Corporate Board Magazine and FTI Consulting collaborated on a survey last year that obtained responses from 235 US general counsel. One set of questions had to do with “enterprise risk ” (ERM) (See my posts of Nov. 15, 2005 and references cited which grapple with definitions of “legal risk”; Jan. 10, 2006 on ERM [defined as legal, financial, hazard, operating and strategic, but not reputational]; Jan. 4, 2006 on intelligent agents sleuthing to help with ERM [referring to litigation, compliance, assets]; Dec. 22, 2006 on a law firm’s enterprise risk practice group.).
According to the press release, “48% of general counsel spent more time on ERM in 2006 than in previous years.” The respondents as a whole – many were members of boards of directors – identified corporate governance and M&A risk as the two areas in most need of ERM assessment. Some 35 percent of the general counsel picked out governance changes while slightly less picked mergers and acquisitions as the riskiest.
My point is twofold: what are the confines of “enterprise risk” and why should the general counsel be concerned, other than as any other senior executive, with non-legal risks? If risks for a company are what might go wrong in the assets, compliance, financial, hazard, legal, operating, reputation and strategic arenas, every aspect of a company presents a risk. How thinly should general counsel spread themselves?