AFM231 Chapter Notes - Chapter 3: Enterprise Risk Management, Legal Risk, Dangerous Goods
18 May 2018
School
Department
Course
Professor
Chapter 3
Assessing the Legal Environment
• By dealing effectively with the legal environment, business will reduce the likelihood and impact of
mistakes that are
• Costly in terms of the expense of legal services and damage claims
• Distracting in terms of time and effort
• Harmful in terms of relationships and reputation in the industry
• Two approaches: preventive and reactive to deal with legal issues.
• Preventive: follow the law, reactive: finds strategy to deal with issues
• Legal risk: a business risk with legal implications
Legal Risk Management Plan
• Enterprise risk management: all risks within an organization, including those with legal implications,
are assessed and managed.
• Need an understanding of what could happen, how it could happen, and how its impact
could be most effectively managed
• Risk management is not a single person job, it involves the cooperation of managers and employees
at every level.
• Need to identify players inside and outside of the business who can help in the development of a
useful plan
• 4 step process to create a legal risk management
• Identify the legal risks
• Evaluate the risks
• Devise a risk management plan
• Implement the plan
Applying the Four-Step Process
Identify the Legal Risks
• A risk not identified cannot be managed
• Goal is to reasonably certain that no significant risks have been overlooked
• Approach used will vary between the nature of business and industry
• e.g. asses its functions areas such as marketing and sales, HR, finance, and IS
• e.g. asses the business relationships of its operations and transactions
• a utility company with varied sources of power generation will concentrate on its operations
because its major risks arise from operating procedures and systems relating to the
production and delivery of power
Step one: Identify the legal risks
• assess the orgaizatio’s futioal areas
• reie the orgaisatio’s usiess deisios
• eaie the orgaizatio’s usiess relatioships
• aalze the orgaizatio’s operatios ad trasatios
find more resources at oneclass.com
find more resources at oneclass.com
ook eaple of Northlad Marie’s ase looks at functional areas of business only
• marketing and sales: aggressive marketing programs by Northland could result in fines and penalties
under the Competition Act; the improper transportation of mine waste could result in prosecution
under the dangerous goods handling and transportation act of Manitoba; the sale of inferior nickel
or the late delivery of nickel could result in customers suing for breach of contract
• production: processes used by Northland could harm the environment and result in prosecution
under environmental legislation or civil actions by affected people; machine breakdown
• HR: injury to Northland workers could result in prosecution under occupational health and safety
legislation; employee harassment
• Finance and accounting: harsh credit terms from suppliers may result in Northland being unable to
pay debts as they fall due, thereby triggering legal action by creditors; aggressive accounting
practices could result in an investigation by the securities commission
• Marie`s predecessor didn`t take the analysis far enough
• Failed to consider possible changes in the law that could negatively affect Northland`s
operations
• Failed to identify risks that crossed functional lines
• Failed to identify technology-related risks, including those posed by hackers
• Loss of ustoers’ iforatio hakers ould result i lasuits as ell as
penalties under privacy legislation
• Hackers can break into systems to get credit card information, customer names, email address,
physical address, phone number, date of birth.
• Privacy breaches are not limited to criminal behaviour by hackers. Many breaches are due to
carelessness and security system flaws.
• Costs associated with a privacy breach include
• Direct damage costs (e.g. decline in revenue related to the breach)
• Liability to others (e.g. compensation to clients)
• The cost of preparing a response plan (e.g. costs of public disclosure to clients)
• Marie has developed a better list of legal risks that was more reflective of the mining industry at
large and included challenges posed by technology, regulatory environment, and operating in a
foreign country
• Its superior than before because rather than identifying and treating each risk individually, Marie
has utilized a combination of approaches that assesses and addresses the risks from all sources.
• The focus is on the corporation`s entire risk profile rather than risks emerging from
individual departments
• Marie`s new list:
• Environmental: damage to the environment by tailings waste; harm to the property of
adjacent landowners; impact on land surface and water table by drilling
• HR: injury to workers due to pit failure, underground collapse; injury to employees when
transporting product; harassment and termination of employees
• Operational: breakdown of machinery and equipment; production of inferior or defective
product; injury to visitors on property
find more resources at oneclass.com
find more resources at oneclass.com
