If you have worked in-house for more than five minutes, you have probably felt it, you arrive with a remit to “enable the business”, and quickly discover you are also inheriting a backlog of decisions you did not make.

It is rarely malicious. It is usually the by-product of speed, decentralised decision-making, staff turnover, and a genuine belief that “we will tidy it up later”. The issue is that “later” often arrives in the form of an audit, a dispute, a cyber incident, a new regulator expectation, or a procurement reset, and suddenly Legal and Procurement are expected to fix it, fast, with limited context, limited data, and limited goodwill.

This piece is about what is actually happening underneath that dynamic, why it keeps repeating, and a practical way for in-house Legal and Procurement teams to unwind inherited issues without blaming other teams, or burning out.

The “inheritance” pattern: what you are really inheriting

When in-house teams inherit problems, they usually inherit three things at once:

1. Information gaps (missing contracts, missing approvals, missing context).

   
   

2. Process gaps (no consistent intake, no playbooks, inconsistent escalation).

   
   

3. Risk gaps (third-party risk, compliance checks, obligations not tracked).

Those three gaps reinforce each other. If you do not have the information, you cannot run the process. If you cannot run the process, risk decisions get made informally. If risk decisions get made informally, the information gap gets worse next time.

The goal is not perfection. The goal is to convert fragile, person-dependent workflows into repeatable, auditable, and business-friendly habits.

Problem 1: Contract sprawl, “invisible” obligations, and the myth of the single source of truth

A very common inherited issue is surprisingly basic, the organisation cannot reliably answer: What have we agreed to, with whom, and what happens next?

A well-known data point often cited from the Journal of Contract Management is that 71% of companies could not find at least 10% of their contracts.[1] Even if your organisation is “better than average”, the practical reality is that contracts tend to live across inboxes, SharePoint folders, personal drives, vendor portals, and sometimes as scanned PDFs with no searchable text.

EY has also reported indicators of the same underlying issue, including that nearly half (49%) say they lack a defined process for storing contracts after execution, and 90% report difficulty locating contracts due to missing technology or process.[2]

What this looks like day-to-day (examples):

• Procurement negotiates a statement of work, but Legal never sees the final signed version, so no one tracks renewal, liability caps, or audit rights.

  
  

• A business unit signs a “short-form” vendor order, not realising it incorporates online terms that later change.

  
  

• A privacy addendum exists, but it is not attached to the right master agreement, so security obligations get missed during a breach response.

  
  

• Auto-renewals roll over because no one owns the calendar, and the notice window is buried in a schedule.

Why this gets dumped on Legal and Procurement: Because when things go wrong, these teams are the only ones structurally positioned to (a) interpret the obligation, (b) negotiate the fix, and (c) defend the outcome.

A fix that does not require a massive system project

You can dramatically reduce the pain with a “minimum viable repository” approach:

Step 1, declare a contract amnesty (30 days): Invite business units to forward anything that “creates an obligation”, master agreements, statements of work, purchase orders with terms, DPAs, change orders. This is not about blame. This is about visibility.

Step 2, capture only the metadata that prevents repeat pain (start small): At minimum: counterparty, business owner, start date, end date, renewal/notice date, spend band, and risk flags (data access, criticality, exclusivity, indemnities, liability cap).

Step 3, assign business ownership explicitly: Legal owns the playbook and exceptions, Procurement owns the commercial guardrails, the business owns the relationship and performance. If ownership is not explicit, the contract will drift.

Step 4, make renewal governance boring (in a good way): Auto-reminders, a simple renewal decision tree, and a standing monthly review of upcoming renewals. The goal is to eliminate “surprise renewals”.

Problem 2: Process debt, tribal knowledge, and the “who approved this?” problem

The next inherited issue is not the contract, it is the path the contract took.

In-house teams often inherit a process that is:

• unwritten,

  
  

• inconsistent across business units; and

  
  

• enforced mostly by institutional memory.

APQC describes how organisations end up discovering “knowledge gaps” only after productivity suffers, and recommends being proactive through knowledge mapping, which can reveal weak links and bottlenecks in how knowledge flows.[3] APQC also notes that a practical gap analysis can help identify discrepancies between how knowledge currently flows and how it should flow.[3]

What this looks like (examples):

• A sales leader says, “we always accept that clause”, but Legal cannot find evidence of who approved it, or why.

  
  

• Procurement negotiates service credits, but no one agrees internally how to enforce them.

  
  

• A business unit insists a vendor is “too strategic to push”, so exceptions become the default.

  
  

• Staff turnover removes the only person who understood the vendor’s pricing model or data flows.

APQC’s knowledge retention guidance is blunt, if knowledge stays only in people’s heads, it leaves when they leave, and one practical step is to “make it formal”, getting the knowledge down in templates and clear processes.[4]

Fixing process debt without creating bureaucracy

You do not need a 40-page policy manual. You need a few practical assets that teams will actually use:

1) A one-page intake form: This reduces back-and-forth and forces the business to clarify basics, purpose, spend, timing, data access, criticality.

2) A contracting playbook that fits on two pages: Focus on fallback positions and when escalation is required. EY reports that many organisations struggle with consistency, including low adherence to playbooks and limited monitoring for deviations.[2] A short playbook is better than a long one that no one reads.

3) A decision-rights map (RACI) for exceptions

Examples:

• Privacy exceptions, Privacy Officer + Legal.

  
  

• Liability cap exceptions, CFO delegate + Legal.

  
  

• Security exceptions, CISO delegate + Legal.

4) “Two deep” coverage for key vendors: APQC recommends cross-training and duplication, not two people doing the same job forever, but ensuring the organisation is not hostage to a single person’s memory.[4]

Problem 3: Legacy suppliers and third-party risk that no one wants to revisit

Supplier relationships often outlive the people who originally negotiated them. That is not inherently bad, but it creates inherited risk when the relationship is treated as “grandfathered”.

Refinitiv reported research indicating that 43% of third-party relationships are not subject to any form of due diligence checks, even as organisations struggle to monitor third-party risks.[5]

Separately, ISM survey material during early COVID-era disruption showed how quickly supply chains can be impacted, including 62% of respondents experiencing delays receiving orders from China, and more than 44% reporting they did not have a plan in place to address supply disruption from China.[6] The point is not COVID specifically, it is that third-party fragility appears suddenly, and inherited vendor sprawl makes response slower.

What this looks like (examples):

• A “strategic” vendor has broad system access, but the security schedule is outdated, and no one has verified subprocessor changes.

  
  

• An outsourced service has no measurable KPIs, only a vague “commercially reasonable efforts” standard.

  
  

• A distributor or partner arrangement continues with little documented oversight, but regulatory expectations have evolved.

  
  

• A vendor renews annually, but pricing escalators and audit rights are never used.

A pragmatic vendor reset that does not blow up relationships

1) Segment suppliers by risk and importance: Not every vendor needs the same treatment. Focus on “crown jewel” vendors (data access, critical operations, high spend).

2) Refresh due diligence on a rolling basis: Do not try to do everything at once. Start with high-risk vendors first.

3) Attach obligations to owners: Someone in the business must own performance management. Legal and Procurement can support, but they cannot “operate” the relationship.

4) Build a contract refresh pipelineWhen you renegotiate or re-paper, fix the inherited issues then, not by launching a standalone “clean-up project” that never gets prioritised.

Problem 4: Compliance drift and relationship bias, “we trust them” becomes the control

One of the hardest inherited issues is cultural, people bypass controls because the counterparty is familiar, senior, or “important”.

A Starling Trust survey write-up reported that 79% of respondents had skipped compliance checks on customers or suppliers due to existing relationships, and 43% assessed their own compliance maturity at the lowest level.[7]

This is exactly the pattern in-house teams inherit, controls exist on paper, but exceptions become normalised, and the organisation loses the ability to demonstrate consistent governance.

What this looks like (examples):

• “We do not need to run privacy checks, it is a household-name vendor.”

  
  

• “We will sign first and tidy later, because the CEO wants this live next week.”

  
  

• “We have worked with them for years, do not make it difficult.”

Fixing compliance drift without turning Legal and Procurement into blockers

1) Replace judgement calls with risk-based gatesNot “every contract needs Legal”. Instead: “these risk triggers need Legal”.

2) Build an exceptions register, then use it constructivelyTrack exceptions, not to shame, but to show patterns, and justify playbook updates.

3) Give the business faster “safe paths”If the compliant route is slow and unclear, bypassing becomes rational. Your best control is often speed and clarity, not enforcement.

4) Use metrics that matter to business leadersContract value leakage is a useful framing. Deloitte notes an average contract can lose 8.6% of its value over its lifecycle, which scales into material losses across a portfolio.[8] That is an operational argument, not just a legal one.

A 90-day plan to reduce inherited pain (without a reorganisation)

Here is a practical sequence that usually works in real organisations.

Days 1–30: Visibility and triage

• Stand up the minimum viable repository (or at least a central register).

  
  

• Run the contract amnesty.

  
  

• Identify top 20 vendors by risk or spend.

  
  

• Define “red flag triggers” that require Legal or Procurement involvement.

Days 31–60: Standardise the repeatable work

• Publish the two-page playbook and fallback positions.

  
  

• Implement the one-page intake form.

  
  

• Establish renewal governance and reminders.

  
  

• Start knowledge mapping for the contracting process, APQC’s approach is useful here.[4]

Days 61–90: Reduce exception pressure

• Launch a rolling due diligence refresh for high-risk third parties.[5]

  
  

• Create a standard exception pathway, with decision rights.

  
  

• Use cross-training to reduce person-dependence.[9]

  
  

• Report a small set of metrics to leadership: cycle time, exceptions, renewals, and top risks.

The tone matters: how to fix inherited issues without blaming other teams

If you want the organisation to adopt better habits, the narrative cannot be “everyone else did it wrong”. A more effective framing is:

• “We are making this easier for you” (faster contracting lanes).

  
  

• “We are reducing surprises” (renewals, obligations, audit readiness).

  
  

• “We are protecting the relationship” (clear expectations reduce disputes).

  
  

• “We are protecting delivery” (vendor risk and performance governance).

That approach attracts allies instead of defensiveness, which is essential because inherited problems are not fixed by Legal or Procurement alone, they are fixed by changing how the organisation behaves.

Where technology can help (briefly)

Once you have clarified the minimum data you need, the playbook you want enforced, and the decision rights for exceptions, you can use tooling to reduce manual effort, speed up reviews, and keep registers and renewal reminders accurate. That is the point where a platform like Contract Cloud can help by supporting playbook-based review, contract register creation, and ongoing obligation and renewal tracking, without the process living in people’s inboxes.

Sources

1. [1] Laura Plimpton, “Do You Know Where Your Contracts Are?”, Entrepreneur (19 June 2008) — Link.

2. [2] EY, “The General Counsel Imperative: How does contracting complexity hide clear profitability?” (12 May 2021) — Link.

3. [3] Lynda Braksiek, “What Causes Knowledge Gaps?”, APQC Blog (29 June 2023) — Link.

4. [4] APQC, “6 Proven Knowledge Retention Ideas To Avoid Disaster”, APQC Blog (17 February 2017) — Link.

5. [5] Refinitiv (now part of LSEG), “Refinitiv survey exposes severe lack of due diligence on business supply chains” (18 May 2020) — Link.

6. [6] Institute for Supply Management, “Coronavirus Outbreak in China: Impact to Supply Chain” infographic (survey Feb–Mar 2020, published 2020) — Link.

7. [7] Starling Trust, “Survey Finds Companies Sacrificing Compliance for Performance” (13 November 2024) — Link.

8. [8] Peggy Pauwels and Catherine Poole, “Driving value from your contracts: contracting excellence”, Deloitte Legal Briefs (19 September 2024) — Link.

9. [9] AberdeenGroup, “The Contract Management Solution Selection Report” (June 2005) — Link.