Signing a Technology Contract? Don’t Do it Without Asking These Questions First

By:
JOEL LANZ, CPA/CITP, CFF, CISA, CISM, CISSP, CFE
Published Date:
Sep 14, 2015

Outsourcing technology—whether shifting IT services to a vendor or taking advantage of a slew of automated processes afforded by cloud computing—has never been more popular. It’s a frequent topic in accounting literature and a prominent talking point for presenters at accounting conferences. But, as with any business opportunity, in order to realize the benefits, entities must first reduce risk to a tolerable level reflective of their risk appetite. In other words, outsourcing IT requires a close reading of the fine print and a careful consideration of both the company’s expectations and the vendor’s realities. Here are key questions that your company or client should ask before signing on the dotted line, as well as a few examples of how CPAs can help to mitigate problems that might arise.

Question no. 1: Exactly how much will this cost?
Why it matters: While, in theory, the first vendor invoice should never come as a surprise to the buyer, in practice it frequently does. For one thing, technology contracts often require some sort of fee calculation that incorporates a flat price and additional fees based on variable factors. These factors might include, among other things, the number of transactions processed or the number of customer accounts, in addition to annual maintenance charges. As a result, it’s critical that the buyer understand the range of potential costs for the service purchased and all that it entails.
How CPAs can help: You’re well positioned to assist clients in understanding and verifying charges so that expenses can be appropriately considered in the client’s financial plans.

Question no. 2: What are we buying?
Why it matters: You’d be surprised how often flashy user interfaces get in the way of rationale decision making. Don’t be fooled by a slick presentation—before signing the contract, clients should always make sure they have a solid idea of what they’re buying. Are you getting the same software that was demonstrated? Will the version you ordered perform the functions you want, or will it require expensive add-ons? That’s particularly important, since clients may choose one type of software over another because of the unique features they believe it provides.
How CPAs can help: By having clients clearly define both their reasons for contracting the technology as well as their expectations, you can help ensure that desired functions are included in the contract.

Question no. 3: Will my data—especially confidential information—be safe?
Why it matters: You can’t assume that a high level of security is a given. Some vendors do offer enhanced security services—for example, they might provide customers with reports on testing performed by independent third parties, including, but not limited to, Service Organization Control (SOC) reports. But in other situations, clients will want to include right-to-audit clauses that enable them to go onsite and verify conformance with contract provisions.
How CPAs can help: You can help clients interpret the types of reports provided, identify potential gaps that could result in residual risks and, if needed, assist in providing assurance over vendor practices through onsite observation.

Question no. 4: How can we learn how to best use the technology we’re buying?Why it matters: Lots of businesses have purchased technology that they thought would transform their operations but, when actually implemented, fell far short of expectations. One oft-cited cause of disappointment: that a company’s employees are unable to take full advantage of the new program or product because, well, they don’t know how. The availability of training materials, including webinars and guides, and their cost should be a significant consideration prior to signing any technology contract.  
How CPAs can help: You can help clients evaluate the quality of materials provided, assess gaps in employee skills, and help develop training and awareness programs in order to realize business benefits.

Question no. 5: What happens if we change our minds?
Why it matters: Even with the best due diligence, the client may decide to change technology providers either during the contractual term or upon its termination. How that transition unfolds—the transferring of data, continuation of confidentiality obligations and penalty charges—should be clearly laid out. Entities should especially be on the lookout for auto-renewal clauses, where contracts are automatically extended unless specific action is taken by the client. 
How CPAs can help: You can support your company or client by developing appropriate mitigating controls that should be included in the contract.

Question no. 6: Have our attorneys reviewed what we’re signing?
Why it matters: Because you or your clients are signing a legally binding contract, it’s always a good idea to seek advice from a competent attorney. In addition to protecting a client’s legal interests, an attorney can develop the necessary business clauses to help ensure that desired objectives are achieved.
How CPAs can help: CPAs can assist their clients in specifying business requirements; the client’s attorney can then ensure that these are incorporated into the contract.

 

Joel Lanz, CPA/CITP, CFF, CISA, CISM, CISSP, CFE, is the sole proprietor of Joel Lanz, CPA P.C., and an adjunct professor at SUNY–College at Old Westbury. He is a member of the NYSSCPA’s Technology Assurance Committee and The CPA Journal Editorial Board. 

Click here to see more of the latest news from the NYSSCPA.