A 2020 survey of general counsels (GCs) indicated that GCs believe the legal function is the primary corporate function responsible for identifying and managing risk within their organizations. But how well are they managing the risk generated by their own suppliers? That’s an important question, since choosing the wrong law firm or managing the “right” firm poorly exposes clients to additional risk.

Different law firms present different supplier risk profiles along different lines, including business continuity risk, cyber risk, as well as risk around environmental, social and governance (ESG) issues. GCs need to identify and manage these “law firm risks” just like they do any other sort of risk facing the organization. Unfortunately, sometimes when law firms help GCs mitigate risk it blinds GCs to the fact that those very same law firms may increase risk in other ways.