Risk management principles

The purpose of legal risk management is to preserve and protect value of the enterprise.

This is a tremendous challenge for legal professionals. We are often viewed simply as cost centers. We are also not trained to justify their work in terms of revenue and expenses.

One of the benefits of legal risk management is the ability to demonstrate the value of the legal professional.

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. ISO 31000 (2018), 4 Principles

There are eight principles which direct our efforts to protect value:

1. Risk management should be integrated into existing activities.

The practical corollary to the seemingly abstract idea of demonstrating value is the isolation of legal professionals from the rest of the organization or clients.

Legal risk management provides an opportunity to integrate with a variety of parts of your organization, rather than just waiting for problems to land on your desk.

2. Structure risk management to provide consistent and comparable results.

Legal risk historically boils down to case management. A contract needs drafting. Lawsuits are filed in court. There is a proposed rule change affecting our client. We manage that matter to protect the legal rights of our client.

The research, analysis, conclusions, and communication about the matter differs depending on the professional tasked with the work and the nature of the issue.

Legal risk management gives the organization a repeatable and reliable process to identify, analyze, and manage risks.

Legal risk management improves decision making.

3. Customize legal risk management practices to meet your organization's needs.

Every business and organization as unique needs and constraints. As we outlined the perks to risk management, it is important to tailor the techniques to your organization needs.

4. Include important stakeholders in the process, even for legal risk management.

Legal risk management requires that legal professionals and domain experts throughout the client or organization collaborate in a specific way for particular purposes. This framework means that both sides have access to information otherwise unavailable.

5. Adapt to change.

Risks emerge and fade. The company's business changes. The market environment changes. Risk management allows us to spot and adapt to those changes.

6. Accept uncertainty; use the best available information.

Uncertainty is a given, especially on legal matters. We don’t know whether a thing will happen or how bad it will be.

The approach to legal risk in this training measures that uncertainty so that management can make better decisions in the face of uncertainty.

7. Account for the organization's culture and human factors.

The framework for legal risk outlined here can be adapted to a wide variety of business strategies and cultures.

It is flexible enough for large and small, aggressive and conservative, local and global organizations. Legal risk management allows legal professionals to adapt to company strategy and culture.

8. Improve the risk framework continuously.

Risk management is not a “set it and forget it” exercise. The framework explicitly provides for absorbing information about its own effectiveness, review of the results, and adaptation based on its short comings.

Our initial approach will likely fall short of its potential. We will continuously optimize each part of the framework so that it grows with the organization.