The terms governance, corporate governance and legal risk are much bandied about but hold different meanings for different people.
Some of the possible interpretations include:
Minimising Liability - particularly steps to reduce liability and exposure.
Accountability - improving accountability and transparency within organisations, particularly decision making.
Risk management - dealing with legal risk, financial risk and business risk within an enterprise.
Compliance - meeting statutory, regulatory and other requirements.
In the usual context legal risk management relates to how boards can be satisfied that risks and liabilities within an enterprise are being addressed. Boards, with personal liability as directors of the company, want to be satisfied that any issues which may give rise to personal liability have been adequately addressed within the enterprise.
Moving towards better governance includes addressing such issues as organisational culture, staff knowledge and values, system design, resources and appropriate management models. There is a need to identify and comply with appropriate standards within the enterprise, depending on the nature of its activities. There should be a culture which recognises the opportunity cost to the organisation of doing it wrong, and the benefits to the organisation of getting it right.
Key governance issues for organisations can involve an audit of current processes and structures including:-
Reviewing levels of delegation, to ensure that the appropriate people in the organisation only have sufficient authority to bind the organisation commensurate with their tasks and duties.
Risk management framework – systematic identification and management of enterprise risk.
A system of accountability and reporting regimes – to ensure that urgent issues are raised through appropriate channels and that regular reporting proceeds up the line to the CEO, and ultimately the board.
Appropriate policies and procedures – the raft of issues which a modern enterprise must cover including OH&S, EO, privacy, care and safety, statutory compliance.
Education and training - it is not sufficient to merely have appropriate policies. Staff must be properly trained and educated.
Notice requirements, compliance checklist and sign off – a system by which management at various levels of the organisation “sign off” in relation to compliance within their area and notification of any breach or incident.
Complaint handling - a system to deal with instance which arise and complaints received.
Compliance arrangements – systems which provide assurance that the organisation is complying with all applicable legal and regulatory obligation.
For many organisations, a “legal risk audit” can help to identify those areas where systems may be lacking or inadequate. A legal risk audit would concentrate on those areas which can expose an organisation to the most liability. A review will also identify whether the organisation, as a whole, has appropriate systems and processes in place to deal with these key governance issues.
A compliance checklist can be developed for an enterprise which assists both identification of risk, identification of inadequacies within the organisation and provide assurance to management and the board that statutory and regulatory compliance has occurred. Legal advisers can assist in the development of compliance manuals, carrying out “legal risk audits” and the development of appropriate checklists and reporting processes, in order to minimise exposure to legal risk, and enhance compliance with legal obligations.