Implementing an effective risk management strategy in a

Implementing an effective risk management strategy in a law firm Peter Scott Consulting www. peterscottconsult. co. uk

Who has a risk manager?

a Fin n titio pe om iness C us /b Asset le op Pe Operational l na io at t pu Re Eco no poli mic, tic fisc al, al Law Firm Risks Law Firm l ia nc Regula tory IT

Is your management in control of your risks op l Pe al n io at t pu e Operational Re Asset Management l Eco no poli mic, tic fisc al, al a Fin IT n titio pe om iness C us /b ia nc ry egulato R

Operational Risks – negligent advice Operational Law Firm

Examples of Operational Risks Negligent advice n n n n n Lack of management commitment to best practice and risk management Lack of knowledge by management Lack of supervision High risk work Client vetting / fraud Client care / matter care Resource capability Lack of knowledge/expertise/experience Precedents / multiple use of advice International work / overseas offices

Why manage operational risks? “The pursuit of excellence, with the aim of doing things better for the clients” Director of Risk of a ‘top ten’ UK law firm

Which common factors are necessary if risks are to be adequately managed? n Top level ‘buy in’ to management of risk Knowledge by management of its Business n A ‘no guilt’ culture to encourage disclosure n

Risk Management / KM n Risks are inter-related n Failure to manage knowledge involves widespread risk n KM is an essential part of an integrated risk management strategy

Your Risk Areas? n Where does the knowledge in your risk areas reside? n Can you access it? n Do you have systems to maintain and upgrade your knowledge?

Risk/KM Risk Knowledge Management

A Risk Management / KM integrated approach n Approach risk from a KM viewpoint and vice versa n Need to manage the risks relating to knowledge in any event n Managing the risks n Quality assurance n Greater competitiveness

Implementing a Risk Management Strategy DIAGNOSIS Identification and assessment MITIGATION Control, transfer and avoidance MONITORING Auditing, tracking and reporting When a risk crystallises LIMITATION Minimising the effect of crystallised risks

Risk Identification Involves: n n Being management driven Top down / bottom up Brainstorming sessions Facilitated discussions

Risk Assessment n n Incidence - probability Impact - severity

Risk Diagnosis Set criteria for assessing risks Identify detailed risks Identify high level risks Assess severity of detailed risks Assess severity of high-level risks Risk map Risk summary

Risk Mapping

Some key factors in identifying and assessing risks n n n n Areas of law Claims record Number and location of offices Fee income / size of firm Commitment to best practice Knowledge management Are risk management procedures in place? Supervision levels

Risk Mitigation Designed to: n n Avoid Reduce Transfer Accept

Risk mitigation Risk map Risk summary Residual risk summary Consider impact/probability correlation Consider available mitigation techniques Contingency plan requirements Insurance requirements summary Required controls summary

Monitoring involves n n Auditing, tracking and reporting Comparing actual outturns to preset indicators Confirming effectiveness of risk responses Reporting compliance and exceptions

Risk monitoring Required controls summary Contingency plan requirements Set risk indicators and methods to monitor them Insurance requirements summary Annual Risk Management Report

Limitation involves n n Risk crystalisation scenarios Contingency plans Limitation procedures Post event assessment

Use of risk management tools? Use an integrated risk management system to quantify, assess and control risk by : n streamlining diagnosis, mitigation and monitoring n embedding common risk management procedures n providing information access to all who need it n creating and maintaining one central, up to date risk database

Advantages of a formal risk management process? n n n Structured approach focuses on key risks Elimination of redundant procedures Comfort / assurance to PI insurers Universal application to all risk areas Continuous monitoring ensures management of risk is “lived” day to day

Is your management in control of your risks op l Pe al n io at t pu e Operational Re Asset Management l Eco no poli mic, tic fisc al, al a Fin IT n titio pe om iness C us /b ia nc ry egulato R

Any questions?