A method for legal risk management, exemplified in a case study on IT outsourcing
Tobias Mahler
This talk will present and analyze a method for legal risk management. According to the ISO, risk management involves applying logical and systematic methods for identifying, analyzing and treating risk with any activity, process or project.
The characteristic element in legal risk management is the focus on legal issues in risk management. This legal perspective on risk becomes evident in the identification of legal risks and in the use of legal measures to treat risk. If we can conceptualize elements of proactive legal counselling as a type of risk management, then we might be able to apply and potentially benefit from the structured approach offered in standards and methods for risk management. Structured risk management methods could to some degree complement conventional methods used by lawyers.
The legal risk management method introduced here is compliant with the forthcoming general risk management standard ISO 31000. The application of the method will be exemplified with a case study that focuses on an IT outsourcing contract. The facts in the study are based on a case of failed IT outsourcing, decided by an English court. The key questions in the case study are: (1) How can the problems and events in the case be described and modelled in a risk perspective? (2) If the parties had employed a systematic risk management method, could they have identified and managed the risks?
