Many companies are dragging the chain in the management of legal risks, exposing the organisation, its directors and executives to potential liability for breaches of legislation. Many have already introduced a sophisticated approach to managing other business risks. They recognise that risk management is as much about identifying opportunities as avoiding losses. It is also good management practice. With personal liability for directors and managers and increasing fines for breaches of legislation such as the Commerce Act and the Fair Trading Act, it is critical that legal risk is addressed.
Awareness of legal obligations is the first step. Assessing the level of current compliance is next and the final step is the development of processes and procedures to comply with legal obligations and to monitor compliance within your organisation.
The laws that apply to most New Zealand businesses are those relating to employment, health and safety in employment, trade practices, privacy, intellectual property and company law obligations. But every business has different requirements. For example, those in the retail industry need a strong focus on trade practices and consumer legislation.
Those in the manufacturing industry may place more emphasis on environmental law and intellectual property protection. So how can an organisation address legal risk? The most effective way is to develop a legal risk management programme tailored to the business. This puts management and the board in control of the company's legal risks. An effective legal risk management programme offers the following benefits:
* Legal protection for the organisation;
* Satisfaction that the legal due diligence requirements of directors and managers are being met; and
* Reduced exposure to high penalties and adverse publicity.
What is a legal risk management programme?
The board is ultimately responsible for a company's strategic direction. It also has primary responsibility for governance and compliance. To successfully address the management of legal risks, the board needs to be committed to legal compliance. It must be equally committed to clear requirements for compliance from management.
A legal risk management programme provides the board with a useful tool with which to achieve this. A programme will provide the company with a process to:
* Identify, assess, control and manage legal risk;
* Determine the current level of legal exposure of the organisation;
* Establish and maintain a legal risk management system to achieve compliance; and
* Audit the system's effectiveness.
How is the programme developed?
A legal risk management programme utilising legal advisers involves:
* A presentation to the board to explain the concept of legal risk management and the role of the board in ensuring the success of a legal risk management programme in the organisation;
* The establishment of a compliance committee to work with the legal risk advisers and report to the board;
* Facilitating workshops with senior management. Workshop participants will ideally come from all key areas of the organisation. Workshop participants help to identify and review the legal risks relevant to the business. They assess those risks and rate their significance to the business. They also identify and review current controls (if any) to manage those risks and rate how effective those controls are;
* Through the workshops the level of legal exposure for the organisation can be measured and reported. …