Audits of legal risks, or any actions by in-house lawyers that identify legal risks, ought to estimate the potential impact of the risks (See my post of May 14, 2005 about “identify, size, and match” risks.). Other steps in legal risk management (See my post of Aug. 14, 2005 with its skeptical view of that amorphous term.) include to map legal risks (See my post of Aug. 26, 2005.), to quantify them (See my post of Nov. 11, 2005.), and periodically to assess them (See my post of Dec. 22, 2005; and Nov. 15, 2005 which collects references.).
A summary of these ideas by Duff & Phelps consultants appears in Met. Corp. Counsel, Vol. 14, Dec. 2006 at 16. “Prioritize risks by a scoring method that weighs (i) the gravity/severity of the risk, (ii) the likelihood of the risk, and (iii) the ‘controllability’ (mitigating procedures) of the risk.” Well put. Note also that the consultants recommend placing different importance (weighting) on the three components (For more on weighting factors, see my posts of March 25, 2005 on client satisfaction scores; Nov. 24, 2005 on bonuses; and Aug. 30, 2006 on grid analyses.).