implementing an effective risk management strategy in a law firm peter scott peter scott consulting
TRANSCRIPT
Implementing an effective risk management strategy in a law firm
Peter ScottPeter Scott Consulting
www.peterscottconsult.co.uk
Who has a risk manager?
Law Firm Risks
Peop
le
Op
eration
al
Regulatory
IT
Co
mp
etit
ion
/bu
sin
ess
Eco
no
mic
,p
olit
ical
,fi
scal
Financial
Asset
Reputational
Law Firm
Is your management in control of your risks
Peop
le
Op
eration
alRegulatory
IT
Co
mp
etit
ion
/bu
sin
ess
Eco
no
mic
,p
olit
ical
,fi
scal
Financial
Asset
Reputational
Management
Operational Risks – negligent advice
Law Firm
Op
eration
al
Law Firm
Examples of Operational Risks
Negligent advice
Lack of management commitment to best practice and risk management
Lack of knowledge by management Lack of supervision High risk work Client vetting / fraud Client care / matter care Resource capability Lack of knowledge/expertise/experience Precedents / multiple use of advice International work / overseas offices
Why manage operational risks?
“The pursuit of excellence, with the aim of doing things better for the clients”
Director of Risk of a ‘top ten’ UK law firm
Which common factors are necessary if
risks are to be adequately managed?
Top level ‘buy in’ to management of risk
Knowledge by management of its Business A ‘no guilt’ culture to encourage
disclosure
Risk Management / KM
Risks are inter-related
Failure to manage knowledge involves
widespread risk
KM is an essential part of an integrated
risk management strategy
Your Risk Areas?
Where does the knowledge in your risk areas reside?
Can you access it?
Do you have systems to maintain and
upgrade your knowledge?
Risk/KM
Risk
Management
Knowledge
Management
A Risk Management / KMintegrated approach
Approach risk from a KM viewpoint and vice
versa
Need to manage the risks relating to
knowledge in any event
Managing the risks Quality assurance Greater competitiveness
Implementing a Risk Management Strategy
DIAGNOSIS
Identification and assessment
MITIGATION
Control, transfer and avoidance
MONITORING
Auditing, tracking and reporting
When a risk crystallises
LIMITATION
Minimising the effect of crystallised risks
Risk Identification Involves:
Being management driven Top down / bottom up Brainstorming sessions Facilitated discussions
Risk Assessment
Incidence - probability Impact - severity
Risk Diagnosis
Assess severity of high-level risks
Identify high level risks
Set criteria for assessing risks
Identify detailed risks
Assess severity of detailed risks
Risk map
Risk summary
Risk Mapping
Some key factors in identifying and assessing risks
Areas of law Claims record Number and location of offices Fee income / size of firm Commitment to best practice Knowledge management Are risk management procedures in place? Supervision levels
Risk Mitigation
Designed to:-
Avoid Reduce Transfer Accept
Risk mitigationRisk map
Risk summary
Consider impact/probability
correlation
Required controls
summary
Insurance requirements
summary
Contingency plan
requirements
Residual risk
summary
Consider available mitigation techniques
Monitoring involves
Auditing, tracking and reporting Comparing actual outturns to preset indicators Confirming effectiveness of risk responses Reporting compliance and exceptions
Risk monitoring
Required controls summary
Contingency plan requirements
Insurance requirements
summary
Set risk indicators and methods to monitor
them
Annual Risk Management Report
Limitation involves
Risk crystalisation scenarios Contingency plans Limitation procedures Post event assessment
Use of risk management tools?
Use an integrated risk management system to quantify, assess and control risk by :
streamlining diagnosis, mitigation and monitoring
embedding common risk management procedures
providing information access to all who need it
creating and maintaining one central, up to date risk database
Advantages of a formal risk management process?
Structured approach focuses on key risks Elimination of redundant procedures Comfort / assurance to PI insurers Universal application to all risk areas Continuous monitoring ensures management of
risk is “lived” day to day
Is your management in control of your risks
Peop
le
Op
eration
alRegulatory
IT
Co
mp
etit
ion
/bu
sin
ess
Eco
no
mic
,p
olit
ical
,fi
scal
Financial
Asset
Reputational
Management
Any questions?