Why your business needs a risk management plan

Risk management is a growing responsibility for legal departments and in-house counsel. While the responsibility to protect the company’s value and assets has always fallen of the shoulders of legal departments, the process of identifying, assessing and managing risk is increasing being done by General Counsel.

According to a NYSE Governance Services and Barker Gilmore study of US corporate directors and executives, the role of the GC “continues to evolve, with 14% currently acting as chief risk officer, a number that is expected to more than double to 31% by 2020.”

But that’s not all.

Due to their increased role in managing regulatory and compliance work, as well as reporting on strategic value, GCs are gaining more influence in the board room. With this influence, GCs are also taking much more of a managerial approach, helping each individual department manage their legal risks proactively. To this end, GCs needs to take time the time to communicate legal risk and how it affects the business.

A recent Legal Risk Benchmarking Report by Berwin Leighton Paisner, found that legal risk is poorly understood outside the in-house counsel. Furthermore, the same report found that GCs and the rest of the organization hold contrasting beliefs that legal risk information is being used to inform strategic decision making at board level.

While this paints a fairly negative picture of how legal risk is understood outside the in-house consel, it illustrates the need to find a systematic approach to identifying, assessing, managing and reporting on legal risk.

To improve understanding of the legal risks and strategic value across the entire business, GCs need to implement a risk management plan that provides an accurate assessment of all the legal risks.

What is risk management?

Risk management refers to the process of identifying, assessing and controlling the many risks that can affect a company’s ability to achieve objectives. The aim of risk management is to determine the “sweet spot” between risk level and return to ensure that your business is leveraging opportunity and achieving overall goals. By understanding risk, General Counsel can create legal solutions – like automated processes, templates, controls, etc. –  that generate real value for the organisation, resulting in a more strategic role for in-house legal in defining and achieving the business’ overall objectives. And, by working together with the rest of the business, General Counsel can drive a culture of proactive risk management within the entire organisation.  

How is your business managing legal risk?

When it comes to implementing a risk management program, organizations tend to fall into one of the following three scenarios:

• No risk management. Organization responds to incidents and uses ad hoc case management. At this level no major actions are taken to manage risk.
• Qualitative risk management. At this level, risk is assessed using empirical data, assumptions or past experiences, and stakeholders take little action.
• Quantitative risk management. At this level, analytics, relevant data and automated workflows help stakeholders collect predictive and statistical data to control and mitigate risk.

Clearly, where no risk management exists or where assessment is purely qualitative, colleagues outside the legal department will have difficulty understanding how managing risk can provide value. Instead, with quantitative assessments, value can be tied to financial losses / gains and stakeholders can become active participants in managing risk. While the goal is to become as quantitative as possible, there is no consensus as to how companies should set up their operational legal risk management processes. Here we will offer a simple 7-step approach to implementing a risk management program in your organisation.

7 Steps to Managing Legal Risks

Setting up a risk management program can be daunting. For that reason, we’ve split up the steps into 7 easy areas that you can work through at your own pace, which you can also see illustrated in the infographic below.

1. Set the scope & rules – What entities are involved? What is your organisation’s risk appetite?
2. Identify your legal domains – Is your focus on contracts, claims and/or assets?
3. Involve the organisation – Who is impacted by risk? What departments, employees, etc.
4. Collect relevant data & identify risks – Define the risks, their causes and consequences
5. Assess the risks – What is the likelihood and impact of each risk?
6. Implement controls & mitigation – Will you work to reduce, avoid, control or transfer risks?
7. Review and report results – Are your risk treatments working? What is the return? 

Conclusions

To be effective, in-house legal counsel needs to partner with the business, understand the issues relating to achieving objectives and produce viable and tangible solutions to managing risk. By implementing a systematic and structured risk management plan you can encourage proactive management of business processes that aim to protect your business, while increasing the possibility of achieving business objectives.

Get started today with the “7 Steps to Manage Legal Risk” eBook!