It’s difficult to be part of any business and not hear about “risk.” It’s everywhere. Risk is the new black. It’s on the lips of every CEO, CFO, and board member, as it should be. And, anything that is important to the board and the C-Suite, is important to the legal department. In fact, over the past five or so years, one of the key responsibilities businesses are placing on in-house lawyers is spotting and managing risk. The business wants its in-house lawyers to be the ones who sniff through virtually every situation looking for risk (legal or otherwise). What this means is that, more and more, in-house counsel need to be masters of the company’s business operations and strategy (both short and long term), because you cannot successfully spot and manage risk unless you understand how the company operates and where it wants to go.
Generally, when asked about risk, most in-house lawyers respond retroactively, i.e., they talk about risk in terms of things the company has already experienced – a recent lawsuit, a data breach, an internal investigation, etc. While this is helpful, it is only part of calculus of identifying risk. The harder part (and the more valuable skill) is being able to look forward and see risk. While a more valuable skill, my experience is that there is little to no training around how to “look for risk,” let alone how to evaluate it or report it out. For many in-house lawyers, it is largely a self-taught skill. My goal here is not to write a treatise about risk or risk management. I have read enough of those types of articles to know that they look really impressive, have complicated charts, graphs, and formulas, but most are hard to apply in the everyday, fast-paced in-house world. I want to set out a handful of simple ideas and processes you can use to spot and identify forward-looking risk and to evaluate and manage that risk alongside the business. This edition of “Ten Things” will discuss a few guidelines that will help you be better able to fulfill the demand from the business that you become “Risk Spotter in Chief” or, as I was often called, the “Risk Guy:”