In a thoughtful piece by E. Leigh Dance and Deborah McMurray, “10 Things We’ve Learned from In-House Counsel in the US and Europe,” Strategies: The Journal of Legal Marketing (Oct. 1, 2003) the authors write that “Legal departments are increasingly engaging in ‘vulnerability audits.’”
According to them, these audits cover “a wide range of weaknesses or areas open to attack: physical, technological, product or service related, natural disasters, terrorism, and ethical, moral, corporate or financial.” They cite one GC who has established 10 “threat management” teams that cover each business unit and region.
I have not observed or heard of a law department tasked with such a vulnerability review, and I would classify the assignment as far beyond the scope of what a law department should undertake (See my post of July 21, 2005 on quasi-legal tasks and the article cited.).