As asked in the question, process of managing legal risk is as
following:
Before starting the process of legal risk management two things
are important which are following:
- For legal risk management an appropriate framework should be
selected like ISO 31000.
- Before starting the legal risk management process,
organizational commitment should be obtained.
After fulfilling above written requirements legal risk
management process can be started with following steps:
1) Legal risk identification
- Risk identification deals with issues or problems
spotting.
- Objective of this step is to prepare a broad list of
risks.
Risks can be identified by following steps:
- Sources of legal risks should be found like contracts,
regulations, litigation and structural changes.
- Actual risks which may be present and potential risks which may
occur in future should be identified.
- A risk register should be maintained in order to record all the
actual and potential risks identified.
2) Legal risk analysis
- Risks listed in the risk register should be analysed in order
to understand the risks.
- For legal risk analysis, starting should be from assessment of
controls.
- Risk controls can vary according to the risks, the industry and
the organization.
- After gauging the effectiveness of risk controls, likelihood
and consequences of each risk should be analysed.
- Risk analysis refines the identified risks, it doesn't resolve
them.
- Finally, parameters or variables for the elements should be
built in.
- After risk analysis, risk register can be refined because some
risks can go out of register, some can merge with others and new
risks can also come out.
3) Legal risks evaluation
- After the analysis of risks identified, evaluation should be
done of each risk.
- For risk evaluation, response to each risk should be
prioritized.
- Risk evaluation is based on the risk tolerance capacity of an
organization.
- Intolerable risks should be treated accordingly and it is
called risk treatment.
- Risk treatment is modifying the intolerable risks into
tolerable risks.
- It is not necessary always to eliminate the risks but risks can
be converted into tolerable risks.
Risk treatment techniques includes following:
Avoid - Uncertainty creating activities can be avoided by not
starting or continuing the activities.
Increase - If consequences of a risk creating activity is
beneficial then that activity can be increased.
Remove - Source of the risks can be removed.
Change - Likelihood/Consequences of risks can be changed.
Share - Risks can be shared by insurance or contracting.
- Each of above written techniques can change the character of
legal risk.
- These techniques can help legal professionals to reduce the
cost and impact of uncertainty for the organization.
4) Communicate and advise
- After the identification, analysis and evaluation of risks in
the risk register, results should be communicated to the concerned
people or management.
- For better understanding, each risk should be communicated
clearly with holistic thinking.
So, these are the important four steps of legal risk management
process which act as a frontier for the lawyers, compliance
officers and contract managers in order to provide value to their
organizations.
If you like the answer then kindly give good ratings this will
motivate me to answer well. Thanking you.