How to start Legal Risk Management?

published on Contract Management, Legal Risk Management
Legal work is all about risk management. It is impossible to ignore the legal risks that have caused significant damage to companies over the past years. In most cases, the material legal risks faced by those businesses were not clearly identified and mitigated. General Counsel are under real pressure to become better at managing the legal risks in the business. Traditionally trained to solve problems in a reactive manner, General Counsel need to invest in time and resources to identify and mitigate the legal risks proactive.

How to start?

The task of managing legal risks is very complex. The number of risks grow with the number of legal entities, contracts and regulation. To start legal risk management, you will need to have a long term plan with clear objectives. This business case needs to justify the investment to be made in the required knowledge, resources and ICT.  You can use the following steps for your own business case.

Step 1

You need to assess the maturity of the legal risk management within your company. In general, you can identify 4 levels of maturity:
  1. No formal legal risk management reporting, risk decisions made principally on personal judgements.
  2. Basic legal risk policies in place, proactive discussions with business, adhoc risk mitigation.
  3. Allignment with business objectives, quantitative reporting of legal risks, assigned responsibilities.
  4. Dedicated legal risk managers, independent legal risk assurance, automated risk reporting

Step 2

The second step is the creation of a clear Legal Risk Management framework. This framework is a combination of the legal entities, governance structure, contract categories and legislation relevant for your business.

Step 3

The third step is the development of the required business processes and related risk management policies. Relying on the ‘good judgement’ of the business and the in-house legal alone is no longer working. The Legal Department requires structured processes for making risk descisions, escalating issues and integrating with the risk management frameworks of the entire business. The business processes must be specific for legal risk management. The risk management framework needs to be adapted to the legal context of the company: Legal_Framework

Ready for implementation

The outcome of the legal risk management business case must ensure:
  • Board support for discussing, identifying and quantifying risks
  • Allignment of objectives with business goals
  • Sufficient budget investment in knowledge, human resources and ICT
  • Clear legal risk management framework
  • Ownership of legal risks embeded in the organization
  • Structured training for people involved
  • Embed management reporting on legal risks