Reviewing Risk All Round

 

You should be, but how do you know you will be?  What have you done to review your risk procedures and profile?

 

They may well be.  Let’s hope they can place your insurance with one of the insurers who are receptive to information about firms’ risk control measures.  They aren’t all – some still just rely on your claims record.  But what I mean is, what process have you got for being able to show to the outside world what you are doing?

It certainly should help, as apart from anything else it will focus your attention on the risk related issues.  One of the things it requires, however, is something you haven’t yet implemented, which is a regular and systematic review of your risk related activities.

 

The first thing that a review will do is to test the robustness of your risk reporting procedures.  For instance, I know that you have put into place a risk banding for all cases you open, and that your fee earners are supposed to report, through their supervisors, on any matters which change their risk profile or become abnormal risks.  What you need to know is whether that’s actually happening, so you need to review the data which is coming to your risk manager, and see whether it actually reflects what’s happening on the ground.

 

 

It’s not easy, but you can do some digging.  You can ask the supervisors, for instance, if they are aware of any matters which have gone sour, and compare that against the formal reports made.  Also, see if you have had any problems which have raised themselves at managerial level – complaints made by clients, or non-payment by clients – and link those back to the reports.

 

 

What you are trying to learn is where there may be problems which need to be addressed, and where a little effort can bring real practical rewards.  Are there any problems which are arising in different parts of the firm, which might indicate a need for some systematic changes?  Are there any trends towards difficulties in any particular area, which might mean you have either to re-think the way you go about that type of work, or even consider whether the reward justifies the risk, or you might be better off leaving that worktype to others.

 

 

Certainly.  You might find, for instance, that if a particular fee earner was having a number of problems, the nature of the problems could indicate the best way of approaching putting matters right.  For instance, if there are lots of disconnected difficulties, it could just be that he or she is overloaded, or not being properly supervised, and you may have to intervene to put that right.  Alternatively, if the problems are concentrated in one area, that could indicate a training requirement, or a need for re-allocation of a type of work which may simply be too much for someone.  Similarly, if problems come about as a result of someone trying to do a novel type of work which is, in reality, beyond them and the firm, then they may need to be reined back in, unless you are willing to commit resources to develop that new work area.

 

 

No.  You can certainly get help with the collection of the data, but we’ve talked before about the absolute necessity for there to be an overall risk manager, with the clout to make the partners sit up and listen, and to push through what may be unpopular changes, if that’s what the situation requires.  So that person needs to take charge of the review exercise, and to regard it as a central part of their responsibilities.  That means you!

 

 

Certainly not.  For a start, you should be looking at complaints, which may never turn into negligence claims, e.g. claims of delay and inefficiency, or poor communication.  It’s still the case that just under half of the complaints which the Consumer Complaints Service receives are about those two aspects of service.  Don’t forget that that department now has real teeth, and can make substantive awards against a firm for Inadequate Professional Service.  Also, the Law Society’s Practice Standards Unit is targeting firms with poor complaints records, when it comes to choosing the firms they visit.

 

 

Not if you’ve got any sense.  We’ve spoken before about the fact that you, as risk manager for the firm, have an overall responsibility for considering all types of risk which may befall the business.  The review is just as much a part of that process as well.

 

 

How about financial risks?  How are your credit control procedures stacking up?  That’s not just a question of chasing late payers: it’s the whole system of deciding which clients and cases to accept, establishing precautionary payments on account where you can, making the most of interim billing opportunities, controlling disbursements, and issuing and chasing invoices.  More businesses which fail do so from lack of cashflow than from lack of profit: you need to be on top of that risk and ensuring that you don’t go that way.  These days, you particularly need to be thinking about the cash demands of different worktypes, and the risks they may present.  For instance, when did you last analyse what effect the working capital requirements of your personal injury department were having on the overall finances of the firm?  Or how much of a risk your largest ten clients are to you, in terms of the impact upon your overall financial viability if they, or some of them, left you – not uncommon in these days of shrinking panels?  Or what degree of financial risk you are committed to as a result of work which may not attract payment, whether it is litigation being done under conditional fee agreements, or merger and acquisition work being done on the basis that you only recover a decent amount if the deal goes through?

 

 

Indeed, it is.  My point is that that shows the central nature of a risk-based analysis of the firm’s operations in overall terms, and the need for a review, as part of your overall business planning process.  How you key it into that process is a matter for you – it’s really a question of a cast of mind, in growing to appreciate that a risk-based approach is a sound business approach.

 

 

If you think about it, about 40% to 45% of your total income is likely to go on your staff, so that’s probably not a bad starting point, is it?  A review is not a bad chance to reflect on your personnel related systems, particularly at a time when there is so much change.  We spoke only recently about some of the new legislation, and codes of practice, but this really is such a fast-moving target.  Only very recently, just as an instance, ACAS introduced not only the Code of Practice which we looked at last time, on disciplinary and grievance procedures, but also one on personnel record-keeping systems.  This whole area remains one where any employer is subject to the risk of potentially large and uninsured claims, as well as disruption to the business.  Having a formal review is a good opportunity to take stock, and make sure that you are as well protected as you can be; and that you have adequate systems in place for making sure you keep abreast of future changes.

 

 

Another area you could do well to concentrate on is statutory compliance.  It’s a peculiarity of lawyers that we tend to feel that compliance with the law is someone else’s problem, and a bit of an afterthought.

 

 

Good.  So a review will be a good chance to test how well those systems are working, won’t it.  You’ll be able to see how diligent fee earners are being in actually following the systems you’ve set up; and whether experience is indicating that there are any improvements which can be made in those systems, to make everyone’s job easier.  But it doesn’t end there, does it?  What about the Health and Safety legislation?  When did you last do an assessment, as required by law, of the risks which your office environment entails?  And I’ll bet you next month’s drawings that you’ve never really settled down to a full and methodical assessment of how you are affected in your day to day operations by the Data Protection Act, and what changes to your procedures you need to adopt in order to be compliant.

 

 

No, I don’t think so.  The profession has to get over the idea that risk is somehow a detachable notion, instead of a mainstream part of the responsibility of administering a business.  Most of the business world has known that for a very long time.  There are lots of other ways in which consciousness of the role which risk-awareness plays are vital – as much in giving you a way of prioritising changes, according to the element of risk each area presents, as anything else.  But there is one major one which I think you should definitely add to the list.

 

 

You remember I suggested you looked at the Law Society’s consultation document on the proposed new rule book?  Well, one of the proposed parts of Rule 5 is that you will have to have arrangements in place to ensure “the continuation of the practice of the firm in the event of temporary absences and emergencies, with the minimum interruption to clients' business”.  As far as I know, that’s something you’ve not even thought about.  It’s particularly important as it is both a business-related matter, and a client-related one.  In other words, it’s for everybody’s protection that you have to consider what happens if, for example, your whole IT system crashes or is attacked; or your building burns down.  Everyone needs to know how you’d cope.

 

 

Maybe we’ll have a chat about that another time.

 

 

Simon Young MBA is a solicitor and management consultant.

 

syoung@eurobell.co.uk