Many organizations are forming relationships with third parties to perform key business functions for a variety of reasons, including to help reduce costs, increase revenues or share business risks. But commercial relationships can be risky from an internal control and financial perspective, and thus can raise corporate governance and financial reporting issues.Indeed, based on KPMG LLP's research, at least 70 percent of reporting by business partners is incorrect. The reasons for misreporting may vary - misunderstandings, mistakes and occasionally fraud - but they all have a direct impact on the bottom line.
CPAs can provide value to organizations by understanding the risks involved in different kinds of commercial relationships. In addition, CPAs can help evaluate and improve the effectiveness of organizations' efforts to manage contract risks through contract compliance monitoring activities.
The key to commercial relationships
As the marketplace becomes increasingly complex and competitive, organizations are looking for ways to streamline their business processes to improve the bottom line. Many have entered into commercial relationships with third parties to help reduce costs, increase revenues, reach broader markets, gain access to new technologies or share business risks.
You can find examples of these commercial relationships across virtually all segments of an organization (e.g., contract labor, suppliers, outsourced manufacturers, licensees, distributors and resellers, etc.). In many large organizations, individuals enter into contracts at the corporate office level, as well as at business units across multiple domestic and international locations. In fact, contracting activity is often so widespread within an organization that business managers may have difficulty getting their arms around all of it.
In many commercial relationships, the revenue received by, or the amount charged to, an organization is based upon self-reporting by its business partners. However, the individuals responsible for managing commercial relationships may not be familiar with the key contract requirements or fully understand the potential risks to their organizations.
By helping organizations to understand relevant contract risks and implement a compliance program to monitor their commercial relationships, CPAs can assist organizations in demonstrating effective risk management and corporate governance. Through these activities, CPAs can also help organizations identify under-reported revenue or overcharges from their business partners. For example, a licensee's exclusion of royalty-bearing sales in a particular geography may result in significant underpaid royalties.
The risks involved
Although commercial relationships can be a useful cost-saving strategy, they can create significant risks for an organization. Regulators and stakeholders are demanding that organizations enhance their internal controls. In addition, the current regulatory environment has created an awareness that organizations essentially take on their business partners' values and controls as their own.
But when organizations enter into commercial relationships with third parties related to aspects of their operations, they can lose control over business-critical functions. They can also experience severe repercussions if their business partners suffer economic failures.
Further, media coverage of unethical or illegal behavior by close business partners can damage an organization's reputation. CPAs should understand the unique contract compliance risk areas that are associated with different types of commercial relationships (see box).
Noncompliance and misreporting
Ideally, organizations with commercial business partners receive financial and management information that is accurate and reliable. Unfortunately, the lines of communication are frequently inadequate or break down during the life of the contract. KPMG has found that at least 70 percent of self-reported statements are incorrect because of misreporting.
Miscommunication and misunderstanding between the parties - two of the primary reasons for contract noncompliance - are most often due to mismanagement or inattention to detail by one or both parties when writing and performing the contracts. For example, different interpretations between a licensor and a licensee regarding the reporting of a licensed product that is sold as part of a bundled product can result in improper royalties. Less frequently, the communication breakdown is intentional. However, regardless of the reasons for misreporting, it impacts the bottom line.
Reducing noncompliance
CPAs can take several actions to help organizations reduce the likelihood of contract noncompliance and misreporting by their business partners. CPAs can review the contracts and the information reported by business partners in order to help identify complex or ambiguous performance and financial reporting contract provisions. For example, CPAs may want to explore the meaning of comparable products in a supply contract with a "most favored customer" pricing clause.
CPAs can also develop an understanding of an organization's contract management processes and controls to help identify weaknesses that can result in, or fail to detect, noncompliance with the performance and financial-agreement terms. Similarly, CPAs can evaluate the processes and controls of an organization's business partners.
For example, CPAs might assess the nature and extent of a licensor's analysis of a licensee's royalty reports and documentation supporting the licensee's determination of net royalty-bearing sales. In addition, CPAs may gain an understanding of a licensee's processes to determine that all royalty-bearing sales are captured in its royalty reports.
CPAs can help organizations monitor their relationships with business partners. For example, CPAs can assist in developing and implementing a risk-based contract compliance program, or evaluate the effectiveness of an existing program. They can also perform compliance inspections on behalf of an organization to identify whether amounts remitted or charged by business partners comply with the contracts that govern the commercial relationship.
Developing a program
CPAs can help organizations develop a contract compliance program in various ways. They may want to:
* Assess the existing environment: Review documents and conduct personnel interviews to help organizations develop an understanding of the existing contract monitoring processes and procedures.
* Understand the program objectives: Facilitate discussions to help members of the organization agree on the desired program objectives and evaluation criteria.
For example, organizations may want to focus on quantitative aspects - under-reported revenue or overpayments made to vendors and suppliers, and the return on investment from their contract compliance activities. Qualitatively, organizations might emphasize improved quality and timeliness of reporting by business partners, and improved trust and transparency in business partner relationships.
* Recommend improvements: Help to recommend improvements that better align the existing contract compliance practices with the related contract risks, and the approaches successfully used by other large organizations.
In addition, CPAs can work closely with organizations to implement a contract compliance program. They can facilitate discussions to help develop consensus among key personnel across the organization, and help to define the responsibilities of the key departments and personnel. CPAs can also help to develop communication tools that motivate business partners to improve reporting (e.g., a notification letter that describes the organization's updated contract management efforts).
CPAs can also help organizations to risk-rank their business partners. Some of the major risks and criteria to consider include:
* The annual amount of payments and receipts flowing from the contract;
* The period of time since the business partner was last reviewed;
* The findings of previous reviews performed;
* The period of time before the expiration of the contract and the right-to-audit period;
* The organization's overall relationship with the business partner;
* The business partner's financial health;
* The percentage of business partner activity that occurs internationally; and,
* The complexity and differences in business partner agreement interpretation.
Finally, CPAs can assist organizations in determining the nature and frequency of compliance activities based on the perceived risk of misreporting and potential for recovery (e.g., informal inquiry for low-level risk, formal inquiry for mid-level risk, and field analysis for high-level risk).
Compliance inspections
Organizations are generally happy with their business partners and value the relationship. However, they often feel that they are not getting all of the information that they need to effectively manage the contract. As a result, we believe that CPAs should focus on enhancing organizations' relationships with business partners, while identifying under-reported revenue or inappropriate payments.
CPAs can perform contract compliance inspections in three different phases: planning and pre-fieldwork data collection and analysis, fieldwork, and reporting.
1. Planning and pre-fieldwork data collection and analysis. During this phase, CPAs analyze the agreement, gain an understanding of the contract relationship and current reporting procedures, and perform data analysis prior to visiting the business partner's location. These activities help them identify potential noncompliance and misreporting issues to further analyze during the fieldwork phase.
2. Fieldwork. CPAs can interview relevant business partner personnel to obtain an understanding of processes and controls; check the business partner's interpretation of agreements; perform additional analyses, tests and interviews; and compile the findings. We recommend that they maintain regular communication with their client throughout the fieldwork phase to discuss noncompliance indicators identified and determine the extent of additional detailed analysis to be performed.
3. Reporting. Deliverables describe the work performed, summarize the information gathered regarding the third party's contract compliance within the tested areas, and quantify the findings of noncompliance noted. Deliverables can also describe weaknesses that impact the agreement compliance environment, if any, that came to the CPA's attention during the course of the work.
Conclusion
The growing prevalence of commercial relationships has caused organizations to assume increased financial and non-financial risks. To comply with Section 404 of the Sarbanes-Oxley Act, these organizations need to have effective internal controls over financial reporting. Their desire to maximize financial performance and avoid negative media attention has also created an incentive for companies to develop contract compliance programs to manage the risks associated with their commercial relationships.
In addition to identifying under-reported revenue or overcharged expenses, an effective contract compliance program can enhance the relationships between an organization and its business partners by:
* Reducing the element of blind trust;
* Increasing knowledge and information flow;
* Enhancing the client's internal control system; and,
* Fostering business partner behavior that is consistent with the contract terms.
CPAs can provide significant value to organizations by helping them understand the risks associated with different types of contracts, and by assisting in developing and implementing contract monitoring activities to manage those risks.
Kathi Vosicky, CPA, CFE, is a director in the forensic practice of KPMG LLP. Kelly Richmond Pope, Ph.D, CPA, formerly a senior associate at KPMG, is an assistant professor in the School of Accountancy and Management Information Systems at DePaul University. The authors' views are not necessarily those of their employers.
