestones linked to service delivery that determine when revenue can be recognized. The contract may state that the customer pay for professional services when the contract is signed. Yet, according to Generally Accepted Accounting Principles (GAAP), the company may only be able to recognize the revenues in the quarters when the services are actually delivered. The financial statements certified by the CEO must accurately reflect these contractual complexities.

The Sarbanes-Oxley Act also states that corporate officers must design and evaluate internal controls to ensure the accuracy of any information linked to the financial condition of the company and of the company's financial results. To comply with this portion of the Act, corporations must put in place good internal controls to ensure that contracts are written and managed according to tight internal standards. Any exceptions to these standards must go through appropriate reviews and approvals, and an audit trail must be maintained.

Finally, the Act mandates enhanced disclosure to ensure that stakeholders have adequate visibility into financial dealings within the company. This means that companies must disclose the details of contractual relationships with various entities. According to the SEC guidance, regulators could consider "even a technically accurate application of generally accepted accounting principals" misleading if it failed "to communicate important information," such as potential risks of off-balance sheet debt, arrangements, contingent obligations and relationships with unconsolidated entities. To make adequate disclosures, companies need to be able to easily access specific terms and conditions and track risks contained in their contracts.

The State of Contract Management Today

The vast majority of companies today, however, do not have the desired level of control over their contracts, according to a comprehensive and extensive survey on industry challenges and best practices in contract management conducted by Nextance. The survey consisted of interviews with C-level executives and managers at more than 100 Global 2000 corporations as well as members of contract management industry associations seeking to promote industry best practices and the development of the contract management profession. Key findings included the following:

  • Contract Creation and Accessibility: To meet the requirements of the Sarbanes-Oxley Act for good internal controls, companies need good automated workflows to standardize the contract development and review processes and minimize inconsistencies. Audit trails are necessary to track how modifications to standard contracts were reviewed and approved. Yet, few companies have implemented such automated workflows. Because paper-based contract systems are still the most prevalent form of contract management, large, geographically distributed organizations have a difficult time accessing their contracts. More than 80 percent of respondents said that simply finding their contracts was an area of concern, and most said they would be unable to locate up to 10 percent of their contracts.


  • Contract Risk: Signing a contract always creates some risk exposure to any company since contracts entail commitments and obligations. Yet, 26 percent of the companies surveyed do not use pre-approved templates for creating contracts that contain standard language designed to minimize risk. And, when new language is added to the contract  which can potentially increase risk  34 percent of the companies surveyed have no formal risk evaluation process before the contract is signed. As a result, 71 percent of the companies surveyed said contractual risk is a major area of concern. The Sarbanes-Oxley Act also requires companies to accurately disclose these contractual risks to their boards and investors. Yet, three out of four companies did not have a reliable system in place to alert key parties when a contractual risk was triggered.


  • Revenue and Cost: More than half the companies said they were unable to analyze their contracts by vendor or customer, limiting their ability to optimize contract performance. Over 40 percent said they could realize large incremental revenues and cost savings through better contract management.

Overall, the survey revealed that the vast majority of companies do not have the desired level of control over any of the four key areas of the contract lifecycle: creating contracts, gaining visibility and access, managing commitments, and tracking contractual risk. The direct result of this lack of internal control has been an inability to provide stakeholders and audit committees with adequate visibility into complex contracts and contractual risks.

Contract Management Software: Meeting the Challenge

Companies wanting to speed business operations, maximize profitability, reduce contractual risk and, most importantly, demonstrate compliance with the requirements of the Sarbanes-Oxley Act should consider creating a plan of action for improving their contract management operations. One way of doing that is with contract management software, which enables the central creation and storage of contracts electronically and the automation of the contract lifecycle delivering better contract performance.

Using the contract risk management tools that are in contract management software, organizations can better track important risk elements, such as contingencies and interdependencies. It is also easier to monitor and enforce regulatory requirements. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines standards and requirements for maintenance and transmission of health information that identifies individual patients. Organizations must ensure that their dealings with "business associates" adhere to the privacy regulations. Business associates include organizations that receive health information from a covered entity and those who receive or create protected health information on behalf of a covered entity (e.g., lawyers, auditors, third-party administrators, billing firms, disease management vendor, utilization management software, prescription benefit management company). The regulation requires covered entities and their business associates to have a written contract that binds business associates to the same use and disclosure limitations as the covered entity. Health care organizations are using contract management systems to ensure that all their contracts with business associates are written and managed in compliance with HIPAA regulations.

When an external event such as a bankruptcy or non-performance by the other party triggers a contractual risk, notifications can be automatically sent to the right people within the organization who can proactively respond to the risk. Finally, such systems offer flexible and configurable reporting capabilities that meet both the day-to-day operational requirements for contract managers and the disclosure requirements of the Sarbanes-Oxley Act. Contract managers can use these reports to keep track of information such as contract expiration and milestone completion. CFOs can report on the risk exposure across contracts such as total outstanding leases or forward purchase commitments.

The corporate scandals of the last 18 months have resulted in investor skittishness and an erosion of trust among corporate institutions and leaders. Corporate boards and leadership need to regain that trust by demonstrating commitment to higher standards of accountability and adherence to provisions of the Sarbanes-Oxley Act. The proper contract management system can give managers the tools necessary to increase internal controls in managing contracts. Simultaneously, such a system can provide investors with a higher level of transparency and disclosure into what is truly going on in a business.

Kirk Krappe is the president and CEO of Nextance, an enterprise software company for managing contracts and commitments. Gopi Kallayil is director of Strategic Marketing at Nextance.