Contract risk and compliance: Is stability possible in the current environment?
Minimizing contract risk and increasing contract compliance used to be one of those topics that elicited mild interest at best from oil and gas executives. While it is true that internal audit groups have always spot checked contracts for compliance, most of these groups simply have not had the resources or the compelling motivation to focus on contract compliance as a thorough and ongoing discipline.
The recent oil price collapse, however, has revitalized interest in this characteristically staid subject: companies must cut costs, and reduce erroneous and/or excessive contractor charges as an effective way to save substantial sums. But there is a catch. O&G companies routinely deal with hundreds of contractual relationships across a vastly extended enterprise. Can such complexity be managed in a way that will not overwhelm internal resources? Is overall contract stability even possible in an environment characterized by difficult financial conditions and complicated operating models?
Deloitte & Touche recently examined these questions and arrived at an interesting point-of view: Minimizing contract risk and enhancing compliance is possible, but highly improbable if companies don’t take a measured and proactive approach. This approach should be built upon an expansive definition of the extended enterprise and take into account both financial and operational contract risks. Furthermore, companies can no longer afford to act only when an issue presents itself.
A majority (nearly 40% of respondents) of the petroleum executives who participated in a recent Deloitte & Touche webcast on the matter said that their companies don’t perform ongoing contract reviews unless a problem arises. The key to realizing savings and recouping revenue, both now and moving ahead, is to establish a robust, sustainable contract management process — one that can be made more efficient and cost-effective by leveraging some of the new automation processes that are now available (both to identify potential overcharges and/or erroneous charges or as an ongoing monitoring process for more recent contractor charges).
Defining the contractual universe
Many O&G companies do not have a complete picture of their contractual relationships because they may not think broadly or deeply enough when defining the extended enterprise. When considering whom they do business with, most companies naturally focus on suppliers and contractors, but in reality the extended enterprise goes well beyond that.
A true extended enterprise encompasses every entity with which a company transacts such as construction firms, distributors, oilfield service companies, joint venture partners, engineering service firms, travel agents, and IT outsourcing vendors. It also extends through the primary contractual relationship, for instance with a large oilfield service provider, to include all the joint ventures, sub-contractors and acquisitions that a corporate headquarters has made.
A guiding map, called a Contractual Risk Relationship MapTM, can be extremely helpful in organizing and defining this contractual universe. Deloitte & Touche uses the map to help companies inventory their contractual relationships across their business-process lifecycles. An upstream O&G company, for instance, could use such a map to help identify whom it does business with and the types of contracts it has in each major business process from exploration through plug and abandonment; a midstream company from gas gathering and separation through terminal operations; and a downstream business from managing capital projects to feedstock purchase, refining and wholesale marketing operations. Remarkably, each process within the lifecycle often involves 40 to 50 types of contracts — all of which have inherent risks.
While the task is highly detailed, it is vitally important for companies to understand what their contractual relationships are across their major processes and how these can impact the business. Only then can they move forward in controlling costs by enforcing compliance and managing contractual risk more effectively.
Financial sources of contractual risks
Once the contractual universe has been defined, companies can begin the task of assessing their exposure to contractual risk and identifying areas where cost or revenue leakage is likely to occur. Several common risk indicators provide helpful clues regarding the potential for erroneous charges. These include:
- Unclear and/or complex contract terms on agreements pertaining to participation/exploration and joint operations, leading to ambiguous interpretations.
- Lack of ability to validate the costs and operational controls of contractors due to limited transparency.
- No active monitoring and validation of Joint Interest Billing (JIB) invoices, transportation invoices, purchaser payments, and storage statement – as well as a heavy reliance on information provided by counterparties.
- No independent assistance to help validate the operator’s cost reporting system, division of interest maintenance process, and reversion calculations.
- Inadequately defined or documented expectations related to timing of payments and receipts.
These indicators share a common denominator: lack of strong communication with the contractor. For instance, contractors may just send a summary invoice, without providing visibility into how they assembled the charges — or the procurement department may make rate-sheet changes to the purchase order but fail to relay them to contractor and other internal team members, or similarly, the contractor may fail to cascade the changes to the appropriate personnel.
Operational sources of contractual risks
Many contractual risks also stem from issues related to capital projects. From an operational point of view, there are four areas where many common contractual risks originate:
- Project costs — Escalation of project costs is the most common type of contract risk in capital projects, and it is the area of greatest concern to participants in a recent Deloitte & Touche webcast. Today, it is not unusual to see cost increases of 20% to 40% over the course of a project. These hikes are frequently related to increased commodity costs as well as rising labor fees due to competition from other projects and a shortage of skilled workers.
- Execution — Often a project will have a compressed or an unrealistic time frame for completion, thus creating another common source of operational contract risk. All of the elements in a fast-tracked project must be synchronized to achieve the schedule and the target budget and a delay in one area can quickly impact others. The relentless focus on cash flow in today’s market also poses a risk as owners take steps to get projects on stream as quickly as possible. For instance, owners sometimes provide instructions that are intended to expedite the project but that also increase costs, leading contractors to believe they are entitled to a change in their contract prices. Additionally, with so much pressure on all parties, contractor performance issues are increasingly becoming contentious, often escalating into costly disputes.
- Operational — Contractual risks related to use of leading-edge technologies in capital projects is a growing area of concern. Increasingly, the technologies that have been proposed for a project by a contractor may not have been fully developed, leading to rework after the detailed design is complete or to change requests from the contractor that ultimately become disputed items. Post-project reviews from owners and government agencies such as the Occupational Safety and Health Administration, or OSHA, also heighten risks. These examinations typically involve evaluating the design and construction of a project and assessing quality assurance and control documentation. Discrepancies found therein can often have repercussions to the owner and the contractor.
- External events — Political and security concerns as well as acts of nature that result in project postponement often mushroom into contractual disputes. There have been several instances in Venezuela, Nigeria and Russia, and even domestically in Texas, where projects have been cancelled after significant expenditures have been incurred by owners and contractors. These situations bear significant risks and liabilities if not properly addressed in the governing agreements.
Risk mitigation strategies for financial areas
Deloitte & Touche’s field experience suggests that O&G companies may be losing an average of four to seven percent in some cases on contract spend. This will depend on several variables such as contract type, contract complexity, known risks such as duplicate charges/overcharges, and the company’s monitoring process. In our experience, most of this leakage occurs because the people doing the detail work either are not checking for the right controls or are not familiar with the contract or the changes to it that are coming through. A robust contract review and administration process is necessary to sharpen their focus. This process organizes the contract universe according to risk and establishes mechanisms for regularly monitoring contractor compliance. It involves:
- Inventory by type of contract — Define the contract universe and organize according to annual spending and contract type.
- Risk assessment —Score each contract type based on key criteria, risk ranking them by high, medium and low classifications.
- Contract administration review — Assess whether or not your company has the right internal controls. Map out your contract administration process to identify gaps and to better understand the company’s controls around contract reviews. Develop a list of the top 20 or so items that should be examined when an invoice comes through . The contract administration review could also include inspections over system controls such as system access by contractor/segregation of duties, project/contractor spend reviews (e.g., budget vs. actual), and contractor incentive controls (e.g., performance metrics aligned with contractor performance).
- Contract inspections — Test key financial, operational, safety, environmental, and “other” clauses for compliance. While it is impossible to scrutinize everything, dig in and check supporting documentation for the most important and costly items such as labor, material, equipment, per diems, multipliers, overhead allocations, travel expenses, etc. Assess the potential for recoveries and remediation.
While manual contract compliance inspections can be tedious and time-consuming, new processes can expedite things by automating the analysis of contract invoice data. Deloitte & Touche’s D-SCAN, for instance, enables users to create customized queries to analyze contract invoice data, such as labor charges, material charges, fringes, cost allocations (e.g., per diems, overheads and consumables), union charges and other key items. The process can run a multitude of customized queries to produce exception reports alerting management to potentially duplicate, erroneous or excessive charges. D-SCAN helps streamline the contract review and administration process by making it possible to analyze large quantities of contractor data on an ongoing basis.
The D-SCAN process is based on a five-step approach that includes diagnostic and analysis phases, as well as assessment, communication and program-evolution stages. Methodologies such as D-SCAN allows companies to quickly and easily monitor prior costs for overcharges and also monitor new charges as they come up on a regular basis.
Risk mitigation strategies for operational areas
Mitigating contractual risks requires more than just the latest technologies, however. It also requires a robust administrative process built on leading practices. One such practice is managing risk over the capital project lifecycle. A project will go through different phases, or stage-gates, and each will introduce different risks. Meanwhile, other risks will become more or less important as the project progresses.
An upfront risk assessment that identifies key risk drivers and their impacts on meeting project goals lays the foundation for managing risk over the course of a project. Based on this assessment, companies can then monitor performance trends and changes in risk drivers to enhance predictability and reduce the likelihood of costly surprises in violation of contract terms.
Another leading practice centers upon organization and governance. Many projects fail to involve experts from procurement, finance, tax, legal, and other specialty areas early enough in the project lifecycle to make a difference in determining the contract structure, protecting the owner’s interests through appropriate contract clauses, and establishing effective reporting mechanisms. Most owners would not think of running a multi-billion dollar business without a CFO or a tax advisor — or without sufficient staffing — yet they frequently run capital projects this way. Having the right project team and an organization that is capable of supporting it is critical to the project’s success.
Another leading practice involves building controls into business process models that give management visibility into the project’s performance over time. These controls take several forms, including management reporting, establishment of leading key performance indicators, adequate segregation of duties, and periodic assessments and audits. For example, a periodic cost assessment could reveal that 50% of a project’s contingency budget has been used, while the project is only 30% complete. This type of control indicator would raise a flag that the project team may be experiencing unplanned cost increases and schedule delays.
Stop the bleeding and boost the bottom line
More and more O&G companies are discovering the benefits of a robust contract compliance process that includes a program of ongoing contract inspections. For instance, companies often gain visibility into risks associated with existing contracts that were previously ignored. Additionally, they can often improve their business relationships by sharing reliable information with contractors and working with them to implement mutually beneficial processes.
However, in a world where companies are hard pressed to save money, the bottom-line provides the most compelling reason to implement a stable, repeatable approach to contract risk and compliance. By using Deloitte & Touche’s D-SCAN process, for example, one company was able to efficiently identify potential recoveries of $9.4 million in overcharges from seven contractors. These overcharges represent a potential recovery of 4.4% of the $212.9 million in total spend for these contracts. The overcharges were the result of incorrect labor charges and straight time/overtime hours that were over the daily or weekly maximums – as well as incorrect and/or invalid per diem charges, incorrect and/or invalid union charges and duplicate materials invoices.
About the authors
Claude Francescott is a senior manager in the Capital Projects Consulting Group in the Houston office of Deloitte Financial Advisory Services LLP. He has more than 30 years’ experience on major international and domestic engineering and construction projects. Francescott has served in a variety of project management, finance, and accounting positions across a broad array of industries and international locations. He has conducted management and financial controls assessments of significant capital projects to improve delivered performance and mitigate operational risks. He has conducted construction cost assessments including evaluations of cost incurred, budget and schedule analysis, and has provided project oversight and management reporting on major international capital projects.
Luis Castro is a senior manager with Deloitte & Touche LLP and leads the Mid-America Contract Risk and Compliance practice, which includes eight states. He has more than 15 years’ experience in Internal Audit, Contract Risk and Compliance, and Accounting reviews. At Deloitte, he has performed contractor and internal audit reviews for a variety of clients on a global basis. The CRC reviews include contract inventory and risk assessments as well as contract administration reviews.