A survey of legal risk and compliance in early 2009, published by the Practical Law Company, gathers responses from 69 companies. It produced some findings about their methods to understand and cope with legal risks.
At page 5 the report notes that almost 60 percent of the respondents use risk maps or risk matrices. Commonly, these tools plot legal risk according to estimates of their frequency and their levels of financial disclosure. Ideally, a legal department directs its efforts to ameliorating the most severe combination, as in those with the highest possible damage when you multiply frequency by consequence.
Slightly fewer of the respondents survey their business units to uncover legal risks and nearly half of them use interviews or meetings with management. As a fourth method described in the report, nearly half of the respondents have set up formal risk committees (See my post of Aug. 17, 2009: controlling legal risks with 13 references and 2 metaposts.).