Applying risk tools to a strategic technology plan
In last month’s column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing…
February 08, 2013 at 06:38 AM
10 minute read
The original version of this story was published on Law.com
In last month's column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing risk. Risk management is top of mind for most legal leadership teams these days. However, the methods and mechanisms for identifying, quantifying, tracking and mitigating risk differ widely amongst law departments.
While all law departments must consider legal risk, the level of formality in the process varies. Further, risk management can mean many different things to different departments. As law departments define the role and function of the legal team in the risk management process, the department may broaden its definition of risk management to include a wide variety of regulatory, business and other types of risk management activities. Following are some examples of how law departments have characterized risk and used technology to formally manage it:
1. Legal Risk: Identifying the level of legal risk involved in a matter is an activity that is common across many law departments. In its most basic form, departments simply set criteria for identifying the riskiest or most significant matters. They use technology to track the risk rating of a matter, and subsequently pull active “risky” matters into reports and other monitoring processes.
A more formal and detailed approach is to identify discrete legal risks within a matter and evaluate each one in terms of two dimensions: probability or likelihood of occurrence, and impact of significance to the business. Each risk is evaluated against each dimension on a 1-5 scale, with 1 = low and 5 = high. The two values are multiplied to create a combined score for each risk category. The results are then classified to indicate their relative priority and need for management attention. Technology may be used to monitor and report on each risk and the various activities and mitigation plans surrounding each.
2. Litigation Risk: In terms of technology, litigation process risk management tools are perhaps the best defined and most mature available. Many tools that track litigation matters come prepopulated with fields for tracking details about litigation exposure and outcome probabilities. As well, a department need only define which steps of the litigation or e-discovery process in which it would like to be involved and then choose relevant risk tools such as legal hold management or early case assessment products to help evaluate and manage the process.
Litigation risk may also be defined as relating to the nature of the business. Some departments have turned to technology to identify trends or patterns that help to identify when the business may be at risk for litigation. This is common in industries that supply goods or services and have the potential for complaints and litigation resulting from use of said goods or services. Law departments are in a unique position to be able to identify when there is an uptick in certain types of complaints or litigation and report back to the business when corrective action may be required.
3. Regulatory Risk: Law departments are playing ever greater roles in helping organizations to manage regulatory risks. Some departments have taken the initiative to use technology to monitor changes in regulations, communicate changes and track the measures the company takes to comply with new regulations.
Some departments take on a more formal role, playing a quasi-compliance function, by automating processes to address regulatory and compliance requirements such as regulatory reporting. In some cases, departments have configured or customized software to support complex regulatory and compliance processes.
4. Business Risk: While most business units have the primary responsibility for identifying and mitigating business risks, some law departments play active roles in supporting business units in this capacity. For example, contract management tools are an excellent mechanism for supporting the legal team to routinize low risk contract creation and review processes as well as help to the business to monitor contractual obligations. Intellectual Property Asset Management tools can reduce risk by helping to track IP dockets. Many legal practice-specific tools incorporate features for managing risk associated with the legal process in that particular area.
5. Operational & Internal Risk: There are yet an extensive set of internal and operational activities for which a legal team may hold itself accountable. Records management is one of the most common processes in which legal is often involved and for which there are a variety of tools available for managing and disposing of physical and electronic records. Another example is that law departments often take on the role of enforcing corporate policies and procedures. These manifest themselves in both tools for communicating policies as well as tools for gathering acknowledgements of policy receipt and review.
I could easily continue the list of potential risks and tools to track and mitigate those risks – the variations are wide to say the least. Because the definition of risk management can be so broad yet is so specific to an industry, business and role/function of a legal team, identifying a department's responsibilities in the risk management process and then selecting the most appropriate tools and technology to support those responsibilities is an important step in strategic technology planning. This step is not one that can or should be duplicated from other organizations.
In next month's article I will discuss a final layer of strategic technology planning—knowledge management.
In last month's column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing risk. Risk management is top of mind for most legal leadership teams these days. However, the methods and mechanisms for identifying, quantifying, tracking and mitigating risk differ widely amongst law departments.
While all law departments must consider legal risk, the level of formality in the process varies. Further, risk management can mean many different things to different departments. As law departments define the role and function of the legal team in the risk management process, the department may broaden its definition of risk management to include a wide variety of regulatory, business and other types of risk management activities. Following are some examples of how law departments have characterized risk and used technology to formally manage it:
1. Legal Risk: Identifying the level of legal risk involved in a matter is an activity that is common across many law departments. In its most basic form, departments simply set criteria for identifying the riskiest or most significant matters. They use technology to track the risk rating of a matter, and subsequently pull active “risky” matters into reports and other monitoring processes.
A more formal and detailed approach is to identify discrete legal risks within a matter and evaluate each one in terms of two dimensions: probability or likelihood of occurrence, and impact of significance to the business. Each risk is evaluated against each dimension on a 1-5 scale, with 1 = low and 5 = high. The two values are multiplied to create a combined score for each risk category. The results are then classified to indicate their relative priority and need for management attention. Technology may be used to monitor and report on each risk and the various activities and mitigation plans surrounding each.
2. Litigation Risk: In terms of technology, litigation process risk management tools are perhaps the best defined and most mature available. Many tools that track litigation matters come prepopulated with fields for tracking details about litigation exposure and outcome probabilities. As well, a department need only define which steps of the litigation or e-discovery process in which it would like to be involved and then choose relevant risk tools such as legal hold management or early case assessment products to help evaluate and manage the process.
Litigation risk may also be defined as relating to the nature of the business. Some departments have turned to technology to identify trends or patterns that help to identify when the business may be at risk for litigation. This is common in industries that supply goods or services and have the potential for complaints and litigation resulting from use of said goods or services. Law departments are in a unique position to be able to identify when there is an uptick in certain types of complaints or litigation and report back to the business when corrective action may be required.
3. Regulatory Risk: Law departments are playing ever greater roles in helping organizations to manage regulatory risks. Some departments have taken the initiative to use technology to monitor changes in regulations, communicate changes and track the measures the company takes to comply with new regulations.
Some departments take on a more formal role, playing a quasi-compliance function, by automating processes to address regulatory and compliance requirements such as regulatory reporting. In some cases, departments have configured or customized software to support complex regulatory and compliance processes.
4. Business Risk: While most business units have the primary responsibility for identifying and mitigating business risks, some law departments play active roles in supporting business units in this capacity. For example, contract management tools are an excellent mechanism for supporting the legal team to routinize low risk contract creation and review processes as well as help to the business to monitor contractual obligations. Intellectual Property Asset Management tools can reduce risk by helping to track IP dockets. Many legal practice-specific tools incorporate features for managing risk associated with the legal process in that particular area.
5. Operational & Internal Risk: There are yet an extensive set of internal and operational activities for which a legal team may hold itself accountable. Records management is one of the most common processes in which legal is often involved and for which there are a variety of tools available for managing and disposing of physical and electronic records. Another example is that law departments often take on the role of enforcing corporate policies and procedures. These manifest themselves in both tools for communicating policies as well as tools for gathering acknowledgements of policy receipt and review.
I could easily continue the list of potential risks and tools to track and mitigate those risks – the variations are wide to say the least. Because the definition of risk management can be so broad yet is so specific to an industry, business and role/function of a legal team, identifying a department's responsibilities in the risk management process and then selecting the most appropriate tools and technology to support those responsibilities is an important step in strategic technology planning. This step is not one that can or should be duplicated from other organizations.
In next month's article I will discuss a final layer of strategic technology planning—knowledge management.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
From Reluctant Lawyer to Legal Trailblazer: Agiloft's GC on Redefining In-House Counsel With Innovation and Tech
7 minute read
Legal Tech's Predictions for Legal Ops & In-House in 2025
Trending Stories
- 1'A Waste of Your Time': Practice Tips From Judges in the Oakland Federal Courthouse
- 2Judge Extends Tom Girardi's Time in Prison Medical Facility to Feb. 20
- 3Supreme Court Denies Trump's Request to Pause Pending Environmental Cases
- 4‘Blitzkrieg of Lawlessness’: Environmental Lawyers Decry EPA Spending Freeze
- 5Litera Acquires Workflow Management Provider Peppermint Technology
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
