This incredibly useful thread was posted earlier today. All of the posts struck me as Really Good Advice, except this one which set off alarms and sirens in my head. This is more info about why, for the small/indy contractor trying to land gigs. 1/n

https://twitter.com/QuinnyPig/status/1133460562568814592

So, boys and girls and non-binary peeps - grab your smores and gather round the Compliance Campfire cuz we’re gonna talk about one of my FAVORITE subjects – VENDOR PROCUREMENT PROCESSES!

2/n

This is based on my experience working in orgs with procurement teams and in-house counsel, and procuring and onboarding vendors large and small – from international consulting shops to indy contractors who self-incorporated. 3/n

"But whoTF are YOU, @secwonk311?" i hear you thinking loudly

I'm just a dude who now offers contracted services to orgs with procurement teams and in-house counsel. One of those services is auditing their Procurement & Onboarding processes they used to hire me, and you. 4/n

1st, @QuinnyPig is right in that it is "a great end-run" around large corp legal teams when you're trying to land a big client in a hurry. Corp Legal Teams, as we know, are often the cause of delays in getting contracts signed, & can drive up costs with rounds of redlines. 5/n

So anything which 'shortcuts' that process and gets you signed deals so you can get back to the business of delivering your services and makin it rain should be good, ya?

ya no. not this time, Mr. or Ms. Small Privately-Owned Business Owner. Here's why that's a trap.

6/n

In typical med to large orgs, there are 5 players involved in a contract:
1) Client contact
2) Service provider
3) Procurement
4) Finance
5) Legal

I used to be the client, now I'm a svc provider (#2). If you're an indy consultant or small business serving clients, you're #2. 7/

The process goes like this:

#1 says "I need a thing".
- PROCESS INITIATED -

#2 says "We do that!" & sends a proposal.

#1 says "I want that!" and decides to hire #2.

With small businesses or very simple deals, that may be all there is to it. Client signs, off you go.

8/

With med-large enterprises, regulated corps, or deals involving trade secrets & intellectual property (INCLUDING YOURS), the next step is prob for the client to say "Ok we'll send this to Procurement & be in touch."

But all you hear is "LETS LOWER UR MARGIN THANKS TO REDLINES"

So what's actually happening there is your client is sending your proposal + any terms you included to their Procurement team and their lawyers.

Procurement is responsible for setting you up as a vendor. They check your W9, D&B/credit report, and get you entered as a payee. 10/

This is because in orgs with well-defined accounting practices, the same person cannot create a vendor who can also approve a payment to the vendor. That prevents self-dealing and embezzlement, and maintains separation of duties.

That Procurement rep may also talk to you... 11/

..about terms you included w/ your proposal.

If you're nice to them, they'll probably tell you up front what terms and conditions (T&Cs) their company likes and doesn't like - this can save you much time & legal counsel $$, so ask nicely, be kind, and pay a bloody ttention.

12/

Internally, the Procurement team is also looking at incoming vendors and contracts to make sure your pricing isn't egregious, the project/contract scope is relatively well defined (not just "I do things now pay me"), and if necessary will comp your bid against other vendors. /13

Procurement is also trained to watch for indicators of fraud and scam/spam businesses.

Now, if Procurement doesn't like something - your pricing, your BBB/D&B or credit rating, or terms in your proposal - they'll tell your client what their concern is. Depending on your biz,
/14

That could be "They need a lot more insurance" to "We need references" or spending limits & payment terms.

Then it's up to your client to decide if the problem is really a problem, & how much they want to work with you to fix it vs just finding another provider. /15

Once Procurement decides they like your proposal and your pricing, they add you as a vendor and forward your contract on to Legal.

Legal's looking at things differently than Procurement. And they like redlines.

/16

Figure 214: Chief Counsel in charge of Your Pending Contract.

Legal's looking at your contract or proposal and asking themselves

1) How can this damage us
2) How can we limit that damage
3) How can we cancel everything at will
4) How can we own everything

1, 2, & 3 are their role in managing risk. 4 is just how they roll.

/17

Legal WANTS to know that if you're handling their sensitive data (customer lists, trade secrets, IP) that you'll do it well.

but as they read your contract they're asking "How can I keep this from becoming a cratering hole in the ground if YOU (Service Provider) screw up?"

/18

This is where back-and-forths between Client/Lawyers and the Vendor (you/me) can get expensive. Lawyers write overprotective redlines you can't agree to, you send it to your lawyer who charges you $CASH to read it then say "We can't accept this", then more $CASH to counter.

/19

"But this is crap! ($Thing) could never happen to me!" they all say about $ThatOneRedline.

they ALL say.

This part of the process, Your Client is trying to limit their damages in the event you: get hacked, go out of business, leave their $billions of IP in an airport, ... /20

...go on YouTube and post a video of ThatOneTime, give your VPN creds to an overseas subcontractor before billing for reading cat posts all day, post a picture of your new employee access badge (& name and photo & possibly facility code) on LinkedIn, and...and...and...

/21

Because you're a small vendor who prob used a LegalZoom form, they know right away several things:

1) you don't have an army of high-cost lawyers at your disposal
2) because of #1, they can push for very them-favorable terms
3) if something goes wrong, they can blame you.

/22

This is your opportunity to
1) make sure you aren't being saddled with burdensome requirements
2) make sure you have legal protection or liability & damage control

BUT WAIT, YOU CRAFTY BASTARD. YOU DID AN END RUN! YOU ACCEPTED PAYMENT IN LIEU OF SIGNATURE & STARTED WORK!

/23

Ok it's legit taken me 24 tweets to get to the real part of the thread and i'm so sorry i hope this is worth it.

HERES WHY THAT END-RUN PUTS YOU, MR/MS SMALL BUSINESS OWNER-OPERATOR, AT A SIGNIFICANT DISADVANTAGE.

Did your contract, proposal, or SOW specify terms?

/24

If you spent beaucoup buck$ having a lawyer expertly craft your contract terms which you include with every proposal & which explicitly cover everything from deliverables to payment deadlines to dispute resolutions to setting liability and responsibilities, then you're fine.

/25

But if you sourced a template from Google, or asked a shop like LegalZoom to give you a one-size-fits-all form, or something OTHER than "I hired a lawyer for this contract", then there's a very real chance those generic terms your client just accepted leave you exposed. /26

Now that's the business risk to YOU as the service provider.

Internally, unless that client who Cut a Check In Lieu Of Payment is the CEO or Chief Counsel, they just sidestepped a LOT of processes businesses use to protect against fraud, self dealing, and embezzlement. /27

That act of process-sidestepping in itself sets off red-flags in big orgs, regulated orgs, & orgs with lots of lawyers. Big orgs with lots of assets ($$$) can't have any rando exec or manager deciding "LETS DO BUSINESS TOGETHER!" and agreeing the company to who-knows-what. /28

The worst-case scenario for a corp is that manager decides to do business WITH THEMSELVES, writes their own proposal from their own company, and then (as client) accept their own proposal and pay themselves for a job well done. It happens. /29

mlive.com/news/grand-rap…

So right off, your client is running the risk of getting in trouble by just providing payment, by default accepting your terms (if any) in the contract, and potentially skipping a legal/procurement review. That's a BIG no-no.

BUT, if they have Legal's or another auth'd OK... /30

Then it comes down to terms and exposure.

For a small business owner-operator, what appears to be a short-cut to getting to Ye$ can leave you up a creek in a dispute, or if a disaster happens like a breach or hack via your systems. Be prepared.

/31

healthleadersmedia.com/atrium-health-…

Well-defined terms, including:
Deliverables & schedule
Your responsibilities to safeguard their data & IP
Your liability & damage limits
Contract change management
Dispute resolution
Deliverables acceptance & Payment schedule

Will cover most bases, but get a lawyer!

/32

A lawyer's help in preparing a boilerplate set of terms & conditions that you include with your contracts/proposals can pay off for YEARS, esp if you feel comfortable negotiating terms yourself from that foundation. That can save you time AND limit your liability! Win/Win!

/33

This thread was brought to you by the letters

P for Business Processes
S for the Scotch required to reach 34 tweets
and A for ALL THAT BIZNESS YOU'RE GONNA GET

Now go be awesome and land them dealz, Mr & Ms. Independent Business Owner.

Seemed relevant:

https://twitter.com/jbizzle703/status/1133921458193911809?s=21