The risks of enterprises are generally divided into strategic risks, market risks, operational risks, legal risks, financial trends and moral hazards. We will introduce the principles for the establishment of our own risk list by taking the management and prevention of legal risks as an example.

First, the principles of the corporate legal risk list system:

1. Establish an internal legal risk management environmental principle

First, establish the basic legal risk management environment of the enterprise, including the establishment of the board of directors, the board of supervisors, the position of executives and the division of authority; the establishment of corporate compliance culture; the guidance of management and employees on ethics and code of conduct.

2. Set the corporate legal risk management objectives

Not only must the specific objectives of compliance with the law be set at the enterprise level, that is, the company must comply with applicable laws when engaging in operations and other specific activities; such as market, pricing, safe production, environment, intellectual property, labor, international trade, etc. To different departments or business units, the laws that need to comply with applicable laws may be specific to certain categories; and to each individual employee, according to their specific job responsibilities, the laws to be followed by their actions will be more direct and detailed. Even just some specific legal terms.

3. Develop your own list of corporate legal services based on the characteristics of the company's industry.

Second, corporate legal risk analysis and response and prevention:

1. Identify legal risk principles

From the corporate level, ensure that identification work covers all applicable legal areas, although most companies may involve corporate governance, investment finance, product (service) quality and safety, labor, taxation, anti-unfair competition, anti-corruption. It is in the legal field, but there are differences in the legal fields involved in different types of companies.

2. Evaluate the possibility and impact principle of legal risk

In the legal risk assessment process, the identified legal risks should be assessed from the qualitative and quantitative perspectives on the likelihood and impact of the occurrence, and the inherent risks and residual risks should be distinguished. In general, high risk in the department is not necessarily a high level of risk at the enterprise level, but high risk at the enterprise level is usually also a high risk in the department.

3. The company reacts to legal risks

After obtaining the legal risk assessment results, the risk response needs to go through the following three steps: First, confirm the response to legal risks, including avoiding risks, reducing risks, sharing risks, accepting risks, and confirming response strategies; Evaluate choices made from the following aspects, including the company's risk appetite, the cost-benefit ratio for responding to potential risks, and the extent to which a response reduces the likelihood and/or likelihood of occurrence; and third, based on the combination of risks and The evaluation of the reaction combination selects and performs the reaction.

4. Implement activities to control legal risks

Control activities are policies and procedures that ensure legal risk response and other company directives are implemented, which occur throughout the company's various levels and operations.

5. Ensure smooth communication of relevant legal risk information

The communication of legal risk information should be carried out comprehensively in the relevant groups involved in the legal risk to ensure that the authenticity, comprehensiveness and accuracy of the information can be effectively transmitted; attention should be paid to a legal risk, and the groups involved may be more than just The legal department will also involve the finance department, business department, etc. The level involved is not only the level of the enterprise itself, but also the level of branches and offices. Choose the right form of communication to ensure the truthfulness, accuracy and completeness of information transmission, such as verbal, mail, telephone, roundtable, document signing, etc.

6. Monitoring of legal risk management

The risk management system changes with time, and the way to implement risk management may also change constantly. Monitoring ensures the continuous and effective risk management system. At the same time, it is necessary to have a process of gradually updating and perfecting the legal risk list of enterprises.