In recent weeks, news headlines have drawn attention to risks that businesses, governmental entities and other organizations may be exposed to when engaging third-party contractors to assist with IT projects.
This blog is not intended to pass comment on any particular controversy implicating IT contractors or procurement matters. However, the broader public conversation about IT project risks may be prompting organizations to ask themselves about their own current and future IT engagements. It is in anticipation of these questions that we have prepared this blog to highlight certain key risks associated with IT projects and how these risks can be partially mitigated through effective contracting strategies.
Cost escalation and reputational risk
In the IT contracting context and particularly when preparing statements of work, IT contractors will often focus on a project’s end result instead of the path the IT contractor will take to achieve that result. This can create an unclear picture of how the work will be performed and what obligations and responsibilities each of the IT contractor and organization have to achieve that result.
Unclear or imprecise billing and invoicing practices can also make it difficult for an organization to understand project charges and the associated value (if any). When service and payment details are lacking, it creates uncertainty for the project and may make it difficult for the organization to hold its IT contractors accountable. In particular, the absence of these details can create cost escalation and also delay risks for the organization engaging the contractor. And, particularly in the case of governmental entities, poor IT contracting practices may also cause reputational risk if a project is viewed by the public as having gotten out of hand.
Risk mitigation in IT contracts
To mitigate IT project risks, contracts can be (and routinely are) drafted to include protections for businesses, governmental entities and other organizations engaging IT contractors to keep the project on-track. Below we will highlight certain contractual measures that can be used by organizations to help control costs as well as increase transparency and accountability in relationships with their IT contractors.
Cost control
There are several ways IT contracts can be drafted to help control project costs. Choosing a fixed-price contract instead of a time-and-materials contract, for example, is often a good strategy for controlling costs. In these arrangements, the IT contractor commits at the beginning of the project to deliver for a specified price, creating price certainty. Payment is often tied to the achievement of project “milestones” that are also defined at the project’s beginning. This puts the onus on the IT contractor to make measurable progress towards the project’s goals before they are paid.
Another way to control project costs – or at least discover the scope of the costs early on – is to prepare a detailed statement of work setting out the project specifics before the work starts. Unfortunately, it is not uncommon for statements of work to be a single page and describe only the project result, without giving any insight into the specific tasks the IT contractor will perform to achieve that result or how long the project will take. Negotiating a detailed statement of work brings discipline to the project and can play an important role in controlling costs. Specifically, the statement of work can be used as a means of defining the work that the IT contractor is authorized to perform and will be paid for. If the IT contractor performs work that is not specifically authorized, then the organization may not be required to pay for this work. Further, it is in the statement of work where payment milestones can be defined, clearly connecting performance of specific tasks and also serving as a tool for measuring project progress.
Contractor accountability
There are a number of contractual tools that can be implemented to help ensure IT contractors remain accountable for the charges they invoice for. One such tool is contractual language setting out in detail the requirements for IT contractor invoices. For instance, the contract may specify that all invoices must include itemized charges and be supported by additional documentation such as staff time sheets and expense receipts. The contract may also include a broadly-stated discretionary right for the organization to request additional information from the IT contractor to support invoiced charges. These contractual rights can help bring clarity to IT contractors’ charges and provide the organization the means to investigate questionable charges where appropriate.
Similarly, IT contracts may be prepared to include audit rights that gives the organization the right to access and review certain financial and business information in order to validate charges that are invoiced.
Additional rights and remedies
By implementing and using the contractual tools described above, the organization may discover that an IT contractor has inappropriately charged for work that was not performed or work that was performed but not authorized. IT contracts can be prepared to call out these scenarios and specify that this type of conduct represents grounds for the organization to terminate the contract.
Further, the IT contract can specify that any limitation of liability the IT contractor may have negotiated for itself will not apply if it commits fraud or willful misconduct. This can be critical if the IT contractor’s conduct has caused the organization losses in excess of the IT contractor’s limitation of liability, which might otherwise operate to prevent the organization from fully recovering all of its losses.
Takeaways for your organization
The contractual measures described in this blog post are just some of the ways that a well-drafted IT contract can bring discipline to an organization’s project and empower the organization to ensure increased transparency and accountability in its relationship with the IT contractor. It bears noting that including these contractual measures in your IT contracts is often only half the battle, and realizing the value of these and other measures largely depends on an organization’s ongoing internal care and diligence after the contract is negotiated. Nevertheless, when wielded by engaged management, operations, accounting and legal personnel, these contractual tools can be effective in mitigating delay, cost escalation and reputational risk.
The lawyers in the MLT Aikins Privacy, Data Protection & Cybersecurity group have extensive experience in drafting and negotiating IT project contracts, and helping our clients mitigate key project risks like those described in this blog.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.