OFR reflects the SRA's recognition that risk management is essential to a law firm's daily operation. Principle 8 requires firms to run their businesses 'in accordance with…sound financial and Risk Management principles'. Specifically, Chapter 7 stipulates that firms must
...identify and monitor risks in compliance with all the principles, rules and outcomes and other requirements of the Handbook...and take steps to address issues identified (7.3) and,
...maintain systems and controls for monitoring the [firm's] financial stability...and risks to money and assets entrusted to [the firm] by clients and others and ...take steps to address issues identified (7.4).
Still, a firm with the world's most gold-plated risk management system will not benefit until the firm's culture supports its use. Whilst solicitors may pay enthusiastic lip service to risk management, it is often seen as an administrative task and is sidelined whenever there is fee-earning work to be done.
We have produced 5 tips that may assist you.
1 Use existing knowledge to identify your top risks. Each department/work area will have its own list of scare stories and relevant risks. Put some time aside in a team meeting, or even an informal lunchtime conversation, to elicit that information. Look at your claims and complaints history and see if any common trends emerge. These two actions alone should arm you with a list of 5 or 10 significant risks that you can prioritise. If you want to take that exercise further, we can assist you put together a useful risk register for your business.
2 Design your risk management system specifically for your firm. Your firm will have its own style, work profile and most importantly, its own characters; one size does not fit all. Insurers want to see more than just some loose promises about an open and risk-aware culture however. You should be able to evidence suitable levels of supervision for your fee-earners, and 'backstop' systems and procedures - from the simplest paper-based checklists, key stage reviews, and escalation procedures, to sophisticated workflow with integrated templates and timelines, as fits your needs.
3 Get senior management's buy-in. If junior lawyers see senior members of the firm as interested in risk management then they are far more likely to take it seriously. The reporting requirements imposed on COLPs and COFAs should help drive this agenda. Moving the emphasis on risk management as a necessary administrative burden to a valuable profit facilitation tool will also help change the dynamic (see point 4 below).
4 Embrace risk management in its totality. Risk management is more than a compliance tool to help firms fall on the right side of applicable legislation and keep the SRA happy; far greater benefit can be had by looking at the risks firm wide. Effective risk management is not an obstruction to business, but rather about providing a secure foundation which facilitates service provision while minimising unnecessary risks. For example, a business that does not consider client confidentiality when procuring a new IT system may find itself exposed to significant reputational damage and financial loss. A firm that allows its trainees to undertake work without sufficient levels of supervision may expose itself to a number of claims, and potential client loss.
5 Sell risk management to colleagues as simple, universal and common business sense. Plcs have to have risk management; law firms are no different.