How to create a legal risk register
Published by a LexisPSL Risk & Compliance expert

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • How to create a legal risk register
  • What is risk?
  • What is legal risk?
  • Narrow approach
  • Broad approach
  • Identifying risks
  • Categorise each legal risk
  • Scoring each risk
  • Calibrating your probability scoring system
  • Calibrating your impact scoring system
  • More...

How to create a legal risk register

This Practice Note is intended for in-house lawyers. It explains how to create a legal risk register, a tool that allows you to collate all your legal risk information in one place, by categorising each legal risk the organisation faces, scoring each risk and then deciding how to control or mitigate the risk. To formulate an effective legal risk register, you must first identify the legal risks your business faces. It is also helpful to have an understanding of your organisation's appetite for risk.

What is risk?

Some organisations have their own written definition against which their risk landscape, and within that their legal risk, can be understood and identified. If your organisation has already done the thinking to define risk, you should assess the definition and, if you find it workable, you’re in a good place to think about what legal risk is.

If not, you need to help your organisation to get a working definition. A tangible and easily understood approach is to define risk as shown below:

Risk = probability x impact

So, for any given legal risk faced by your business, there are two questions:

  1. how likely is it that the risk will materialise, ie what’s the probability?

  2. if the risk does materialise, how bad will it be, ie what’s the impact?

What is legal risk?

Boards increasingly expect the in-house

Popular documents