Legal governance, risk management, and compliance

From Wikipedia, the free encyclopedia

Legal governance, risk management, and compliance (LGRC) refers to the complex set of processes, rules, tools and systems used by corporate legal departments to adopt, implement and monitor an integrated approach to business problems. While Governance, Risk Management, and Compliance refers to a generalized set of tools for managing a corporation or company, Legal GRC, or LGRC, refers to a specialized – but similar – set of tools[1] utilized by attorneys, corporate legal departments, general counsel and law firms to govern themselves and their corporations, especially but not exclusively in relation to the law.[2] Other specializations within the realm of governance, risk management and compliance include IT GRC and financial GRC. Within these three realms, there is a great deal of overlap, particularly in large corporations that have legal and IT departments, as well as financial departments.

Legal governance[edit]

Legal governance refers to the establishment, execution and interpretation of processes and rules put in place by corporate legal departments in order to ensure a smoothly-run legal department and corporation.[3]

Legal risk management[edit]

Legal risk management refers to the process of evaluating alternative regulatory and non-regulatory responses to risk and selecting among them. Even with the legal realm, this process requires knowledge of the legal, economic and social factors, as well as knowledge of the business world in which legal teams operate.[4] In an organizational setting, risk management refers to the process by which an organization sets the risk tolerance, identifies potential risks and prioritizes the tolerance for risk based on the organization's business objectives, and manages and mitigates risks throughout the organization.

Legal compliance[edit]

Legal compliance is the process or procedure to ensure that an organization follows relevant laws, regulations and business rules.[5] The definition of legal compliance, especially in the context of corporate legal departments, has recently been expanded to include understanding and adhering to ethical codes within entire professions, as well. There are two requirements for an enterprise to be compliant with the law, first its policies need to be consistent with the law. Second, its policies need to be complete with respect to the law. The role of legal compliance has also been expanded to include self-monitoring the non-governed behavior with industries and corporations that could lead to workplace indiscretions.[6] Within the LGRC realm, it is important to keep in mind that if a strong legal governance component is in place, risk can be accurately assessed and the monitoring of legal compliance be carried out efficiently. It is also important to realize that within the LGRC framework, legal teams work closely with executive teams and other business departments to align their goals and ensure proper communication.

Legal consistency[edit]

Legal consistency is a property that declares enterprise policies to be free of contradictions with the law. Legal consistency has been defined as not having multiple verdicts for the same case.[7] The antonym Legal inconsistency is defined as having two rule that contradict each other.[8] Other common definitions of consistency refer to “treating similar cases alike”.[9] In the enterprise context, legal consistency refers to “obedience to the law”.[10] In the context of legal requirements validation, legal consistency is defined as, " Enterprise requirements are legally consistent if they adhere to the legal requirements and include no contradictions."[11]

Legal completeness[edit]

Legal completeness is a property that declares enterprise policies to cover all scenarios included or suggested by the law. Completeness suggests that there are no scenarios covered by the law that cannot be implemented in the enterprise. In addition, it implies that all scenarios not allowed by the law are not allowed by the enterprise.

Enterprise policies are said to be legally complete if they contain no gaps in the legal sense. Completeness can be thought of in two ways:[12] Some scholars make use of a concept of ‘obligational’ completeness such as Ayres and Gertner.[13] According to this usage, a system or a contract is ‘obligationally’ complete if it specifies what each party is to do in every situation, even if this is not the optimal action to take under some circumstances. Others discuss ‘enforceability’ completeness in the sense that failing to specify key terms can lead a court to characterize a system as being too uncertain to enforce (May & Butcher v the King 1934),[14] and hence a system may be complete with respect to enforceability. This leads to the following definition: enterprise regulations or requirements are legally complete if it specifies what each party is to do in each situation while covering all gaps in the legal sense.[11]


Lebogang says.[15] Like the Sarbanes-Oxley act, legal industry thought leaders saw a need for a new framework for legal GRC, and borrowed heavily from IT, RIM and other industries to try to come up with new, clear processes and rules to make navigating the choppy waters of the post-financial crisis legal world go as smoothly as possible.


Legal GRC Center for Innovation[edit]

The Legal GRC Center for Innovation is a nonprofit institute for the advancement of the concepts and applications of Legal GRC. The LGRC Center for Innovation serves as a forum for legal industry leaders to discuss and determine ways to systematize and streamline within the legal industry. The membership of the LGRC-CFI is made up of a group of [thought leaders] in the legal, business, IT, and RIM fields. They meet in online forums and at periodic conventions and summits to determine best practices for Legal GRC. The LGRC-CFI also publishes a blog and several industry-specific white papers regularly. The LGRC Center for Innovation addresses legal governance, risk management, and compliance exclusively.

Institute on Governance[edit]

The Institute on Governance (IOG), although it does not address LGRC exclusively, is a useful resource for knowledge on governance in general, and has collected some significant basics about legal governance online. The IOG is an independent, Canadian, nonprofit [think tank] founded in 1990 to promote better governance for public benefit. Through our research and services we help public organizations and societies realize their objectives by putting good governance into practice.

Association of Corporate Counsel[edit]

The Association of Corporate Counsel ("ACC"), formerly the American Corporate Counsel Association ("ACCA"), is an association of in-house counsel, attorneys who work for corporations. The association publishes the magazine ACC Docket and arranges one of the United States’ largest annual meetings for in-house attorneys. ACC was founded in 1982. It currently has more than 24,000 members from over 10,500 corporations in 77 countries.[1] The ACC does not address LGRC exclusively, but can be credited with laying some foundations for corporations – the original practitioners of governance, risk management, and compliance – and legal departments to begin to work together on overarching issues of governance, risk management, and compliance.[citation needed]

See also[edit]


  1. ^ Adams, R., Mann, G., & Hobbs, V. (2017). ISEEK, a tool for high speed, concurrent, distributed forensic data acquisition. Paper presented in Valli, C. (Ed.). The Proceedings of 15th Australian Digital Forensics Conference 5–6 December 2017, Edith Cowan University, Perth, Australia
  2. ^ Musthaler, Linda and Brian. Governance, risk management and compliance and what it means to you. Network World, March 7, 2007.
  3. ^ Konkle, Joshua L. Legal risk management requires a corporate strategy, mindset and commitment. DCIG,January 9, 2008.
  4. ^ US Army Corps of Engineers Glossary. August 1998. Archived 2008-11-20 at the Wayback Machine
  5. ^ "Home | Staff | Records Management | Definitions". Archived from the original on 2008-12-05. Retrieved 2008-11-10.
  6. ^ Bauer, Christopher. An ethics self-exam: ethical compliances is not just an issue for external review; auditors must look inward to ensure their own integrity is not compromised. Bnet, June 2004. Archived 2007-12-18 at the Wayback Machine
  7. ^ International Law and International Relations: An International Organization Reader. By Beth A. Simmons, Richard H. Steinberg Contributor Beth A. Simmons, Richard H. Steinberg Edition: illustrated Published by Cambridge University Press, 2007. ISBN 0-521-86186-1, ISBN 978-0-521-86186-1
  8. ^ Legisprudence: A New Theoretical Approach to Legislation : Proceedings of the Fourth Benelux-Scandinavian Symposium on Legal Theory By Luc Wintgens Contributor Luc Wintgens Edition: illustrated Published by Hart Publishing, 1998 ISBN 1-84113-342-6, ISBN 978-1-84113-342-3
  9. ^ Law and justice in the courts of classical Athens By Adriaan Lanni Published by Cambridge University Press, 2006 ISBN 0-521-85759-7, ISBN 978-0-521-85759-8
  10. ^ The Measurement of Moral Judgment By Anne Colby, Lawrence Kohlberg Contributor Lawrence Kohlberg Edition: illustrated Published by CUP Archive, 1987 ISBN 0-521-32501-3, ISBN 978-0-521-32501-1
  11. ^ a b Hassan, Waël. PhD Thesis. University of Ottawa. University of Ottawa Press. 2009
  12. ^ Armour, J. Share Capital and Creditor Protection: Efficient Rules for a Modern Company Law. ESRC Centre for Business Research - Working Papers wp148, ESRC Centre for Business Research. 1999.
  13. ^ Ayres, Ian and Gertner, Robert (1992), ‘Strategic Contractual Inefficiency and the Optimal Choice of Legal Rules’, 101 Yale Law Journal 729
  14. ^ Cases and Materials on Contracts By S. M. Waddams, Waddams, S. M., 1942-, Waddams, Trebilcock, mccamus, Neyers, Waldron Edition: 3 Published by Emond Montgomery Publication, 2005 ISBN 1-55239-166-3, ISBN 978-1-55239-166-2
  15. ^ Kim, Won-Kyu. The effect of industrial restructuring policy post-financial crisis. September/October 2007.

External links[edit]