Applying risk tools to a strategic technology plan
In last month’s column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing…
February 08, 2013 at 06:38 AM
10 minute read
The original version of this story was published on Law.com
In last month's column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing risk. Risk management is top of mind for most legal leadership teams these days. However, the methods and mechanisms for identifying, quantifying, tracking and mitigating risk differ widely amongst law departments.
While all law departments must consider legal risk, the level of formality in the process varies. Further, risk management can mean many different things to different departments. As law departments define the role and function of the legal team in the risk management process, the department may broaden its definition of risk management to include a wide variety of regulatory, business and other types of risk management activities. Following are some examples of how law departments have characterized risk and used technology to formally manage it:
1. Legal Risk: Identifying the level of legal risk involved in a matter is an activity that is common across many law departments. In its most basic form, departments simply set criteria for identifying the riskiest or most significant matters. They use technology to track the risk rating of a matter, and subsequently pull active “risky” matters into reports and other monitoring processes.
A more formal and detailed approach is to identify discrete legal risks within a matter and evaluate each one in terms of two dimensions: probability or likelihood of occurrence, and impact of significance to the business. Each risk is evaluated against each dimension on a 1-5 scale, with 1 = low and 5 = high. The two values are multiplied to create a combined score for each risk category. The results are then classified to indicate their relative priority and need for management attention. Technology may be used to monitor and report on each risk and the various activities and mitigation plans surrounding each.
2. Litigation Risk: In terms of technology, litigation process risk management tools are perhaps the best defined and most mature available. Many tools that track litigation matters come prepopulated with fields for tracking details about litigation exposure and outcome probabilities. As well, a department need only define which steps of the litigation or e-discovery process in which it would like to be involved and then choose relevant risk tools such as legal hold management or early case assessment products to help evaluate and manage the process.
Litigation risk may also be defined as relating to the nature of the business. Some departments have turned to technology to identify trends or patterns that help to identify when the business may be at risk for litigation. This is common in industries that supply goods or services and have the potential for complaints and litigation resulting from use of said goods or services. Law departments are in a unique position to be able to identify when there is an uptick in certain types of complaints or litigation and report back to the business when corrective action may be required.
3. Regulatory Risk: Law departments are playing ever greater roles in helping organizations to manage regulatory risks. Some departments have taken the initiative to use technology to monitor changes in regulations, communicate changes and track the measures the company takes to comply with new regulations.
Some departments take on a more formal role, playing a quasi-compliance function, by automating processes to address regulatory and compliance requirements such as regulatory reporting. In some cases, departments have configured or customized software to support complex regulatory and compliance processes.
4. Business Risk: While most business units have the primary responsibility for identifying and mitigating business risks, some law departments play active roles in supporting business units in this capacity. For example, contract management tools are an excellent mechanism for supporting the legal team to routinize low risk contract creation and review processes as well as help to the business to monitor contractual obligations. Intellectual Property Asset Management tools can reduce risk by helping to track IP dockets. Many legal practice-specific tools incorporate features for managing risk associated with the legal process in that particular area.
5. Operational & Internal Risk: There are yet an extensive set of internal and operational activities for which a legal team may hold itself accountable. Records management is one of the most common processes in which legal is often involved and for which there are a variety of tools available for managing and disposing of physical and electronic records. Another example is that law departments often take on the role of enforcing corporate policies and procedures. These manifest themselves in both tools for communicating policies as well as tools for gathering acknowledgements of policy receipt and review.
I could easily continue the list of potential risks and tools to track and mitigate those risks – the variations are wide to say the least. Because the definition of risk management can be so broad yet is so specific to an industry, business and role/function of a legal team, identifying a department's responsibilities in the risk management process and then selecting the most appropriate tools and technology to support those responsibilities is an important step in strategic technology planning. This step is not one that can or should be duplicated from other organizations.
In next month's article I will discuss a final layer of strategic technology planning—knowledge management.
In last month's column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing risk. Risk management is top of mind for most legal leadership teams these days. However, the methods and mechanisms for identifying, quantifying, tracking and mitigating risk differ widely amongst law departments.
While all law departments must consider legal risk, the level of formality in the process varies. Further, risk management can mean many different things to different departments. As law departments define the role and function of the legal team in the risk management process, the department may broaden its definition of risk management to include a wide variety of regulatory, business and other types of risk management activities. Following are some examples of how law departments have characterized risk and used technology to formally manage it:
1. Legal Risk: Identifying the level of legal risk involved in a matter is an activity that is common across many law departments. In its most basic form, departments simply set criteria for identifying the riskiest or most significant matters. They use technology to track the risk rating of a matter, and subsequently pull active “risky” matters into reports and other monitoring processes.
A more formal and detailed approach is to identify discrete legal risks within a matter and evaluate each one in terms of two dimensions: probability or likelihood of occurrence, and impact of significance to the business. Each risk is evaluated against each dimension on a 1-5 scale, with 1 = low and 5 = high. The two values are multiplied to create a combined score for each risk category. The results are then classified to indicate their relative priority and need for management attention. Technology may be used to monitor and report on each risk and the various activities and mitigation plans surrounding each.
2. Litigation Risk: In terms of technology, litigation process risk management tools are perhaps the best defined and most mature available. Many tools that track litigation matters come prepopulated with fields for tracking details about litigation exposure and outcome probabilities. As well, a department need only define which steps of the litigation or e-discovery process in which it would like to be involved and then choose relevant risk tools such as legal hold management or early case assessment products to help evaluate and manage the process.
Litigation risk may also be defined as relating to the nature of the business. Some departments have turned to technology to identify trends or patterns that help to identify when the business may be at risk for litigation. This is common in industries that supply goods or services and have the potential for complaints and litigation resulting from use of said goods or services. Law departments are in a unique position to be able to identify when there is an uptick in certain types of complaints or litigation and report back to the business when corrective action may be required.
3. Regulatory Risk: Law departments are playing ever greater roles in helping organizations to manage regulatory risks. Some departments have taken the initiative to use technology to monitor changes in regulations, communicate changes and track the measures the company takes to comply with new regulations.
Some departments take on a more formal role, playing a quasi-compliance function, by automating processes to address regulatory and compliance requirements such as regulatory reporting. In some cases, departments have configured or customized software to support complex regulatory and compliance processes.
4. Business Risk: While most business units have the primary responsibility for identifying and mitigating business risks, some law departments play active roles in supporting business units in this capacity. For example, contract management tools are an excellent mechanism for supporting the legal team to routinize low risk contract creation and review processes as well as help to the business to monitor contractual obligations. Intellectual Property Asset Management tools can reduce risk by helping to track IP dockets. Many legal practice-specific tools incorporate features for managing risk associated with the legal process in that particular area.
5. Operational & Internal Risk: There are yet an extensive set of internal and operational activities for which a legal team may hold itself accountable. Records management is one of the most common processes in which legal is often involved and for which there are a variety of tools available for managing and disposing of physical and electronic records. Another example is that law departments often take on the role of enforcing corporate policies and procedures. These manifest themselves in both tools for communicating policies as well as tools for gathering acknowledgements of policy receipt and review.
I could easily continue the list of potential risks and tools to track and mitigate those risks – the variations are wide to say the least. Because the definition of risk management can be so broad yet is so specific to an industry, business and role/function of a legal team, identifying a department's responsibilities in the risk management process and then selecting the most appropriate tools and technology to support those responsibilities is an important step in strategic technology planning. This step is not one that can or should be duplicated from other organizations.
In next month's article I will discuss a final layer of strategic technology planning—knowledge management.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Lawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
8 minute read
Why ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
Trending Stories
- 1Restoring Trust in the Courts Starts in New York
- 2'Pull Back the Curtain': Ex-NFL Players Seek Discovery in Lawsuit Over League's Disability Plan
- 3Tensions Run High at Final Hearing Before Manhattan Congestion Pricing Takes Effect
- 4Improper Removal to Fed. Court Leads to $100K Bill for Blue Cross Blue Shield
- 5Michael Halpern, Beloved Key West Attorney, Dies at 72
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
