I found myself wandering around Seoul the other day. I stumbled across a backstreet filled with European restaurants, new coffee shops, boutique clothing stores with coffee shops, boutiques with restaurants and even a boutique that would take care of your dog while you shopped. One coffee shop had a French bakery inside and another coffee shop was inside a French bakery. In Seoul? I wouldn’t have known it had I not gotten off the beaten path. In fact I only discovered the remnants of a wall that once belonged to an ancient fortress near my apartment by walking along an old hiking path near Nam Mountain. When you deliberately leave the comforts of your regular haunts you find yourself discovering new places and even old ones you didn’t know still existed. Likewise, unless you go off the beaten path, when reviewing your company’s risk management processes and procedures you might not discover the new and maybe old problems and issues your company faces. In other words, you have to explore.
A legal risk management audit is a way of exploring all of the weaknesses your company has when confronted with outdated policies and processes. You will discover gaps in your processes you never thought existed. Perhaps divisions or departments you thought had no or little legal risk are far more exposed to risk than you once thought. What level of risk does your Board of Directors find acceptable? Has it changed? What are your company guidelines concerning environmental or child labor laws and are the guidelines being followed? What about your vendors and suppliers? Does your company have a code of ethics that the suppliers are supposed to follow? Have you looked at your risk scoring methods lately? Or even questioned employees about their perceptions of risk?
A legal risk audit can not only identify potential areas of risk but can identify specific areas that must be addressed internally and externally. However, to properly perform a risk audit you must not only look at familiar places but investigate unfamiliar ones as well. You must go off the beaten path. How?
An audit must not only target the major divisions but should also encompass those departments that are not deemed essential to the company. Maybe looking at the processes of a cost center instead of a profit center will result in discoveries you never thought possible. Sometimes you need an unbiased third party to conduct internal interviews for you even though you always conducted an internal investigation yourself. Maybe an outside third party can provide you with risk metrics or data that you never thought existed. A third party maybe able to conduct an internal investigation for you that you feel too uncomfortable to perform. Maybe a third party audit of your HR or service operations should be considered. Going off the beaten path may entail not only looking at different departments but using an outside risk management consultant to look at things differently. To go off the beaten path may entail using an outside consultant to ask different questions while using different risk management tools to identify and quantify risks not so visible from the inside.
There are many third party consultants to use when conducting risk assessments or audits. One such company in Asia is Erudite Risk. Erudite Risk provides services from due diligence, IP protection, business continuity and competitive intelligence. You may find out more about Erudite Risk at its website- Eruditerisk.com
Regardless of your decision on whether to use an outside risk consultant, get off the beaten path. It might surprise you.