A commercial property firm acted for a developer on the acquisition of a mixed-use development site. The title was clear, the sale agreement was well-drafted, and the transfer registered on time.

Three months after registration, the developer discovered that a heritage designation process had been initiated on a portion of the property before the sale — triggered by a municipal notice issued during due diligence that had not been flagged by the selling party. The designation materially restricted development potential. Litigation followed.

No one missed a legal step. What was missed was a risk that fell slightly outside the conventional scope of conveyancing due diligence: a regulatory process that had commenced but not concluded, creating exposure that was identifiable with a broader risk lens and the right process.

This is the nature of reactive legal practice: technically sound, but structurally vulnerable to risks that sit just outside the scope of each task. The shift to proactive is not about doing more legal work. It is about applying a different kind of thinking — one that anticipates what could go wrong before it does.

The Two Types of Risk That Lawyers Must Manage

Legal risk management has a well-established tradition. Attorneys advise clients on legal risks — regulatory exposure, contractual liability, litigation probability — as a core professional competency. This is the traditional focus of the profession, and it is essential.

But there is a second category of risk that most legal professionals manage poorly, if at all: project risk. Project risk refers not to the legal exposure the client faces, but to the risks that could prevent the legal matter itself from being delivered successfully.

The distinction matters. A contract that is legally excellent but delivered two weeks after the agreed deadline because a key team member was unavailable and no cover had been arranged is a project risk failure. A due diligence that misses a material liability because the data room access process was poorly managed and the relevant documents were uploaded during a period when the team was focused elsewhere is a project risk failure. A settlement negotiation that collapses because the insurer’s approval timeline was not built into the matter plan is a project risk failure.

Legal Project Management addresses project risk systematically. It equips legal professionals to identify, assess, and mitigate the risks that could derail matter delivery — not just the risks the client needs advice on.

The Cost of Getting It Wrong

The cost of reactive risk management in legal practice is not always as dramatic as a heritage designation dispute. More often, it accumulates quietly in missed deadlines that damage client relationships, rework caused by issues that should have been anticipated, team pressure created by crises that were avoidable, and write-offs on matters where cost overruns traced back to unmanaged risks.

One missed regulatory filing deadline can trigger fines, reinstatement costs, and — depending on the regulatory context — reputational damage that affects the client’s operations. One unidentified counterparty with blocking rights, as explored in the stakeholder management context, can delay a transaction by weeks and increase legal fees substantially. One poorly scoped research mandate that expands beyond its original parameters without a formal variation process erodes profitability systematically, matter by matter.

The aggregate cost of reactive risk management at a firm or in-house legal team level is significant. More importantly, it is largely avoidable.

The Fishbone Diagram: A Structured Tool for Legal Risk Identification

One of the most effective tools the IILPM framework introduces for legal matter risk identification is the Fishbone Diagram — also known as the Ishikawa or cause-and-effect diagram. Originally developed in manufacturing quality management, it translates directly into the legal context as a structured brainstorming tool for identifying the root causes of potential problems before they occur.

The diagram takes its name from its shape: a central horizontal line (the “spine”) represents the risk or problem being analysed. Diagonal “bones” extending from the spine represent categories of potential causes. The tool makes the causes of risk visible and discussable before they materialise.

Here is how to apply it to a legal matter:

Step 1: Define the Risk Clearly

Write the potential problem at the head of the diagram — the “fish’s head” on the right-hand end of the spine. Be specific. Not “the matter might not go well” but “the transaction may not close by the agreed long-stop date.” Specificity at this step determines the quality of the analysis that follows.

In a commercial litigation context, the risk might be defined as: “The hearing may be postponed due to incomplete discovery.” In a contract negotiation: “The client may reject the final draft, requiring a full renegotiation of commercial terms.”

Step 2: Identify the Key Risk Categories (Branches)

The traditional Fishbone categories (People, Process, Technology, Environment) adapt naturally to legal matters. Consider these four branches for most legal matters:

  • Client factors: Capacity, decision-making authority, responsiveness, financial position, internal alignment
  • Process factors: Matter planning quality, deadline tracking, communication protocols, document management, approval processes
  • Technology factors: Practice management systems, document review platforms, communication tools, data security
  • Regulatory factors: Changes to applicable legislation, regulatory timelines, third-party approval requirements

For transactional matters, add a fifth branch:

  • Counterparty factors: Negotiating position changes, due diligence delays, financing challenges, management changes

Step 3: Brainstorm Potential Causes Under Each Category

For each branch, identify specific, concrete risks. Under client factors: “Client has not confirmed internal sign-off authority, creating risk that instructions will be delayed or reversed late in the process.” Under process factors: “No structured deadline-tracking system means dependent tasks may slip without early warning.” Under regulatory factors: “Pending changes to competition regulations may affect merger notification thresholds.”

This step works best as a team exercise. Lawyers, paralegals, and in some cases the client’s own team will identify risks from different vantage points. The diversity of perspectives is a strength of the tool.

Step 4: Assess and Prioritise

Not all identified risks deserve equal attention. For each risk, assess two dimensions: the likelihood of the risk materialising, and the severity of the impact if it does. Risks with high likelihood and high impact require active mitigation. Risks with low likelihood and low impact can be monitored. The middle categories require judgment.

Step 5: Develop Mitigation Strategies

For each high-priority risk, define a specific mitigation action — not a general intention, but a named action with an accountable team member and a timeline. “Confirm client sign-off authority and document decision-making chain in the matter plan by end of week one.” “Set up a weekly deadline review process with the full team.” “Obtain written confirmation of the regulatory approval timeline from the relevant authority at the outset.”

Five Categories of Risk Specific to Legal Matters

Across practice areas, legal matter risk tends to cluster in five categories. Building these into your risk identification process ensures comprehensive coverage.

Client risk covers the client’s capacity, authority, responsiveness, and internal alignment. Late instructions, undisclosed conflicts, financial constraints that affect their ability to proceed, and changes in decision-making authority all fall here.

Process risk covers failures in the matter management system itself: missed deadlines, inadequate file documentation, knowledge transfer gaps when team members change, and the absence of structured communication protocols.

Technology risk includes data security breaches, system failures at critical moments, document management errors, and outdated tools that limit team capacity.

Regulatory risk covers changes to the applicable legal framework, third-party approval delays, unexpected regulatory scrutiny, and filing requirements not built into the matter timeline.

Resource risk addresses the human side: team member availability, expertise gaps, workload conflicts across matters, and the absence of cover arrangements for key relationships.

Quick-Start Risk Checklist for Your Next Matter

Before substantive work begins on any significant matter, confirm the following:

  • All stakeholders identified, including those with consent rights or blocking rights
  • Matter scope documented and agreed with the client
  • Timeline mapped backward from the key deliverable date, with dependencies identified
  • Client’s internal decision-making process confirmed and decision-maker named
  • Pending regulatory changes assessed for relevance to this matter
  • Three most likely causes of delay identified, with a mitigation action for each
  • Technology dependencies verified — data rooms, platforms, filing systems
  • Cover arrangement in place for key team members if unavailable mid-matter
  • Client informed of all dependencies outside the legal team’s direct control

This is a starting point — the minimum viable risk review for any matter where a delay or missed issue would have material consequences.

How the IILPM Course Builds Systematic Risk Identification Habits

Risk management is embedded throughout the Applied Legal Project Management Course, not treated as a standalone module. The IILPM’s 4-step framework — Plan, Do, Check, Act — builds risk identification into the planning phase of every matter, with review checkpoints built into the execution phase.

Participants learn to use the Fishbone Diagram within the context of legal matter planning, with templates adapted to the most common practice area types. They also learn how to communicate risk proactively with clients — a skill that distinguishes LPM-trained lawyers from those who surface risks only when they have already become problems.

The facilitation by Nicolene Schoeman-Louw draws on more than two decades of practical experience in transactions, litigation, and in-house environments. The tools are grounded in legal practice reality, not borrowed from unrelated industries.

Graduates who apply the framework systematically report two consistent outcomes: fewer crisis moments mid-matter because risks were identified early, and stronger client relationships because proactive communication builds trust that reactive firefighting erodes.

The Professional Advantage of Proactive Risk Management

Clients do not retain lawyers only for their technical expertise. They retain lawyers who help them navigate uncertainty and avoid problems — not just resolve them after they occur.

An attorney who identifies a regulatory issue before signing and structures the deal to address it has delivered more value than one who surfaces it post-closing. An in-house lawyer who flags an employment risk before implementation changes the conversation about the legal function’s strategic contribution.

Proactive risk management, systematically applied, reduces write-offs and missed deadlines while repositioning the legal professional as a strategic adviser — one who helps clients make better decisions, not just one who documents them.

Take the Next Step

Proactive risk management is one of the most immediately applicable skills developed in the Applied Legal Project Management Course. If your practice currently manages risk reactively — addressing problems as they emerge rather than before they do — the IILPM framework will change how you plan and execute every matter.

PocketAdvisor is Africa’s only IILPM-accredited LPM training provider. Graduates earn internationally recognised LPP or LPA certifications and join a global community of legal professionals across 63 countries.

Watch the free LPM 101 session and access the R1,000 course discount. Read more about the course.

PocketAdvisor
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.