As 2015 winds down, everyone starts to think about 2016. They make grandiose plans that perhaps they cannot keep or are simply to agressive in their planning. Managing risks, like many other business processes takes planning and careful consideration. Risk management in effect is an evolving process and not one that can be created and implemented in a day.
I am always asked how a company or risk manager is able to identify legal risks that a company faces. Obviously, many companies face a myriad of legal risks due to the industries they operate in or for that matter, the environment they exist in. Though risk management in any organization is an evolving process the key to risk identification and risk assessment is to ask the right questions.
A good question to ask oneself when thinking about managing legal risk is to consider what incremental steps can be taken in 2016 to improve risk identification or even risk scoring in your department or business unit. It doesnt ha to be company wide or division wide. In essence , how can you improve your risk management processes in 2016? How can you do a better job? Maybe the right questions to ask would include:
"What are the major risks in my department that could or would generate legal liability in 2016 or have a negative impact on my company's brand?" And of course- "How can I manage the risks.? "
Notice I didn't say "how can I manage all the risks in my company?" To be effective, maybe its best to simply improve your department or business unit. Dont think you have to change the world in one day.
Once you answer the questions above, think about how these risks are identified? Maybe you can increase risk identification through the use of risk assessment tools such as employee interviews, focus groups, industry literature, surveys, document reviews,etc. It is important to understand that the key however is to ask the right questions. A risk that will or might negatively impact a company's brand is a risk that must be minimized or controlled. But the risks don't always become evident unless the right questions are asked and the right risk management tools are used. And, if you become too agressive, management may not have to resources needed to conduct audits across the entire company or organization.
Questions don't stop however when a particular risk is identified. One has to also ask the question of "what do I do now?" In other words, what action plan should be implemented once a risk identification and risk assessment plan has been completed? Identifying risk means nothing if actions are not properly taken to mitigate or minimize the risk. It is often the risk managers, in-house counsel or managers that must ask the tough questions when risks are identified. But, many times management and upper management must get involved when these questions are asked. Thats why it is best to start small. Check out your own department or business unit first. Only after you have started with your department can you expect Management to start looking at other business units.
Managing legal risk is an ongoing and evolving process. An organization is never completely protected from risk and new risks are always surfacing. It is the risk manager's job to manage the process and to help identify the risks a company faces. It is the in-house counsel's job to manage legal risks that the companyt faces. Managing risk may involve asking tough questions. It always involves an on-going process that must be implemented wisely. So , for 2016, concentrate on your own business unit or your department. Basically, its about improving your perforamance through careful consideration and wise moves one step at a time. Dont worry about massive changes or large programs that need implementing. Think about your department first. Decide to do a better job of managing risks in 2016.