Upload
berkman-solutions
View
397
Download
1
Embed Size (px)
DESCRIPTION
Identify, measure, and communicate legal and compliance risk in a whole new way. Lawyers, compliance officers, contract managers, and other legal professionals can discover how to measure and manage legal risk more effectively. "6 Steps to Legal Risk Management" provides practical guidance on developing a risk management framework and adapting it to legal and compliance risk. The approach is based on the internal risk management standard: ISO 31000.
Citation preview
Steps to Legal riskmanagement
6
Berkman Solutions 10260 SW Greenburg Road, 4th floor Portland OR 97223 United States ! 1 (855) 517-2193 North America +1 (503) 517-4293 Worldwide !www.BerkmanSolutions.com [email protected]
Select a framework
Obtain organizational
commitment
Identify legal risks
Analyze legal risks
Evaluate legal risks
Communicate and advise
1Select a framework
Quantitative model Predictive analytics
Empirical, internal data Relevant external data
Validated external models
No risk management Incident response Ad hoc case management Constant surprise Assumed uniqueness
Qualitative model Expert based assessment
Empirical data Forward leaning
RISK MANAGEMENT
Objectives of the framework
!Simple but not simplistic !Scalable but not overbearing !Adaptable but with clear guidance !Practical but not regimented
R = p * LGE
!
Risk is the likelihood of consequences
!!
“…effect of uncertainty on objectives”
- ISO 31000
2Obtain just enough organizational commitment
!
Risk management is not all or nothing
Organizational commitment
!Scope: department, division, enterprise… !Subject: contracts, regulations, litigation… !Audience: management layer, functions… !Budget: time, money, staff…
3Identify legal risks
!
Discover and capture risks to identify risks for further analysis
Risk identification
!Find sources of risk !Recognize potential and actual risks !Record risks in a “risk register”
Find sources of legal risk
!Contracts !Regulations !Litigation !Structural changes
Contracts
Breach of contract !Non-enforceable rights !Unfavorable interpretations !Evolving federal and state law !Conduct of the parties
Contracts
!New or modified regulations !Regulator focus !Civil, criminal, injunctive remedies
Litigation
!Lawsuit based on conduct !Civil penalties !Equitable relief
Structural changes
!Fundamental industry norm !Sweeping changes !Alters competitive landscape
Recognize legal risks
!Hazards: physical harm !Events: single occurrence !Situations: enter new foreign market !Scenarios: counterparty does X, Y, or Z
Record legal risks
Risk register: list !Risks: name !Likelihood: simple scale !Consequence: simple scale !Risk rating: simple scale, combination
4Analyze legal risks
!
Risk analysis is about understanding the risks
Analyze legal risks
!Controls assessment: effectiveness !Likelihood: probability estimation !Consequences: impact analysis !Uncertainties and sensitivities: variables
Assessment of legal risk controls
!Contracts: exceptions, requirements tracking !Regulations: compliance, reviews, ratings !Litigation: insurance, training !Statutory changes: maybe not…
Likelihood of legal risks
!!Discovery: likelihood that other party learns Decision: likelihood of adverse decision
Likelihood of discovery
!Contracts: counterparty learns and sues Regulations: agency attention and review !Litigation: aggrieved party motivated !Structural changes: legislative, industry focus
Likelihood of decision
!Contracts: validity of legal theory Regulations: certainty of violation !Litigation: probability of adverse decision !Structural changes: certainty of adoption
Consequences of legal risk
!!!Damages: (primarily) economic loss (or gain) Frequency: number of occurrences
Damages from legal risk
!Contracts: agreed, implied fees and penalties Regulations: fines, penalties, orders !Litigation: range of damages, attorney’s fees !Statutory changes: operations, reporting, … !!!
Frequency of legal risk
!Contracts: form contracts, repeat behavior Regulations: single incident, business practice !Litigation: jurisdictions, plaintiffs !Statutory changes: jurisdictions, scope !!!
Uncertainties and sensitivities
!!Uncertainties: continuously reduce Sensitivities: use ranges !
Rating scales
Elaborate models create false sense of precision. !
Likelihood Consequences Risk Rating
4 – Highly likely (>75%) 4 – Substantial (> $z) 4 – Very high
3 – Likely (50 – 74%) 3 – Significant ($y – z) 3 – High
2 – Somewhat likely (<50%) 2 – Material ($x – y) 2 – Medium
1 – Unlikely (<10%) 1 – Insignificant (< $x) 1 – Low
0 – Unknown 0 – Unknown 0 - Unknown
Legal risk register, simple
Risk title to easily find and refer to item !Risk description to capture the scope !Likelihood rating with 5 point scale !Consequences rating with 5 point scale !Risk rating which is a combined rating !
Legal risk register, less simple
(the simple list, plus) !Risk control process, tool to prevent risk !Risk control effectiveness effect on rating !Risk treatment process, tool to change risk !Risk treatment effectiveness effect on rating !
5Evaluate legal risks
!
Make decisions and prioritize risks
Legal risk evaluation
!!Risk tolerance policy to draw the line !Risk treatment options for risks above the line
Legal risk tolerance policy
Legal risk tolerance policy
Legal risk tolerance policy
Legal risk treatment options
!!!Modify risks so that residual risk is tolerable !
Legal risk treatment options
Avoid by not starting or continuing !Increase to pursue opportunity !Remove source of risk !Change likelihood and/or consequences !Share with contract or insurance !!!
6Communicate & Advise
!
Think holistically; communicate clearly
20 Minute Risk Manager
!Avoid the inventory !Start with revenue !Identify major risks !Recommend action
Select a framework
Obtain organizational
commitment
Identify legal risks
Analyze legal risks
Evaluate legal risks
Communicate and advise
Berkman Solutions 10260 SW Greenburg Road, 4th floor Portland OR 97223 United States ! 1 (855) 517-2193 North America +1 (503) 517-4293 Worldwide !www.BerkmanSolutions.com [email protected]