Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Consulting Law

advertisement 
Consulting Law
Service Levels
Outsource Contracts
Technology Transfer Terms
THE Issues
• Berle & Means, Coase Theorem
Williamson Transactions Costs
• Consulting is Entrepreneural
• Entrepreneurs Increasingly Need
Consulting Services
– Rampell, Catherine, When Job-Creation
Engines Stop at Just One, NYT 10.4.12
• Form Contracting
• Bundle of Contracting
• Scalability, Employee Overhead
MORE Issues
• Client:
– Consulting to Private Sector
– Consulting to Public Sector
• Intra Governmental Consultants: the GAO
• Consulting’s Traditional Sectors: Services
– Legal, Tax, Accounting, HR/Search, Marketing,
Engineering, Strategy, Decision-making, IT,
Security
– Future: IT sub-sectors, eShip Support,
• Master-Servant vs. Client-Independent
Contractor (I/C)
• SLA/SLC
• SAS 70/SSAE 16
Some Persistent Theoretical
Constructs for Outsourcing Analysis
• Theory of the Firm & Transactions
Costs
• Agency Costs, Moral Hazard
• Labor Economics
• Contracting
• Core vs. Comparative Advantage,
Specialization
• International Relations
– Forcing interdependencies
Theory of the Firm
Transactions Costs Economics
• Adam Smith’s “Division of Labour”
• Coase, Berle & Means, Oliver Williamson
• Optimal Form of Organization
– In-house vs. Out-House
• Firms are “Bundles of Contracts”
– InHouse:
• Form Contract,
• Reliable Monitoring
• Fixed Supply
– OutSource:
• Separately Negotiated Contract,
• Monitoring More Costly (SLM),
• Scalability Uncertain (the Hold-Up problem)
Agency Costs
•
•
•
•
•
Moral Hazard
Conflicts of Interest
Monitoring
Incentive Alignment
How do Insource Agency Costs Differ
from Outsource Agency Costs
• Do Any Additional Agency or Other Costs
Accompany OffShore Outsourcing
Contracting Theory
• Form Contracts
– Reduce Transactions Costs
– Development & Negotiation Spread as
Overhead
• Long-term, High-Stakes Crafted
Contracting
– Higher Transaction Costs, High Risks if
Default
• Restrictions on Delegation or Assignment
of Contract Rights
– Personal Services: NO w/o permission
– Generic Services: YES
Incentives to Outsource or Offshore
• In-House Expertise (In)Sufficiencies
– Demand Cyclicality: Under/Over-Capacity
• Supply-Demand Imbalances
– Whose Core Competencies
• ID, evaluate then locating competencies
• Comparative Advantage
• Scale Economies
– Cost Effectiveness:
• In-House Capacity vs. Outside Provider
• Scale Economies & Scarce Supply
Consultancy Contract Strategies
• Vendor/Consultant Incentives
–
–
–
–
–
–
Promise Enough to Win (K)
Vague Language Whenever Possible
Avoid Ironclad Commitments
Maximize & Front Load Compensation
Minimize Legal Exposure
Minimize Reputation Risks
• Client/Customer Incentives
–
–
–
–
–
Acquire Only What’s Necessary
Be Promised More than Needed
Impose Ironclad Duties
Minimize & Defer Compensation
Maximize Remedies
• Ongoing vs. Episodic, Conflicts between
consultant’s lines of business
Justifying an Outsourcing
Some Key Outsourcing Variables
•
•
•
•
•
•
Locus of Specialization
Costs of Activity, Monitoring/QC
Control over Work Performed
Ownership of Work Product
Quality of Work Product
Backups, Substitution, Scalability,
Adaptability
• Hoarding Incentive: Size Buffers External
Threats
OutSource What?
Outsourcing What Activities?
• Traditional 20th Century Outsourced Services:
– Accounting, Advertising, Auditing, Law, Management
Consulting, Investment Banking, Brokerage, IT
Services, Transaction Agency, Employee Recruitment
• 1970s Wave: Manufacturing: components 1st
then finished goods assembly
• 1990s the Modern Wave: BPO
– Business Process Outsourcing
– HR, Call Centre/HelpDesks, S/W programming, ERM/
EDD, ASP, Medical Diagnosis (xRay)
• Contrast with Traditional InSourcing
– Vertical Integration of 19th Century
• EX: Japanese Keiretsu
MOU vs. Engagement Letter
Concluding the Agreement
• MOU vs. an Engagement Letter
• Offer must be exactly mirrored in
Acceptance
• Counter-Offers, Conditional Acceptance
• Statute of Frauds Writing Requirement
• Performance & Assessment
– SLC
• Dispute Resolution
– Malpractice
– ADR, Choice of Law/Forum
Technology Transfer Terms
• Ownership
– Assignment
– License
• Royalties, Fees
– Escrow
•
•
•
•
Audit
NDA
Non-Compete
Scopes: Fields of Use, Duration,
Recourse
Licensing vs. Assignment
• License
– Temporary, Revocable, Non-Exclusive
Right to Use
– Software “sales” really licenses
• Assignment
– Permanent, Irrevocable, Exclusive
Transfer
– Some/All of Bundle of Rights
• Selective Unbundling of Rights
– Exclusivity, Time, Resale, Assignment,
Subicensing Restriction, Territor(ies)
Licensee
• Off the shelf @ computer stores, mail
order or Online
– Reduced transactions costs
• Franchise agreements with software
vendor as franchisor
– EX www.hyperion.com
• Must resolve warranties & consequential
damages ?s
EX: Create Software In-House vs. I/C
• Ownership is key consideration
• Employees v. I/C
– Employees need to be work for hire
– I/C std form agreement
• Likely to be at least some negotiable terms
• Assignment best for buyer
– Owns all, can modify, prevents exact reuse for
competitor
– Price may be too high if vendor’s further sales
prevented
– Compromise: engine (toolbox codes) vs.
custom application portions
Factors Distinguish: Employee/Servants
v. Independent Contractors (I/C)
• Right to control
how product is
accomplished
• Skill of hired party
• Source of tools
and
instrumentation
• Location of work
• Duration of
relationship
• Right to assign
other projects
• Discretion of
hired party over
working hours
• Payment
method
• Regular
business of hirer
• Employee
benefits paid
• Tax treatment
Typical Licensing Practices
• Trade secrets retained by L’or
• Copyright deposit blanks out
trade secrets
• NDA & non-compete to L’ee
• Security measures
– EX: Emp’e NDAs
Basic Licensing Terms
• Field of Use Restrictions:
– Geographic, Time, Line of Business Ltd (no
personal use), # of users
– Display, temporary storage, no archiving,
purge on demand
– Transfer (Resale) Restrictions
• Limitation of Liability; Warranty
Exclusions
• Prohibit/indemnify IP Infringement: ©, ®,
T/S, patents
License Pricing
• Fixed price for deliverable
irrespective of development time or
expenses
• Metering: pay/use/time/MIPS
• Delivery, Installation, Prove working,
Periodic installments, Upgrades
• Hybrid of compensations
• Application Service Providers
Dispute Resolution
• ADR-arbitration
• Litigation
– Venue Vitally
• Limitations of liability, consequentials
& warranties
• Choice of Law/Forum
• What constitutes satisfactory
performance?
• Escrow
Contracting for Consulting or
Outsourcing
• Determine provisional Project
Scope/Assess Internal Expertise
– Multi-disciplinary teams
• In/Out-House reps from all key areas
– IT, legal, 3d party, implicated divisions
– Mutual education defining project & roles
• Survey 3d P vendors
– Retain Consultant to find the consultant
• Outsource to lowcost/low tech vendors
– E.g., photocopying
Contracting for Consulting or
Outsourcing
• Outsourcing-practice of contracting with
outside 3d P to provide service or product
otherwise too expensive, complicated, or
time-consuming to do internally
• EDD Outsourcing is BIG growth indus
• Some respected & reliable vendors using
proven technologies
– However, many new startups w/ unproven technologies
& methods
• Domestic 3d party service provider vs.
Offshore outsourcing?
– Exporting IT-related work from developed nation (U.S.)
to low cost (hopefully stable & reliable) nation
Contracting for Consulting or
Outsourcing
• Price, performance duties, reputation
– RFP, must know project scope
– Developed ERM informs well
– Reasonable Scalability add-ons
•
•
•
•
•
Metrics tied to performance
Remedies for breach reasonably available
Direct experience with client media
Scalability capacity w/in expectations
Who owns, controls client’s data?
Contracting for Consulting or
Outsourcing
• Performing the Consulting Contract
– Perfect Tender Rule
• Specificity of Deliverables, timetables, performance metrics
• Scalability again: accommodating flexibility for client, by
consultant or service provider
– Substantial Performance
– Material Breach
• Standards, Metrics, Legitimacy of Evaluations
• Remedies for Breach
– Client breach: pmts, cooperation
– Consultant or service provider breach
Outsourcing Prospects
(Out)Sourcing Destination?
From Dependant Internal Unit …to:
– Autonomous Internal Unit
– Independent Domestic Service Provider
traditional outsourcing via homeshoring
– Int’l: Mandatory Offshore Agent
• Local, Captive, Required by local law
– Int’l: Offshore Independent Service
Organization (offshore outsourcing)
– Multi-Nat’l Service Provider
• Multi-Disciplinary Practices
Large F&A Consulting Engagements
2008-2010
Smaller F&A Consulting Engagements
2008-2010
Negotiating Service Level Agreements
•
•
•
•
RFPs Typically Start the Process
Must Negotiate Commitment Levels
Must Design Effective Metrics
Foolhardy NOT to Predict Capacity
Needs, Costs, Future Expansion &
Scalability
• SLAs Create Thresholds of Reward &
Penalty
– Define Rights of Termination & PostTermination Transitions
Provisional SLC Definition(s)
• Contractual service commitment
– A/K/A service level agreement (SLA)
– Essential component to enforceable contract
between service provider & client/user
• SLA doc describes minimum performance
criteria
• Sets performance standards obligating service
provider
• Typically defines consequences :
– Remedial actions:
• Penalties for performances below the promised
standard,
• Termination
– Rewards for surpassing promised standard
Service Level Management
• Several functions:
– establishing service goals and objectives,
– linking them with service level targeting, and
– monitoring key performance indicators.
• SLM is Process Design
– Defining SLAs and SLA monitoring
• collecting & analyzing performance data,
• addressing problem areas,
• continually refining the services offered to ensure
expectations are met or exceeded
SAS 70 & SSAE 16:
Outsourcing’s Achilles Heel?
•
•
•
Customer (user) of “Service Organizations” must submit to
audit of outsourced services incl IT services
Service Provider should be obligated under engagement
contract of could simply refuse to submit or cooperate
SAS70 Report: Service Orgs
– in-depth, indep. audit of 3d P serv.org.
•
EX: ASP, bank trust dept, claims process centers, Internet data
centers, data processing service bureau
– Impact on client's (user) control environment
– SOX: cannot offload mgt’s control duties
•
3d P’s include controls over info tech & related
processes
– Uniform Service Auditor's Report of 3d P’s control activities &
processes
•
•
Disclosed to client (user) & client’s auditors
Sarbanes Oxley’s Internal Controls
– Only for Publicly Traded Cos
SAS70 & SSAE 16
• Type I report Service auditor opinion on
provider’s description of controls & their design
suitability
1. whether service organization's description of controls
presents fairly, in all material respects, the relevant
aspects placed in operation as of a specific date, and
2. whether controls suitably designed to achieve specified
control objectives
• Type II report service auditor opinion + testing
1. same items in Type I report, and
2. whether controls tested were operating effectively to
provide reasonable (not absolute) assurance that
control objectives were achieved during a specified
period (6mo)
SAS 70 & SSAE 16
• No duty to submit, cooperate or bind subcontractors
unless user’s engagement letter obligates
• May cause client/user surprise & difficulty
• SAS 70 Compliance could become marketing point
• Opportunity to improve controls following independent
assessment
• Outsourcing to 3d P unable to pass audit can denigrate
client/user audit
• Frustrates quick & dirty cost savings from poorly
managed 3d P serv org
• Outsourcing to 3d P passing SAS audit can justify
outsourcing
• Enables assurances to Client’s customers
• Opportunity to encourage or harmonize 3d P control
technique improvements
SAS 70 and SSAE 16: Introduction
• Outsourcing customer is responsible for the accuracy of
information under securities and other laws.
• Customer is responsible for maintaining proper controls
over its financial information and for reporting on their
adequacy under SourBOX.
• When an entity outsources a function to another entity,
and data resulting from that function is incorporated into
the outsourcing entity’s financial statements.
• If every customer wanted to audit, very disruptive.
• For that reason, service providers have an audit performed
with the audit report being provided to the customers of
the service provider.
• Since 1992 SAS70 has provided the requirements and
guidance for reporting on controls at service providers.
39
SAS 70 and SSAE 16: Introduction
• SSAE 16 superseded SAS 70 for audits covering periods
ending on or after June 15, 2011.
• SSAE16 = Statement on Standards for Attestation
Engagements No. 16, Reporting and Controls at a Service
Organization, promulgated by Auditing Standards Board of
the American Institute of Certified Public Accountants.
• Why the change to SSAE 16?
• SAS 70 is a U.S. standard, and the International
Auditing and Assurance Standards Board issued a new
global standard for audits to report on controls at
service organizations (ISAE 3402).
• To align the U.S. standard with the new international
standard, the American Institute of CPA designed
SSAE 16 to mirror ISAE 3402.
40
SAS 70 & SSAE 16: Similarities vs. Differences
• The procedures required by SSAE 16 are either the same as,
or more rigorous than, those required by SAS 70.
• SSAE 16: Key Differences
• Under SAS 70, management of the service organization
must provide a letter including written representations
regarding the design and control objectives.
• Under SSAE-16, management of the service organization
must provide a written assertion attesting to the fair
presentation and design (and, for a Type 2 engagement,
operating effectiveness throughout the period) of the
controls, which will be included in the report.
– There are specific requirements that management must meet
in order to provide this written assertion, including selecting
appropriate criteria for evaluation and identifying risks that
threaten the achievement of the controls.
– If the service organization relies on controls in place at a
subcontractor, and management’s description of the service
organization’s controls includes the controls in place at the
subcontractor, the management of the subcontractor will also
41
need to provide this type of written assertion.
SAS 70 & SSAE 16: Similarities vs.
Differences
• In a Type 2 report, if the SSAE 16 auditor is using the work
of an internal auditor, the report must include a description
of the internal auditor’s work and how the SSAE 16 auditor
treated that work.
• The assessment of the design and effectiveness of a service
provider’s controls may only be based on evidence
obtained during the period covered by the audit (not from
prior engagements covering a prior period).
42
Related documents
Unit 12 IT Technical Support
Unit 12 IT Technical Support
Explain the role of ICT in international outsourcing
Explain the role of ICT in international outsourcing
Outsource
Outsource
M&M Market Reports - MarketsandMarkets
M&M Market Reports - MarketsandMarkets
Luxury Goods
Luxury Goods
IET Virtual Computer Lab SAS 9.3
IET Virtual Computer Lab SAS 9.3
CIO Roles TMI July 2013 a
CIO Roles TMI July 2013 a
Corp_Presentation - Fast Track Consultants
Corp_Presentation - Fast Track Consultants
Corporate Profile
Corporate Profile
View Our Quick Profile - Prefer Corporate Services Pvt. Ltd.
View Our Quick Profile - Prefer Corporate Services Pvt. Ltd.
Makerere University - African Centre for Statistics
Makerere University - African Centre for Statistics
Download
advertisement