The role of in-house legal in enterprise risk management
Enterprise Risk Management (ERM) is a framework enabling organizations to identify, assess, manage, and mitigate risks across all levels of the business. It strategically considers risks relevant to the organization, including — but not limited to — strategic, operational, financial, and compliance risks, all in support of achieving the organization’s values and objectives.
In-house lawyers often play a pivotal role in ERM by recognizing and evaluating risks, advising internal stakeholders, and assisting in managing or mitigating them as necessary. While legal training often emphasizes risk aversion, modern commercial realities demand a nuanced approach. Legal professionals need to embrace a risk continuum mindset, understanding the company’s business goals, strategy, and risk tolerance — its appetite for risk and the extent of acceptable consequences. This understanding provides the foundation for delivering accurate, tailored advice.
Legal teams contribute significantly to ERM by collaborating with Risk and Compliance functions, the Executive Leadership Team, and the Board. They help manage legal risks, ensure compliance with laws and regulations, and maintain oversight of the evolving legal landscape. Key areas of support include:
- Risk identification and assessment
- Compliance management
- Contract management
- Litigation management
- Advisory role
- Training and awareness
- Crisis management
When risks are identified, in-house lawyers may be tasked with preparing reports or recommendations for senior decision-makers. To support ERM effectively, their advice must be strategic, considering both legal implications and commercial realities.
Strategic partnership in risk management
There is growing recognition of in-house legal teams as key strategic advisors. Effective ERM requires their integration into business decision-making, enabling them to mitigate legal risks associated with litigation, intellectual property, and reputational damage.
The “one-size-fits-all” approach to corporate risk assessment is no longer viable. This is particularly true in fast-evolving industries like technology, where in-house lawyers must navigate increased regulation and rapid innovation. Legal and commercial teams must collaborate closely, especially in global organizations with varied risk appetites across jurisdictions. Strong partnerships between internal counsel and business teams are essential, as siloed risk management is no longer feasible.
Technology and compliance
Technology plays an increasingly critical role in risk management, particularly in compliance and fraud prevention. In-house legal teams are leveraging data analytics and automation to enhance efficiency and accuracy in managing contracts, regulatory requirements, and other risk-related tasks. Harnessing technology helps legal teams adopt process innovations and tools to work more effectively and with greater insight.
Third-party risk management
Managing third-party relationships is a critical aspect of ERM. In-house counsel can implement processes to ensure vendors and partners comply with legal standards, mitigating risks such as fraud, regulatory breaches, and reputational harm.
Risk assessment and due diligence are essential when engaging with third parties. For example, in-house counsel must draft and enforce contractual clauses to safeguard the organization from breaches of laws like the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. Sanctions screening, often handled by legal and compliance teams, identifies entities that organizations should avoid doing business with. Solutions like Diligent’s Third Party Risk Management enhance this process, ensuring robust, comprehensive compliance across global operations.
Post-pandemic challenges
The COVID-19 pandemic has intensified risk management complexities, increasing legal workloads amid budget constraints. Despite these challenges, in-house legal teams remain essential in protecting the company while driving efficiencies. Organizations are now moving beyond survival mode toward longer-term scenario planning, including 12-month and three-to-five-year strategies.
Conclusion
An effective in-house legal team brings more than just cost savings by reducing reliance on external counsel. When commercially focused and well-integrated, it offers a holistic, comprehensive perspective on ERM. This alignment ensures legal risk management supports the organization’s overarching objectives and values.
Four C's of effective ERM reporting
Download our checklist for risk leaders at all levels, and discover how to capture, contextualize, curate, and clarify data to keep your risk team and board informed and aligned.
Download nowAbout the author
Kathleen Dunphy serves as Legal Counsel at Diligent Board Services Australia Pty Ltd, where she focuses on enterprise risk management and legal compliance. With extensive experience in legal advisory and contract management, Kathleen provides strategic guidance to help the organization navigate complex legal and regulatory frameworks, playing a pivotal role in ensuring compliance and mitigating risks across the business. She holds a Bachelor of Laws from Western Sydney University and a Graduate Diploma of Legal Practice from The College of Law Australia.
More to explore
Improving board oversight of ERM
Maurice Crescenzi (Moodys) discusses best practices for board oversight of enterprise risk management programs.
ERM strategy: 7 best practices for better performance
Strategy is ERM’s start, shaping risk approach through opportunity focus; every other following component acts as tactics to implement this strategy. Read more about ERM strategy.
ERM trends in 2024: Accountability, AI and acceleration
Learn what GRC thought leaders Renee Murphy and Michael Rasmussen have to say about ERM trends in 2024 and discover strategies for fortifying your ERM systems.
