Rather, risk management is about reducing and managing the possible outcomes of actions and events. The economy wants to “deconstruct” risks and make them quantifiable as much as possible. The first scenario shows only the impact of cost-related risks. The second scenario shows the impact of profit and cost risks on business valuations. This context allows us to measure and manage significant legal risks to the organization. To illustrate the role of a risk tolerance policy, we will present ten risk events. This image graphically shows the risk events. The vertical scale (Y-axis) measures the consequences in financial terms. Apply the appropriate multiplier for your organization: 100, 1,000, or 1,000,000. The scale is arbitrary, adapt it to your risks and your organization. The horizontal scale (x-axis) represents the probability as a percentage.
Accurately measuring the likelihood of legal risk is quite difficult for most organizations. Simply put, a legal risk tolerance policy is an explicit recognition of the level of risk and types of risks that an organization with little or no treatment will accept. Risk is “the impact of uncertainty on objectives” according to ISO 31000. However, Company C is a much higher risk. They set the line at about $760 in losses. In 2009, the International Organization for Standardization (ISO) published a new approach to risk and risk management: ISO 31000:2009 Risk management – Principles and guidelines. There are four broad categories of legal risks or four areas of legal uncertainty: structural, regulatory, procedural and contractual. These risks certainly overlap. Does an infringement claim represent a contractual risk or a litigation risk? They also overlap with other types of risks, which are often outside the lawyer`s jurisdiction. Is the risk that a loan agreement will be unenforceable against a borrower a contractual risk or a credit risk? Risk criteria allow the organization to assess and compare risks. The cost of risk treatment is measured against the level of risk based on risk criteria.
Risk criteria ensure consistency in how an organization identifies and measures each element of a risk. In the examples here, there are only three risk criteria: True, this event may cost the organization $800 (or $800,000 or $8,000,000, etc.), but there is a probability of less than 5% for the event. The risk event on the far right, on the other hand, is nearly 80% likely. The risk is greater. Organizations invest significant amounts of money to avoid litigation. It is useful to weigh the costs of risk management against the possible outcomes. Regulatory risks come in many colours, making it difficult to identify regulatory risks. Some regulations are cross-sectoral, such as taxation and labour and employment. Some regulations are specific to a jurisdiction: national, regional or local. Regulations may address specific practices such as clinical trials, consumer product protection or financial disclosures.
Regulatory risks may be significant or unclear. What regulations apply to your organization? To use a tired sentence: “It depends.” Contrary to what its name suggests, structural risk has nothing to do with the physical structure of the building. Structural risk refers to the financial structure of the investment and the rights that the structure grants to individual participants. No real estate investment is invulnerable to risk, and investors need to understand the potential dangers. Exposure to structural legal risks changes the landscape in unexpected ways. Legal risks are difficult to measure. However, the definition of ISO 31000 risks allows us to express legal uncertainties and measure them and their potential impact. We may not achieve mathematical precision, but we can achieve better management. The growth of the administrative branch of government is daunting for most business leaders. Regulatory risk represents uncertainty about the consequences of an authority`s actions. 2. Litigation risk: Litigation risk refers to the risk of being sued.
Because companies can be sued for a seemingly infinite number of reasons, it`s difficult to completely eliminate the risk of litigation. However, if companies are proactive and willing to make changes before a lawsuit occurs, the risk can be successfully managed.