In the last chapter of our series, we introduced the concept of using a risk register and a materiality table to qualify and quantify risk exposures. Building on that foundation, this chapter focuses on how these tools can influence the Risk & Contract Review process. While, it may seem unconventional, to take a formal risk-based approach to contract reviews, doing so adds tremendous value by systematically identifying and addressing potential risks before contract execution.
Before the advent of modern technology, organizations often relied on a “buck slip” process for document circulation and approval. A document would move from one manager to the next, gathering signatures as each reviewed and approved it. Although this method may seem outdated today, it emphasizes an important principle—multiple layers of oversight are necessary, particularly when it comes to contracts.
Risk management should be one of these crucial layers, becoming a required approval point for the executive responsible for executing the contract. By formally integrating risk management into the contract review process, organizations can ensure that risks are properly evaluated and addressed before any binding commitments are made.
This approach not only mitigates potential legal, financial, or operational exposures but also fosters a culture of risk awareness across the organization. Early involvement of the Risk Management team can help shape contract terms, align them with the organization’s risk appetite, and, ultimately, contribute to more informed decision-making.
Contracts are an integral part of nearly every transaction, whether for services, purchases, leased space, or “Work” (as defined in construction agreements). When Party A enters into a transaction or agreement with Party B, it is vital to consider how the risks of that contract are being managed between the parties. For the purposes of this discussion, we will refer to Party A as the Owner—the party contracting for services, work, or other obligations, typically, holding the purchasing leverage.
It is important to examine, both, the intended risk-related provisions in the commercial terms and how the final contract language reflects that intent. Often, there can be a discrepancy between the initial intent and the actual language in the contract, which can impact how risks are allocated and managed.
Contract Management and Risk Management
Contract management is one of the most critical opportunities for companies to, effectively, manage risk, making it essential that the negotiation and execution of contract terms are approached with care and precision. Consistent terminology throughout the contract is vital, yet from a risk management perspective, it is often overlooked during the drafting process. Inconsistent or vague language can lead to misunderstandings and unintended risk exposure.
Several key contract provisions significantly impact risk transfer and should be carefully evaluated:
- The Scope of Work (SOW) or Scope of Services (SOS) – needs to be clear as to what is each party’s responsibility. That underscores and supports the “duty of care” which potentially can be breached. When making comments, remember to be clear as to the requirements of the counterparty in areas such as site security, site safety, employee training, credentialing, and, if appropriate, background checks and security clearance.
- Indemnity Clauses – These provisions specify which party is responsible for losses or liabilities arising from the contract. Clearly defining the scope of responsibility in indemnity language is crucial to avoid disputes and prevent unintended liability. Nuances in wording, such as “arising out of” versus “resulting from,” can have significant implications for how broadly the indemnity applies. Additionally, it’s important to consider state-specific indemnity guidelines, as laws governing indemnity clauses can vary widely. The phrase “to the extent permitted by law” is often included at the beginning of an indemnity provision to ensure compliance with the applicable state laws, adding a layer of protection to avoid overstepping legal boundaries.
- Limitation of Liability – This clause caps the financial liability of a party under the contract. Risk Managers should carefully consider how the limits align with the company’s risk tolerance and the specific exposures of the contract.
- Insurance Requirements – The contract should, clearly, specify the types and amounts of insurance each party is required to carry. Properly drafted insurance provisions make sure that both parties have adequate coverage, mitigating the impact of unforeseen events.
- Force Majeure – This clause addresses unforeseeable events that prevent a party from fulfilling its contractual obligations, such as natural disasters or pandemics. A well-drafted force majeure clause can protect a company from liability during events beyond its control.
- Warranties and Representations – These terms outline the promises and assurances made by each party regarding the performance of the contract. Carefully reviewing and negotiating warranties can limit exposure to risks associated with non-performance or defective work.
- Insurance Requirements – These provisions act as a critical “back-stop” to the risk a contracting party assumes under the agreement. In many cases, insurance requirements serve to protect the party accepting the risk, preventing potential financial impact to their balance sheet that could lead to insolvency. Setting appropriate limits and coverage is crucial, as these decisions should be made thoughtfully and with commercial awareness. By doing so, each party can fully realize the benefits of the insurance protection, ensuring that the agreed upon risk exposures are adequately covered without exposing either party to undue financial vulnerability.
- Defend me – Seek defense from the counterparty in the contract as many standard insurances will provide that defense to the party who is named as an additional insured. In past editions of the standard General Liability policy the words “even if any of the allegations of the suit are groundless, false or fraudulent” and while, today the provisions provide defense of any suit, the concept applies.
Discussion of the Actual Process…
When starting this process, it is essential to articulate and agree on the risk appetite for project, so the financial impact of a contract provision (or several contract provisions) can be aligned with this measure and can be appreciated by the project team. This will be significant when applying a standard Red-Amber-Green (RAG) scale to assess and message the materiality of risks.
We are often asked to review contracts and collaborate with a client’s legal advisor to clarify provisions and ensure proper insurance terminology. We use a risk matrix (like the one below) to highlight key contract provisions and risk related items for the commercial and legal teams. It is vital to review the entire contract and associated proposals to ensure that the contract terms govern, and the intent of risk transfer is clear.
Risks should be categorized as insurable or non-insurable to help establish reasonable requests for the counterparty to shift the risk. Some risks can be easily and clearly transferred between parties, while others may need to be shared or limited to create a balanced risk matrix within the contract. It is also important to communicate those retained risks and the potential financial impact of those risks to (your) organization to (your) project team.
When creating the Contract Risk Register, consider the sample provided below as a guide for evaluating contract provisions. The ALS Group utilizes the contracts database linked to the project, which helps establish the risk appetite and align it with the RAG scale. Regardless of the system used, having a methodical approach to track comments, responses, and rank them by materiality will improve the overall Project Risk Profile.
Insurance Implications with Contract Compliance
Once the contract terms, including insurance provisions, have been agreed upon, it is important to assess the counterparty’s ability to support the risks they have accepted and ensure their insurance coverage complies with the agreed terms. This is no small task, especially, for complex projects. A thorough review of the counterparty’s insurance policy, including all terms, conditions, exclusions, and warranties, is necessary.
In relation to the original purpose of the Risk Register, one key mitigation strategy for a transferred risk may be the insurance in place. However, if the insurance policy includes exclusions or limitations, it could undermine the entire risk transfer strategy, leaving the project exposed. Therefore, it’s essential to ensure that the insurance coverage fully aligns with the intended risk transfer.
Insurance Exclusion Applies! Don’t let this happen to you!
Be sure to, personally hire a qualified party to review, the “evidence of insurance” provided by the counterparty. The best approach is to request full copies of their insurance policies and conduct a thorough, detailed review of them. This ensures that the coverage aligns with the agreed upon terms and that there are no hidden exclusions or limitations that could jeopardize your risk transfer strategy.
Many insurers today require a fully executed contract by both parties to trigger coverage. Ensuring that the contract is finalized and signed by both parties is a crucial step in securing insurance protection. A properly structured contract, combined with a clear and demonstrable effort toward compliance, strengthens the enforceability of indemnity provisions and helps safeguard your risk transfer strategy.
A Word of Caution
Implementing a proper contract process can be tedious, time-consuming, and often feels never-ending, but the return on investment is undeniable. By removing exposures to loss that should have been transferred to others, you improve your risk profile. This, in turn, provides leverage for insurance professionals to negotiate more favorable premiums and coverage, effectively, reducing your Total Cost of Risk (TCoR).
Maintaining a methodical process and exercising patience are key. Securing buy-ins from your commercial team on the efforts required to avoid or manage risks will help them appreciate the value of the risk reduction you are aiming to achieve, benefiting the entire organization in the long run.