Legal and Compliance Risk Management Framework

Mitigate legal and compliance risk with these insights.

Risk Management Framework Principles

Managing the new risk landscape

The growing risk landscape requires legal and compliance leaders to establish greater business ownership of risks. Empowering employees to own risk management yields significantly better risk outcomes than prescriptive risk management, leading to employees becoming more likely to act on, report and feel confident owning risks.

Use this report to review how to advance your risk management strategy and empower business ownership of risk by:

  • Clarifying risk management roles and responsibilities
  • Providing tools and resources that empower the business to own risk
  • Ensuring that employees feel accountable for managing risks

Download Your Risk Management Framework Report

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

  • Step 2 of 3

    By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

    Company Information

    All fields are required.

    Type company and location
    Optional Optional
  • Step 3 of 3

    By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

    Risk management framework insights you can use


    • Access diagnostics and benchmarks to assess your current state.
    • Gain tools to quickly transform and develop your risk management framework.


    • Learn three key shifts for legal and compliance leaders to note.
    • Take an interactive approach to your risk management framework.


    • Gain access to more than 60 legal and compliance experts to advise on the right risk management for your business goals.
    • Use Gartner BuySmart™ for fast and smart budget and tech decisions.


    • Get real-world advice from peers in live cohorts and virtual discussion boards.
    • Attend expert-led virtual events to help tackle your mission-critical priorities.

    Achieve your risk management priorities today

    Risk management framework frequently asked questions

    An effective risk management framework has the potential to help legal departments mitigate future risks without hindering growth. A risk management framework can protect against losses of competitive advantage, legal risks and business opportunities. An effective risk management framework should be more than a set of standards and rules. It should have the ability to deliver actionable results that make a real difference in your business and workforce performance for the long term.

    To develop a risk management framework, start by discussing the structure or governing principles your organization uses to manage risks with key stakeholders. Use this information to identify framework characteristics that are most relevant for your organization.

    Leverage the COSO EMR framework or the ISO 31000 framework, the two primary risk management standards, as inspiration or foundation for your ERM framework.  

    To identify your potential legal risks, conduct a legal and compliance risk assessment as well as an enterprise risk assessment. Doing so ensures a comprehensive view of the risk landscape from the organizational and functional viewpoints.

    By conducting a stand-alone legal and compliance risk assessment, legal can identify major functional risks that do not surface in enterprise risk assessments but still present a significant risk such as privacy, third-party and anti-corruption risks, given their narrow scope. Coordinate enterprise risk assessments with your legal and compliance risk assessment to obtain further insights on risks surfaced in both assessments.

    Vendors and third parties are now an essential part of every large organization’s daily operations. Selecting and supporting the right vendors, together with the balanced approach to effective risk management, are equally vital.

    A vendor risk management plan is a program designed to protect the organization from disruption, uncertainty and volatility from risks from vendors. Having a vendor risk management plan in place will help you maintain quality of service, manage costs and determine ongoing supplier viability.

    A risk management framework represents the agreed-upon structure or governing principles an organization uses to manage risks. There is no one-size-fits-all model, and most organizations develop a framework internally that adapts elements of widely accepted standards. A risk management framework can offer several key benefits, such as protection of assets, reputation management and the optimization of data management.

    Other legal and compliance priorities Gartner can help with

    Third-Party Risk Management
    Risk Management Strategies
    Compliance Program Management

    Gartner is a trusted advisor and an objective resource for more than 15,000 enterprises in 100+ countries.

    Learn more about how we can help you achieve your mission-critical priorities.