CLO 21 A DV I S O RY GROUP
Managing Legal Risk
To Meet the Challenges
Of the 21st Century
The Enron situation may lead to expanded government controls,
tighter accounting standards and more explicit duties for boards of
directors, auditors, and most likely, corporate lawyers. Using the Gateway
Model and a new set of post-Enron action steps, CLOs will be
able to manage this risk-heavy environment.
B Y S T E P H E N E . N OW L A N
he Chief Legal Officer to consider. Our report
of the 21st Century describes how many legal risk
Advisory Group meets drivers are metastasizing, creat-
quarterly to develop and refine ing new minefields and a
the Gateway Model for manag- greater workload for law depart-
ing law departments in light of ments. We describe how the
the serious new challenges fac- Gateway Model creates a rigor-
ing corporations. The CLO 21 ous approach for managing
Advisory Group convened in legal risk that strikes the best,
Palm Beach, Fla., in January right balance between effective
2002, to discuss Gateway support for business objectives
strategies for managing legal and the implementation of
risk. During the meeting, the internal controls that have
conference room lights did not teeth. We also present the
go out as they did at the now- Advisory Group’s inventory of
● Stephen E. Nowlan is infamous Enron board meeting Gateway Legal Risk Building
senior vice president of in Palm Beach a few years ago. Blocks and discuss some of the
TyMetrix and serves as the Not surprisingly, group mem- key implications for implement-
facilitator of the CLO 21 bers were energized about legal ing them. Finally, we report on
Group. firstname.lastname@example.org risk because of the Enron col- the concerns of CLO 21 become a popular topic at social
lapse and the Congressional Advisory Group members about gatherings, much to the delight
hearings probing the role of the the cutbacks in law department of any lawyers present. Whereas
Enron lawyers. resources that threaten sound this topic used to be discussed
This report summarizes the legal risk management. only in tedious corporate meet-
discussion highlights and the ings about “internal controls,”
post-Enron action steps that The Enron Meltdown everyone with a 401(k) account
CLO 21 Advisory Group mem- Thanks mostly to the shenani- or a Congressional parking per-
bers encourage general counsel gans at Enron, “legal risk” has mit is now batting the subject
46 chief legal officer lawexec.com
these controls were not imple-
mented appropriately, and the
board did not discover this until
it was too late to prevent
Executives who either did not
correctly understand their roles
or who manipulated the environ-
ment to sidestep them, inadver-
tently or deliberately thwarted
these intended controls.
Although the senior Enron
lawyer working on the partner-
ship deals correctly identified the
risk issues and got corroborating
advice from outside counsel, he
was ineffectual in dealing with
the legal risks. He either lacked
the authority and standing in the
company to force corporate
actions to address the risks, or he
lacked the leadership to take the
issues to the board of directors. “Legal Risk:
According to testimony
The risk that arises
before the House, this lawyer
sought the help of the general from a perceived
counsel who, apparently, was of
no assistance. When the lawyer or actual violation
sought the help of the chief
of laws, regulations
accounting officer and the chief
risk officer, he was advised not or agreements leading
to stick his neck out and to
drop the matter. to costs, penalties,
The former CEO claimed he
liabilities or sanctions
didn’t know of the lawyer’s
efforts to seek his review of the imposed as a result
matters or meet with him. The
lawyer did not try to approach of the legal
board members with the infor-
mation, presumably because he
felt he had gone far enough by — CLO 21 Advisory Group
advising executive officers of his
Would the board members
have acted if the lawyer had
informed them of his findings?
Could the meltdown have been
around with aplomb. If this trols to manage legal and busi- avoided if the board acted at
leads to a climate where more ness risk, the culture of the that point? One can only guess,
business executives pay atten- company has an overriding and the question as to whether
tion to legal risk issues, it is not influence as to what level of risk the lawyer had a duty to go to
a bad development. will be assumed. The Enron the board is left for debate.
The Enron meltdown board assumed, with assurances Many of us have seen situa-
demonstrates that even in a from the auditors and executive tions similar to this one. No
company that goes to great officers, that risk controls were doubt, similar situations are
lengths to set up internal con- in place and working. However, being resolved because the
spring 2002 chief legal officer 47
CLO 21 A DV I S O RY GROUP
lawyer in the hot seat takes the many boards, wishing to avoid New York legislature issued a
bull by the horns and keeps the tarnish of “Enrust,” will re- damning report of abuses in the
knocking on mahogany doors evaluate the performance of all insurance industry. It found that
until he or she finds equally control officers, including the life insurance companies were
right-thinking people to deal general counsel, and demand buying new issues from under-
substantively with the problem. replacements for those who writers as part of the distribution
However, absent the willingness appear not to have the back- of the securities (primarily debt)
of the lawyer to risk his or her bone and management skills to with the intent of reselling them
position and career, many rigorously implement controls. as the underwriters found buy-
Legal risk used to be lawyers will accept the advice of ers. In effect, the securities were
higher-ups and simply drop the Legal Risk is Expanding “parked,” and the underwriters
discussed only in matter, even if reluctantly. At Breakneck Speed did not bear the market risk of
The general counsel is Along with the promise of new holding the securities during the
tedious corporate responsible for creating the cul- opportunities in the 21st centu- distribution; the life insurers did.
meetings. Now, ture in the law department ry, comes the realization that When the underwriters ultimate-
wherein an individual attorney business and legal risk are ly found buyers for the entire
everyone with a dealing with risk issues will expanding at a profound rate issue, the life insurers resold the
either find support among col- that may outstrip the abilities of securities to the new buyers
401(k) account or a leagues or be left out on a limb. corporate law departments to through a member of the under-
The general counsel does not manage or control them. writing syndicate, which was a
Congressional parking operate in a vacuum, however. Possibly most alarming is that company owned by officers of
permit is batting the Every general counsel has to legal risk is frequently triggered the life insurance company. They
assess the overall culture of the by a relatively small group of took large commissions from the
subject around company periodically and people whose actions are diffi- sale of the securities on their way
decide whether he or she is cult to predict, hard to control through the underwriting com-
with aplomb. comfortable with the risk and usually extremely expensive pany. As a result of the investiga-
parameters that drive the busi- to manage. tion, the New York legislature
ness culture. Three recent developments— enacted stringent laws to prohib-
The general counsel is a con- the World Trade Center bomb- it numerous conflicts of interest
trol officer on whom the board ing, the Enron collapse and the between the officers and direc-
must depend to ensure that proliferation of class-action tors and their insurance compa-
internal controls are truly work- lawsuits—have dramatically nies. Many states copied these
ing and that lawyers are sup- expanded the scope of legal risk laws in the wake of the scandal.
ported in their efforts to man- that needs to be addressed by And, as CLO 21 Advisory
age risk. It is very likely that major companies. Group member Donald P.
This legal risk has resulted in Horwitz reports, the Insull
dramatic increases in the cost of bankruptcy in 1932 was a key
D R I V E R S O F E X PA N D I N G L E G A L R I S K
doing business, through factor leading to the creation of
❒ Growth of laws and regulations increased insurance costs, pre- the Securities and Exchange
❒ Expanding access to the courts by plaintiffs cautions to ensure employee Commission in 1934. (See
❒ Aggressive plaintiff bar and corporate security and page 55.)
❒ Advances in science and technology greater efforts to control and Great corporate scandals
❒ Increasing costs of risk transference monitor corporate behavior. inevitably lead to new laws and
❒ Increasing cost of internal legal staff Perhaps most importantly, regulations, and it is no surprise
❒ Increasing cost of outside counsel greater investor awareness of that the Enron situation will
❒ Expanding business arena potential business and legal lead to the codification of
❒ Increased scrutiny risks has led to lower stock expanded legal risks in the form
❒ Anticorporate attitudes prices and a further shrinking of expanded government con-
❒ Procedural flaws in state court systems of capital markets during a trols, tighter accounting stan-
❒ Unorganized corporate defense bar global recession. dards and more explicit duties
❒ Increasing cost of internal resources (e.g., corporate Other sensational corporate for boards of directors, auditors
representatives who must devote time to litigation) scandals have also rocked and quite possibly, corporate
❒ Increasing costs of outside audits investor confidence. In 1906, the lawyers.
Armstrong investigation by the Post-Enron, insurance risk
48 chief legal officer lawexec.com
P O S T- E N R O N A C T I O N S T E P S F O R C H I E F L E G A L O F F I C E R S
BOARD-OF-DIRECTOR ISSUES OTHER CONSIDERATIONS
❒ Board members of many companies will ask management for ❒ General counsel will want to ensure that members of the law
greater substantiation of the prudence and soundness of inter- department have a clear understanding of the circumstances
nal practices, the rationale and wisdom of major deals and the where a legal risk issue should be escalated to the general
reliability of audit and control processes. counsel, so seemingly minor issues don’t become huge prob-
❒ Many board members will be very concerned about their lems due to insufficient risk analysis and review.
roles and their potential liability, and they will need and want ❒ Inasmuch as any type of accounting problem or restatement
more specific advice and understanding of what action steps of financials may lead to disastrous rumors, general counsel
they should take to fulfill their roles and responsibilities. will want to have a plan and team in place to address the legal
❒ General counsel should be certain that board members are issues arising from such a situation.
well-educated about the action steps that boards should take ❒ General counsel may need to review the company’s document-
to avoid future problems with public credibility and/or govern- retention policy and audit the document-retention practices of
ment agencies, such as the SEC. the law department and business units to ensure the process is
❒ Some board members may request outside legal advice on operating as required.
specific projects or issues, or just out of an abundance of ❒ General counsel may need to review:
caution. General counsel need to be prepared to address these s
● the management of the company’ 401(k) plan to ensure
requests and will want to be especially cautious in selecting a that it complies in every way with regulatory requirements
law firm with no conflicts of interest. and that all actual practices are consistent with the formal
❒ General counsel should be more proactive and demanding 401(k) plan in place;
of the auditors by asking more questions and reviewing ● the crisis-communication plan to ensure that the company
more carefully what the auditors are doing to ensure the audit has a plan and a team that is well-suited and well-prepared to
process has sufficient rigor and integrity (instead of just manage any type of crisis that arises;
answering questions posed to them by the auditors). ● the process of selecting outside counsel in situations where
❒ General counsel should review the adequacy of the charter the firm is expected to give legal opinions about potential
for the audit committee and the guidance given to the audit company issues to ensure that the selected counsel is free
committee about its role. from conflicts that would erode the credibility of their
❒ General counsel may want to advise management about the opinions;
selection of future board members so future members will s
● the company’ policy on hiring the auditing firm for
possess significant expertise and leadership qualities. The goal consulting assignments to determine whether the law
is to ensure the board members have the competence and department should give advice limiting the range of
inclination to vigorously review management actions, not just assignments that are offered to the auditing firm; and
comply with management’s wishes. As one member of the s
● the company’ process for receiving and following up
CLO21 Advisory Group pointed out, it may not be in the on employee and whistleblower complaints to ensure
company’s interests to have sitting CEOs of other companies that the process of follow-up investigations and reporting
as the principals on the audit committee if these CEOs do not has integrity and does not engender additional risk as a
have adequate time to spend on audit committee business. result of ineffectiveness.
underwriters will be much more which provide a basis for denying crippling underwriting losses, is tions by revealing the level at
conservative in evaluating and coverage under policy provisions. showing an increasing unwill- which their products (or actions)
pricing all corporate risks, espe- The plaintiffs’ bar shows ingness to accept the transfer of were the original source of injury
cially directors’ and officers’ every indication of refining the risk. Corporations face severely or contamination. One modest
insurance, the cost of which is art of tapping corporate arteries limiting coverage provisions example is technicians who will
expected to increase precipitous- to scientific levels. Funded by and rapidly escalating premi- likely be able to reveal the con-
ly. Insurance companies will cer- massive corporate settlements ums, resulting in a greater tents of many of the documents
tainly refrain from providing cov- and awards that often dwarf the degree of self-insurance that shredded by Arthur Andersen
erage for companies whose oper- operating budgets of corporate may ultimately need to be dis- LLP by recovering the deleted
ations appear vulnerable to sig- law departments, the plaintiffs’ closed as material to the finan- electronic files found on PCs and
nificant claims. Future litigation bar has the ambition and cial statements. network servers.
over coverage provisions is likely resources to pounce on every Another source of expanding More significantly, advanced
to skyrocket as insurance compa- possible corporate transgres- legal risk is the degree to which scientific methods are being
nies scrutinize corporate behavior sion. Here again, the insurance science and technology can now developed that will enable
and identify actions or omissions industry, already reeling from push liability back onto corpora- researchers to detect the pres-
spring 2002 chief legal officer 49
CLO 21 A DV I S O RY GROUP
ence of industrial contaminants and the roles they should play is really quite problematic: The
in human DNA and potentially in helping to manage these lawyer never learns about
trace these back to specific man- risks. details until after the fact.
ufacturers. Once the plaintiffs’ In many law departments, Businesspeople can be very cre-
bar masters the these drivers must be imple- ative at keeping lawyers at bay.
application of these new tech- mented among legal team The driving concept of the
nologies, class actions will members who are based on Gateway Model is to keep the
expand exponentially. different continents where lawyers directly involved in
In light of these and other business activities are gov- the formulation and planning
legal risk drivers, there has erned by a variety of national of initiatives to give them the
never been a time in the history laws, regulations and judicial opportunity to practice risk
of major corporations when the systems. Given the size of management where it belongs:
legal risks have been so great some law departments, many at the birth of an idea and all
and the ability to transfer these attorneys will not have sub- the way through its imple-
risks so limited. This is particu- stantive personal dialogue mentation. This shifts the
larly alarming considering the with the general counsel more burden to the lawyers to be
global implications of today’s often than once every several able to offer useful advice
major companies. Enron’s bank- years. In such an environment, about how to structure initia-
The driving concept
ruptcy, for example, affects the general counsel needs to tives to keep them on the
of the Gateway thousands of employees, credi- have processes in place to right side of the risk. The
tors and shareholders all over ensure that each member of lawyers must be creative and
Model is to keep the planet. That this global the legal staff develops a per- helpful without crossing the
financial disaster was not pre- spective on managing legal line to sanction unethical or
lawyers directly vented, because of a breakdown risk that is consistent with the illegal behavior. In the
in internal controls ineptly department’s standards. Gateway Model, lawyers must
involved in the
supervised in part by a 245- The CLO 21 Advisory Group be prepared to say “no” when
planning of initiatives attorney corporate law depart- discussed an inventory of the it is truly required, but only
ment, should cause every Gateway strategies to imple- after alternative approaches to
that will help them general counsel to lose sleep. ment these processes. While no an initiative have been thor-
general counsel will need to oughly explored and rejected.
manage risk. Gateway Building Blocks implement all of these strate- Lawyers who only say “yes”
For Managing Risk gies, the Legal Risk Manage- and lawyers who only say “no”
The members of the CLO 21 ment Building Blocks provide a are equal threats to the suc-
Advisory Group agreed that the comprehensive menu from cess and public reputation of
drivers of effective legal risk which to choose the right com- their companies, each for dif-
management are: bination for any given company. ferent reasons.
● Ongoing discussion to refine One key problem addressed Building a team approach to
the legal team’s understand- by the Gateway Model core identifying and managing legal
ing of acceptable legal risk; competencies and business- risk among tens or hundreds of
● Constant dialogue to review integration strategy is that inside and outside attorneys
legal risk issues that arise; some law departments have and paralegals is an extraordi-
● Early and continuing involve- been so focused on saying “no” nary challenge. As Enron
ment in business partners’ that businesspeople have con- demonstrates, it may take only
activities; cluded this is the only word in one errant situation where legal
● Support from within the law the lawyer’s vocabulary. So the risk gets out of hand to demol-
department for attorneys who businesspeople have been ish a company, if not by legal
need help to prevent business motivated to aggressively keep risks, then by reputational risks.
partners from taking on legal the lawyer out of key initiatives In few other professions is the
risks that are over the line; until the only task left to the margin of acceptable error
and lawyer is to manage the ensu- potentially so minuscule.
● Ongoing education for busi- ing litigation. The illusion As one general counsel at the
ness partners to ensure their exists that the lawyer is manag- CLO 21 Advisory Group meeting
understanding of basic legal ing legal risks because he or she put it, “I have to assume that
risk-management concepts says “no” so often, but the result each of my lawyers is not as clear
50 chief legal officer lawexec.com
as he or she should be about our Shrinking Law the last three years as if current
tolerance for legal risk until I hear Department Resources population growth and car sales
for myself a mindset I can trust.” As widely reported, law depart- trends were inconsequential?
Lawyers who join the department ments are under pressure to It is wishful thinking to
from outside the industry or contain costs, and many have believe that all a company
directly from law firms, for exam- been given specific directives to needs to prevent risks is to
ple, may need to rethink their reduce costs below current employ a law department
concepts of legal risk in relation levels. While it is true that many comprised of bright, energetic
to their new employer. law departments can manage and dedicated lawyers with the
In a global organization in their work more efficiently judgment and guts to tackle
which different business units through creative negotiations substantial risks as they appear
have different risks, legal risk is with outside counsel, better use on the playing field. What is
decidedly a moving target. of technology and more wide- often overlooked by budget
Legal risk tolerance must be spread adoption of best prac- cutters is that large law depart-
constantly reviewed and refined tices, this is not the time for ments have responsibility for
as developments in the CEOs to arbitrarily hold law hundreds if not thousands of
business environment occur. A departments to formulaic cost legal matters simultaneously. In To set tomorrow’s
court decision, a new regulation reductions that do not take into today’s global mega-corporations,
or a shift in public attitudes account the dramatic expansion there are potentially hundreds spending limits based
can be seismic events in the of legal risks. or thousands of legal risks that
on the costs of
risk landscape. It is healthy for general coun- have yet to be
While many general counsel sel to be challenged by CEOs to identified and are not yet managing yesterday’s
rely on the precept that hiring the reduce costs and become more being addressed.
best lawyers with established innovative in the way legal serv- Lawyers who are literally legal risks is seriously
good judgment paves the path to ices are delivered. But the chal- scrambling from one meeting to
appropriate corporate legal risk- lenge CEOs need to give general another often do not have the short-sighted.
management, in a larger law counsel is to thoroughly time or energy to review these
department, there is bound to be re-evaluate how legal risks are risks as thoroughly as they
at least one lawyer whose judg- managed and fashion a legal should. The sheer velocity of
ment or fortitude is less than “the budget designed to deliver on deals underway hinders the
best.” In most corporate debacles, this mandate. In most compa- lawyers’ ability to raise and
isn’t it usually found that it was nies, the total legal spending of review issues in a timely way to
just such a lawyer who failed to the company constitutes a dol- prevent the risks from being
manage as required? lar amount that is lost in the realized.
Using the Gateway Model, a rounding of final financial Moreover, the growth in
general counsel can create some statements. However, as demon- demand for legal advice by
deliberately overlapping strate- strated by Enron and many clients is likely to increase dra-
gies to help create a consistent other recent examples, a failure matically as business executives
view of legal risk within the by the law department to ade- and board members alike look
organization and the checks and quately address and manage for assurances from attorneys
balances to ensure that legal legal risks can be potentially that they are not taking on
staff is sophisticated, confident catastrophic. undue legal risk. A recent sur-
and effective in spotting and Unfortunately, today’s cost- vey of attorneys at large law
managing legal risks. containment goals are typically firms conducted by The
One inescapable problem set in relation to the level of Affiliates, a legal staffing firm
confronting all general counsel, spending by the law department in Menlo Park, Calif., found
however, is how to manage over the last several years. To set that the 200 respondents
expanding legal risk in the face tomorrow’s spending levels receive an average of 48 e-mails
of corporate cutbacks. Sounder based on the costs of managing a day—one every 10 minutes. Our web site,
strategies for managing legal yesterday’s legal risks is seriously In-house attorneys most likely www.lawexec.com,
risk will pay dividends in the short-sighted. What competent receive a similar number. provides extensive back-
long run. But in the short term, CEO would advocate that high- Which e-mails among the 250 ground on the CLO 21
they require adequate staffing way planning be based on the received each week identify Advisory Group and
and realistic budgets. number of cars on the road over urgent risks? the Gateway Model.
spring 2002 chief legal officer 51
CLO 21 A DV I S O RY GROUP
Board members, especially carefully whether the modest such requests for legal advice demanding in their review of
those on audit and finance director fees they receive pro- will no doubt continue to internal operations and risk
committees, will certainly be vide adequate incentive to out- increase. issues. The law department will
more alert to the potential for weigh potential risks. As new Outside board members and certainly be asked more frequent-
personal liability and will weigh laws and regulations are enacted, auditors will also be more ly to review and comment on the
G AT E W AY B U I L D I N G B L O C K S F O R E F F E C T I V E L E G A L
LAW DEPARTMENT LEADERSHIP
The law department periodically updates and distributes a comprehensive Legal Risk Assessment Checklist for the legal staff that
can be readily utilized to help identify legal risks related to business projects in such categories as: compliance, business operations,
liability, litigation, reputation and others.
The legal staff is provided with consistent and specific guidance as to the level of legal risk the company is willing to assume
in its business operations and litigation activities.
The legal team uses consistent legal-risk terminology to enable “apples for apples” discussions about legal risks, with specific
descriptions of how risks (particularly “high” risks) should be classified in a consistent manner.
There is a specific protocol in place that identifies under what circumstances and to whom legal risk issues are to be escalated
(i.e., to general counsel and senior management) by members of the law department.
Law practice groups meet at least annually to review and discuss the legal-risk guidelines for their business partners and the risk
profiles of key projects and activities.
BUSINESS PARTNER LEGAL RISK AWARENESS
The law department regularly distributes to business partners the current version of the Legal Risk Assessment Checklist to
provide current insights about legal risk issues to which business partners should be alert.
The law department provides ongoing legal risk education for business partners—via online programs, seminars and presenta-
tions—about the company’s risk tolerance guidelines and steps they are expected to take to help manage legal risks.
Lawyers have a well-publicized open-door policy with business partners to discuss legal risk concerns.
Newly-hired executives at or above a designated level participate in a legal risk-management orientation programs provided by the
law department to ensure they are familiar with the company’s legal-risk management guidelines, resources and protocols, and their
responsibilities for helping to manage legal risk.
LEGAL RISK-MANAGEMENT COORDINATION
Each practice group has a designated legal-risk coordinator who is accountable for ensuring that the practice group’s legal risk-
management activities achieve legal risk-management objectives.
A specific attorney is designated as the project legal-risk coordinator for each business project in which there are multiple lawyers
participating in the project.
Project risk coordinators and legal colleagues utilize the Legal Risk Assessment Checklist to assess whether the information the
legal team receives from business partners is timely and adequate to identify and evaluate project legal risks.
Practice group legal-risk coordinators meet quarterly to review and discuss their roles, the standards and processes for managing
legal risk, emerging legal risks and risk case study examples.
There is a systematic process in place to ensure that practice group legal-risk coordinators discuss high-risk matters to identify
potential overlapping risk areas and coordinate risk-management activities where such overlap exists.
Each practice group has a systematic process in place to correlate internal data on litigation reserves, audit letter inquiries and mat-
ter-tracking systems to ensure that law department legal risk determinations and actions are consistent for each matter.
There is a process in place to ensure that law firms handling high-risk matters submit updated legal-risk assessments on a quarterly
basis (or more frequently) and that each legal-risk update is reviewed by the project risk coordinator, the practice group risk coor-
dinator and the business project team and/or senior management when appropriate.
IDENTIFYING LEGAL RISKS
The law department has a systematic process in place to:
Review all customer, employee and investor complaints and suits to identify trends that may indicate potential legal risks
that need attention;
52 chief legal officer lawexec.com
full spectrum of business deal- nities to question the lawyers about the best ways to measure
ings, if for no other reason than about the level of diligence with the strategic value of their law
to give executives the ability to which they reviewed the matters departments to their companies.
provide assurances to the board at hand. They must shift the discussion
that the “lawyers are OK with General counsel need to engage away from historic spending as the This article has been copyrighted
this.” Board members may well executive management and their basis of determining future law by Stephen E. Nowlan and is used
want more face-to-face opportu- boards in serious discussions department resources. ● with his permission.
Review the final reports of all regulatory compliance examinations to identify trends that may indicate potential legal risks
that need attention;
Review proposed and enacted regulation and legislation to identify legal risks and advise business partners in a timely way
of additional compliance and legal risk issues;
Review litigation and regulatory actions against competitors to identify potential areas of legal risk that may apply to the
company, and to advise business partners of potential exposure;
Review trends in insurance coverage litigation and the terms of the company’s insurance policies to identify potential
Annually collect and organize the insights of legal staff about emerging legal risks facing the company and the steps the
law department and others should take to address them; and
Annually collect and organize the insights of primary law firms about emerging legal risks to which the law department and
the company should be alert.
PROJECT LEGAL RISK MANAGEMENT
The project legal team prepares a risk profile of proposed projects and reviews this profile as appropriate with the business project
The project legal team periodically updates the risk profile for ongoing business projects and reviews the update with the business
project team (at least quarterly for high-risk projects).
At the completion of major projects, the attorney designated as the project risk manager prepares an assessment of the open
legal risks that still need to be managed on a going-forward basis.This assessment is reviewed with the practice group risk coordi-
nator and others in the law department and business unit as appropriate. Ongoing legal obligations—such as payments, disclosure
or reporting and compliance requirements—are identified.
At the completion of major projects, the lawyers involved with the project (possibly including outside counsel) review the steps
taken to manage legal risks and make improvements in the way the legal-risk management process operates for future projects.
REPORTING TO SENIOR MANAGEMENT
Appropriate law department representatives meet quarterly with business unit heads (and other company control executives)
to review the status of high-risk matters in the business unit and recommend appropriate action steps.
The general counsel and appropriate law department managers meet quarterly to review the status and management of high-risk
matters in the company and identify appropriate action steps.
Law firms are provided with consistent and specific guidance as to the level of legal risk that the company is willing to assume
in its business operations and litigation activities.
Law firm engagement partners are asked to confirm periodically that law firm staff working on assignments for the company
has been thoroughly briefed on the company’s risk-tolerance guidelines.
Periodically or at the end of major legal projects, outside counsel are asked to submit a list of suggested action steps for
improving legal-risk management.
Law firms’ performance in identifying and managing legal risks on behalf of the company is reviewed annually, and law firms are
terminated or warned when their performance is not adequate.
LAW DEPARTMENT LEGAL RISK PERFORMANCE MANAGEMENT
Newly-hired lawyers and paralegals participate in a legal risk-management orientation program to ensure they are alert to the law
department’s legal risk-management guidelines, resources and responsibilities.There is a process in place to track participation.
The performance of attorneys and paralegals in managing legal risks is reviewed at least annually by their supervisors, and those
whose performance is inadequate are warned or terminated.
spring 2002 chief legal officer 53