In many community and non‑profit organisations, IT starts with goodwill. A friendly IT firm offers to “help out,” sets up email and cloud services, and everyone is grateful that things “just work.”

Problems only appear later, when the invoices arrive.

Recently, a small governing body in the sports sector found itself facing a substantial IT bill covering services and licences going back almost two years. There was no written contract, no clear record of what had been agreed, and no obvious audit trail of previous invoices for the same services. The situation has become a case study in why robust governance and procurement processes are not a luxury, but a necessity.

The cautionary tale

In this case, a volunteer‑run organisation had relied on a single IT supplier to set up and manage its cloud tenancy, user accounts, and ongoing support. The supplier also arranged and controlled the organisation’s email and productivity licences.

Much of this relationship was based on informal conversations and good faith. Over time, the supplier provided a mix of configuration work, user support, and licence management, but without a formal, written agreement that set out which parts were chargeable and on what terms.

Two years later, the organisation received a sizeable invoice. It covered licence costs reaching back to the start of the relationship, even though no prior invoices or documentation of those charges could be found in the organisation’s records. The invoice landed just as the organisation was trying to get proper control and documentation of its cloud tenant so it could decide how to move forward with a very short “payment due by” of 36 minutes.

When the organisation asked for evidence – previous invoices, written approvals, or emails showing that the costs had been agreed – the supplier pointed to historic, informal discussions with a couple of officers and insisted that the invoice “stands” because the licences had been used. For a publicly funded governing body with strict accountability requirements, “we talked about it in person a while ago” simply wasn’t good enough.

Despite their concerns, the organisation paid a large invoice within 30 days in an effort to resolve the issue and act in good faith. After payment, they struggled to get the supplier to even confirm receipt or to take timely action on simple requests relating to their tenant, while the supplier was nevertheless responsive to other third‑party contacts. What began as a relationship built on goodwill had turned into an uncomfortable and potentially reputationally risky situation.

Where governance broke down

This story illustrates several governance gaps that many charities, clubs, and small governing bodies will recognise:

• No formal procurement process
  The IT relationship started informally, without a competitive process, clear scope, or documented commercial terms. That opened the door to misunderstandings later about what was free, what was chargeable, and when costs would be billed.
  
• Lack of written agreements
  Key points – such as whether licences were being supplied at cost, on credit, or free of charge as a favour were not recorded in a contract, service schedule, or even consistent email trail. When disputes arose, everyone was relying on memory rather than documentation.
  
• Weak financial controls and audit trail
  There was no clear record of prior invoices for the same services, no minutes confirming that ongoing licence expenditure with that supplier had been approved, and no budget line that clearly matched the eventual invoice. That left officers in the impossible position of being asked to approve a large back‑dated bill with nothing formal to point to.
  
• Single‑supplier dependency
  The supplier controlled both the cloud tenancy and the flow of billing information. When the relationship deteriorated, it became difficult for the organisation to get basic clarity or to move quickly to an alternative provider.

What ethical suppliers do differently

Most reputable IT suppliers understand that small organisations still need strong governance. Ethical providers typically:

• Put clear written proposals and contracts in place, even when “doing a favour”
• Separate “goodwill” work (genuinely free) from chargeable services, and label them explicitly
• Invoice regularly and promptly, rather than retrospectively for years at a time
• Provide clear licence reports, usage summaries, and documentation that finance officers and auditors can understand
• Respond professionally to reasonable questions, including requests to evidence agreements or confirm receipt of payments

When a supplier instead relies on verbal understandings from years ago, issues large retrospective invoices without supporting paperwork, and is slow or evasive in confirming payments or carrying out agreed actions, it should raise red flags for any board or executive committee.

Practical steps for better IT procurement and governance

To avoid ending up in similar situations, organisations can take a few practical steps:

1. Always document the relationship
   • Require a written scope of services, pricing, and billing frequency before work begins.
   • Ensure both sides sign or explicitly accept it, and store it centrally.
     
2. Keep procurement transparent
   • For significant IT spend, seek multiple quotes or proposals.
   • Record the basis on which a supplier was chosen – value, expertise, service levels – in meeting minutes.
     
3. Define who can commit to spend
   • Make it clear which roles have authority to agree contracts or ongoing costs.
   • Capture those approvals formally (e.g. minutes, signed order forms, or written sign‑off).
     
4. Insist on regular, timely invoicing
   • Avoid open‑ended, “we’ll bill you later” arrangements.
   • Question any invoice that attempts to retrospectively charge long periods without previous billing, especially where no contract exists.
     
5. Maintain an IT governance file
   • Keep copies of contracts, licence reports, invoices, and key correspondence in a shared, organised repository.
   • This is invaluable for officer handovers, audits, and resolving disputes.
     
6. Avoid single‑point dependency
   • Maintain admin‑level access to your own cloud tenant and domains.
   • Ensure more than one officer understands the basics of the setup and has the necessary credentials recorded securely.
     
7. Escalate early when behaviour feels off
   • If a supplier’s conduct begins to feel unprofessional or evasive – for example, delayed confirmations of payment, inconsistent stories, or reluctance to provide documentation – raise it early with your board and, where appropriate, with the vendor ecosystem or relevant oversight channels.

Turning a bad experience into stronger practice

The real world experience above is uncomfortable, but it’s also an opportunity. By tightening governance and procurement processes, organisations can:

• Protect themselves from unexpected or unsubstantiated invoices
• Reduce the risk of conflicts of interest and accusations of poor financial stewardship
• Ensure continuity when volunteers or officers change
• Attract and retain professional, ethical suppliers who are comfortable working within clear rules

Goodwill is valuable, but it is not a substitute for governance. The lesson is simple: even when everyone starts with the best of intentions, write it down, agree it up‑front, and make sure your organisation, not just your supplier is in control of its IT.