What is risk management?
Risk management refers to the process of identifying, assessing and controlling the many risks that can affect a company’s ability to achieve objectives. The aim of risk management is to determine the “sweet spot” between risk level and return to ensure that your business is leveraging opportunity and achieving overall goals. By understanding risk, General Counsel can create legal solutions – like automated processes, templates, controls, etc. – that generate real value for the organisation, resulting in a more strategic role for in-house legal in defining and achieving the business’ overall objectives. And, by working together with the rest of the business, General Counsel can drive a culture of proactive risk management within the entire organisation.
How is your business managing legal risk?
When it comes to implementing a risk management program, organizations tend to fall into one of the following three scenarios:
- No risk management. Organization responds to incidents and uses ad hoc case management. At this level no major actions are taken to manage risk.
- Qualitative risk management. At this level, risk is assessed using empirical data, assumptions or past experiences, and stakeholders take little action.
- Quantitative risk management. At this level, analytics, relevant data and automated workflows help stakeholders collect predictive and statistical data to control and mitigate risk.
Clearly, where no risk management exists or where assessment is purely qualitative, colleagues outside the legal department will have difficulty understanding how managing risk can provide value. Instead, with quantitative assessments, value can be tied to financial losses / gains and stakeholders can become active participants in managing risk. While the goal is to become as quantitative as possible, there is no consensus as to how companies should set up their operational legal risk management processes. Here we will offer a simple 7-step approach to implementing a risk management program in your organisation.
7 Steps to Managing Legal Risks
Setting up a risk management program can be daunting. For that reason, we’ve split up the steps into 7 easy areas that you can work through at your own pace, which you can also see illustrated in the infographic below.
- Set the scope & rules – What entities are involved? What is your organisation’s risk appetite?
- Identify your legal domains – Is your focus on contracts, claims and/or assets?
- Involve the organisation – Who is impacted by risk? What departments, employees, etc.
- Collect relevant data & identify risks – Define the risks, their causes and consequences
- Assess the risks – What is the likelihood and impact of each risk?
- Implement controls & mitigation – Will you work to reduce, avoid, control or transfer risks?
- Review and report results – Are your risk treatments working? What is the return?
To be effective, in-house legal counsel needs to partner with the business, understand the issues relating to achieving objectives and produce viable and tangible solutions to managing risk. By implementing a systematic and structured risk management plan you can encourage proactive management of business processes that aim to protect your business, while increasing the possibility of achieving business objectives.
Get started today with the “7 Steps to Manage Legal Risk” eBook!