Contracting is generally used when talking about outsourcing, but this is not always the case. Contracts can be between the organization and the customer or partners. A contract is an agreement between or among two or more persons or entities (business, organizations, or government agencies) to do, or to abstain from doing, something in return for an exchange of consideration. If the terms of a contract are breached, the law provides remedies, including recovery of losses or specific performance. A contract is written documentation of a "meeting of the minds" and contains the following five elements:
The IS auditor might encounter a variety of contracts. The following paragraphs outline some of the more common contract types. Employee ContractsThe employment contract is a specific type of agreement and differs slightly from a traditional contract. The offerer (employer) makes a one-sided promise (unilateral), and the offeree (employee) accepts the offer "at-will" based on continued performance. The employee is not bound by the contract because he or she can leave the employer at any time, but the employer is bound to the conditions of the contract and is the only entity that can breach the contract. Employment contracts stipulate titles, responsibilities, performance criteria, and compensation. Employment contracts cannot state the period of time that an employee must work for the employer because this is not enforceable under the law. Confidentiality AgreementThis is an agreement between employee and employer or, in some cases, partners (with trade secret agreements). The agreement stipulates that the parties agree not to divulge confidential information that they might come in contact with during the course of the agreement. These agreements have specific time periods and should state the information being protected, list the appropriate uses of the information, and identify remedies if the information is divulged. Trade Secret AgreementsThis is an agreement that protects the trade secrets of an organization from disclosure. Such disclosure would negatively affect the economic viability of the company. It is important to note that trade secret agreements are enforceable for an indefinite period of time because when an organization reveals a trade secret, it is no longer protected as intellectual property. Discovery AgreementsWhen an employee is specifically hired to develop ideas or innovations, there is a risk to the organization that the employee might claim these as his or her own intellectual property. With a discovery agreement, the employee agrees to transfer ownership of the discovery to the employer. Noncompete AgreementsThis type of agreement is normally put in place when, through the course of work with the employer, the employee learns how the company is successful in relation to its competitors. This might include a business, manufacturing, or sales process. Knowledge of this process would allow the employee to directly compete (either individually or with a competitor). The noncompete agreement must be reasonable with regard to time frame (it cannot be indefinite) and geography, and it cannot unduly restrain an employee from making a living in his or her field. Contract Audit ObjectivesThe following bullets outline an excerpt of audit objectives for a contract audit. The objectives might change based on your organization, but we have included some of the more common objectives:
An IS auditor likely will audit a variety of contract vehicles, and it is important to know the differences in what is enforceable (legal) and what is not. The IS auditor must ensure that the contracts have the basic elements outlined and have been executed correctly, and that the contracts have legal review before execution. The organization should assign responsibility for regular review of contract dates and performance measurement, and should ensure that payments are made in accordance with the stipulations of the contract. |