If a company wants to identify the major legal risks it faces, it needs to come up with a process to assess risks. But how?
When thinking in terms of legal risk management (LRM) in-house counsel or risk managers should ask some questions. First, what is the degree of risk the company is comfortable with? Or what degree of risk is a department in the company comfortable with? Also, what perception of risk does the various levels of management in the company have towards risk? Remember, this requires talking to all departments and the various department heads as well as middle managers, etc. to get a good grasp of their perception of risk or at least their perception of legal issues facing them. Only after that happens and an assessment of the legal risk environment is completed can you then proceed with a risk analysis. Of course, the accounting department may be looking at things under a COSO standard while the HR department may be looking at risks under the ISO standard.
A risk assessment can cover the areas and/or departments that are important to the company. Such areas may include:
• All insurance matters, including the renewal of insurance carrier and recommending obtaining additional or different types of insurance when needed.
• Handling all product liability claims, including product safety claims, subrogation claims, investigations, discovery, and product liability lawsuits for the organization.
• Reviewing product warranties, warnings, and manuals to ensure compliance with relevant laws and regulations.
• Reviewing processes regarding product recalls, government-related complaints, and government investigations and inquiries, including the FDA, and FTC in the United States, etc.
• Working with the Service Department or QA Department and other departments to analysis potential safety issues and report the findings to management.
• Performing due diligence reviews of safety-related issues and evaluating such findings.
• Reviewing PR/marketing processes, other departments and outside PR on responding to the media with respect to safety-related issues (media crisis team/crisis management team).
• Assessing the training given to the service/call center (if any) personnel on how to handle consumers complaining about safety issues and how to recognize product liability issues and escalate them to the proper people.
The above areas are a fraction of what con be looked at or considered when conducting a risk assessment. But it’s a place to start. It depends on the nature of the company and the primary business drivers of the company. And of course, the company's perception of risk.