It’s so important for businesses to contemplate where and when they can cut costs. Cost-cutting can drive efficiencies, increase innovation and creativity, and make space in your budget to spend money on operations that will increase revenues and profits. However, cost-cutting can also lead to significant increases in your legal and business risk. This week, we’ll outline:
3 steps for businesses looking to better manage risk when cutting costs
You must know your risk profile and understand your risk appetite to effectively align them with your expenditure planning.
Your risk profile and your appetite for risk are two key factors that are going to play into your decision making when it comes to cutting costs. In essence, achieving this step requires businesses to align expenditure on each risk with the actual risk posed to the business. While this sounds simple, the subjective nature of the proportionality of risk means that achieving alignment can be challenging (and even more so if you have a low appetite for risk).
While we can’t outline a complete enterprise risk management framework (ERM) within this article, we will say that development and publication of a company’s approach and appetite for risk leads to streamlined decision making, more effective management of new or evolving risks, and increased ability to stress test cost-cutting measures. (Read more on that in McKinsey’s article on better risk management).
Once you’ve established your risk profile and risk appetite, you’re in a better place to assess whether your expenditure planning aligns with the risks you’re facing.
Look for opportunities to reduce risk and expense.
The ideal outcome for any business looking to cut costs is to identify win-win scenarios where both risk and expense decreases. Achieving these outcomes requires creativity, collaboration, and diligence, and they will be unique to your business. However, we’ve highlighted 2 common areas we see potential for reduced costs and reduced risk:
Data storage, for instance, is one area that is often more expensive than it needs to be. Many companies keep data just in case it’s required for compliance and then store it online. A significant number of these companies would be better served implementing a data minimization strategy.
Data minimization strategies identify the data a company requires to serve its business and legal purposes, and retains only that data. This is a key strategy that’s often overlooked by companies that elect to collect and store data for potential future purposes. Reducing the amount of data you collect and store can, in turn, reduce the amount you prudently need to spend on cyber security. It will also reduce the amount of potential damage to your business’ reputation following a breach, as well as the potential costs of data breach notifications and/or regulator penalties.
Avoid Fixing Legal Mistakes
We say this so often on our podcast, but fixing legal mistakes is significantly more expensive than getting it right in the first place. Looping in your attorneys and letting them guide early decision making helps to identify legal risks and develop processes and procedures around them. The alternative requires attorneys to either put together a ‘good enough’ solution or undoing some of the work you’ve done to promote compliance and/or decrease risk, which is usually less cost-effective and may potentially be less effective at reducing your risk.
Apply proportional cost-cutting measures across a number of areas to decrease expenditure without significantly increasing risk.
Where you do need to reduce your spending but you don’t have any ‘good’ candidates to eliminate or decrease your costs, it’s often best to decrease your expenditure slightly across a number of areas than cut one out altogether.
Let’s consider staff technology training, for instance. Given that human error is responsible for such a high portion of data leaks, and the costs and reputational risk associated with data leaks and breaches are so high, it’s likely not wise to eliminate staff training. However, you can cut costs associated with that training by coupling it with other essential staff training, or by providing it at another event (like a team offsite or quarterly team building event).
An important note before we go: The information in this article does not (and could not) replace advice from your legal counsel. Every company possesses a unique risk profile, as well as varying risk appetite. If you’re at all concerned about how to manage risk when cutting costs, we recommend you reach out to your legal counsel or email us at firstname.lastname@example.org.
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.