What is risk?
informal idea risk the chance that something bad could happen is not a bad place to start identifying risks. Better regulation requires a better definition though. We need to break the risk of different things that are measurable.
Risk probability of loss given event
Mathematical precision is possible and desirable in some cases. Large financial institutions, for example, insufficient data on the losses that they can build predictive models based on experience to measure risk. They are the exception
To show how we could define risk in statistical terms take the formula :.
R = p * Lge
In this case, R stands for risk, p for the Probability of Event expressed as a percentage, and Lge represents a loss given Event. Lge is a measurement of financial harm events. Lge can be no financial loss, but they must yield measurement formula for measuring risk.
Most organizations do not have the data or resources (or trust) abstract risk. Companies without a statistically valid data loss can still measure and manage risk, in particular legal risks, by simply moving a few steps toward measurable, away from the “bad stuff” idea.
Risk according to ISO 31000 offers a selection process
The traditional approach to risk suffering another important deficiency. It focuses only on the loss, presumably because the origin of risk models in insurance (how much to charge for protection from the “bad stuff”?) And credit risk (what happens if the borrower does not pay?).
In 2009, the International Organization for Standardization (ISO) a new approach to risk management and ISO 31000 :. 2009 Risk management – Principles and guidelines
ISO 31000 provides a new definition of risk is especially useful to measure legal risk. Risk is “the effect of uncertainty on objectives.” Risk management begins, we find uncertainty and then assess the impact (positive and negative).
Legal risk is difficult to measure. However, with the help of ISO 31000 definition of risk, we can express legal uncertainty and then measure them and their potential effects. We could not have achieved mathematical accuracy, we can achieve better management.
Four kinds of legal risks
There are four broad categories of legal risks, uncertainties or four areas :. Organisational, regulatory, litigation and contractual
Litigation is the most talked about legal risk in organizations. Litigation is often public and always disturbing. The scope of events causing litigation is broad, employee misconduct, accidents, products liability, and so on. The list can seem endless.
when management meets with a lawyer to discuss “What is the chance that we will lose this case and what are the likely damages,” it’s too late for risk management. Before litigation, we need to identify areas of uncertainty that affect our goals. Risk management is not fortune telling. Instead, we want to narrow the possible outcomes of certain events.
For example, a case of the influential state invalid charged consumers an unspecified interest charge material Compensatory and punitive damages. Our organization charges a similar fee. However, it is charged a certain number of times and in known states. The law in question is known penalties. We have the building blocks to measure and manage legal risks from similar lawsuits.
Companies considerable sums to avoid litigation. It is useful to weigh the cost of risk against the possible outcomes.
Contract risk is the most pernicious and difficult to track including legal risks. The traditional method to cancel the contract focuses on the breach of contract by one party and extra-contractual obligations that might arise. This method provides for each contract separately and in isolation.
Most organizations focus on contract risk management strategy on the development of effective contracts. Quality contract bargaining is necessary, but not sufficient to manage risk contract. There are cases where a contract can create significant risk, such as:
- exceptional item of income is tied to a contract,
- Procurement or service important things expected disruption or price escalation, and
- The counterparty does not us the damage that carry specific consequences as unpaid taxes and environmental problems.
In most cases, however, individual contracts often do not, on their own, the severity of litigation. Substantive, common and difficult to monitor risk is the uncertainty that comes from contract portfolio as a whole. General under management contracts creates cost leakage and lost revenue opportunities.
Growth in administrative daunting to most corporate leaders. Regulatory risk represents uncertainty about the consequences of actions the agency of
examples illustrate the point :.
- A transport company applies for a permit to expand its operations in a new region. Uncertainty about the decision, together with the scope of the decision creating the risk. According to ISO 31000 the decision made can have a positive effect, but the uncertainty creates risk.
- A product manufacturer and distributor offers a novel product guaranteed to generate more income. State insurance commissioners may decide that the responsibility should be classified as insurance. They can then impose fines, require insurance program, set conditions for the product and pursue civil remedies position statue.
analysis of regulatory risk is challenging, but the uncertainty of the impact is measurable. Regulations provide power to the agencies charged with implementing laws and regulations. Penalties range from fines to administrative orders.
Structural legal risk is rare for most organizations. Structural legal risks come from uncertainties about the foundations of a particular industry, technology or method of doing business. When the airline was controlled, for example, it was in building legal risk that the industry would be given.
The extent of structural legal risks is broad and it usually changes the competitive landscape.
Structural legal risk may arise from sources other than the law. Antitrust litigation can dramatically change the pricing in the industry or major contracts. Consumer protection enforcement can also change the rationale industry, the performance marketing practice (multi-level marketing, for example) unacceptable.
Structural legal risk is also a good example of the ISO 31000 definition of risk. We can be sure that the transition from a regulated to a deregulated industry. Potential impact are varied, some are positive; some are negative. A structural change may benefit one organization while harming others.
Effective risk identification
To analyze the risks reliably requires a workable definition of risk. ISO 31000 definition of risk includes useful “positive risks.” This is the right lens to analyze legal risks and finally, managing legal risk.
Risk in information problems. We can manage the risks that we understand the scope and part of our uncertainty. The method of risk can lead an organization to develop a risk management strategy.