Case Study: ESI Legal Risk Assessment

Type of Project:  ESI Legal Risk Assessment

Client: Global services provider

The challenge:

You’re a global company – that means you have risks unique to companies with such a presence and it pays to understand exactly how risky those risks are. This client’s General Counsel knew there were risks – e.g. what it would mean if the organization was involved in an SEC or FCPA investigation – he just didn’t understand the scope.  So they brought in ESI Attorneys to get a better understanding of the risks ESI posed to the organization and how to mitigate those risks once revealed. We performed an initial ESI Legal Risk Assessment that revealed the risks and what the costs to the organization would be — financially and to their reputation – if one materialized for which they were not prepared.  Their General Counsel then asked us to do the same with the company’s IT executives and to discuss the risks of some of their recent decisions – like moving their email to the cloud – and how those decisions created new ESI risks.

General Counsel also asked for a full assessment of the company-specific risks, given current practices, and a move-forward plan to mitigate those risks organization-wide. Why? As a largely decentralized organization operating in more than 75 countries, this client needed to understand both domestic and international risks and to prioritize those risks based on the likelihood of occurrence and the potential cost to the organization.  Legal wanted a report to take to other business units to begin a dialogue, with the goal of moving towards better global information management with a higher level of risk awareness.

Being big and being the best sometimes presents big challenges. Daunting? Sure. Manageable? Indeed.

How ESI Attorneys addressed the challenge: The Company partnered with ESI Attorneys to develop an ESI Risk Assessment for the parent company and its North American subsidiary and provide recommendations on next steps.  The goals of the Assessment included: 

  • Risk Profile: Outlining the risks the company faces in ESI, including the potential monetary cost to the organization if said risks materialized, and
  • Strategy Development: Creation of a roadmap to allow The Company to organize an internal team to mitigate identified risks, including legal, information technology, and compliance specialists. The strategy must also create a long-term plan for various parts of the company to work collaboratively to mitigate the identified risks.

ESI Attorneys’ solution:

  • Assess the current Information Technology infrastructure of The Company and review strategic initiatives for the next 3-5 years
  • Identify the risks posed by current practices
  • Review and analyze the current policies and practices (organizational and compliance-related)
  • Determine what existing practices could be leveraged across the organization and what additional policies and procedures needed to be put in place
  • Provide a framework for The Company to understand the risks of ESI, and specifically the efforts required and cost to respond to a request for ESI in litigation or a government investigation
  • Define the legal risks in ESI for an international corporation including globalization, social media, regulatory, and litigation as well as the associated costs should risks materialize
  • Provide recommendations for reducing identified risks in a staged process with defined objectives, required resources, and the proposed timeframe for each stage
  • Work with The Company to create an implementation plan for recommendations based on current resources and allocation.
  

Outcome:

ESI Attorneys provided a written assessment of the identified risks within the organization and recommendations for the organization to implement to move toward reducing the risk and cost associated with producing ESI. We then met with the internal team to review the assessment and worked with them to develop next steps. We also agreed to help evaluate their progress on a go-forward basis.

The Assessment provided the basis needed for in-house counsel to:

  • Prioritize the goals for the Company
  • Identify low-hanging tasks that could be accomplished quickly and with little expense, yet reduce a higher percentage of risk
  • Create a 3-5 year plan for ESI Attorneys to work collaboratively with The Company to meet those recommendations
  • Create an education initiative to encourage ongoing internal collaboration for better information management practices

The Assessment also provided in-house counsel with the required resources needed to meet each recommendation, allowing the legal department to think through what dollars and personnel would be available internally to move the projects forward. This also allowed for The Company to establish budgets and project plans to achieve the Assessment’s goals.