Skip to content
Corporate Law Departments

Legal success metrics: The legal department as protector of the business

Elizabeth Duffy  Senior Director, Client Engagement / Thomson Reuters Institute

· 6 minute read

Elizabeth Duffy  Senior Director, Client Engagement / Thomson Reuters Institute

· 6 minute read

Metrics that show a corporate law department can be a staunch protector of the business are becoming increasingly important in demonstrating value

Each year, the Thomson Reuters Institute conducts regular conversations with about 2,000 general counsels. In those interviews, general counsels tell us that they have four priorities: providing quality legal advice, protecting the business from risk, enabling business goals, and doing all that within budget. These themes are consistent across industries and regardless of the size of the organization that the legal team supports.

However, GCs also tell us that they’re not collecting metrics that show their progress towards all four of those goals. It’s not that legal teams don’t collect metrics at all — 90% are doing so, up from 75% eight years ago. But too often, the focus is on measuring how much the law department spends. While that supports an important goal — meeting budgets — it doesn’t begin to show the true value of the legal function to the organization itself. Without metrics that show progress toward the other goals, it’s difficult for the legal team to be perceived as a true strategic partner.

In our last two columns in this series, we discussed metrics that can help corporate law departments elevate the conversation around their spending and demonstrate the quality and effectiveness of their advice. In the next two installments, we’ll discuss transformational metrics — those that show the legal department as a protector of the business, and those that support the legal team as a partner in business transformation.

For the legal team, being a protector of the business means taking a proactive approach to risk by preventing legal issues from negatively affecting the business before they happen. This is an especially large and complex task at multinational corporations, of course, but one that is of singular importance. Of the four priorities described by most GCs, our research shows that protecting the business is the priority of most concern to boards of directors and shareholders.

Of course, the range of legal risks that could potentially present a problem to the business is large and growing: Changing laws and regulations; an increasing focus on environmental, social & governance (ESG) issues; long, complex, and opaque supply chains; and the complexities of operating in multiple jurisdictions, and that’s just for starters.

Just as the department’s approach to risk must be proactive, so must their approach to metrics that support that approach. No matter which particular metrics are chosen, these measurements must do more than simply pave the way for the legal department to respond to business needs. Instead, they should help in the creation of more proactive, structured practices that will help department leaders better assess risk, benefit from the knowledge of other business leaders, strengthen the team’s connections across the industry, and build knowledge.

To that end, there are three categories of metrics that may prove helpful:

1. Risk discovery

If the legal team is part of a larger organization, it probably already has a regular risk discovery or risk-mapping process in place. According to our research in 2023, almost half (45%) of GCs at organizations with $1 billion or more in annual revenue run annual risk-mapping exercises, while about one-third (34%) say they do this quarterly or even more regularly. Risk-mapping allows legal teams to proactively identify and assess risks, with the goal of being able to implement a plan to reduce or manage them. Risks should be mapped across lines of business and regions to help identify the processes and training needed to prevent damage to the business and minimize legal costs.

Interestingly, 30% of respondents told us they feel their organization is fully protected from risk — this group utilizes data-driven tools like a risk framework, or key technologies, but they also place substantial focus on dialogue, such as that from internal stakeholder consultations to advice from external sources. This combination of dialogue and data is key to building a successful risk-management plan. And the right metrics can add structure to this process and create a better framework for managing these risks.

Metrics that show the department has a proactive risk-discovery program might measure: i) whether team objectives are set; ii) the frequency of risk mapping; and iii) whether there is continuous scanning of new laws and regulations.

2. Horizon scanning

Horizon scanning is an important element of risk mapping, which helps the legal team systematically uncover new laws and regulations, as well as other relevant changes, across all active jurisdictions. In this case, the measure of success is not how many new risks are found, but the strength of the team’s process for finding them. The right metrics can help evaluate the effectiveness of their scanning system.

In addition to maintaining risk-discovery and horizon-scanning programs, it’s important for legal leaders to maintain a regular presence in board and executive meetings. These will help these leaders to become aware of any new developments as early as possible. Only then will they be able to help the organization avoid or mitigate any accompanying risks before it’s too late. A regular presence will also help cement their credibility with the board when a need arises to warn them of a new risk and persuade them to take the team’s advice.

3. Risk management

After risks have been identified, the process of managing and mitigating them comes to the fore, and this is where risk management metrics can be vital. Metrics that could help illustrate the success of the legal team could include: i) number of disputes raised; ii) percentage of disputes resolved without litigation; and iii) number of risks registered, evaluated, and mitigated.

These risks can be monitored by category, such as antitrust, data privacy, supply chain, anti-corruption, and intellectual property.

While legal departments have multiple and competing roles and priorities, the department’s role as a protector of the business is unique. It’s not often or easily duplicated by other departments, of course, and even top-flight outside legal counsel may not fully understand the challenges of the companies’ particular business or industry. It’s also a top priority for CEOs and corporate boards.

For those reasons, it’s especially important for corporate law department leaders to design a metrics program that properly illustrates its success by focusing on the key outputs they hope to achieve, while creating structure and efficiency, and allowing for timely identification of risks that enables action.


This is the fourth in a series of blog posts about legal success metrics, what they are, and how they can be used by corporate law departments to better understand their own operations and performance.

More insights