Process Process Introduction The risk management process is applicable to any level of the organization. You can implement the risk management process outlined here at the highest level of strategy or at the level of an individual project.
Process Communication and consultation Effective risk assessments require collaboration among domain experts and those with access to necessary information. The risk management framework should address the communication plan for risk management in general.
Process Scope, context, criteria overview Before analyzing specific legal risks, we need to establish the scope and context of our analysis.
Process Risk assessment scope Limiting the scope of a legal risk management process to the legal department is an easy way to get started. Legal risk assessments by their nature consider implications for the the broader organization.
Process Internal and External Context Context matters. It is tempting to identify risks that, while real, are not relevant to your context. There are some risks that are simply too large or too derivative to spend time analyzing.
Process Risk criteria plots The risk criteria guide our recommendations about what to do with a given risk or collection of risks. We define what risk is acceptable to the organization. We can plot risks and risk criteria to see the results of our analysis.
Process Risk assessment Risk assessments are the core of the risk management process. A risk assessment goes through three phases: identification, analysis, and evaluation.
Process Risk identification To identify risks is to look for, imagine, and dig up potential problems and then put them on a list. Risk identification does not need to be more complicated.
Process Risk analysis The effort to understand a particular risk is called risk analysis. In risk analysis, we probe the depths of a single risk. It is an investigation of a risk that results in a rating and input for risk evaluation.
Process Risk evaluation Analysis of legal risk during the assessment process gives us a better understanding of the likelihood and consequences of an event. The question now is what to do about the risk.
Process Risk treatment Risk treatment simply means the steps we take to manage some risk. At the end of the risk assessment process, evaluation, one of the actions we can take is to treat the risk. That is do something about the risk.
