8/25/2015

THIRD-PARTY RISK: HOW TO BETTER

UTILIZE ENERGY VENDOR AUDITS
August 27, 2015

Shane Torkelson, CPE, CISA, CIA

Director Enterprise Risk Solutions
storkelson@bkd.com

8/25/2015

TO RECEIVE CPE CREDIT

Participate in entire webinar
Answer polls when they are provided
If you are viewing this webinar in a group
Complete group attendance form with
Title & date of live webinar
Your company name
Your printed name, signature & email address
All group attendance sheets must be submitted to within 24 hours of live webinar
Answer polls when they are provided

If all eligibility requirements are met, each participant will be emailed their CPE
certificates within 15 business days of live webinar

WEBINAR OBJECTIVES
Upon completion of this program, participants will be able to
Describe whats included in an effective vendor management program
Discuss the benefits of utilizing vendor audits in their business
Identify the main steps in executing an efficient vendor audit
Recognize the process for establishing a vendor audit program

8/25/2015

OUTSOURCING OVERVIEW
Organizations across many industries, including energy, have
outsourced business processes to cut costs, create efficiencies or
remove non-core functions
Managing these relationships with third-party service providers
& vendors can be challenging & present risk to an organization
A structured vendor management program can address
challenges & risks

THIRD-PARTY RISKS
Outsourcing business processes comes with certain risks. Thirdparty considerations that warrant monitoring may include
potential risk of
Overcharges/erroneous invoicing (e.g., duplicate payments, incorrect billing
rates, discounts not applied, billing for goods/services not received, etc.)
Reputational damage
Non-compliance with contractual terms & conditions (e.g., insurance
requirements, due diligence, regulatory compliance (FCPA), etc.)
Inability to meet critical performance expectations (e.g., JIT delivery,
completion milestones, volume/quantity, product quality, etc.)
Financial stability of vendor (i.e., going concern issues)

8/25/2015

VENDOR MANAGEMENT LIFECYCLE

BID
Receive prices
estimates on
goods/services needed

COMPLETE

EXECUTE

Project or deliverables is
completed per contract &
vendor evaluated

Agreement on terms &

conditions with proper
approval by necessary
parties

CHANGE
CONTROL

MONITOR
Process of evaluating
performance & verifying
compliance with contract

Approval procedures for

changes to contract (scope &
price)

PAYMENT
Invoice approval &
payment process

MONITORING ACTIVITIES
Monitoring activities include processes for evaluating vendor
performance & their compliance with the contract. Example
activities include
Consistent monitoring of key performance indicators (KPIs) throughout
term of contract(s)
Periodic validation of operational requirements (e.g., insurance,
compliance, background checks, etc.)
Annual/bi-annual vendor appraisal program
Periodic vendor audits

8/25/2015

BENEFITS OF VENDOR AUDITS

Contract Compliance Audit: The review & assessment of a third
partys compliance with financial & operational provisions of an
executed contract
In addition, to be an effective control in commercial relationships, vendor audits
may also help companies
Avoid financial, legal or reputational risks
Identify potential cost recoveries
Eliminate waste or excess spending
Identify & mitigate process &/or control gaps
Detect unapplied credits
Identify & eliminate contract ambiguities before they become an issue

VENDOR AUDIT OVERVIEW

Individual Audits

8/25/2015

CONTRACT UNIVERSE
In order to define the scope of a vendor audit program or narrow
down those contracts deemed critical to review, an organization
needs to understand their contract universe
How many contracts does the company have?
How many different types of contracts does the company use?
What will be the period used for inclusion in the vendor audit program?

RISK ASSESSMENT OF CONTRACTS

Both quantitative & qualitative considerations should be
included in risk assessment
What is the dollar amount of spend associated with contract?
Has vendor had significant budget overruns in the past?
Does contract have multiple amendments or change orders?
Is contract with third party experiencing financial difficulties?
Is contract considered risky or complex given nature of goods or services to

be performed?
What is age & expiration of contract?

8/25/2015

PROGRAM PLANNING
From contract risk assessment, vendors & contracts are selected
for inclusion in current audit plan
Validate contract contains appropriate right to audit clause
Preliminary planning includes budgeting & scheduling of various
audits to be completed
Notification of intent to audit given to vendors/suppliers
Current audit plan is communicated to internal stakeholders

INDIVIDUAL VENDOR AUDIT PLANNING

Contact vendor/supplier to discuss audit, timing & logistics
Obtain & review contract(s) & applicable amendments, change
orders, etc.
Provide vendor with prepared by client (PBC) request list
Modify standard vendor audit program to address risks &
characteristics of contract being audited
Finalize testing plan

8/25/2015

VENDOR AUDIT EXECUTION

Perform approved audit testing plan
Document findings, observations, recoveries, internal control
breakdowns, etc.
Consider audit results & supporting documentation

VENDOR AUDIT REPORTING

Discuss audit observations with vendor/supplier to include
recoveries & process/control gaps
Obtain agreement on validity of findings & secure
documentation to that effect
Draft report of findings
Distribute final report

8/25/2015

RESULTS TRACKING & ANALYSIS

Track open findings & action items through to closure
Monthly report aging of open items

Monitor changes to internal processes for proper

implementation & resolution of findings
Analyze trends in monetary findings
Analyze trends in process/control gaps
Establish periodic reporting of results

SUMMATION
Managing third-party risk can be a critical activity for many
organizations
An effective vendor management program includes, among
other things, a robust monitoring protocol
Establishing a vendor audit program begins with contract
universe & understanding quantitative & qualitative factors
Performing periodic vendor audits is a sound business practice &
provides insights into trends & issues

8/25/2015

QUESTIONS?

CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

BKD, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as
a sponsor of continuing professional education on the National Registry of CPE Sponsors. State
boards of accountancy have final authority on the acceptance of individual courses for CPE
credit. Complaints regarding registered sponsors may be submitted to the National Registry of
CPE Sponsors through its website: www.learningmarket.org

The information in BKD webinars is presented by BKD professionals, but applying specific information to your situation requires
careful consideration of facts & circumstances. Consult your BKD advisor before acting on any matters covered in these webinars

10

8/25/2015

CPE CREDIT
CPE credit may be awarded upon verification of participant
attendance
For questions, concerns or comments regarding CPE credit,
please email the BKD Learning & Development Department at
training@bkd.com

THANK YOU!
FOR MORE INFORMATION
Shane Torkelson CPA, CISA, CIA
Director Enterprise Risk Solutions
BKD, LLP
2800 Post Oak Blvd., Suite 3200
Houston, Texas 77056
storkelson@bkd.com
713.499.4600

11

8/25/2015

12