A piece in the Harvard Business Review (April 2005) teases us with six, simple-to-state steps for assessing risks. Let’s try to fit them to the legal risks facing law departments.
Step 1: Identify the key legal risks you face. For each, state severity – what’s the dollar value of the risk; probability – what’s the likelihood of the risk occurring; timing – when is the risk likely to occur over the next five years; and changing probability over time – is the likelihood of the risk increasing, decreasing or constant?
Steps 2-6 merely ask the law department to map your legal risks by creating a table with the Step 1 results in it. Then quantify the risks, identify their potential upside (yes, silver risk linings); plan to mitigate the risk; and invest accordingly.
That’s all there is to it. My nagging doubt, however, starts with step one. Granted, a law department can state, abstractly, risks such as litigation, regulatory change, resignation or loss of key lawyers, investigations, intellectual property holes, compliance, ethics. That done, all the rest in Step 1 would degenerate into swagging (scientific wild ass guessing, a term of art).