Welcome to our new blog series on contract management! We’ll be starting off with the juiciest of topics: compliance. Let’s be honest: you’re already bored. Bored, that is, until you’re faced with the potential consequences of a compliance violation: nobody wants to suffer loss of reputation, a court case or even a security incident because they failed to monitor compliance. However unexciting it may be, compliance is in place to prevent something much worse than boredom from happening.
In the world of tenders, you might also call compliance ‘RFP conformity’: how do we guarantee that bidders adhere to all applicable laws and regulations as well as requirements set? It may not be sexy, but it’s worth paying attention to compliance – if only to ensure you get exactly what you asked for.
In general, you could say that the award criteria are the meat of a bid: they motivate the interesting and innovative projects that a bidder might propose over and above their business as usual. The requirements are like the neglected little brother of the award criteria: a bidder must comply with them, but they are rarely mentioned in the bid text. Requirements often apply to processes, such as “the service provider delivers a yearly development plan and schedule.”
That may sound pretty straightforward, but a recent tender for a bus concession in IJssel-Vecht contained a whopping 500 requirements. And a large service contract bid text can easily exceed a thousand pages. The problem isn’t just that lots and lots of requirements can easily disappear like needles in the textual haystack that is a bid, but also that they all come with their own designated methods of compliance. Some might be covered with a generic ISO-certification, while others demand very specific and detailed actions. Without careful compliance management, you might not get exactly what you asked for; and if you have to manually keep track of each and every requirement, it’s easy for something to escape your attention.
More often than not, there’s a logical hierarchical structure in the requirements. It’s convenient to apply this in the RFP and make an explicit link between the requirements and policy goals. You’ll want to apply a label to each requirement where you expect bidders to take action. Some requirements are simple statements that they only need to take note of: “The client will carry out a yearly audit.” However, other requirements will require specific action on their part, so it’s good to include those on a separate, actionable list.
Once you have categorized the requirements and identified those which demand further action, the next step is to ensure that compliance is secured. You can use a verification matrix for this, in which you ask bidders to designate a requirement owner (in the implementation team or concession team), notify them of the frequency with which any actions must be carried out, and demand any documentation or evidence you want from bidders to support their delivery of the requirement.
Because a large number of requirements will end up with different owners, it can happen that the attention – and compliance – of concession operators lapses. You will want to ensure that compliance is secured even in the event of personnel changes or vacations: after all, it can’t happen that your reputation or even public safety is at risk due to negligent compliance management. You can minimize this risk by ensuring that requirement owners receive timely automated warnings and reminders, so that compliance won’t be overlooked or disappear from view as a result of personnel changes. Requirement owners should also have access to an overview of which requirements need their attention.
In short, compliance management is not sexy, but it is very important. It puts you at a significant advantage to design a smooth and standardized process for requirement management. This minimizes risks to the concession and ensures that bidders are fully compliant at all times, so that you’re not faced with unpleasant surprises.
Thanks for reading part one of our blog series on contract management. To continue to part two, click here! And if you would like us to keep you posted on any of our future releases, send us an e-mail at firstname.lastname@example.org and we’ll put you on the mailing list. Don’t worry, we won’t spam you: our newsletter is sent out three or four times a year.