facebook linked in twitter
close

Insights

February 19, 2019

Risk Management Strategy: Top Tips for In-House Counsel

By Daniel S. Sanders, Jr.

Corporate Counsel

Companies strive to protect their tomorrow in a global context that evolves constantly and rapidly. And they must do so in highly competitive and complex markets, each with a unique political, economic, legal and regulatory framework. Change is constant. Risk is constant. But opportunity also is constant.

In the context of a business, ask the lawyers representing the company the following questions:

  • Can you identify the top 10 risks facing the company as well as the strategy to address them?
  • Can you explain the company’s approach to risk management?

Some lawyers will know the answers. Many will not. Maybe a few in between will refer you to the risk management department.

Shouldn’t all the lawyers be able to answer these questions confidently? And link their priorities and daily work to eliminating or mitigating the risks? Given the never ending, crushing work load, how can you decide what is most important and what can be ignored?

Not to pick on the lawyers—if you ask the same two questions to the executive management team or board of directors, I suspect you will get the same variety of answers.

We think the executive management team, the board of directors—and most importantly, the lawyers—should be able to answer “yes” to both questions. Moving to a “yes” answer will enable the company’s leaders to share a common vision, satisfy more fully their fiduciary and management obligations, and reduce risk (and cost).

The question is how? And who?

Protect Tomorrow, Today

These three words describe the essence of risk management’s mission.

Companies strive to protect their tomorrow in a global context that evolves constantly and rapidly. And they must do so in highly competitive and complex markets, each with a unique political, economic, legal and regulatory framework. Change is constant. Risk is constant. But opportunity also is constant.

Risk management issues across industries are at an all-time high. Boards and Executive Management, and lawyers, should expect “risk” to be an increasingly challenging part of doing business.

And there is a lot at stake with poor risk management. Shareholders, stakeholders, customers, employees, and regulators now expect companies to be proactive and efficient in the area of risk management. In a nutshell, good risk management will:

  • Preserve the company’s values, assets and reputation;
  • Protect the growth strategy;
  • Provide leadership with a common vision of the main risks and actions to mitigate them; and
  • Reduce risks and cost.

Now back to how? And who?

Map the Risks

The first step is to identify the applicable risk categories. For example, in a manufacturing context: safety, environment, product quality, supply continuity, business continuity, asset protection, human resources, finance, information systems, legal and knowledge retention.

For each category, using a combination of historical facts, trends, employee interviews and surveys, foresight, and maybe some supplemental professional expertise, determine a list of risks in each category. The more the better. Think 10 to 15 risks for each category.

Quantify the Impact

The second step is to quantify the impact if the risk were to materialize. An example: High risk—more than $50 million and/or material impact on corporate image. Medium risk—between $10-$50 million and/or some impact on corporate image. Low risk—less than $10 million and no impact on corporate image.

These steps provide a relatively comprehensive look at the risk landscape.

Identify the Priorities and Make a Plan

This step is important. Using a blend of the collected data and professional judgment, identify the priorities. An example we use is to pick the top 15. No need to rank order, just the top 15. Then, in an interactive exercise with Executive Management, pick the top three to five risks to be addressed under the board’s supervision and assign an owner.

The remaining priority risks can be addressed by management, again assigning an owner for each. You may be surprised how much focus and attention comes with board and management oversight.

These steps, or ones like them, will deliver alignment on risks, clearer priorities and actions and ultimately reduced risk and cost.

Back to the Lawyers

Prior to becoming Michelin’s general counsel, I was responsible for internal audit and risk management. It was a gift. This is because that context and experience allowed our legal department to orient and prioritize around the strategic risks, not what a particular client wanted on a given day.

As a sanity check, we periodically assessed how much time was being spent responding to client requests versus working proactively to reduce the priority risks. We did the same exercise with our outside partners. Of course it is impossible to eliminate the day to day work, but even slight shifts of resources to the main risks can move the needle.

And my experience teaches that CEO’s actually enjoy spending time with the lawyers when they are aligned on strategic, enterprise risk reduction.

Dan Sanders is a partner in Nelson Mullins Riley & Scarborough’s Atlanta office, where he practices with both the corporate and litigation groups. He is a former vice-president, general counsel, secretary & chief compliance officer of Michelin North America, Inc. Contact him via email, dan.sanders@nelsonmullins.com.


Reprinted with permission from the Feb. 19th edition of Corporate Counsel© 2019 ALM Media Properties, LLC. All rights reserved.

Further duplication without permission is prohibited. ALMReprints.com877-257-3382 - reprints@alm.com.