What do you do when first informed that there is a pending litigation or investigation against your company?
Answer: Determine the risk.
There is a lot of activity that goes into determining the risk and your approach of responding to the litigation. One thing that can help your Litigation Response Team (LRT) is to understand what Risk Identification Matrix your organization has. As well as how it overlaps or determines the actions to take in response to a litigation. And to what extent the action should look like.
“Risk assessment is the determination of quantitative or qualitative estimate of risk related to a well-defined situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk (R): the magnitude of the potential loss (L), and the probability (p) that the loss will occur. An acceptable risk is a risk that is understood and tolerated usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss” – Wikipedia.org
Depending on your organization and markets, there may be a very detailed Risk Identification Matrix (RIM) in place. Integrating that into your Litigation Response Plan (LRP) can help bring more support and definition to the choices you make. For example, if your matter was highly publicized you may want to be able to prove that you are doing everything in your power to show that you have provided all documents of relevance. And that it was done with transparency and defensibility in mind. As another example, if your matter had a large claim amount you may need to show that you have spent the appropriate time and effort to address the claims by engaging appropriate resources.
Integrating your organization’s RIM into your LRP can take on many forms. But the first place to start is to look at what you have determined the Risk ranking to be, and:
- Consider the Data. This may mean that you need to look back to custodial data volumes of previous litigations. You may have this information already collected as part of your Data Map, but consider looking at the average, minimum, and maximum data sizes for each data source involved. As well as at the amount of time taken to identify, preserve and collect it, and the time to process the data by vendors. With these metrics, you can begin to formulate estimates for budgets and general timing. Helping you to determine if these activities will impact the overall risk of the response to the matter. (Does your organization’s RIM have financial considerations in what it would cost to respond to the identified action? These budgetary numbers will assist and help to further establish the risk and reasoning for the organization’s decisions in response.)
- Look at your processes. Do they take into account the identified risk factors? Do you need to consider a change to the process that takes those factors into account?
- Look at your service providers. Look at them from multiple angles, including service offerings, experience, quality, and cost. Even if Vendor A is the cheapest, based on the risk you may want Vendor B because of their experience.
- Look at your documentation. Although related to your processes, the documents you create on the decisions made could reference the RIM. Providing added transparency and defensibility to the overall decision making process.
The integration of Risk into the LRP is something that we have worked with clients on. If you have any questions, or would like to find out more about our “Litigation Readiness/Preparedness Assessments” service offering please check out our page here, or contact us.