How to mitigate legal risks in digital project management

Enabling the business electronically by redefining processes, promoting simplification and standards, defining shared information and data, and collaborating allows for improved speed, more certainty and reduced costs across your enterprise.

Yet, private and public organisations are involved in IT-based projects which often run for years, involve great volumes of resources and money, and have major technical and other uncertainties that include legal and regulatory risks.

Building in legal risk management into project management (and subsequent contracts) when designing, developing and implementing digital systems and networks across the business is essential to ensure governance and compliance with laws, regulations and standards...

Project management

  • Project Strategy - agreement on how the project is managed, joint processes and relationships;
  • Project Definition - agreement among customers and suppliers on the needs and what can be achieved;
  • Project Planning - critical path analysis and GANTT charts;
  • Project Costing - defining clearly what costs are associated with the project's scope;
  • Project Management and Control - ongoing performance and costs monitoring, and management against objectives;
  • Risk Analysis - determination of real risk and to whom it is assigned for mitigation. Check out E RADAR's Cyber Law Tracker for an extensive list of laws and regulations which may affect business.
  • Collaborative Working - shared work environment, including e-mail, workflow, document management and records management;
  • Knowledge Management - databases, documents, publications, news, presentations, best practice, standards;
  • Design and Development - computer-aided design, simulation, evolutionary prototyping, product component analysis, configuration control, product life cycle data and documentation to manage enhancements to plant and equipment;
  • Tendering and Contracting - e-auctions, e-tenders, structured contract making, reviewing options, setting performance standards and providing measures, change control, intellectual property management;
  • Administration - who administers what, how and where;
  • Manufacturing and Production - build state, performance, capacity utilisation, cost control;
  • Integration - bringing together all the components, including hardware and software;
  • Testing and Evaluation - making sure everything works according to specification and standards;
  • Acceptance and Handover - determining the dates for passing over control to the customer;
  • Training and Education - self tuition, simulation, electronic manuals;
  • Ongoing Support - service, spares, data on production facilities

These components for major change projects can be used to improve lead times, performance levels and total costs for design and development, and for introduction to effective use.

Legal Risk Management

The legal risks in any company are owned by the business and its board of directors. Legal risks can be divided into two categories which helps to set out the boundaries for implementing a proactive legal risk management strategy:

(1) Primary Legal Risk - defines a broad area of risk (e.g. contractual risk). The primary legal risk is sometimes called the ‘prescriptive’ layer.

(2) Secondary Legal Risk - uses real examples to explain and demonstrate where the primary risks apply (e.g. non-standard terms and conditions). The secondary legal risk is sometimes called the ‘normative’ layer.

Businesses should consider focusing on the secondary legal risks. If managed incorrectly, these can lead to expensive financial losses for the business as well as high costs in management and staff time.

The table below provides examples of Primary and Secondary Legal Risks



Legislative Risk

Business fails to implement legislative or regulatory requirements

Failure to stay up-to-date with laws and regulations that impact upon the business.

Contractual Risk

Current and future risks that a contract exposes your business to

  • Use of non-standard terms and conditions;

  • Technical fault, e.g. no appropriate documentation or inadequate/unclear authorisation

  • Failure to enforce or comply with terms

Non-contractual Rights Risk

Business fails to assert its non-contractual rights. This is often called the ‘intellectual property rights’ risk

Failure to safeguard patents, trademarks, copyright, trade secrets or channel knowledge

Non-contractual Obligations Risk

Business fails to keep to the spirit as well as the letter of the law

  • Infringement of 3rd party intellectual property rights

  • Failure to meet standards of care customers expect, e.g mis-selling

  • Inappropriate use of social media

  • Breach of data protection

Dispute Resolution Risk

Business makes strategic and operational errors when handling disputes

  • Failure to follow dispute resolution timelines or other mismanagement of dispute process

  • Inappropriate strategy of dispute resolution regime.