Controlling risk......In the legal risk management world, 2015 can either be a prosperous,stable and secure year or a year filled with litigation, investigations, claims, fines and lost profits. It primarily depends on what actions a company's management ( the BD, Upper Management, Legal,Compliance and Risk Management) takes with regards to risk. Legal risk management controls can only be properly implemented if the Board of Directors, Upper Management, Legal and Compliance all make risk management a top priority and strive to create a culture of managing risk throughout the company's organization. So, a company's law department, compliance deparment and/or risk management department should take stock of the many processes, procedures, and programs in place to see if proper risk management controls are being followed.
To help with the implementation of legal risk management processes I refer everyone to a number of my past blogs discussing the various risk management topics, including:
1. Risk Management for In-House Lawyers, publsihed 2014/09/24
2. Compliance Training-A BOD's Fiduciary Obligation, published 2014/09/16
3. Risk Management-An Evolving Process, published 2014/06/15
4. Elements of an Effective Compliance Program, published 2013/09/09
5. Identification of Legal Risk, published 2013/03/20
6. Applying Legal Risk Management in a Corporate Setting, published 2013/03/03
There are more blog posts covering many aspects of legal risk management, but the above blog posts can get you started in the right direction. Remember, whether a company is able to minimize, mitigate or transfer risk often depends on how robust its risk management processes are, not on what actions it takes after a risk event happens.
Therefore, conduct an audit on your risk management processes. Review your compliance program, talk with in house counsel to confirm legal's role in managing risk and discuss risk with the Board of Directors. What is the Board's perception of risk? Of course, you should also understand the processes of each department. If your company fails to take adequate steps to address risk it may not be ready to manage or mitigate risk.