Limiting the scope of a legal risk management process to the legal department is an easy way to get started. Legal risk assessments by their nature consider implications for the the broader organization. However, if the legal team is the sole producer and consumer of the risk management process, then they can experiment effectively.
There are several ways to limit the scope of a risk assessment process.
Objectives and decision making
Isolate a subset of objectives for legal risk assessment. For example, if the organization wants to improve financial results from contract management, then narrowing the scope of risk assessment to contracts makes sense.
Outcomes of the risk assessment process
Another way to limit the scope is to focus on those risks where the response is within the control of the legal department. For example, risks that are likely resolved by better oversight of legal entities in the corporate structure are good candidates for a focus risk assessment process.
Time or location
You can also narrow risk assessments within a certain period of time, such as "next quarter" or the "next fiscal year."
Looking a risks in a particular jurisdiction makes sense, especially where there is a reason for a jurisdictional focus. For example, a company looking to open a new office in another jurisdiction, might assess the risk of creating nexus with that new jurisdiction.
Focus on tools and techniques
Risk assessment techniques which require statistical analysis based on large datasets are often inappropriate for legal risk assessment because there is not enough data to make the models work.
Like an objectives and decision making focus above, legal risk assessment scope could be limited to those risks amenable to an organization's resources.
A small business legal department probably does not have the resources to respond to proposed federal legislation dramatically altering their competitive landscape. Instead, they might focus on state legislation where they might have the ability to lobby or respond.
Relationships to other projects
The interdependence of projects and initiatives is a double-edged sword for legal risk assessments. One the one hand, performing one risk assessment for more than one project is an efficient use of resources.
Interdependent projects can, however, expand the scope of the assessment beyond the objectives of the department or group doing the risk assessment.
Getting the scope of legal risk assessment right is important. In the beginning, you probably want to experiment with these methods and techniques. A narrow scope will improve the efficacy of the experiment.
With time and experience, it is possible to expand the scope of legal risk assessments.