THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS 8/25/2015. August 27, 2015

THIRD-PARTY RISK: HOW TO BETTER

UTILIZE ENERGY VENDOR AUDITS

Shane Torkelson, CPE, CISA, CIA

Director – Enterprise Risk Solutions storkelson@bkd.com

• Participate in entire webinar

• Answer polls when they are provided • If you are viewing this webinar in a group

 Complete group attendance form with • Title & date of live webinar

• Your company name

• Your printed name, signature & email address

 All group attendance sheets must be submitted to within 24 hours of live webinar

 Answer polls when they are provided

• If all eligibility requirements are met, each participant will be emailed their CPE certificates within 15 business days of live webinar

TO RECEIVE CPE CREDIT

Upon completion of this program, participants will be able to  Describe what’s included in an effective vendor management program

 Discuss the benefits of utilizing vendor audits in their business

 Identify the main steps in executing an efficient vendor audit

 Recognize the process for establishing a vendor audit program

• Organizations across many industries, including energy, have outsourced business processes to cut costs, create efficiencies or remove non-core functions

• Managing these relationships with third-party service providers & vendors can be challenging & present risk to an organization • A structured vendor management program can address

challenges & risks

OUTSOURCING OVERVIEW

Outsourcing business processes comes with certain risks. Third-party considerations that warrant monitoring may include

potential risk of

 Overcharges/erroneous invoicing (e.g., duplicate payments, incorrect billing rates, discounts not applied, billing for goods/services not received, etc.)

 Reputational damage

 Non-compliance with contractual terms & conditions (e.g., insurance requirements, due diligence, regulatory compliance (FCPA), etc.)

 Inability to meet critical performance expectations (e.g., JIT delivery, completion milestones, volume/quantity, product quality, etc.)

 Financial stability of vendor (i.e., going concern issues)

VENDOR MANAGEMENT LIFECYCLE

conditions with proper approval by necessary parties

MONITOR • Process of evaluating

performance & verifying compliance with contract PAYMENT

• Invoice approval & payment process CHANGE

CONTROL • Approval procedures for

changes to contract (scope & price)

COMPLETE • Project or deliverables is

completed per contract & vendor evaluated

Monitoring activities include processes for evaluating vendor performance & their compliance with the contract. Example activities include

Consistent monitoring of key performance indicators (KPIs) throughout term of contract(s)

Periodic validation of operational requirements (e.g., insurance, compliance, background checks, etc.)

Annual/bi-annual vendor appraisal program

Periodic vendor audits

Contract Compliance Audit: The review & assessment of a third party’s compliance with financial & operational provisions of an executed contract

In addition, to be an effective control in commercial relationships, vendor audits may also help companies

Avoid financial, legal or reputational risks

Identify potential cost recoveries

Eliminate waste or excess spending

Identify & mitigate process &/or control gaps

Detect unapplied credits

Identify & eliminate contract ambiguities before they become an issue

BENEFITS OF VENDOR AUDITS

VENDOR AUDIT OVERVIEW

In order to define the scope of a vendor audit program or narrow down those contracts deemed critical to review, an organization needs to understand their contract universe

How many contracts does the company have?

How many different types of contracts does the company use?

What will be the period used for inclusion in the vendor audit program?

CONTRACT UNIVERSE

Both quantitative & qualitative considerations should be

included in risk assessment

What is the dollar amount of spend associated with contract?

Has vendor had significant budget overruns in the past?

Does contract have multiple amendments or change orders?

Is contract with third party experiencing financial difficulties?

Is contract considered risky or complex given nature of goods or services to be performed?

What is age & expiration of contract?

• From contract risk assessment, vendors & contracts are selected for inclusion in current audit plan

• Validate contract contains appropriate right to audit clause

• Preliminary planning includes budgeting & scheduling of various audits to be completed

• Notification of intent to audit given to vendors/suppliers • Current audit plan is communicated to internal stakeholders

PROGRAM PLANNING

• Contact vendor/supplier to discuss audit, timing & logistics • Obtain & review contract(s) & applicable amendments, change

orders, etc.

• Provide vendor with prepared by client (PBC) request list • Modify standard vendor audit program to address risks &

characteristics of contract being audited • Finalize testing plan

• Perform approved audit testing plan

• Document findings, observations, recoveries, internal control breakdowns, etc.

• Consider audit results & supporting documentation

VENDOR AUDIT EXECUTION

• Discuss audit observations with vendor/supplier to include recoveries & process/control gaps

• Obtain agreement on validity of findings & secure documentation to that effect

• Draft report of findings • Distribute final report

• Track open findings & action items through to closure

Monthly report — aging of open items

• Monitor changes to internal processes for proper implementation & resolution of findings

• Analyze trends in monetary findings • Analyze trends in process/control gaps • Establish periodic reporting of results

RESULTS TRACKING & ANALYSIS

• Managing third-party risk can be a critical activity for many organizations

• An effective vendor management program includes, among other things, a robust monitoring protocol

• Establishing a vendor audit program begins with contract universe & understanding quantitative & qualitative factors

• Performing periodic vendor audits is a sound business practice & provides insights into trends & issues

QUESTIONS?

CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

BKD,LLPis registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org

The information in BKD webinars is presented by BKD professionals, but applying specific information to your situation requires careful consideration of facts & circumstances. Consult your BKD advisor before acting on any matters covered in these webinars

• CPE credit may be awarded upon verification of participant attendance

• For questions, concerns or comments regarding CPE credit, please email the BKD Learning & Development Department at training@bkd.com

CPE CREDIT

THANK YOU!

Shane Torkelson CPA, CISA, CIA Director – Enterprise Risk Solutions BKD, LLP

2800 Post Oak Blvd., Suite 3200 Houston, Texas 77056

storkelson@bkd.com