Management of litigation, like management of most business processes, begins with a business plan and a budget. In this case, prior to trial, when a company seeks an appropriate law firm to represent it, it needs a realistic litigation plan and budget. Of course, some law firms may try to push back on the request of a budget, claiming legal costs are hard to predict. This, usually is not the case. Experienced lawyers, whether in the United States, Europe, or Asia, are very familiar with the legal costs in their own geographic region as well as costs and expenses associated with the particular issue, such as patent litigation or class actions.

Certain costs may be hard to quantify, such as defense litigation costs (which may depend on how aggressive a plaintiff is in trial), but for the most part, law firms can provide a litigation plan and budget using approximate or ballpark figures. Many of the larger law firms are experienced in providing budgets upon request. Don't be afraid to ask.

Effective management of litigation will depend on a well-prepared litigation plan and budget. This, in turn, depends on the proper identification of potential litigation issues and a plan for potentially adversarial proceedings.

Questions that should be asked when discussing the plan and budget with outside counsel include:

• Is this matter an actual or potentially adversarial proceeding?
• Will this matter result in potential commercial litigation?
• Will this matter result in potential regulatory litigation?
• Will this matter lead to governmental litigation?

Asking the right questions will help in preparing a realistic and effective litigation plan and budget.

To properly manage civil litigation, especially in the United States, companies need to implement LRM strategies and processes by use of an in-house Law Department that is capable of overseeing or managing outside litigation. Depending on the legal exposure of a company, it can be a full-time job. This management function will be key in properly coordinating litigation to avoid excessive costs, duplication of effort, and minimization of disruptions to a company’s business, as well as setting an effective trial strategy.

What many foreign companies doing business in the United States fail to appreciate is that an outside litigation lawyer does not necessarily have the company’s best interests in mind during litigation. Litigators want to win. Sometimes the desire to win is not in the best interests of the company. Many companies have paid a great deal of money to litigate a case when a resolution to the dispute was available had the parties tried to actively settle the matter. Remember, a trial lawyer’s business and primary goal is to win- not to settle.

An in-house legal manager, representing the company’s best interests, can help facilitate settlement once a legal risk assessment as to the validity, cost, and expense of litigation is made. In fact, during trial, a settlement is still possible and can be facilitated by in-house counsel. Therefore, the Law Department should maintain control and oversight of any litigation. A LRM program can be very helpful in managing the legal risk process as well as providing litigation oversight. Remember, litigation can result in a variety of negative issues such as:

• Loss of time.
• Expense.
• Potential interruption of business.
• The cost and expense of business interruption.
• Potential bad or negative publicity.
• Negative impact on the company’s brand image
• Potential loss of reputation.

As companies facing U.S. litigation are often exposed to excessive fees and costs, massive business disruption, lengthy litigation, and the unpredictability of the jury system, efficient management of the litigation process is necessary. Though, obviously, outside litigation counsel is necessary in most cases, an in-house Law Department can save the company great sums of money by managing the litigation process. Such management involves the assessment, management, and potential transfer of risk through various LRM strategies, including:

-Effective coordination of legal defense efforts in order for the company to avoid duplication of costs and effort from case to case
-Coordination of witnesses, answers and interrogatory responses, documents, and depositions
-Acting as the central site for all facts, positions, decisions on legal issues, and motions
-Development, implementation, and coordination of a defense plan

As part of an overall LRM program, a company’s Law Department must implement processes to control, reduce, and manage outside legal fees and costs. By utilizing legal risk management tools, a Law Department can proactively reduce legal fees and costs.

When using outside counsel, most companies, especially those that have affiliates or subsidiaries, need a comprehensive approach. Unfortunately, many companies hire law firms on a case-by-case or ad hoc basis. Sometimes divisions of the same company hire different law firms without thinking about potential issues of legal talent and failure to obtain high-quality legal services on a consistent and reasonably priced basis. Sometimes, divisions of the same company hire different law firms to handle similar legal issues or litigation.

If a company has an in-house Law Department, it is incumbent upon the in-house Law Department to develop processes to select and use outside counsel on a consistent basis with a focus on quality, reasonable fees, and, of course, success. Such success is normally the result of a long-term relationship in which outside counsel becomes a member of the company’s “team,” learns the business, and can, therefore, provide timely legal and business advice.

Centralization

A company either has in-house counsel or it does not. To successfully handle legal issues facing most companies these days (especially those involving litigation ), the use of outside counsel must be centralized. If a company has many divisions or subsidiaries, a department should be empowered to oversee all legal matters. There are numerous advantages to centralization of the legal function:

Advantages of Centralization

-One organization has an overview of all legal issues confronting the company and can properly advise management on legal issues.

-Efficiency: Whether in-house or outside, efficient and fast response to legal issues is necessary.

-Use of a single law firm as outside general counsel can result in monetary savings.

-Centralization of legal services lends itself to the centralization of the company’s legal records, documentation, and information, creating a more efficient process.

-Centralization of legal services allows for a more efficient review of data, resulting in the proper use of information and development of an appropriate strategy.

-Investment: Whether a company is large or small, it needs to look at use of outside counsel as an investment. Picking the right outside counsel and developing a long-term relationship with such counsel will pay dividends in the long run.

Efficient and timely use of outside legal services, whether such use of outside legal services is picked by an in-house lawyer or by a company manager or officer, relies on whether outside counsel is the right fit for the company. There are many law firms around, but not all are the right fit. Picking the right law firm or outside counsel depends on a number of factors. Many times, a company picks a law firm because of a personal relationship between a company officer and a lawyer in the firm. Or maybe the firm has done a good job in advertising. The trouble is, without going through a process to determine the acceptability of a law firm, picking outside counsel can be hit or miss. A centralized legal function is necessary to avoid mismanagement of outside legal counsel. 

There are several reasons why companies find it harder and harder to handle major crisis. These days, because of the internet, companies have to get out in front of a crisis, or the bad PR will kill them quickly. It used to be companies had time to react and get out front. Now they don’t. So, if companies don’t have a strategy in place to address the crisis, it’s hard to get out in front. In fact, by most accounts, a company has twenty-four hours to put a crisis management strategy in place once it becomes aware of the underlying event. This twenty-four-hour period is sometimes referred to as ‘the golden hour.’ If a company isn’t prepared, twenty-four hours is not long enough to think things through. Of course, In-House counsel have to understand their roles in a crisis as well. They have to manage legal liability and balance it with business considerations. They also have to help the PR team educate the public on the issues and make certain all legal regulations are followed. Normally, the In-House team hasn’t really thought about its role and responsibilities in the event of a major crisis. This can be a problem.

Another issue is that sometimes Management refuses to acknowledge the existence of a crisis until it is normally too late. Remember, a crisis unfolds in a series of stages and not in a vacuum. First, there are early indications of a crisis brewing followed then by actual warnings of a crisis followed by the crisis exploding and overwhelming management. It is at this stage that most companies try and resolve the crisis, but it is usually too late. The crisis morphs, PR gets really bad, the impact of the crisis deepens, the stakeholders and shareholders get very worried and upset. The key to properly managing a crisis is to acknowledge the existence of a crisis at the beginning and to have a crisis management plan in place. Legal needs to be heavily involved with Management to help resolve the crisis at this stage.

The major problem with handling a crisis is that communications play an important role. When you look at the timeline of the average crisis: a company not only has to determine what need for communications exist (internally and externally) but also must have the communications drafted and ready to go within twelve hours of the start of the crisis. Within twenty-four hours, Management should have a plan in place including a communications plan and should be talking to the media or have a third party talking to the media for it. If you don’t have a crisis management plan already in existence before the event, you probably won’t get your hands around it in time. Legal must also know what to do and when.

As In-House Counsel What Should Concern You?

Ask yourself the following questions:

-What happens if one of the machines in your company’s main manufacturing line breaks down? How long would it take to come back online? Or, what happens if as a major service provider you are unable to provide the service you are obligated to provide?

-Can you cover by finding alternative sources of supply, how long would that take to do? How long to cover the losses? What about the supply agreements?

-If you lose productivity and can’t supply customers on time you could lose everything. Are you able to absorb the losses? What obligations do you have under your supply agreements?

-Who should be the crisis manager?

-In case of a crisis do you know all of the relevant insurance policies and the appropriate notification deadlines? Or is this left up to the insurance department?

-If a crisis involves regulators, are you aware of the basic time frames in which to notify and/or involve the regulators? And, who are the appropriate regulators? Do you have contacts with them?

-From an in-house perspective have you thought about how to mitigate civil liability?

-So how do you minimize civil liability and perhaps criminal liability too?

-Are you prepared for litigation?

-What steps should you take to mitigate liability?

For In-House counsel in companies that could experience a major crisis, it is vital to have a plan in place. Think about the questions above. Ask more questions too. Be prepared.

If a company wants to identify the major legal risks it faces, it needs to come up with a process to assess risks. But how?

When thinking in terms of legal risk management (LRM) in-house counsel or risk managers should ask some questions. First, what is the degree of risk the company is comfortable with? Or what degree of risk is a department in the company comfortable with? Also, what perception of risk does the various levels of management in the company have towards risk? Remember, this requires talking to all departments and the various department heads as well as middle managers, etc. to get a good grasp of their perception of risk or at least their perception of legal issues facing them. Only after that happens and an assessment of the legal risk environment is completed can you then proceed with a risk analysis. Of course, the accounting department may be looking at things under a COSO standard while the HR department may be looking at risks under the ISO standard.

A risk assessment can cover the areas and/or departments that are important to the company. Such areas may include:

• All insurance matters, including the renewal of insurance carrier and recommending obtaining additional or different types of insurance when needed.
• Handling all product liability claims, including product safety claims, subrogation claims, investigations, discovery, and product liability lawsuits for the organization.
• Reviewing product warranties, warnings, and manuals to ensure compliance with relevant laws and regulations.
• Reviewing processes regarding product recalls, government-related complaints, and government investigations and inquiries, including the FDA, and FTC in the United States, etc.
• Working with the Service Department or QA Department and other departments to analysis potential safety issues and report the findings to management.
• Performing due diligence reviews of safety-related issues and evaluating such findings.
• Reviewing PR/marketing processes, other departments and outside PR on responding to the media with respect to safety-related issues (media crisis team/crisis management team).
• Assessing the training given to the service/call center (if any) personnel on how to handle consumers complaining about safety issues and how to recognize product liability issues and escalate them to the proper people.

The above areas are a fraction of what con be looked at or considered when conducting a risk assessment. But it’s a place to start. It depends on the nature of the company and the primary business drivers of the company. And of course, the company's perception of risk.

Recent privacy concerns have caused many countries to beef up their data privacy laws and regulations. The EU of course, is a case in point. As is Korea and others in the Asia Pacific Region. However, the data privacy issues a company faces, are really the tip of the proverbial iceberg. What about the electronically stored information (ESI) that companies have? Electronic data! ESI exposes a company to a myriad of risks, data privacy of course one of them. Besides the multi-dimensional universe of data privacy, cybersecurity is also very important today as many companies and governments continue to get hacked. Even cybersecurity insurance is getting popular. However, companies not only have to worry about getting hacked or running afoul of the latest data privacy laws and regulations. Companies must also consider what data to even store, where to store it, how long to store it and protocols to decide how to analyze and review it. Let alone- where to find it, if it gets lost. Failure to take the where, when and how into consideration can expose the company to unforeseen ESI issues- such as violating ESI discovery laws as well as the associated document retention risks.

Electronically Stored Information- Document Retention Risks and Concerns

If a company is involved with litigation in the United States, it has a duty to locate all relevant information, data, and documents—including ESI that are relevant to the case. This can be quite onerous, as it requires:

• Familiarity with document retention policies
• Involvement with IT personnel
• Communication to “key players” of the litigation hold
• Location and retrieval of all relevant information wherever that information might be

The legal risks facing a company that fails to handle the above requirements in an economical/efficient manner can be tremendous. Companies have been sanctioned millions of dollars for failing to abide by ESI requirements or, even worse, have lost the respective lawsuits, costing even more. What can a company do to mitigate the legal risks surrounding document management to comply with US legal requirements?

1. Plan of Action

A company must take steps to develop an adequate data and document management plan. It is not too surprising that even the IT Department itself may not have an adequate understanding of where all of the electronically stored documents are considering the plethora of handheld devices that may store documents and other electronic information. Therefore, a company’s management and IT folks need to sit down and map out where all of the documents are located if possible. A document management plan should take the following steps into consideration:

• Assess the company’s current use of technology documents.
• Locate all in the company’s possession.
• Use technology to leverage legal requirements.
• Retain experts or outside consultants to above or to help implement systems/processes.
• Implement policies and procedures addressing all legal risks posed by ESI.

2. Risk Assessment of ESI

To implement an appropriate plan of action, a company must conduct a risk assessment of its processes and capabilities by:

• Seeking proposals of vendors (outside experts)
• A top-to-bottom analysis
• ESI and paper documents
• Hardware and software
• Management of data
• Retention of data
• Litigation holds
• Disaster preparedness

3. ESI Implementation

The legal risks facing companies in today’s legal and regulatory climate, especially in the United States, are enormous. Failure to implement a data and document management program that not only addresses a company’s business concerns but legal obligations as well can be disastrous. The development and implementation of a Legal Risk Management Program (LRM) addressing these concerns is not a luxury but a necessity. It is highly recommended that a company implement a data and documentation management program that addresses ESI and all of its issues.

For risk managers or in-house counsel, the development of a comprehensive ESI program is crucial. Talk to your IT folks. If necessary, enlist the help of outside ESI consultants. Get your hands around your company’s ESI. Implement an ESI document management program and implement processes to handle all associated risks.