Published on:

Methods to identify, measure, and review legal risks

A survey of legal risk and compliance in early 2009, published by the Practical Law Company, gathers responses from 69 companies. It produced some findings about their methods to understand and cope with legal risks.

At page 5 the report notes that almost 60 percent of the respondents use risk maps or risk matrices. Commonly, these tools plot legal risk according to estimates of their frequency and their levels of financial disclosure. Ideally, a legal department directs its efforts to ameliorating the most severe combination, as in those with the highest possible damage when you multiply frequency by consequence.

Slightly fewer of the respondents survey their business units to uncover legal risks and nearly half of them use interviews or meetings with management. As a fourth method described in the report, nearly half of the respondents have set up formal risk committees (See my post of Aug. 17, 2009: controlling legal risks with 13 references and 2 metaposts.).

Posted in:
Published on:

2 responses to “Methods to identify, measure, and review legal risks”

  1. Dear Rees,
    in reviewing close to 400 different cases over the last two years at Juridica Capital, one risk factor that we have discovered which is too often overlooked is counter-party risk. We routinely see litigation cases where the moral hazard risks of a counter-party were overlooked when the business deal was undertaken.
    Perhaps this is more of a communication problem between business units and the legal department. However, if guidelines are provided for qualifying business partners from outside the company, we believe much litigation could be avoided.
    Simple things like Google searches and a criminal records check for suppliers and others are quick and cheap and can prevent very expensive problems from happening later.
    Sincerely, Richard Fields

  2. Steven Levy says:

    There are four different types of risks, and it looks like the report is talking about only one of them.
    The first is recurring risks, which the report brings up. For example, if you have 2000 retail outlets, you can build a pretty good model of slip-and-fall lawsuit risks.
    The second is project/case risk. Litigators seem to manage these in the course of their work, but all matters have risks — patent examiners turn you down, you can’t get enough H1B’s for the folks you need, etc. All legal projects should be able to track these risks in a fairly straightforward manner; I don’t think that’s at all unrealistic.
    The third is business risk that invokes legal risk. What’s the legal risk of the XYZ division launching a new business initiative? Drug companies seem to get this, but many other corporations don’t catch these until the stuff starts impacting the fan. The more legal partners with the business, the more likely they are to hear about stuff before it gets put into action, but this is legitimately hard.
    The fourth is black swan risk — the totally unexpected event. These seem predictable only in retrospect. The earthquake in Haiti is one type of black swan risk, as was 9/11. You can insure against them better than you can predict them — and you can’t insure against everything. The other type of black swan risk is the legal ruling out of left field. For example, when Microsoft sued Lindows over trademark issues, was it foreseeable that the judge would issue a preliminary ruling threatening to invalidate the entire Windows trademark?
    So even if the latter two types are very hard to measure and control, the first two types are well within the grasp of legal departments.