27 May 2019

When is an Employee death not a strategic risk

I remember performing at Strategic Risk Review for a company in the Middle East. There were two of us on the team in-country, with support at "home". When attempting to come up with our starter set of assumed strategic risks, we included the usual; market and product risk, process and system risk, cyber and privacy, financial reporting and financial management risk, capital markets and exchange rate risk, and of course ownership and succession risk. My colleague then added "loss of life, the death of an employee" as one of the strategic risks.

Loss of life, it would seem obvious, is a major strategic risk, and the short and longer-term impacts could, if not managed well, be significant. Yet in this situation, I told my colleague that I did not agree, and for this company and country, the response to a workplace death would be "write a cheque". I'm not normally cold and disrespectful of human life, and certainly not disrespectful of the strategic risks facing organisations. But this time it simply did not rise to the level of strategic risk.

Strategic risks vary. Certainly, there are common strategic risks, but each country, industry, company and organisation, and the business lifecycle both at the global and at the individual entity level will influence the range of strategic risks applicable to the entity.  

Country influences

Businesses and entities function within countries, usually within their home country, sometimes across countries and regions. Each country has its idiosyncrasies, from cultural to political, regulatory or legal, or in many countries, extra-legal (corrupt practices embedded in the culture and government).

The UK provides a good example of a current strategic risk associated with that country: Brexit. The only good news is that like Y2K, Brexit will be here and gone soon enough, and the uncertainty will give way to response and management of the actual risk. but until the event actually happens (if indeed it does) then the potential impact is unknown in detail.

But certain aspects of the risk are known - there will be price discovery as new trading relationships come into place. Some of that discovery will be uncomfortable, with inflation and costs associated with the potential (temporary) breakdown in supply chains. What can be said with confidence is that such market discomfort will be temporary, as Brexit rewrites some rules, but does not rewrite the rules of markets, only the current set of "how to" rules. The underlying economics does not change, and therefore markets will return to efficient functioning, in as much as markets are ever efficient in their functioning.

For example, in a conversation with another colleague, he was concerned that post-Brexit, the cost of vegetables in the supermarkets would go up, and stay up. His argument was that the loss of supply from one source would result in increased cost of supply from other markets. My response was that as alternative sources were able to supply, prices would come down. His view was that "once the supermarkets raise their prices, they will not lower then even if the input costs reduce, as they will use this as an opportunity to increase profits". The flaw, of course, is that this assumes that fundamental market mechanisms of price discovery and competition will, for some reason, be different in a post-Brexit UK.

Other countries have their own market dynamics, not infrequently influenced by exchange rate movements due to global or even local political situations. Turkey today is suffering as the Lira drops due to a combination of economic and political pressures. Therefore, a strategic risk of doing business in Turkey will include the ability to forward hedge externally sourced raw materials, and to hedge, where possible, exchange rate risk against currencies in export markets. 

Then there is the systemic corruption in some countries, even to the point where we've seen corrupt practices in the awarding of contracts to introduce anti-corruption programmes. We bid to implement an anti-corruption programme in an East African country, partnering with a local former-Big-4 firm. I will say that I think it was a very good bid, in concept, content, team and pricing. We were shortlisted, and the local partner was invited to the procurement director's office to discuss the next steps.

"Your's is the best bid, and we expect we should be able to award this to you." All good so far. Then, "But we were wondering if there was something would be willing to 'do for the team' here in procurement?"

The local Partner did exactly what he should have done, and apologised and said that unfortunately, they were unable to, after all that might not appear to be within the spirit of the objectives of the project. I wish this had been the "test question", but unfortunately it was not.

I will not name them, but the bid was won by the local firm of one of the Big-4, days before I attended a conference in London in which that same Big-4 firm gave a presentation on anti-corruption and anti-bribery.

So in some countries, you pay or you do not play. It is that simple, FCPA and the UK Bribery Act be damned.

Industry Risk

Different industries have their own strategic risks, though of course there is massive overlap across industries. But Healthcare strategic risk is different from Steel industry strategic risk. 

While there are some strategic risks that are applicable to all industries (to a greater or lesser extent) such as Cyber threats and market and entity capacity, the specifics of the risk will vary according to the industry. For example, Cyber threats in service and financial industries centre around customer and personally identifiable data, while in Extraction and Manufacturing, the Cyber threat is one of attacks on infrastructure and SCADA (Supervisory Control and Data Acquisition) to disable plant and equipment. On a national scale, the Cyber threat relates to infrastructure attacks on power generation and distribution, and on national government databases. Recently in Panama, a security analyst was able to demonstrate that the health records of 90% of the citizens were held on servers that were inadequately secured. He demonstrated the ability to extract that data, for almost 4 million citizens.

I remember an FMCG (Fast Moving Consumer Goods) manufacturing company that did not seem to adequately consider one of its strategic risks. The company relies heavily on a distribution network that includes trains, trucking and local distribution. Trains provide most of the transportation of raw materials to factories, while much of the post-production distribution is trucked (from major train depots). During the mid-2000s, before fracking became economically possible, oil production appeared to be approaching a peak, and the price of oil was beginning to move. A sudden movement upward caught the company off-guard, and it appears they had not hedged their transportation capacity or costs.

In the extraction/mining sector, some of the specific strategic risks include political access and regulation, as in many countries access is a core element of doing business, and regulation can and in some cases needs to be leveraged. In one example, a major mining company wanted to improve mine safety by installing high capacity fans and extraction equipment. Unfortunately, local regulations limited the speed of airflow within underground mines, to a rate that the company's engineers had determined to be unsafe. The volumes of air that needed to be moved, due to the size of the mines simply made it impossible to ensure clean and fresh air for workers and equipment, at the regulated airspeed. Political access facilitated the company gaining the exemptions required to manage this risk.

In Brazil, we've already seen the extraction industry-specific strategic risks around company created infrastructure such as dams, and the dangers associated with inadequate investment in maintenance of such dams. Earthen dams, when they collapse, do so at a frightening speed, and the death toll can be significant, with over 200 killed and 100 missing in the Brumadinho dam disaster in January 2019.

In this case, the company clearly has prioritised capital cost containment over life, or simply had failed to listen to their engineers. Only good news travels up, and bad news has a way of dying or being converted into other news. At a major refining business, the Risk Manager was told that, while $2.5 million was required to reduce the risks of a blast furnace explosion (and consequent loss of a many tens of millions furnace) and the risk of death to many employees, the money would be spent on addressing Internal Audit findings that had nothing to do with the blast furnace. Why? Because the CEO of that subsidiary would be fired if he did not address Internal Audit findings, and was not authorised to exceed budget.

Therefore it is inappropriate to expect that there will be a set of strategic risks common to all companies and entities. While there certainly are common strategic risks, it is also clear that each industry will have strategic risks unique to that industry.

Loss of Life - the death of an employee

So returning to the original statement, that the loss of life would not be, for that company in that country, a strategic risk. Certainly is would be a significant risk, and considering the nature of the company, could result in a negative impact on reputation and perceptions. But a strategic risk, no.

Because in that country, the loss of life on an industrial site, for example, results in a mandatory payment of compensation to the family of the victim of twenty-four months of his basic wage, however, “the amount of compensation shall neither be less than Dh18,000 nor more than Dh35,000”.

So based on the exchange rate of May 27th 2019 (and it is worth noting that this exchange rate does not fluctuate significantly), the death of a worker will cost a company between under £4,000 to £7,500. Total.

Or as I said to my colleague, “5% of the capital cost of the bulldozer that ran him over”.

In a case like this when “write a cheque” is the response to the death of an employee, and absent significant reputational damage to a brand, it is sad to say that an employee death simply does not rise to the level of strategic risk.

21 May 2019

Corruption, a Panamanian way of life

Let's face facts, corruption is everywhere in Panama, and this election will not change that. Martinelli (two presidents ago) was indicted for eavesdropping on his opponents, not for taking backhanders from Odebrecht and others. Laurentino “Nito” Cortizo, the incoming president, plans to indict the outgoing president, Varela, on corruption charges. In fact, this was one of the specific platforms that he ran on. So two prior presidents in a row are or will be brought up on corruption charges?

The idea of term-limits is appealing, with a limit on the amount of time that a politician can serve acting as a break on corruption, or so the thinking goes.

The international press has said that the Panama Papers have contributed to the awareness of corruption in the country. Yet Panama's inclusion on the "Grey List" pre-dates the Panama Papers, and the documents released pointed to, in some cases, corruption by non-Panamanians exploiting the Panamanian corporate (and other countries) structures and tax laws. This is a nice idea, but in Panama, the Papers are yesterday fish-wrap; nobody cares.

Real corruption can be seen across Panama, from the bribing of police to the buying of votes by mayors in big cities and small, so simply exploiting Gringos and each other as much as possible.

The 2018 Transparency International Corruption Perceptions Index ranked Panama 93rd out of 180 countries. All told, approximately 38% of Panamanians said that they had to pay a bride to have an official service provided to them. Yet paying a bribe is only one measure of corruption and how deeply ingrained it is in Panama.

In the countryside, true or not, it is a common assumption that mayors are "owned" by local oligarchic families, such as we're told is the case on the west coast of Varaguas. Apparently, Panamanians will openly tell you that their mayor is corrupt, but when asked if they will vote him out, they shrug their shoulders "he is our mayor, so what can we do?" So the roads are potholed, the electricity fails regularly, and rubbish is everywhere. And the families will support the mayor because he does their bidding. After all, if you can pay workers $12 per day to grow rice, then why would you want them educated or working on construction for Gringos at, gasp, $20 to $30 per day?

The mayor promised potable water for everyone in the town of Mariato, but when the water tower was built, it was going to take six weeks or more to hook up the electricity to pump the water and the ensure it was potable. So the mayor asked a local Gringo if he would let the city plug the water system into his power. Feeling like there was an obligation to be a good citizen, and not wanting the backlash of saying "no" to the mayor, he agreed. Sure enough, the town received clean water, certainly from that day and for the six weeks leading up to the elections.

But two to three weeks before the elections, the Gringo was presented with a $4000 electricity bill. He took the bill to the mayor, who simply said: "it is your bill, I'm not paying it". And sure enough, the electricity company came along and cut off the Gringo's power. He (the Gringo) now has no electricity and a $4000 bill; the town had enough water in the tank to last two weeks, and still no power connected to the water system. The water was expected to run out the day after the election - an election that would probably return the mayor to office, even though he has already served the two consecutive terms that he is allowed. [Update: The mayor was not re-elected, and quietly the bill was paid for the gringo.]

And of course, the Gringo will look like the bad guy for failing to pay for the electricity and therefore leaving the town without potable water.

In the towns the children will all tell you that they want to grow up to be policemen. Such civic mindedness is wonderful to see. Until you realise that what they really want is a well paying, low effort job. Not all police are corrupt, depending on your definition of corrupt. But if there is a job in Panama that comes with a steady "extra" income without the need for additional effort, it is to be a country policeman. Let me be clear here; the city cops work hard and face dangerous working conditions that result in many experiencing long term trauma and sometimes physical harm. They are the heroes keeping poor cities like Colon and large parts of Panama City functioning and safe(ish). Yet even then there are areas where they will only go in pairs.

But like many countries, the life of a country cop is a good life. Easy hours, respect, kickbacks, and not a lot of hard work. In another part of the country, when a Gringo had his tools stolen, the police were unable to help, shoulders shrugged, these things happen. Needless to say, it was known in the community who had stolen the tools. Two teens had earned a reputation for thieving around the area.

As the thieves were unable to use the tools, and as has a small reward had been offered, the local religious minister was told that walking by an empty building, someone saw what looked to be tools abandoned inside. Sure enough, the police arrived, "found" the tools, and told the Gringo to go and pick them up.

The Gringo went to the local police and confronted them. "You know who did it, so why haven't they been arrested?"

Well, of course, they didn't know. How could they?

The Gringo then went to the local minister and asked him who were the thieves. He, of course, did not know either. Finally, the Gringo got close to the minister and said "these two are in your parish, and are causing problems across your parish. You have 50 adult males here. Preach a sermon next week saying that the community has a duty to teach the young what is acceptable and what is not. And - tell those two toe-rags that is they try it with him again, they will be never be found." He has not had any problems since.

Of course, the Gringos are just as bad as the Panamanians. Being very clear, Panama is a country full of corruption, and it would be inaccurate to suggest that it is only Panamanians that are corrupt. There is the case of "Max", the Gringo (Dutch I think) who is accused of "buying" large amounts of land from local Indians and Panamanians, paying them 10% of the agreed price in cash, and then having the properties titled in the name of a company. The land(s) are then "sold" for peanuts to another company, which signs the properties over to trusts, which then on-sell them to other shell companies, etc etc. until the audit trail is lost through bureaucratic inefficiency (and bribed judges).

Apparently, but with no evidence, Max's secret is to make sure that he has rented the services of an appropriate judge. This was all long in the past, of course, and this couldn't happen today, I'm sure. But I understand the going price for a judge might have been around $20,000 up to $100,000 depending on the size and nature of the problem that needed to be solved. This is, of course, all hearsay and probably none of it is true.

Of course, Gringos stealing land from the natives is not the only game in town. Stealing property from Gringos is also part of the local repertoire. There is the local mayor who (again, no evidence whatsoever) signed a paper saying that a small parcel of land was owned by a local Panamanian, attesting that the owners of the properties to the North, South, East and West were named on the document. The only small problem was that the name of the Gringo who owned (owns?) the land surrounding the small claim was not included in the document at all.

This document was then used to demonstrate to MIVI, the ministry that builds houses for poor people on their land or on public land provided by a local council, that the family had "title" to that parcel, and MIVI could build the family a house.

One the house was built, the family could then claim the rest of the land, staking a claim on well over 50 hectares, from their small claim or 500 square meters of land. And the document accepted by MIVE would be used to demonstrate, as it was not contested, that the land was theirs, that the Gringo owner had not been to or occupied the land in over a decade, and was not even listed on the document.

At this stage, it becomes further conjecture - that the mayor would then buy the full land from the local family, for a fraction of its real value. Everyone wins. The family gets a house and a very good chunk of cash, the mayor gets the land for a pittance which he can then on sell at a discount, but still enough to make him "rich(er)".

These are but a scratching of the surface of corruption in Panama. The real corruption is of the soul, in which these stories are looked on as a slander on the country (even if they are true) or simply accepted as the way of life in Panama. They got theirs, why shouldn't I get mine.

Of course, the real estate companies trying to encourage Gringos to move to Panama will not say any of this, and Panamanians can become quite aggressive in response to any criticism. A negative comment on a quite frank posting on an Expats in Panama Facebook group resulted in a Panamanian saying that they were going to report the writer to immigration and have them deported. Panamanians can be very prickly.

None of this will change with this election, except that the people at the top being bribed will change, and sadly in five years, even if he has been the picture of honesty and a champion for anti-corruption, someone will run for president of Panama on a ticket of indicting Nito, the newest president. It is the Panamanian way.

As one Panama observer said to me, "the incoming crowd know they have five years to get rich, and then they are out."

11 March 2019

The wars of European Unification - What lies ahead?

When we look into history, we see periods when it seems obvious what the outcome was going to be, and wonder how they could not or did not see it coming during those times. Take the expansion of Rome from about 210 BC through about 150 AD, or the rise of the British Empire from 1700 to 1900. There is also the rise of the United States in its first three-quarters of a century. Then we can look at Europe from about 1870 to 2030. In the middle of any of those periods, it would not have been obvious that there was a peak coming, followed by stability and decline, or civil war.

One thing that distinguished each of these historical eras was the growth of empire, apparent unending upside, followed by limits, competitors on the periphery, conflict and civil war (across the greater empires, if not in the core). Is this what we should expect of the German Europe Empire Union?

In each of the first two examples, history shows us the rise and rise of the empires and civilisations, the peaks and the beginnings of their declines. Rome in 210 BC was fighting an existential war with Carthage, or so it seemed at the time. Yet through the eyes of history, Roman domination seems inevitable; Carthage simply was not a match, and Hannibal was never going to get Latins to fully abandon alliances with Rome, a prerequisite for Carthaginian victory. Later, Britain expanded into India and North America, Australia, New Zealand and various parts of Africa, but reached its peak and the strains on empire eventually pulled it apart. By the middle of the nineteenth century, pressures were building, and the second great spasm to hit the empire occurred with the Indian Mutiny (the first being the rebellion in the North American colonies). The British Empire survived, but by 1900 it becomes clear that the next century would be one of disengagement from Empire.

Will historians look back at the Franco-Prussian War (1870) as the first of the three great wars of European Unification under the hegemony of the German Empire? And as war is the continuation of politics by other means (Clausewitz, 1827), was the failure of the wars to accomplish the political objective then replaced by the politics of acquiescence by countries exhausted by war, fearful of a re-industrialised and again potentially imperial Germany? After all, the very embryos of what became the EEC and then the EU were attempts to contain post-WWII Germany; containment that ultimately failed with Germany once again becoming the economic and industrial powerhouse of Europe.

Our other example from history could be the United States of America from 1776 through 1850. American independence from the United Kingdom was hard won, and through a series of almost Roman campaigns over the following 75 years, a Union was formed. While American (European) technology and organisational skills were sufficiently advanced to make the subjugation of the natives almost a foregone conclusion, it probably did not appear to be that pre-ordained at the time. 

I have selected 1850 for the United States, and 1900 for the British Empire, and 100 AD for the Roman Empire, because these are the rough dates at which we can see the stresses appearing, that ultimately lead either to the long retreat, or to civil war before renewed expansion. Each of these empires reached levels of expansion that tested their organisational and political systems, alliances and ultimately stretch them to their limits, while also putting them into too-close proximity with emerging blocks or nations/groups that do not wish to be assimilated (and whose "power" is adequate to counter the residual level of power available to the Empire at its outer fringe..

So is Europe and the EU at its 100 AD, 1900, or 1850 point yet? Certainly, the wars of European Unification failed to accomplish the goal that has been achieved through peaceful politics. Europe is now a unified imperial power centred on Brussels, but under the effective economic control of a few "member states" of that union. Like the Romans before them, Germanic Europe has created a politically unified hegemony over much of the continent, and happily exercises that power in the suppression of local politics, or actively sides with the regional satrapies in the suppression of dissent in their regions. 

If we look far enough back, we see Rome arbitrating over the succession of Masinissa as the king of the Numidians, and we see the Romans continuing to support Masinissa as the King of all Numidia, and in his disputes with Carthage. Of course, their support for Masinissa came at the expense of Carthage, and eventually precipitated the Third Punic War and the destruction of Carthage. Today we see "Brussels" supporting Madrid in their dispute with the Catalonians, ensuring continued suppression of Catalonian independence and the continued imposition of the Spanish culture and language on the Catalonians. 

And Catalonia in Europe is not alone. Almost every European country has its ethnic and national minorities, some seeking independence and others comfortable that their cultures are protected, even if that means subjugation within a larger nation-state. The Breton in France and the Welsh in the United Kingdom are good examples of nationalities that are attempting to protect and even promote their national cultures and languages within existing countries. And for these two, close relatives that they are, the years of suppression of language and culture are mercifully in the past. In neither are there "national movements" seeking independence, though there is in each a greater awareness of their culture and language.

But other groups within Europe do seek independence to a greater or lesser extent. Northern Italy is a different country from Southern Italy, and while the south is comfortable with that single national identity, many in the north would happily forge a different national path.

The Balkans remain a mixture of independent nations and cultures, and languages. Their civil war of the 1990s should have been a wake-up call and warning of the dangers of an overbearing central government, but instead is viewed as the poster-child for the dangers of nationalism. Without the overly powerful central government, demonstrably supportive of the desire and needs of one community within the Yugoslav nation, nationalism would not have been a problem. So which came first, excessive control perceived to be in the hands of one national group, or the rise of nationalism on the part of the many national groups within Yugoslavia?

The current European government is not in danger of repeating that error; it is actively repeating that error, to the very visible detriment of European national groups. 

The "European Project" today is pushing up against a combination of barriers, each of which can be managed, but like all empires, it is the combination of barriers and pressures that result in stagnation, civil war and ultimately slow (and sometimes fast) decline and fall. While the countries will remain - there were follow-on nation-states after the fall of Rome and the retreat of the British Empires. The European Empire's barriers are both external and internal.

Externally the European Empire is boxed in; to the east by the still existent and now re-expanding Russian Empire, while to the west, the United States has evolved from mentor to competitor to adversary. To the south, the entire African continent views Europe as either a former colonial master to be soaked, or the future of on their poor populations. 

Internally the threats are just as strong, and mainly come as a result of imperial over-reach by Brussels and their German masters (and French lapdogs), aided by Benelux intolerant and culturally domineering liberalism. The nations of Eastern Europe do not accept the idea that the dominant liberalism represents the only "core value" of European nations. These are conservative countries with populations that remember totalitarian rule, and in many cases remember personally starvation and impoverishment after the fall of those regimes with the collapse of the Soviet Union. Their current economic conditions, while far superior to their condition under the Soviet system, comes at the cost of what they believe are their core, conservative and predominantly "Christian" values. In many cases, the younger and more "liberal" members of their societies have migrated westward, and those who remain see no reason to cast aside their historic prejudices and values.

Further, the incompetent handling of the migrant crisis, with edicts from Brussels that countries must accept certain numbers of illegal migrants, harkens back to the rule of the Soviets who likewise demanded that countries accept Russian migrants (and troops).

As mentioned earlier, there is also the perception that the centre will be more than willing to punish any country or nation that does not follow the edicts and instructions of the centre, all in the name of "helping them". Recently, Former Finance Minister and now President of the German Parliament, Wolfgang Schaeuble said “as minister of finance, I had asked for a lot from the Greeks, but these reforms had been in the interest of the Greeks if they wanted to stay in the eurozone,”

This is the same man who told Yanis Varofakis that "elections cannot be allowed to change economic policy" or to put it more simply, the EU, German, the ECB and the IMF did not care who the Greek people voted for, and that they would punish Greece for even asking for debt relief. Another way of looking at this; no German or French banks will be harmed by the lending that they provided, even knowing that the loans could never be repaid.

Yanis Varofakis wrote, "Of course he had a point: democracy had indeed died the moment the Eurogroup acquired the authority to dictate economic policy to member states without anything resembling federal democratic sovereignty."

Such situations will only continue to increase the dissatisfaction within the empire (oops, Union), with the result that Brexit will not be the last event in the disintegration of the European Empire  Union but will be seen in history as the first event.

So returning to the question of looking back on Europe from 2040 or 2050, or further in the future. Will the Wars of European Unification give way to the First European Civil War?

Here we look again at the American experience, in which the period of expansion between 1776 (independence from the United Kingdom) and 1850 pushed the boundaries of centralised power versus the power at the individual state level. Eventually, the issue of slavery, dressed up as a "States Rights" issue was to tear the country in half. Slavery was not the only issue, but underlying any of the other issues was the principal issue of a State's right to allow slavery.

The rich and industrial North was pushing for the elimination of slavery, while the poorer and less industrialised South required slavery to provide the labour for the large landholders, and through them provide the economic foundation to support the rest of the South. While the percentage of actual slave owners in the South was fairly low, and the number of slaves individually owned was low, there were enough major (and minor) slave owners whose personal and community economic structures would be upended by emancipation. 

In modern European terms, the South simply needed to modify their economies and introduce labour and capital policies similar to the North, and all would be good. (Being very clear, Slavery was a blight on the South and the United States as a whole, and remains, unfortunately, a blight on the world. The very practice of defence of slavery is evil).

The problem faced by the South was that there was no way that they could restructure their economies without major upheaval and economic dislocation. The South could not, and never did become an industrial society that continued to power the Northern states long after the Civil War.

With this history in mind, and a quick review of the current European economic situation, we find a similar situation (thankfully without slavery) of an industrial and "rich" North and a poorer South, bound by a common currency and a central power authority that favours and indeed is directed by the North.

Greece has provided an example to all of how far the centre is willing to go to ensure that the rest of the South stays in line. And the Brexit fiasco provides additional evidence of the centre's willingness, and intention, to punish any who think they have the right to make their own decisions.

This will work for some time. But for how long. And will the final pulling apart of the European Empire Union be peaceful, or like the United States, will a Civil War be fought in Europe, the Centre against the East and South?

If the Wars of European Unification are anything to go by, we already know how the sides will be drawn, with the big difference this time being that the "Central Powers" of Germany and Austria may well include a new "Central" of France and the Benelux countries.

How soon might this happen? It is hard to say, but the rhetoric out of Brussels and outright hostility to (and from) the Eastern members suggests that it may be years and not decades away. While the Treaty of Lisbon contains the now famous Article 50, the defection of multiple countries and the very visible shrinking of the European Empire Union may be more than the centre will allow. 

05 March 2019

IT Audit - sometimes you need to escalate

A common facet of contracts is a true-up clause that pushes a disagreement on price or capacity into the future, with actual usage or consumption to be calculated at a future date or time. Think of the classic French Bistro (in the outback of France, no in a London or New York suburb), and the bottle of house red that is automatically delivered to your table. Or the bottle of whiskey in the officers mess in the Indian Raj, with the line drawn on the bottle. When the meal is finished, or the drinking is done, a new line is drawn, and you are charged for the difference - the amount consumed.

There is no contract that requires you to consume the entire bottle(s), or a guarantee that you will only drink three-quarters. The contract is settled at a later time. The core of this contract is that all can clearly see what was consumed, and there can be little dispute as the actual quantities and therefore the final bill.

I have seen computer systems contracts with just that type of resolution built into the contract. 

Many years ago, I was asked to look at a contract that had such a true-up clause in it. The computer vendor had estimated that a certain level of computing power (mainframes) would be required, while the client estimated a lower amount would be required. In the days before on-demand cloud infrastructure, computing power came in "boxes" of defined "MIPS"(Millions of Instructions per Second - a quaint concept to us today). You got the whole box, or no box. The vendor believed that a certain number of "boxes" would be needed, while the client thought otherwise.

The system was of too much importance however, to allow for the implementation of inadequate computing power, and so both partied agreed to install enough to ensure smooth functioning. The vendor was adamant that their estimates were right, so insisted that the total amount of processing power be installed.

Through the negotiations, a final difference of $18 million was arrived at, out of a total contract value of approximately $80 million. The parties agreed then, as is not uncommon, to split the difference three ways.

  1. The client agreed to pay $6 million.
  2. The vendor agreed to discount $6 million.
  3. The parties agreed to review system usage at the end a year, and split the remaining $6 million based on the actual usage.

Makes perfect sense, if the actual usage can be measured and recorded, and if monitoring and system optimisation are in place on the client side. Like the line on the bottle, the utilisation level could be measured and a line drawn across the capacity of the systems.

Unfortunately, the client failed to put in place the monitoring. As a former mainframe systems capacity planner, I knew what monitoring would be required, and I knew exactly how the vendor would demonstrate that the application actually did require the full amount of computing capacity that was originally estimated. I had, in fact, worked for that vendor.

As the IT Auditor, I recommended that the monitoring should be put in place, and provided guidance on what and how to perform that monitoring. I also recommended that such monitoring should be performed on an ongoing basis, so that management could track how much of the $6 million they would "owe" at any given month-end, so that system optimisation could be performed. 

Nothing happened.

Again, in three months, I recommended that the monitoring be put in place. Again nothing was done. All the while the clock was ticking down to the performance date, and it was looking like the $6 million would be owed to the vendor.

Having received no response from the CIO, and in fact, having been told by the CIO that Internal Audit really didn't know what it was talking about, that Internal Audit knew nothing about IT, and that IT auditors were a particularly incompetent bunch, we felt there was no option but to escalate. A one-page memo was prepared and sent to the CEO (the same CEO who sent a two-page memo to all managers telling them that all correspondence to him should be in one-page memo form) outlining quickly the situation, and the (lack of) response from the CIO.

The result: After an independent review of IS's work lasting all of one day, the CIO was fired, and new negotiations were opened with the vendor, and a pre-emptive agreement was reached that saw the client pay the vendor $3 million. The vendor forgave the other $3 million.

Ultimately all agreed that they would not be able to draw a line on the bottle that each party would agree to, so it would have been almost impossible to agree exactly how much had been consumed.

But failure to implement basic monitoring and management cost the company $3 million that they should not have needed to pay.