The Oklahoma Bar Journal May 2024

divisions. Multiple risk registers may include conflicting data and competing priorities. These siloed risk registers are evidence of the company’s notice of risks that may never have been escalated to senior leadership in a meaningful way. They may demonstrate a lack of understanding about relative risk, use over or underrated risk scoring and may have been cre ated to make a case for funding. Importantly, they are generally discov erable, and the siloed nature in which they are maintained does nothing to absolve the company of having been on notice about the entire contents of each risk register. Dive into the process to deter mine the effectiveness of the com pany’s risk management process. Here are some questions to get you started: How are changes to risk management – including controls – evaluated, communicated and implemented? How integrated are risk decisions? Who is involved and at what level? How is the risk-management process governed? Are the doers also accountable for governance? cesses to determine mate riality, and who manages that process? What does assurance look like enterprise-wide? Are there independent pro cesses in place to determine whether existing controls Are there multiple pro What is the current risk process for identifying, assessing, scoring, prioritiz ing and managing risk?

long a program will take to imple ment and planning stage gates to determine next steps safeguards against prematurely abandoning an initiative for the next shiny object. A fulsome analysis of the project components and budget variables is needed to manage messaging so the company does not have to walk back commit ments or projections in response to foreseeable complications. HOW TO ENGAGE WITH INTERNAL CLIENTS ABOUT RISK MANAGEMENT It is important for the general counsel to consistently think beyond defensibility to strategic, holistic, integrated risk manage ment. The first step in that process is to gather information to deter mine the current state of your company’s risk management. Start with the basics. Determine how many risk registers the company currently maintains. The answer may surprise you. Many compa nies have multiple risk registers that have been created in func tional departments or corporate

is driven by a perceived need to match or outpace efforts taken at peer companies, the risk of pro ducing unintended consequences rises dramatically. Assessing risk in advance of pursuing a change allows for the evaluation of the true cost against anticipated benefits for the specific enterprise contemplating the change. What works well for one company may not work well for another, and identifying the risks related to a new project or commitment from an organizational, operational and stakeholder perspective is critical. Committing to a sea change is easy to say but hard to properly implement. Multiyear commit ments of resources can compete with other corporate goals and objectives. General counsel should be asking critical questions on the management of change in advance of any bold statements committing to a path forward. Understanding who will be impacted, what work will change and what the potential risks are will be the key to success. Establishing and maintaining realistic expectations around how

Statements or opinions expressed in the Oklahoma Bar Journal are those of the authors and do not necessarily reflect those of the Oklahoma Bar Association, its officers, Board of Governors, Board of Editors or staff.

58 | MAY 2024

THE OKLAHOMA BAR JOURNAL