Directors face a world of ever increasing risk. Board decisions are subject to greater scrutiny than ever. The process by which directors arrive at their decisions is often as significant as the decision ultimately reached by the board. The expectation of that boards will engage in an increasing level of sophistication, professional scepticism, and critical analysis in deliberation will be increasingly reflected in both regulatory governance standards1 and the common law.2
Legal risk management in corporate governance goes beyond ensuring compliance with governance standards mandated in various regulatory contexts. Legal risk management is a component of governance for all public, not-for-profit, and private corporations, as well as other business enterprises. Legal risk is not an abstract or academic concept. No matter how it is described, legal risk is the inevitable result of the day to day operations of any business. Effective legal risk management requires that the board do more than follow established board procedures or processes.
The greatest risk to any corporation and its individual directors arises when directors do not understanding the corporation’s business or issues before the board. While the role of the board of directors is to oversee and not manage the corporation’s business, the board will no longer meet the expectations of stakeholders, regulators or the courts by simply giving pro forma approval to management recommendations.
Directors must have a sufficiently granular understanding of the business in order to recognize and appreciate the risks facing the business. If the board does not understand the risks that exist, it cannot oversee the design and implementation of internal controls and processes to manage these risks. The board must understand risk management controls and processes and how they function. If it does not, then the board cannot identify what risks will continue to exist, despite these internal controls and processes. If the board does not understand what further or next steps could be taken to address an existing risk and the fiscal and operational cost in implementing these next steps, the board cannot determine whether existing risks are acceptable.
General Counsel’s role in helping the board understand the issues before it is crucial. Directors cannot gain the necessary level of insight and knowledge themselves. They must rely on management for this information, and they are entitled to do so. approach. General Counsel can assist the board by bringing a healthy degree of scepticism to the information management presents to the board. Scepticism, and a willingness to probe and challenge both information and management recommendations, plays a significant role in allowing the board to assess the adequacy of internal controls and procedures to identify and manage enterprise and legal risks. If later challenged, the role played by General Counsel can help bullet-proof board decisions by ensuring that the board engaged in informed and active deliberations and avoided a “form over substance” approach.
1 See for example, OSC Staff Notice 51-719, Emerging Markets Issuer Review, March 20, 2012
2 See for example, UPM-Kymmene Corp. v. UPM-Kymmene Miramichi Inc.,  OJ No. 2412 (QL) (SCJ), aff’d 2004), 183 OAC 310