Skip to main content

The Future of Risk Management

When negotiating an agreement recently I asked the counterparty's lawyer, who was being unnecessarily intransigent, “What level of risk do you think your client would accept?” His answer, “none”.

We come across this 'black letter' view of risk often, particularly with more junior lawyers.

There are other equally limiting perspectives:

We will call this the one-dimensional view of risk management – risks of any impact should be avoided.

The future of risk management figure 1

This frustrates counterparties, slows down transactions and creates a drag on business. It is perhaps the central reason lawyers get branded as ‘un-commercial’.

Leading professionals take a different view. They understand the key to risk management is moving insightful risk information from the 'informed' (i.e. Legal) to the 'risk empowered' (i.e. management) to respond.

Putting this simple concept in action, however, requires investment in core risk competencies such as: expansive risk sourcing, consistent risk prioritisation, agile risk response, and the ability to translate legal risk into commercial consequences.

The very nature of any contract implies both parties accept some form of transactional risk, and legal risk is typically only a small percentage of the overall enterprise risk. In fact, research by CEB (a consultancy) suggests that ‘Legal and Compliance Risks’ have triggered only 6% of significant risk events in the last 50 years of corporate history. And the majority of that was a result of regulatory actions and large litigation.

Conventional wisdom has suggested risks are two-dimensional, in other words, risks should be prioritized based on their impact and probability.

The future of risk management figure 2

However, there is still a blind spot. This methodology suggests that two similarly rated risks have the same potential to destroy shareholder value.

It doesn't take into account the speed at which the risk will materialise or the relative potential to mitigate the risk. There needs to be a third dimension.

Take an example from everyday life. As an Australian male I am 13 times more likely to die from heart disease than from a transport accident. Clearly both risks are high impact, yet heart disease is many times higher in probability.

Here is where the traditional two dimensions fall down; with heart disease I am likely to have many years and opportunities to mitigate the risk – avoiding cream buns for example. A car crash will happen in seconds, and I won’t be able to do much to save myself in those few seconds.

What we need is a third criterion that embraces the velocity of the risk and the potential to mitigate it. At Plexus we call this ‘risk resilience’.

We define resilience as 'the speed to which an organisation can detect and mitigate a risk'.

Resilience = risk velocity (speed) x mitigation potential

A manufacturing client of ours recently shared an example of where this played out.

They had prioritised their review of procurement contracts based on the dollar value of the agreement.

An engineer purchased a $1,000 piece of equipment which, because of its quantum, did not require any legal review. The equipment subsequently failed, shutting down the plant and costing the company tens of millions of dollars. They discovered they had no recourse for consequential loss in the vendor’s agreement.

Hence, although the risk in this agreement was, at first glance, low impact/low probability the company had very low resilience if the product failed.

The future of risk management table 1

Fig 2: Contract Risk Matrix

Liked this article? Plenty more where that came from. Head back to the learn feed.

Digital Transformation

A General Counsel's guide to modernising their legal function.

Digi transform ebook

Increase productivity, reduce workloads and simplify your legal processes on a platform built for in-house teams.

Want to speak to someone instead?

Call us on +61 (3) 9908 3784

Your Ebook is on its way to your inbox!

You can also download via the link below:

Download now

Thanks for reaching out.

One of our consultants will be in touch shortly.