Implementing an effective risk
management strategy in a law
firm
Peter Scott
Peter Scott Consulting
www.peterscottconsult.co.uk
Who has a risk manager?
Law Firm Risks
Operational
Law
Firm
Is your management in control of your risks
Operational
Management
Operational Risks – negligent advice
Operational
Law
Firm Law
Firm
Examples of Operational Risks
Negligent advice










Lack of management commitment to best
practice and risk management
Lack of knowledge by management
Lack of supervision
High risk work
Client vetting / fraud
Client care / matter care
Resource capability
Lack of knowledge/expertise/experience
Precedents / multiple use of advice
International work / overseas offices
Why manage operational risks?
“The pursuit of excellence, with the aim
of doing things better for the clients”
Director of Risk of a ‘top ten’ UK law firm
Which common factors are necessary if risks are
to be adequately managed?

Top level ‘buy in’ to management of risk
Knowledge by management of its
Business

A ‘no guilt’ culture to encourage disclosure

Risk Management / KM

Risks are inter-related

Failure to manage knowledge involves
widespread risk

KM is an essential part of an integrated
risk management strategy
Your Risk Areas?

Where does the knowledge in your risk
areas reside?

Can you access it?

Do you have systems to maintain and
upgrade your knowledge?
Risk/KM
Risk
Knowledge
Management
Management
A Risk Management / KM
integrated approach

Approach risk from a KM viewpoint and vice
versa

Need to manage the risks relating to
knowledge in any event

Managing the risks

Quality assurance

Greater competitiveness
Implementing a Risk Management Strategy
DIAGNOSIS
Identification and
assessment
MITIGATION
Control, transfer and
avoidance
MONITORING
Auditing, tracking and reporting
When a risk crystallises
LIMITATION
Minimising the effect of
crystallised risks
Risk Identification Involves:




Being management driven
Top down / bottom up
Brainstorming sessions
Facilitated discussions
Risk Assessment


Incidence - probability
Impact - severity
Risk Diagnosis
Set criteria for
assessing risks
Identify detailed
risks
Identify high
level risks
Assess severity of
detailed risks
Assess severity of
high-level risks
Risk
map
Risk
summary
Risk Mapping
IMPACT
High
High impact/ low incidence
High impact/ high incidence
Low impact/ low incidence
Low impact/ high incidence
Low
Low
High
INCIDENCE
Some key factors in identifying and assessing risks








Areas of law
Claims record
Number and location of offices
Fee income / size of firm
Commitment to best practice
Knowledge management
Are risk management procedures in place?
Supervision levels
Risk Mitigation
Designed to:



Avoid
Reduce
Transfer
Accept
Risk mitigation
Risk
map
Risk
summary
Residual
risk
summary
Consider
impact/probability
correlation
Consider available
mitigation
techniques
Contingency
plan
requirements
Insurance
requirements
summary
Required
controls
summary
Monitoring involves




Auditing, tracking and reporting
Comparing actual outturns to preset indicators
Confirming effectiveness of risk responses
Reporting compliance and exceptions
Risk monitoring
Required controls
summary
Contingency plan
requirements
Set risk indicators and
methods to monitor
them
Insurance
requirements
summary
Annual Risk
Management Report
Limitation involves




Risk crystalisation scenarios
Contingency plans
Limitation procedures
Post event assessment
Use of risk management tools?
Use an integrated risk management system to
quantify, assess and control risk by :
 streamlining diagnosis, mitigation and
monitoring
 embedding common risk management
procedures
 providing information access to all who
need it
 creating and maintaining one central, up to
date risk database
Advantages of a formal risk
management process?





Structured approach focuses on key risks
Elimination of redundant procedures
Comfort / assurance to PI insurers
Universal application to all risk areas
Continuous monitoring ensures management of
risk is “lived” day to day
Is your management in control of your risks
Operational
Management
Any questions?