Before analyzing specific legal risks, we need to establish the scope and context of our analysis.
Scope for risk assessment process
The scope might be limited to sales contracts for a manufacturing division in a particular territory. Alternatively, we might define the scope as legal risks that affect the entire organization such as fundamental regulatory changes.
Context affects objectives
Context places meaningful constraints on our risk management process. Context refers internal or external factors which put a box around our analysis.
External context refers to the market conditions or competitive landscape and our company's position in that landscape.
Internal context means that we look at the unit that is the focus of our analysis and consider its role and scale within the organization. For example if our company has annual revenue of $100 million and the focus a a Bar analysis is a business unit that brings in $1 million in revenue, the internal context means that almost all risk in this unit will be small.
Risk criteria sets our tolerance for risk
Setting a risk criteria in advance of risk analysis is uncomfortable for many lawyers. Setting a risk criteria necessarily means that some risks get ignored.
The risk criteria is important as a barometer of the resources which a company will invest to cure or reduce a risk.
Scope, context, and criteria all explored in more depth in their own articles.