This is an update on our 2016 article ‘The Future Of Risk Management’
Our views on ‘risk’ are formed early in our careers.
Start your career working for a free wheeling entrepreneur with a penchant for high stakes poker, you will likely develop an expansive risk tolerance. Work for a conservative law firm – that is incentivised to over process on risk – and you will likely become more risk averse.
This law firm heritage manifests in material problems for lawyers. Indeed, you can trace almost all challenges General Counsel grapple with back to a problem with how their function senses and responds to risk.
Yet, risk tolerance is rarely a topic legal functions spend much time focusing on.
This issue has multiplied over the last year as Covid rapidly upended the operating environment and magnified the velocity of risks affecting businesses, while constraining Legal budgets.
Out of this doom, we have seen progressive functions adopt a more methodical and agile approach to risk management.
Here are five tactics we are seeing them deploy:
1. Establishing a common definition of ‘risk’
If you ask every member of your team to define what constitutes a ‘risk’, you will get incredibly varied answers. If you then ask them to define the organisation's tolerance to ‘risk’ few will be able to answer it. Indeed, many lawyers answer ‘zero’ – failing to understand that at their core all enterprises are a ‘risk/reward’ game. As a result, many lawyers get branded as ‘uncommercial’.
Progressive General Counsels are working with adjacent assurance functions (e.g. risk, audit, compliance, and insurance) to create a clear, board-approved definition of Legal Risk Tolerance. Further, they are undertaking ‘assurance mapping’ exercises to understand where there is overlapping assurance.
For example: One client found their insurance team had cover for $20m in indemnity, yet they were undertaking protracted negotiations with counterparties to cap indemnity at $50,000 – extending sales cycles, and frustrating the Revenue function.
2. Embrace Risk Resilience
If you ask many lawyers ‘how do you assess risk’ they will tell you they evaluate it based on the impact of that risk. We call this ‘the one-dimensional view of risk’. Better lawyers will extend this to look at the probability of the risk materialising.
However, this misses the fact that the most destructive risks in business give you limited opportunity to respond because they are high velocity. Covid brought with it a basket full of high velocity, low resilience risks.
The message here isn’t just that functions should over invest in assisting to manage high velocity risks (many of which are difficult to forecast), it is that most of a Legal function’s time is currently invested in managing low probability, low impact, high resilience risks - trapping capacity and creating Legal Drag.
3. Restructuring the team around risk types
Most Legal functions are structured one of three ways:
The in-house Law Firm: Centrally structured – typically smaller teams
Technically aligned: Specialists in litigation, contracting, property etc
Functionally/BU aligned: Aligned as business partners to functions or business units
However, these approaches don’t necessarily align the right technical resources to the right organisational outcomes.
Progressive functions have adopted what we call The Agile Legal Function structure aligning the team against three organisational risk imperatives:
Business facilitation: e.g. sales contracts, procurement contracts
Technical expertise: e.g. OH&S, Tax, Regulatory Review
Decision support: e.g. Strategy implementation, crisis management
4. Reset your mission around ‘Pathfinding’
Few Legal functions have a mission statement. Those that do typically have a bland one like ‘to be respected legal advisors’.
At Plexus, we believe the future of Legal sits in lawyers' unique ability to leverage their knowledge of ‘The Law’ to work cross-functionally with business partners to navigate complexity, and generate competitive advantage for their organisation.
One of our clients calls this ‘pathfinding’, another rebranded Legal to ‘Captain Can Do & The Solutionauts’ to signal to the business that Legal was there to help them do business.
Russell Reynolds research showed that the world’s best General Counsels use their deep understanding of risk management to help the business to accept more risk.
5. Embed risk management into scalable processes
Although only 4% of corporate risks are Legal Risks, the challenge is these risks sit in business activities that touch every person in the organisation. With an average of one lawyer to around 500 people in an organisation it is of little surprise that a ‘one to one’ approach to lawyering fails.
Leading functions are leveraging technology to embed risk management into existing business processes to bring consistency, scalability, and speed to risk management.
Download our Digital Transformation Guide.
Solving the root cause
Many General Counsels tell us they are sick of the conversation about ‘more for less’. The problem never seems to go away, indeed research by Gartner suggests it’s getting worse. The world changed last year, magnifying all of Legal’s key challenges.
However, you rarely solve a problem with the thinking that created it. Legal Leaders need to recognise that challenges such as low Law Firm engagement, overburdening levels of ‘churn’ work, high Law Firm spend, low business satisfaction and poor lawyer engagement are symptoms of a greater problem. The biggest risk to Legal functions is a poor understanding of risk.