The dichotomy of managing risk versus maximizing opportunities is not a new one for GCs. Although the threat horizon is broadening from a geopolitical, socio-economic, technological and regulatory perspective, the corollary point of dealing with risk remains the same.
I read with interest the chapter on Managing risk as an opportunity in the recent KPMG report, Through the Looking Glass. The report, which surveyed CEOs, COOs and board members about the role of a GC, states that GCs must go beyond simply protecting the company from legal harm. Using their analytical training, GCs must, according to the report, be able to see through the risks to spot the hidden opportunities and help the company to grow.
But I disagree; it is less about seeing through the risks than understanding the relevance and the context in which the risk occurs. GCs often still see risk as zero or 100 – as complete or non-existent – but this is not the case. Take, as an example, the UK leaving the EU. While this does represent a huge risk to many organizations in terms of new regulations, taxes, economic and situational risks, for other companies who do little in the way of imports or exports from the Union, this represents only a minor risk to their business and should therefore be downgraded.
There is a plethora of risk types for organizations, but each and every business will (should) have its own priorities and it is this hierarchy of risks that the GC must manage. Not every single risk can be mitigated against and nor should it be. This generates business friction, causing a slowdown in business optimization which in itself is a risk to the business in terms of impeding growth. Therefore, instead of seeing through the risks, as the report states, GCs need to plot the risks on to a risk matrix, taking into consideration the risk priorities and risk tolerances. By evaluating risk in this manner and plotting on to a risk matrix, it then allows GCs to see where the opportunities are manifesting and help the business take advantage of them accordingly.
One area the report doesn’t go into is where other members of the senior management team become involved in managing risk. I believe risk shouldn’t be discussed in isolation as simply a violation of law. Managing risk is an end-to-end business process that involves all aspects of the business. Finance teams are likely to see different perspectives on risks to a GC, so too are IT and personnel teams. Key stakeholders within the organization need to evaluate risk together and make business decisions based on what level of risk as a group they deem acceptable.
Another point that the KPMG report makes is that when it comes to risk GCs are uniquely positioned to think differently and have an advantage over other executives. While I agree that much of the GCs training enables them to think analytically about situations and assess what the risks are, much of a GC’s training still does not talk about risk in the context of maximizing opportunity. Therefore other executives, while they might not understand the legal ramifications of risk, are more open to the idea of managing risk for business advantage. Legal training has also been slow to prepare GCs for the fast moving reality of today’s business world. Technology is creating huge risks and opportunities, as our COO, Wayne Ramsay, talked about in his recent blog post, but legal training is lacking in technological foundation and not preparing GCs to be as IT literate as they need to be.
Artificial Intelligence (AI) and deep learning techniques will eventually help GCs to better understand when and where risks are likely to occur. As more and more data becomes available, risks can be predicted to some extent, based on a series of likely outcomes. Once the data extraction techniques using AI or deep learning become more mainstream, GCs will be better able to navigate the natural tension of risks within the business. This ultimately means GCs will become more successful; by being able to predict the outcome based on facts and map these risks accordingly, it will be more straightforward to spot business opportunities and take advantage of them.
Top 5 tips for managing risk as an opportunity:
- Accept that risk is a feature of everyday business. Understand that not every single risk to the business is a Priority 1 risk. Some risks should be deemed manageable and even acceptable in some cases. Managing 100% of the risks 100% of the time creates business friction, which can impede business growth.
- Evaluate your risks. Meet with peers and discuss where each risk needs to be as a priority, and the context surrounding the risk. By understanding the variety of risks going on around the business, it will not only help develop a greater sense of commercial awareness, but also demonstrate the myriad risks facing the business at any one time.
- Plot the risks on to a risk matrix. By create a risk matrix, it will ensure priorities can be dealt with while time is not wasted on low level risk, making the legal team more efficient and effective.
- Design a framework that details which risks are acceptable and which are not. Include all risks, internal and external. Regulatory, technological, geopolitical and economic risks should be conducted in the context of current situations. The framework should be an organic document that adapts as the landscape around the business changes.
- Consider how technology might help. While AI and deep learning may be a way off becoming mainstream, having contract data, legal precedents and company information digitized can help make data searchable and ready the organization to take advantage of technology when it is available.
Author
Chief Executive Officer / Founder
