Bizibody Technology is a specialist practice management and technology solution provider to the legal industry in Singapore and Malaysia. As consultants to the Law Society of Singapore in the PRIMELAW Standards and an Approved Training Provider for Practice Management under the Continuing Professional Development (“CPD”) Scheme, we conduct Practice Management Workshops and PRIMELAW Consulting for lawyers. You may contact Bizibody at +65 6236 2840 or email info@bizibody.biz
In today’s business climate, no law practice can afford to neglect the active management of practice risk. Clients are more educated in their demands, less tolerant of poor service delivery and delays AND they are well aware that lawyers can be sued successfully. While we may adopt a phlegmatic view that as long as lawyers and their staff continue to be plagued by time pressures and human foibles, the threat of negligence claims is a given "constant" in legal practice - in fact, that is why we buy professional indemnity insurance!
However, the lessons learnt from the demise of Andersen should not be ignored. A single well-publicised claim can have devastating effects in terms of "reputation collapse" and the actions of a single rogue department or individual can affect the survival of the whole enterprise.
While law practices may vary in their appetite for embracing risks, the issue at the core is for the management to decide which risks are acceptable and which are not, and not to slide into a risk situation through apathy or ignorance. In fact, the word “risk” has its roots in the latin “risicare” meaning “to dare”. This article addresses the fundamental principle that risk management is a matter of
Making Choices about the actions we take.
Risk management encompasses more than accounting for the costs associated with potential negligence claims. Risk Management is a keystone of good law practice management and embodies a formalised set of enterprise-wide standards, policies and procedures designed to minimise exposure to risk.
Effective risk management can be achieved by adopting these basic principles that apply to every commercial enterprise, not merely a law practice: –
-
Identify areas of exposure to risk.
-
Analyse the causes of specific risk situations as identified.
-
Devise solutions that address specific risk situations as identified.
-
Implement systems and procedures to manage your general risk exposure.
-
Monitor compliance by lawyers and staff; dealing with change management issues as they arise.
Types of Risk
The first step in effective risk management is to identify areas of risk exposure. Your analysis will form the basis for formulating policies that actively manage all identified threats to the practice.
Most lawyers, when asked what they consider to be the greatest threats to their practice, limit their replies to missed deadlines and cash flow. If your risk management policy is restricted to avoiding negligence claims and meeting your overheads, then operational and financial risk is all that you need to address.
However, we would like to challenge you to take a much wider view of risk management that includes addressing situations which threaten the “commercial interest or reputation of the Practice”. The types of risks that any law practice will face can be broadly categorised into the following: –
-
Operational Risk - this involves the management of internal business processes. Operational risk management includes processes to ensure that deadlines are kept, work output is monitored and quality standards in client care and service delivery are met. The other main area of focus under this broad categorisation is the threat to business continuation by terrorist activity or natural disaster. To address such risks, your strategies will include IT network redundancy, data backups, off-site storage and disaster recovery plans.
-
Quality Risk - this addresses ignorance of the law and professional rules of conduct relating to terms of engagement, client confidentiality, conflict of interest rules etc. The aim of managing quality risk is to ensure that your lawyers and staff are fully equipped to perform assigned tasks and their actions meet practice standards. Actions that address quality risks involve staff recruitment and training programmes, fee earner supervision and delegation; and engagement policies (in considering whether or not to accept new engagement, you will need to consider the skills and experience of your team and the amount of resources available to deliver the service).
-
HR or Intellectual Risk - this addresses succession planning, staff departures and partner defections. The aim of managing HR risk is to ensure that knowledge residing in the heads of key personnel AND the goodwill of your clients is retained by the practice when the key personnel leaves. Addressing staff redundancy requires dedicated efforts to promote an environment that fosters knowledge sharing, mentoring and collaboration within your practice.
Knowledge management strategies in law practices tend to focus on capturing and storing “legal” knowledge while overlooking process-specific knowledge. For example, if your IT administrator is the only person with a working knowledge of your practice’s IT systems and network passwords, his departure is likely to cause severe disruption and loss of efficiency; at least until his replacement is up to speed.
-
Strategic or Business Risk - this addresses the effect of a reduction in engagements from a key client or from any given sector of the economy. While market forces may well be outside your control, its impact can be addressed to a large extent by understanding the level of exposure that the practice has in any given industry or practice area; and if necessary, allocating resources to penetrate new areas.
-
Regulatory Risk - the environment in which law practices operate is becoming increasingly regulated. Apart from the professional rules of conduct by the Law Society, non-compliance with national and international directives on money laundering, data protection and records management will have a direct adverse impact on your practice.
Identification of Risks
To make a sound assessment of the specific risk situations in your practice, you should be prepared to: –
-
Initiate Dialogue with Staff & Lawyers (at all levels and every department)
Engage positively with your support staff in this process and you will receive constructive feedback on how things are being done and how they can be improved.
In your discussions with your partners, do not confine your questions to risks associated with delivery of legal service, but include discussions on business risks and marketing strategy.
-
Study your Practice’s Claims History
This will give you an indication of the areas of weakness in risk management, especially if a pattern of claims shows that they emanate from a particular department or individual. If you are fortunate enough to have avoided being subject to any claims, then an alternative starting point is your Client Complaint/Client Feedback forms. You can learn not only from your mistakes but also from the “near misses”.
-
Study Management Reports of the Practice
Management Reports will show you how long any file has been opened, movement in your client account ledgers, amount of work in progress unbilled, which clients have not paid your bills. Use these to identify credit / cash flow risks.
-
Undertake Random File Audits
File Audits involves looking out for evidence of failure to meet the practice’s quality standards eg inordinate delays, failure to keep client informed on developments, lack of supervision or monitoring, failure to comply with procedures in relation to key dates, giving of undertakings, safe custody of original documents etc.
These examples are not exhaustive and any practice that is serious about the quality of their service will have devised their own checklist according to the standards they have set for themselves.
When you have completed this process of identifying areas of risk in your practice, you are likely to be faced with a daunting list of risk issues that need to be addressed.
There will be core risks that affect the practice as a whole (eg Quality or HR risks). To varying degrees, depending on the specific department concerned, you will discover that each department has a different risk exposure. What may be a major risk in one department (such as time limits in bulk transactional work) may not be in another (in commercial practice, greater risk arise from poor communication between the lawyer and the client). Risks can be prioritised according to the likelihood of occurrence or to the consequence or impact if the event does occur.
The next stage is to decide on a course of action aimed at addressing the areas of risk you have identified.
Management of Risk
An identification of the risks to which the practice is exposed is only half the battle. Your analysis must be followed up by action which is likely to involve imposing more rules, re-engineering current work processes and generally, exacting greater control over the day to day decisions made by support staff and lawyers.
Hopefully some of the more obvious risks will be addressed by existing functions within the practice. For example, the finance partner may have devised credit collection policies, or a more efficient way to issue interim bills for work done. In such cases there may be no need to allocate further resources except to monitor the effectiveness of the risk management activity.
For the other areas not currently addressed, we suggest the following actions: –
-
Appoint a “Risk Manager”
The Risk Manager will take on active responsibility for implementation of appropriate risk management processes and the ongoing monitoring of these processes. His role must be clearly defined and receive sufficient authority and support from the Management.
-
Decide on the Risk Management goals or “standards” for the Practice
Set up clear objectives and a time table for achieving them; including instituting a regular reporting mechanism to chart the progress of these initiatives. There must be consensus and commitment to these objectives at executive level by the managing heads of the practice.
-
Record Risk Management Procedures and Policies in Writing
This can be your Office Manual, backed up and supplemented by departmental SOPs which may impose more detailed and rigorous procedures for specific work processes undertaken by the department. These manuals will serve as reference points and training guides for the induction of new staff to the Practice.
-
Enforce Risk Management Procedures
This can be done through “remedial action” for persistent breach or flagrant non-observance. However, penalties may not always be effective in all cases. A softer approach involving closer supervision or additional training could be deployed instead.
-
Encourage a Culture of Ongoing and Open Communication
This is the best way to instil ownership of programmes and personal responsibility in your staff and lawyers. Changing the way people work will not be achieved overnight. But you will face less resistance if you explained the reasons for the change and the objectives you wish to achieve.
-
Provide In-house Training
Use these training sessions to disseminate policies and process changes. This will ensure that the staff know what is expected of them.
Using PRIMELAW Standards as Risk Management Goals
The Risk Manager will need some guidance on the risk management goals for the Practice. An effective and useful checklist is the PRIMELAW standards. PRIMELAW is the quality mark awarded by the Law Society of Singapore to law firms in recognition of their efforts and commitment towards achieving and maintaining excellence in practice management standards.
PRIMELAW sets out the objectives for sound risk management in the following areas: –
-
Business Planning - to address structural and business risks.
-
General Management - to ensure that back office administrative functions (including HR and communication policies) are functioning optimally.
-
Financial Management - to address financial risks and to set the standards for effective management of budgets and cash flow.
-
Case Management - to address operational risk such as meeting deadlines, supervision of work output of staff and client care.
Changing Attitudes
Adopting a prescriptive approach in a law practice where the lawyers enjoy a high level of autonomy, particularly in relation to the client-partner relationship, is not going to be easy as no one enjoys having their actions monitored or their discretion fettered.
Change management in any organisation is uphill enough, but take an organisation as large and unwieldy as a law practice managed by autonomous “fee-earners” and your task is monumental. Individuals will recognise the need for change when they are in a crisis. The greater challenge is to exact that very change before the crisis occurs and so avert it.
Risk management policies that are enforced solely by prescriptive rules may be seen as an administrative hassle; at worst, a diversion from fee earning activity that is unproductive and inefficient. We propose that you tie desired behavioural change to the practice’s stated Risk Management targets or Practice Standards; thereby making it a virtue to demonstrate these characteristics. This can go a long way to reinforcing key messages, and over time, creating a risk-aware culture within your practice.
An alternative to the prescriptive approach is to increase the individual’s ability to make the right decision in any given circumstance. What you hope to achieve is a “comfort” zone for risk taking so that potential consequences of failure arising from straying outside the zone becomes more severe than the potential satisfaction to be gained from its success. Individuals are likely to make decisions about what risks they will take, conscious or otherwise, based on their past experiences or perceptions. By increasing their awareness of the consequences of failing to address specific risk situations, you will be able to influence their decision making process. You may discover that sharing “horror” stories and other cautionary “real life” experiences exert their influence far more persuasively than any number of prescriptive rules.
Your ultimate goal is to introduce a Culture of Risk Awareness within your practice. For this, visible and active support from the management is crucial as success can be fundamentally undermined if messages become confused or are not supported by the actions of the leaders. “Leadership by Example” is key to the success of any enterprise-wide change management initiative.
Conclusion
There is no single turnkey solution for successful risk management in any enterprise, let alone the legal profession with all its diversities in practice areas and management styles. To implement an effective risk management programme, you must first address your current risk exposure by analysing the risk to which the practice is exposed. Following that analysis, you can then devise a methodology for changing the day-to-day decision-making processes of your lawyers and staff.