Traditional Culture Encyclopedia - Traditional festivals - How to do a good job of legal risk physical examination in enterprises
How to do a good job of legal risk physical examination in enterprises
Keywords: internal control legal risk physical examination
Text:
First, the derivation of the problem
How did we become legal advisers before? We sat in the office waiting for a call from our client. Customers don't look for us, and we seldom take the initiative to visit them. We basically have nothing to do except daily legal consultation and contract review. You may occasionally be invited to participate in customer negotiations, but that is also passive. Then we waited in the office for a day, and when the client came to a legal dispute, our case came. After a long time, the parties began to understand. It turns out that lawyers only know how to litigate, and even look forward to an accident in our company. He has a good case to do. Therefore, our clients have gone to recruit their own legal personnel. Therefore, the role of lawyers who are mainly responsible for litigation has been strengthened. It seems that this is the way things should be. However, should things really be like this?
I don't think so. For customers, going to court is like putting out a fire. Although there is a fire, they need to save it, but what they need more is "no fire"! Using this metaphor, the law firm is like a fire brigade. Where there is a fire, our lawyers are always willing to put out the fire. The fire fighting business was not bad at first, because there were many fires and few fire brigades. But then there were more and more fire brigades, but the fire didn't grow so fast. At this time, many lawyers began to find it difficult to do business, and competition stimulated them ... At this point in the story, everyone probably realized the cause of the problem. Because we are only selling what we want to sell, regardless of what customers want to buy. As I said at the beginning, what customers need is always "no fire". This is also the reason why more and more enterprises have their own legal personnel and legal departments.
So, what can we do about the needs of customers? This is also what this article wants to pay attention to: we need to help customers guard against legal risks! Some people may say, you stifle the legal risk of enterprises in the cradle, and we have no lawsuit to fight? Isn't this digging your own grave? I said no, why?
First of all, no one stipulates that the lawyer's main job is litigation. The vigorous development of non-litigation business in recent years is an obvious proof.
Secondly, even if our service improves the legal risk management level of the enterprise itself, it may still face the following risks: 1, being infringed by others; 2. The other party breaches the contract; 3. Risks caused by poor management of the enterprise itself; 4. Legal risks voluntarily undertaken by enterprises according to the needs of production and operation.
Therefore, there is absolutely no need for us to worry about this problem. There is a simple reason. For example, there are so many medicines, nutriments and health care methods in the world, but many people go to the hospital sick every day, and the business of the hospital is still very hot.
It seems that this business is feasible. So, how to do this business? This leads to the theme of this paper, that is, to do a legal risk physical examination for enterprises. It's like going to the hospital for a physical examination. If you want to know what the problem is, you must first check your body and know where the problem is before you can prescribe the right medicine. So what is the legal risk physical examination of this enterprise?
Second, what is the enterprise legal risk physical examination?
This physical examination is actually a bit like due diligence, but it is very different. Due diligence reports are generally aimed at people outside the company, such as counterparties in equity transactions. Therefore, due diligence reports pay more attention to the legal risks existing in enterprises. However, little attention is paid to the mechanism, process and management level of enterprise legal risk management. This is precisely the focus of the legal risk physical examination. The status quo of risk is not its main concern. To put it bluntly, the due diligence report focuses on "results" and the risk physical examination focuses on "reasons". Only by grasping the "reasons" can we avoid bad "consequences" and nip in the bud, which is the significance of risk management.
Before introducing how to do risk physical examination, tell a short story. This is an experience when I was a trainee lawyer. At that time, I went to an enterprise with a lawyer in our hospital to see if there was any legal risk in this enterprise. Actually, I went to have a legal risk physical examination. But the lawyer showed me around the office and went to the production workshop to watch the workers make their products "garlic slices". I don't understand the use of watching this. Although we also made a survey list before we came, we always felt that these problems were not to the point and we could not find any problems. As a result, it can be imagined that this operation was a failure, and we did not put forward any valuable risk prevention opinions.
A few years later, when I had a good understanding of the legal risk management of enterprises, and the enterprises that served me had done many risk physical examinations, I suddenly looked back and understood what was wrong with that attempt in that year. In my opinion, the mistake lies in not grasping the main line of enterprise management process, but staying on some superficial problems, which leads to failure. To do a risk physical examination for an enterprise, it must be closely integrated with the management process of the enterprise, otherwise it will be aimless, unable to find the problem and grasp the key.
As I said just now, the focus of physical examination is the cause of the risk, not the result. Therefore, our attention should not stop at what happened, but should focus on finding out the causes of these problems. How to find the reason? It is necessary to find it in management. It can be said that all internal problems are caused by management. This involves a concept called "internal control".
The concept of "internal control" comes from the United States and is a core concept in the field of enterprise risk management. It refers to the process implemented by the board of directors, the board of supervisors, the managers and all employees of an enterprise to achieve control objectives. The goal of internal control is to reasonably ensure the legality and compliance of enterprise management, the safety of assets, the truthfulness and completeness of financial reports and related information, improve operating efficiency and benefit, and promote the realization of enterprise development strategy.
The reason why the concept of internal control should be introduced in these fields is because internal control runs through the whole process of enterprise management. Its core idea is to control risks in the process. By effectively controlling every risk point in the process, enterprises can effectively intervene in related risks at the beginning of risks, thus minimizing the risks of enterprises. Therefore, to do a good job in legal risk review, we must start with internal control, a risk management means that runs through the whole process of enterprise management.
From the perspective of internal control, the management of an enterprise is actually composed of a series of processes. According to the classification of Basic Standards for Enterprise Internal Control, these processes can be summarized as 18 modules: 1, organizational structure; 2. Development strategy; 3. Human resources; 4. Social responsibility; 5. Corporate culture; 6. Capital activities; 7. Procurement business; 8. Asset management; 9. Sales business; 10, research and development; 1 1, project; 12, guarantee business; 13, business outsourcing; 14, financial report; 15, comprehensive budget; 16, contract management; 17, internal information transmission; 18, information system.
Through the above classification, we can clearly see which activities are prone to legal risks. For example: organizational structure, human resources, capital activities, procurement business, asset management, sales business, research and development, engineering projects, guarantee business, business outsourcing, contract management, etc. These activities may involve the following legal risks: corporate governance structure risk, labor and personnel risk, investment and financing risk, intellectual property risk, contract risk, guarantee liability risk, engineering dispute risk and so on.
I think the biggest contribution of internal control law to our understanding of corporate legal risks is to give us the concept of process, and to look at corporate legal risks from the perspective of process, rather than grasping the eyebrows and beards. The legal risk of an enterprise arises from its management process, so if some links in these activities are not done well, it may bring corresponding legal risks to the enterprise. Taking human resource management as an example, we explain how to sort out the legal risks of enterprises from the perspective of process:
Human resource management of enterprises generally includes four activities: first, the introduction of human resources; Second, the development of human resources; Third, the use of human resources; Fourth, the withdrawal of human resources. Among them, the introduction part includes human resources planning, recruitment activities, the establishment of labor contracts, probation management and so on. The development of human resources includes training, internal promotion, job rotation and other management activities. The use of human resources includes performance management, salary management, rewards and punishments, employee occupational health and safety, social insurance payment, etc. Withdrawal of human resources includes termination of labor contract and dismissal of employees.
Through such combing, we have a clearer understanding of the process of human resource management. At the same time, we can also put the corresponding legal risks in the right place. For example, the legal risks that may be faced in the introduction stage of human resources include: failing to conclude a labor contract with workers in time or the contents of the labor contract are illegal; The enterprise fails to pay social security for the workers in time; No confidentiality agreement or non-competition agreement has been signed with employees in core and key positions. The legal risks in the development stage of human resources may include: failure to change the labor contract in time after promotion or job transfer, failure to sign a training agreement or service period agreement for paid training for employees, etc. Possible legal risks in the use of human resources: the imperfect performance appraisal system leads to the inability to provide sufficient institutional basis and evidence when adjusting employees' salary, which leads to labor disputes; Failing to pay wages in time; Industrial accidents; Laborers conclude labor contracts with other enterprises at the same time. The legal risks of withdrawal may include: labor disputes caused by improper termination of labor contracts; Failing to exercise the right to terminate in time, resulting in the enterprise overpaying the wages of the workers; The resigned employee fails to abide by the confidentiality agreement, resulting in the disclosure of business and technical secrets of the enterprise; The enterprise or employee fails to comply with the non-competition agreement, etc. (The above only lists the legal risks of related links, which is not exhaustive. )
Isn't this comb much clearer? We can use this method to include all the legal risks that enterprises may involve, so that there will be no omissions and the context will be clearer.
Third, how to do a good job in the physical examination of corporate legal risks
So, with the idea of this process, how do we operate specifically?
First of all, we should sort out the business modules with more legal risks, such as human resources, procurement, sales, research and development, engineering projects, guarantee business, outsourcing, contract management and so on. Then, according to the basic internal control standards and guidelines, combined with the specific situation of enterprises, sort out all the processes of these modules. Then list and analyze the possible legal risks in each process, and try to exhaust all possible legal risks. Then describe the ideal control state of the above legal risks. Finally, according to this ideal control state and the actual situation of the enterprise, find out the gap, which is an existing problem and needs us to find a solution. Finally, according to our analysis of this gap, we put forward our countermeasures and suggestions, and the whole physical examination was completed.
The above process can be summarized as three components, namely: 1. Risk identification; Second, risk analysis; Third, the design of risk control measures. The following is a detailed introduction:
Risk identification
1, meaning of risk identification
Legal risk identification refers to the identification and enumeration of possible legal risks in a specific business process of an enterprise, with the aim of forming a complete legal risk point map. This link is the starting point and foundation of all follow-up work. If this link is not done well, it will affect the quality and effect of the whole risk physical examination. The most important thing to grasp in this link is the comprehensiveness and completeness of risk point identification, that is, to find out all possible legal risk points in the business process as comprehensively and without omission as possible.
2. Methods of risk identification
So, what methods do we use to identify the legal risk points of enterprises? Generally, the following methods are adopted:
① Process carding method
Based on the internal control guidelines, this method analyzes the business process of the enterprise, and lists the possible legal risks in the process according to the relevant business processes.
② Legal retrieval methods
This method refers to the comprehensive retrieval and analysis of laws and regulations related to enterprise business to find out the risks that enterprises may face. The advantage of this method is more comprehensive and avoids the shortcomings of other methods.
③ Individual interview method
This method refers to the method of understanding the relevant risk points through face-to-face individual communication with the business personnel and management of the enterprise. The advantage of this method is that it can quickly find some risk points that managers and business personnel pay attention to, which are often the actual risks of enterprises. The disadvantage is that it is not easy to fully grasp all the risks in the business process.
④ Case analysis method
This method refers to the analysis of the actual cases that have occurred in the enterprise to find out the possible problems in enterprise management. The advantage of this method lies in its strong pertinence, which can often find out some key pain points of enterprises, and the information is more specific, which can be used to conduct in-depth research on related risks.
⑤ Collective discussion method
Also known as brainstorming method, this method means that all lawyers involved in the project and managers in key positions of enterprises are organized by lawyers handling cases to discuss and express their opinions freely, without having to think too much about whether the opinions put forward are correct. Finally, the lawyer will sort out and analyze all the opinions and keep valuable opinions. The advantage of this method is that it can creatively ask some important questions, and it can also inspire participants through unrestrained communication.
In the actual operation process, generally, the risk list is listed to the maximum extent through process combing and legal retrieval, and then the risk list is made into a risk questionnaire, which is then handed over to the business personnel of the enterprise to fill in and feedback to the lawyer. Then, lawyers enter the enterprise, communicate with enterprise personnel according to the questionnaire (interview method) fed back by the enterprise, analyze past cases of the enterprise (case analysis method), discuss major risks with enterprise management (collective discussion method), and finally form a complete risk questionnaire, thus laying the foundation for subsequent analysis.
(2) Risk analysis
With the above risk questionnaire, we can analyze the legal risk points of enterprises one by one. The main purpose of the analysis is to find out the gap. When we made the risk questionnaire, we already reflected this idea in the table.
The size of the risk = the probability of the risk × the possible loss caused by the risk.
If possible, we can assign values to the above three variables, so as to accurately judge the importance of risk. Of course, this is difficult to operate, and it is only introduced here as an analysis idea. In practice, lawyers can use language to make a relatively vague risk assessment.
(3) Risk control measures and strategies
Knowing the causes and importance of risks, we can put forward solutions to how to control risks. The Guidelines for Internal Control divides the causes of problems in enterprise internal control into two categories, namely, design defects and implementation defects. According to the different causes of risks, control measures can be divided into two categories: first, measures aimed at design defects; Second, the measures against the implementation defects.
First, let's look at what are design defects and execution defects. According to the internal control theory, all risks of enterprises are caused by two reasons: problems in system design or problems in implementation. The so-called design defects refer to unscientific, unreasonable or illegal situations in business process design, organizational structure construction, division of responsibilities and authority, and internal resource allocation. Execution defect refers to the related risks faced by the enterprise because the internal personnel can't strictly and effectively execute the established business processes and work instructions. Therefore, as long as the causes of these two defects are effectively intervened and controlled, the risks of enterprises can be minimized.
In view of these two defects, the related control measures are also different. For design defects, different control measures can be taken according to different reasons, such as: reforming internal processes; Revise rules and regulations; Formulate a model contract; Adjust the organizational structure and post setting; Re-division of responsibilities and authority, etc. The defects in implementation are generally caused by the following reasons, such as: ignorance of rules and regulations, incompetence, incorrect work attitude, poor internal communication, insufficient budget, etc. Therefore, the corresponding control measures may include: special training, strengthening assessment, post exchange, budget adjustment, and strengthening communication between departments through organizing internal activities.
The interview is mainly about the specific forms of control measures. However, when formulating these measures, an issue that cannot be ignored is that enterprises should adopt different strategies to deal with different risks, instead of treating all risks equally. This is mainly due to the following reasons: First, the importance of risks is different, so the benefits generated by control activities are also different; Second, the influence that enterprises can exert on related risks is also different; Three, enterprises can grasp the resources for risk control is limited, that is to say, risk control itself has a cost. Four, compared with the risk of business activities, it can generate more income.
Therefore, when making relevant risk response measures for enterprises, lawyers should proceed from the reality of enterprises, comprehensively consider the development strategy, commercial interests, risk size, cost control and other factors of enterprises, and adopt different risk response strategies. These strategies include but are not limited to: risk avoidance, risk transfer, risk reduction, risk taking, etc. Of course, for the design of major risk control measures, lawyers must fully communicate and negotiate with the top management of enterprises to make the designed risk control measures conform to the actual situation of enterprises and be accepted by enterprises.
(4) Output of risk physical examination results
After risk identification, risk analysis and control measures design, the whole foundation of legal risk physical examination is completed. But in the end, lawyers should try their best to show the results produced in the medical examination process to the enterprise in written form as the final summary and delivery of our services, reflecting the lawyer's labor value. This achievement can be embodied in the form of "legal risk physical examination report", and all systems, contract texts, process documents and forms modified for the enterprise are attached.
Of course, the completion of a physical examination project should not be the end of our work. After completing this medical examination service, the lawyer can track the rectification of the enterprise at any time and be responsible for the enterprise to the end. In this process, enterprises may also have follow-up legal service needs, and our lawyers' services can naturally be extended.
- Previous article:Is it illegal for the company to require employees to learn China traditional culture?
- Next article:What folk arts are there in Shaanxi?
- Related articles
- How to draw the traditional festival Tomb-Sweeping Day handwritten newspaper?
- Posting the manuscript of Chinese studies and moral education course in kindergarten
- Why is it that of the four East Asian countries, China, Japan, South Korea, and North Korea, South Korea and North Korea do not have a
- What are the famous cuisines in Zhoukou, Henan? Or a cheaper and more delicious place?
- The curtain renderings of the new house. Look at this with the new house.
- Wooden buildings have a centuries-long history as human habitats, so why are they fading away today?
- What are the competitive strategies of enterprises under the network economy?
- Characteristics of public opinion leaders
- Good DJ. How many do you recommend?
- Difference between light steel built house and traditional built house