1

Review and Approval - Delegated Agencies

State Controller Policy

Effective Date: 01/06/2009

Approved by: Robert Jaros, CPA, MBA, JD, Colorado State Controller

Authority

Individuals within the Agencies delegated by the State Controller to sign contracts (“Controller Delegates”) may sign State Contracts, as described in Fiscal Rule 3-1, only under their delegation in accordance with this policy.

What are the Risk Levels?

There are three different levels of risk:

  • High Risk. These are contracts and modifications that have a high risk due to the nature of the contract or modification, contract terms, and potential of non-performance or delayed performance, that will result in a significant financial impact to the State, have a significant legal or political impact in the interpretation or implementation of the contract, or create a significant financial or operational risk to the State.
  • Low Risk. These are contracts and modifications that have a low risk of due to the nature of the contract or modification, use of approved terms and conditions, and unlikely potential of non-performance or delayed performance, are not subject to significant legal or political issues, and do not otherwise create a significant financial or operational risk to the State.
  • Undetermined Risk. These are contracts and modifications that cannot, by their nature, either create any risk to the State or change the risks associated with an existing contract.

How do I determine the Risk of a Contract?

Each Agency shall determine the risk level of all contracts and modifications. Risk levels are determined as follows:

  • Automatic High Risk. All of the following contracts shall always be determined to be high risk under this policy:
    • Certificates of participation for shares of lease revenues.
    • Contingency contracts, as defined in §24-17-203, C.R.S.
    • Contracts and modifications that are subject to a Statutory Violation that have not been ratified. See State Controller Policy entitled “Statutory Violations”.
    • Contracts concerning the operation of prisons.
    • Contracts containing a limitation of liability, including limits on actions for which they are liable, the dollar amount of damages, the types of damages, the source of damage payments, or some combination thereof, unless the Central Contracts Unit (CCU) or State Controller and Risk Management has determined in writing that the limitation of liability does not make the contract automatic high risk.
    • Contracts containing modifications to provisions that require a fiscal rule waiver, such as changes to the special provisions, unless the CCU or State Controller has determined in writing that the fiscal rule waiver does not make the contract automatic high risk.
    • Contracts where a party is a Native American tribe, unless on an unchanged CCU model contract form specifically designed for use with that Native American tribe.
    • Dangerous activities contracts for services that are inherently dangerous, that are likely to result in strict liability if the activity causes harm or that can cause significant harm even if performed properly.
    • Debt collection contracts associated with any services for the collections or recovery of amounts due the State not procured under a State price agreement.
    • Employee voluntary separation agreements for either classified or non-classified employees.
    • Energy performance contracts under §24-30-2003, C.R.S.;
    • Federal government contracts with agencies of the federal government unless on a CCU model contract form without material changes.
    • Financing contracts where a third party will provide financing to the State, such as where the third party provides a loan to the State or where the third party will provide the initial funding money that the State will repay to the third party from later revenues.
    • Financial systems contracts for the acquisition of new or the replacement of existing financial systems.
    • Legal issues contracts with technical legal issues requiring an opinion from the Office of the Attorney General.
    • Lease with an Option to Purchase.
    • Hazardous materials contracts involving the handling, removal, treatment, movement, installation, and disposal of hazardous materials; any other materials, substances or wastes that are subject to increased liability under any state or federal environmental laws; or materials, substances or wastes that are dangerous instrumentalities.  This does not include contracts for the discovery, analysis, study, and review of such materials.
    • Information technology services, except for purchases of consumer-off-the-shelf software licenses, maintenance agreements for consumer-off-the-shelf software or licenses to access databases or web content. This includes contracts for information technology goods if they are provided in conjunction with services.
    • Contracts entered into by the Department of Personnel and Administration for the entire State, such as the RTD Eco Pass Program.
    • Main task order contracts and task orders issued under those contracts.
    • Outsource contracts as defined in Fiscal Rule 3-1.
    • Settlement agreements that settle claims between the State and individuals and between the State and contractors.
    • Statewide price agreement contracts and information technology enterprise agreements.
    • Water rights contracts involving the purchase or sale of water rights. This does not apply to:
      • The purchase or sale of water rights and/or shares of stock in an irrigation district, a water district, a mutual ditch company, a water company, or similar entities included as part of or associated with the purchase or sale of real property.
      • Participation in substitute water supply plans or in plans for augmentation of water resources.
      • The purchase or sale of fully consumable water.
  • Automatic Low Risk. All of the following contracts and modifications shall always be determined to be low risk under this policy:
    • Amendments that restate the contract to include all prior amendments and modifications in one updated document, that make changes required by and consistent with State law, that do not materially change the scope or requirements of the contract, or that reduce the scope and cost of the contract.
    • Contracts for a specific program for which the Agency has received prior written approval from the CCU or the State Controller for a specific template agreement, and the Agency uses that template agreement without making any material modification.
    • Grant Funding Change Letters used in compliance with the State Controller Policy entitled “Modification of Contracts – Tools and Forms”.
    • State-wide pre-approved contract forms, such as Office of the State Architect capital construction and controlled maintenance work authorizations, change orders, supplements, code reviews, and architect and engineering base agreements used without making any material modification.
  • No Risk Contracts. The following contracts and modifications shall always be considered to be a no risk contract regardless of whether the contract is also included as an automatic high risk contract under §2.a above:
    • Option letters used in accordance with the State Controller Policy entitled “Modification of Contracts – Tools and Forms”, unless the contract the option letter modifies is subject to a Statutory Violation that has not been ratified (See State Controller Policy entitled “Statutory Violations”).
    • Amendments that do nothing more than the following, unless the contract that the amendment modifies is subject to a Statutory Violation that has not been ratified (See State Controller Policy entitled “Statutory Violations”):
    • Interagency Agreements where all parties are Agencies of the State or are State Institutions of Higher Education. This does not apply if any of the parties are separate authorities, other governmental entities or political subdivisions.
  • Undetermined Risk Contracts. For each contract or modification that is not an automatic high risk, automatic low risk or a no risk contract (an “undetermined risk contract”), the Agency shall evaluate the risks associated with the contract to determine if the contract is high risk or low risk based on the following factors:
    • Contracts that do not address all attendant risks related to the work contained in the contract are more likely to be high risk than those that do address all of those potential risks.
    • Contracts that have unusual provisions with which the Agency has little experience or has changes to the standard terms and conditions outside of those specifically allowed by the templates promulgated by the Office of the State Controller (“OSC”) or other State Controller Policies are more likely to be high risk contracts than those that use all of the terms and conditions in a template without modification. Contracts that use standard attachments, such as a HIPAA Business Associate Addendum with modifications to that standard document are more likely to be high risk than those that use those documents without modification.
    • Contracts of very high dollar values or that have significant financial risks outside of the payment to the contractor are more likely to be high risk contracts than those with smaller dollar values. Significant financial risks outside of the payment to the contractor may exist when a contractor has access to large quantities of State funds that may be intentionally or accidentally distributed to other entities improperly or when failure to perform may subject the State to significant penalties or loss of funding from another source. Also, what is determined as a “very high dollar amount” may be evaluated against other contracts with which the Agency has experience, and so an amount that is considered “very high” for one Agency that usually has much smaller contract amounts may not be considered “very high” for another Agency that regularly has contracts of larger amounts.
    • Contracts with very broad or indefinite statements of work are more likely to be high risk than a contract with a very specific statement of work where the State can easily monitor performance, identify non-performance, and take appropriate action for non-performance. Also, contracts where payment is made on a regular basis without being tied to any specific performance is more likely to be high risk than contracts where payment is tied specifically to the delivery of certain items, achieving certain goals or meeting certain standards or milestones.
    • Contracts for highly complex or new projects are more likely to be high risk than contracts for routine projects.
    • Contracts with vendors that have little or no history of successful projects with the State, or have had projects with significant problems or failed projects, are more likely to be high risk than those with vendors who have had a long history of successful projects.  Modifications to contracts where a vendor has failed to perform or had performance issues in the past are more likely to be high risk than those where the vendor has performed in compliance with the contract throughout its term.
    • Contracts that directly impact citizens of the State are more likely to be high risk than those that only impact State employees.

Agencies shall use a form substantially similar to the risk assessment forms, either for a new contract or for a modification as appropriate, included with this policy to document its determination of whether an undetermined risk contract is high risk or low risk. No contract or modification, other than those specifically described in §2)c, shall be considered a no risk contract.

Who is Responsible for Determining the Risk of a Contract?

The Controller Delegate who will sign a contract is ultimately responsible for ensuring that they have the authority to sign the contract based on the risk of that contract. The Controller Delegate may delegate the responsibility for completing a risk assessment and documenting the determination of the actual risk of an undetermined risk contract to another staff member of the Agency including, without limitation, a sub-delegate shown on the Agency’s delegation agreement from the State Controller or a member of the purchasing or contracts staff of the Agency.

What Contracts may a Controller Delegate Sign?

A Controller Delegate for an Agency may sign a contract that is determined to be a no risk contract or is determined to be low risk. A Controller Delegate may only sign a contract that is determined to be a high risk contract if the delegation agreement between the Controller Delegate and the State Controller specifically allows the Controller Delegate to sign that contract.

What does an Agency do with Contracts its Controller Delegate Cannot Sign?

Any contract that a Controller Delegate for an Agency cannot sign shall be sent to the CCU for signature as described in the State Controller Policy entitled “Routing of Contracts and Grants”. Regardless of the determination of risk, an Agency may send any contract to the Central Contracts Unit for signature if the Controller Delegate believes it is in the best interest of the State to do so or if there is no Controller Delegate available to sign the contract.

 

 State Controller Policies