What would happen if one of your biggest
client contracts were audited tomorrow? Would you be okay, or would
there be "findings"?
There is no sense in leaving your biggest client contracts exposed
to an unfavorable audit. With a relatively simple and familiar framework,
and a little effort, you can fortify your most important contracts.
Six Sigma defines a well known and respected five-step process for improving
processes and building quality products.
No, I'm not suggesting that you break out the black belts, stat-heads,
and large wallet, but the basic framework can be transposed to fortify
the fulfillment of any contract obligations. Let's go through the DMAIC
( the basic Six Sigma process improvement framework ) process, and see
how it can apply to contract compliance.
Step 1 - DEFINE
Key Deliverables:
- Project Charter
- Voice of Auditor ( VOA )
As with all initiatives, you should clearly define
what you're trying to accomplish, and establish a charter.
What you are defining, is effort of improving your contract compliance.
Even if it's a small effort, I would call it a "project",
so the first step would be to establish a Project Charter.
A charter usually has 6 sections; a Business Case, Opportunity Statement,
Objective, Scope, High Level Plan, and Team Members. The Business
Case should align you with the higher level strategy of the company,
and the Opportunity Statement should describe the "pain"
or "fear" involved. It's okay if the Business Case sounds
like an "elevator speech", but be as specific as possible
with the Opportunity Statement, mentioning the value of the contract,
and what it would mean to the company if there were any findings,
or if the contract was cancelled due to non-compliance.
The Opportunity Statement should state the goal of the project (
once again be as specific as possible, and make sure it's time-bound
). Typical goals would be to increase visibility, and improve conformance
to contract obligations.
Scope, High Level Plan ( Milestone Chart ), and Team Members are
self-explanatory.
Voice of Auditor ( VOA ) data should also be collected. This can
be from external auditors, internal auditors, and anybody else that
would have feedback on what needs to be done to improve contract conformance.
Step 2 - MEASURE
Key Deliverables:
- Operational Contract
- Data Collection Plan
- Baseline Conformance
An Operational Contract, is a contract that puts your legal contract
in very unambiguous terms, with strict definitions around each term.
You want to flush out contract terms and conditions to the point where
there is no question around what contract compliance means. The Operational
Contract is an essential component in your compliance efforts, and
should be agreed to by all parties involved, just like the legal contract.
The Data Collection Plan spells out the procedure for how you will
collect your data for contract compliance. It can be as simple as
"Run XYZ Report out of Compliance Information System", or
as detailed as a complete step by step manual. Whatever the process,
it should be defined, repeatable, and it should provide for you, all
the data points defined in your Operational Contract.
To baseline conformance, simply run through your Data Collection
Plan and record the data. This should be a snapshot of how well you
conform to your contract obligations today.
Step 3 - ANALYZE
Key Deliverables:
After you have baselined your contract conformance, discuss what
areas need to be improved, and brainstorm on possible root causes
for why certain contract points are either out of compliance, or close
to it. Then run some experiments to validate your assumptions. Validation
of root causes is an important step. You don't want to waste time
and money on something you assume.
Step 4 - IMPROVE
Key Deliverables:
- Improved Contract Conformance
Once you know what your validated root causes are, systematically
address them. This might involve improving or error-proofing a process,
building or improving a data system, or training key personnel. Go
for the easy wins, or "low hanging fruit" first.
Step 4 - CONTROL
Key Deliverables:
- Auditor's Test Plan
- Control Plan
Once your improvements have been made, you need to run some tests
to make sure the fix is going to "hold". An Auditor's Test
Plan is an extension of your Data Collection Plan. It should be created
from an auditor's point of view, and should integrates seamlessly
with your Data Collection Plan. You will use this periodically to
check your ongoing contract conformance, and your auditors will use
this at random for the same purpose.
The results from executing your test plan, should be recorded in
your Control Plan. Your Control Plan should spell out what should
be expected from your testing efforts, and should highlight when something
is "out of control", or not acting the way it should.
The 5-Step Six Sigma DMAIC ( Define, Measure, Analyze, Improve, Control
) process is an effective way to fortify the conformance of your most
important contracts. Select your three biggest contracts today, and
go through the Define step with each one. This will give you clarity
on where your key vulnerabilities are.
