Over the past two months, Commercial Integrator has presented comments from multiple leading ASCII Group members, all of them addressing the same topic: what to do when client relationships get difficult. Such problems, of course, can manifest themselves in several ways. For example, they can materialize as nonpayment or late payment of invoices due, as continual cybersecurity lapses that expose IT providers to unnecessary risk, or as disagreements about service levels or support hours. Over the past two months, a range of ASCII Group members have lent their insights on how to handle these vexing issues.
This month, we shine the spotlight on a single member: QPC Security’s Felicia King. What follows is her detailed advice on defusing potentially difficult situations while, at the same time, both protecting client relationships and ensuring your business’ financial welfare. This is the third and final part in this series. We hope you enjoy it.
Billing and Payment Issues
Having been in the consulting industry for 29 years, I’ve found that there are two primary methods of avoiding problems.
First, have a clear master service agreement (MSA) with a supplementary FAQ that clearly spells out how financial transactions will be conducted and what the billing terms are. Manage expectations effectively. We convey to clients that we do not wish to spend time doing collections or additional unnecessary accounting transactions, which would take away from our capacity to deliver services to clients who pay on time. Therefore, our terms are our terms.
Second, work on retainer or get payment upfront. Amazon is not going to ship products to the client unless the client pays for them. They should not expect you to provide discounted pricing while simultaneously subsidizing their cashflow; something like that would never occur with an ecommerce vendor. There is a tremendous amount of control and clarity that exists when a client pays upfront. If they are invoiced and they pay the invoice for the product, that means they wanted it. The client can control the level of services you provide if you work only on retainer or prepayment. If they don’t pay, you don’t do the work. Therefore, the client is in control.
Here are some key takeaways to keep in mind:
- Either work on retainer or bill one month in advance.
- Bill annually for things that should be annual subscriptions or services. Reducing the frequency of billing and accounting transactions reduces the costs for all parties.
- Reduce your accounting-transaction costs and those of your clients.
- If a client has a question about a bill, respond to the question immediately.
- Use a secure payment gateway that is both low cost and high trust. We do not use ACH because we have no wish to know the client’s bank-account information, nor are we interested in directly debiting a client’s checking account. Instead, we have found that Bill.com is extremely economical and highly secure; moreover, the client is in full control of payments. Credit-card transaction fees are also avoided in this way. Bill.com is widely used by businesses in every industry, and CPAs and CFOs regard it highly.
- Don’t mix products and services on the same invoice. This helps your client track differentiation in their own chart of accounts. It is important that they track M365 licensing separate from your MSP services. They must track their annual or recurring expenses separately from project expenses. If this is not proactively managed, the client can easily end up with an unsegmented chart of accounts. As a result, they could develop a perception that the MSP is overly expensive because the only cost-analysis mechanism they have is “sales by vendor.” Do not assume that accounting-expense segmentation is being done well, even in large organizations.
Cybersecurity Posture Lacking
Information-security risk management is ultimately a business-risk decision. That requires client executives to make informed risk decisions. In 98% of cases, business owners and executives do not make time for meetings to become informed business-risk deciders as it relates to information-security risk. Inadequate cybersecurity posture is just information-security risk that is not properly being managed.
As a CISO, I find that the most effective strategy is to attempt to educate the client over time. Respect that they must make risk decisions and convey a simple message: All you seek is for them to make informed risk decisions. Simultaneously, it is necessary to share with clients the liability-management requirements of the MSP. For example, that might mean that you are required by your cybersecurity or errors and omissions (E&O) insurance to offer certain services to all clients because doing otherwise is not defensible.
Document the ways in which you have communicated to the client these necessary services, their value, the risk mitigation they provide and their costs, whether via emails, proposals or meetings. If the client declines a service, send them a polite follow-up email, thanking them for their time to become an informed risk decision-maker. Include information regarding how you will be there for them if they change their mind. But be sure to include written notification that, by virtue of them declining that service, they do not have a legally defensible information-security risk-management posture and may be invalidating their legal and insurance protections. Politely also make it clear that the MSP cybersecurity-insurance policy does not offer coverage to the client.
Include at the end of every statement of work (SOW) or proposal a section about legal compliance. Every SOW must also include a section on client responsibilities related to the service.
Disputes About Service Levels, Support Hours
Ideally, a well-established and well-communicated support policy would be proactively known to all parties involved. Resolving disputes about service levels or support hours is no different from resolving disputes regarding any other aspect of the relationship.
- Proactively communicate the policies and procedures in advance in order to manage expectations.
- Identify if clients believe they need service levels or support hours outside what is in the existing support policy. Determine if the MSP is willing to modify the support policy to include additional service levels or support hours, as well as how that affects fees.
- Each time someone is emotional about the topic, listen and have empathy, while remaining calm. However, direct them back to the support policy. It might be detrimental to be accommodative in violation of the support policy simply in order to resolve a person’s emotional distress because, if you are accommodative, they learn that kind of behavior will elicit a response that is beneficial to them but not beneficial to the MSP. Abusive client staff can be the reason why an MSP loses valuable employees. It is important for MSP management to support MSP staff.
Felicia King is president of QPC Security, vCISO and security architect. Get more information at QPCSecurity.com.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!