In last month’s column, I discussed how to apply analytics to a Strategic Technology Plan. This month I discuss the next layer of technology planning—addressing risk. Risk management is top of mind for most legal leadership teams these days. However, the methods and mechanisms for identifying, quantifying, tracking and mitigating risk differ widely amongst law departments.  

While all law departments must consider legal risk, the level of formality in the process varies. Further, risk management can mean many different things to different departments. As law departments define the role and function of the legal team in the risk management process, the department may broaden its definition of risk management to include a wide variety of regulatory, business and other types of risk management activities. Following are some examples of how law departments have characterized risk and used technology to formally manage it:

1. Legal Risk: Identifying the level of legal risk involved in a matter is an activity that is common across many law departments. In its most basic form, departments simply set criteria for identifying the riskiest or most significant matters. They use technology to track the risk rating of a matter, and subsequently pull active “risky” matters into reports and other monitoring processes.

A more formal and detailed approach is to identify discrete legal risks within a matter and evaluate each one in terms of two dimensions: probability or likelihood of occurrence, and impact of significance to the business. Each risk is evaluated against each dimension on a 1-5 scale, with 1 = low and 5 = high. The two values are multiplied to create a combined score for each risk category. The results are then classified to indicate their relative priority and need for management attention. Technology may be used to monitor and report on each risk and the various activities and mitigation plans surrounding each.

2. Litigation Risk: In terms of technology, litigation process risk management tools are perhaps the best defined and most mature available. Many tools that track litigation matters come prepopulated with fields for tracking details about litigation exposure and outcome probabilities. As well, a department need only define which steps of the litigation or e-discovery process in which it would like to be involved and then choose relevant risk tools such as legal hold management or early case assessment products to help evaluate and manage the process.

Litigation risk may also be defined as relating to the nature of the business. Some departments have turned to technology to identify trends or patterns that help to identify when the business may be at risk for litigation. This is common in industries that supply goods or services and have the potential for complaints and litigation resulting from use of said goods or services. Law departments are in a unique position to be able to identify when there is an uptick in certain types of complaints or litigation and report back to the business when corrective action may be required.

3. Regulatory Risk: Law departments are playing ever greater roles in helping organizations to manage regulatory risks. Some departments have taken the initiative to use technology to monitor changes in regulations, communicate changes and track the measures the company takes to comply with new regulations.

Some departments take on a more formal role, playing a quasi-compliance function, by automating processes to address regulatory and compliance requirements such as regulatory reporting. In some cases, departments have configured or customized software to support complex regulatory and compliance processes.