Managing risk in legal project management: why you need to up your game

08 November 2021

Julie Mathys

Client Services Manager at Exigent

Naomi Thompson

Senior Vice President, Legal Solutions EMEA at Exigent

Julie Mathys and Naomi Thompson at Exigent discuss the benefits to having a thorough project risk management strategy. They guide you through a four-step successful project risk management process that you can apply and review throughout your project.

Legal project management is challenging enough, so what happens when you throw risk management into the mix too? You need a project risk management strategy. Here’s how.

Like gambling and drinking, when it comes to managing risk in legal project management, everyone’s been burned at least once.

Every project has risks, and it’s the responsibility of the project manager and key stakeholders to manage this uncertainty. When it comes to legal projects - which are often large and complex - having an effective project risk management strategy is crucial.

But where to start?

One of the most common risks in legal projects is scope creep, which has a direct impact on time and budget required to deliver a successful project. Start with a letter of engagement and detailed scope of work that all parties involved agree to. This gives you a framework from which to understand the rest of your project risk strategy.

There are four aims of project risk management:

  • To provide the framework for proactive identification and management of risks;
  • To systematically analyse and respond to any uncertainties;
  • To plan for any foreseeable scenarios that may impact the success of the project; and
  • To decrease the probability of adverse events and increase the likelihood of positive events.

The skill of successful project risk management is being able to apply - and constantly review - these aims throughout your project. Having a process to achieve these aims will help:

1: Identify Potential Risk

Work out what the main risks are and how they may impact the project, identify the scenarios in which these risks might manifest and formulate a strategy to deal with those risks. Use data collected from planning sessions with multiple stakeholders, scenario planning, trend analysis and interviews of people who have previously managed similar projects to better understand your scenarios and solutions.

2: Conduct Risk Analysis

Not all risk is created equal - so you should determine which risks will threaten the project and how big your risk appetite is. Use the project management plan to work through root cause analysis, assumption and constraint analysis, and project documental analysis. This will help you prioritise the risks and better understand the impact of each one on scope, time and budget - those elements that are likely to impact the project deliverables the most.

3: Determine your Risk Response

Having prioritised your risks, work out what the right course of action should be in response to each one, how you can prevent it, or the recurrence of it, and who should be the responsible risk owner. Grouping risks can be beneficial and help establish what your risk response should be on a generic level.

Your risk response will fall into four categories: avoid the risk by changing and removing high-risk elements in the scope of work; accept the risk where it’s in accordance with your risk appetite; transfer or share the risk by transferring it to a third party that can better alleviate the risk; or mitigate the risk. You can do this by using technology to estimate time and resources, which is constantly and automatically reviewed to keep pace with your changing project, and seeking an ISO/IEC 27001 certification, which qualifies the organisations involved as experts in high-risk areas such as security management.

4: Develop a Risk Register and Monitor, Monitor, Monitor

Data is your best friend when to comes to project risk management. A risk register simply and systematically tracks active risks, impacts and descriptions, and should be updated at every project status meeting. Risk management is not a one-off activity or box-ticking exercise however, it’s an organic process conducted throughout the lifecycle of the project that changes and adjusts according to the risks you accept and outcomes you require.


Legal professionals are excellent at delivering high-quality legal work; the challenge is when there are multiple deliverables, stakeholders and competing priorities, affecting timelines, budgets and that impact the entire project. Having a thorough project risk management strategy will ensure you minimise impact, manage scope and effectively analyse, escalate and execute any dangers before they occur.

Julie Mathys is Client Services Manager and Naomi Thompson is Senior Vice President, Legal Solutions EMEA at Exigent. This blog is based on an extract from their chapter ‘Risk management’ in Next Stage Legal Project Management: Future-proof Your Matter Management.