10 things you should have done as COFA: Part two
In this two part series Richard Hill highlights five key areas of the COFA role. Below is the final instalment. Read the first five tips here.
The introduction of the Compliance Officer for Finance and Administration (COFA) and more crucially the reporting duties that are incumbent on the role has seen firms adopt a shift in focus away from past tendencies to reactively remedy breaches to the more proactive prevention of breaches. Acting after the event puts COFAs in the potential hot seat of reporting a material breach to the SRA. With responsibility for recording every breach of Accounts Rules, there should be no more crossing of fingers at audit time and hoping that certain files aren’t picked. With the COFA’s reporting obligations for material breaches along with the likelihood that Reporting Accountants will ask to review breach registers, in addition to the possibility that the SRA might require sight of the firm’s breach register at any time, in the current climate there is no escaping breach reporting (irrespective of the criticisms about the SRAs obvious lack of resources for handling a large volume of material breaches reported).
Here are a few suggestions (in no particular order) as to the areas that those (lucky) COFA’s in conjunction with the firm’s management team, should have in hand by now as we head towards the first anniversary of the role:
6. Been on top of cash flow (…..ensured financial stability)
It is likely that most COFA’s will feel as though they are now eating, sleeping and breathing financial management. The commercial sense of good financial governance is also a regulatory obligation with effective financial management a necessity under the SRA Principles and Code of Conduct.
COFA’s, as the focal point of the finance function, should by now have exerted their influence over working capital behaviour and credit control policies guaranteeing that cash flow targets are a key priority for senior management and all fee earners. The latest reports from the SRA indicates that nearly 1200 firms are experiencing financial difficulties and this should serve as a timely reminder that the tough market conditions for law firms are resulting in a continued squeeze on revenues in addition to the inevitable rising costs. Many of the 1200 firms may well have felt a very swift turnaround in their financial position – the potential for a fast rate of descent is something all COFA’s must be alive to, as pessimistic as that may seem.
COFA’s should now be in a position to understand the financial risks to their firm and to have considered and implemented the controls needed to mitigate these risks. Communication and information flow to senior management is pivotal in safeguarding the firm against the poor financial behaviours identified by the SRA.
7. Have in place an active breach register and know how to measure materiality
You must have in place a proven, working and up to date breach register. It’s likely (unless client transactions are minimal) that you will have plenty of minor breaches evidencing that the systems and reporting lines you have in place for identifying these trivial hiccups are effective. A firm who believes it has no minor breaches to record after nine months would be the first firm I would question unless the firm was exempt from submitting a Reporting Accountant’s report due to it not holding client monies.
In a perfect world, COFA’s would also record instances breaches of 'best practice'. Whilst not breaches of the Accounts Rules in themselves, they would provide a useful barometer indicating where compliance behaviours and attitudes are moving in a direction that is not desirable. This would also demonstrate a documented proactive, preventative approach to compliance.
The most important aspect of the breach register (beyond recording breaches) is that it must also contain the integral pieces of information that allow you to spot trends of minor breaches. This means that you must clearly identify the Account Rule breached and have a clear indication of how many times this breach has occurred.
Then of course there is the challenging question of how you measure materiality. This is a judgement call and in the OFR regime, one that is subjective. The COFA must therefore have the experience and status to reach a sound decision in problematic situations and particularly so when considering when a pattern of minor breaches becomes a material breach. The COFA will need to be able to justify their view on whether a breach is material or not. The ILFM has a simple five question initial test to apply to each instance to assist in determining materiality.
8. Organised training and fee earner 'enlightenment'
A training program ensuring all accounts staff are aware of the Accounts Rules should now be in place. In reality in many firms compliance with the Accounts Rules is one of many “balls” that fee earners must constantly juggle and so it is perhaps unsurprising that they can be over-reliant on Accounts in this respect. A focused effort should be made by the COFA to educate the fee-earners. Regular matter list “health check” meetings with fee earners to review both their client balances and working capital could be a useful exercise in achieving this.
Training and compliance reports should also by now form part of the agenda for partner meetings to ensure all senior management are aware of any issues. Achieving a firm wide culture of compliance starts from the top so including these issues as a regular feature on the partners meeting agenda not only reinforces its importance to the firm but also provides another opportunity to persuade any obstructive partners to leave the dark side. Remember, COFA’s are not scapegoats - all managers of the firm are responsible for compliance as well.
9. Reviewed your accounting systems, policies and procedures
Even for the well-managed firms the introduction of the COFA role will have prompted an assessment of the systems in place. As a minimum, an evaluation using Appendix 3 of the Accounts Rules (SRA Guidelines – Accounting Procedures and Systems) as the overarching policy to then drill down into practical implications of each requirement should have been undertaken.
Withdrawals from client account being a change from the previous Solicitors Accounts Rules 1998, would be obvious policy to consider reviewing - including safeguards on the signing of cheques and processing CHAPS payments. Other likely re-evaluations might include running through a walkthrough test with the legal cashier on a bank reconciliation, checking how client funds are “earmarked” (and also overcoming the perception that clients authority is needed for the transfer), and reexamining preceding Accountants Reports (AR1) for past slips ups and to ensure procedures and systems have been updated to avoid future breaches.
Consideration should be given to approaching your software providers to ascertain what compliance updates are on their roadmap - many have now come up with the concept of a “COFA Dashboard”. This shows how software is evolving with the roles and reinforces the need for the monitoring and responsive capture of compliance data especially for larger firms with multiple offices practising in several different areas of law.
The dashboard idea is a simple and effective concept that gives the COFA an interface to monitor and manage compliance. It offers a more effective and responsive solution rather than continually running reports as the dashboard should highlight "risk spots" and warning signs. Without such a tool, COFA’s must ensure that daily reports are run such as debit client balances, office accounts in credit, unpaid but recovered disbursements etc.
10. Kept up to date
This may raise a few eyebrows when the role is seemly based on ensuring compliance with a set of largely prescriptive rules that have varied very little in over a decade. The reality is that COFA’s do have a wider remit and so must be familiar with the regulator's view of risk. It is surprising how many people have not taken the time to look over the SRA’s Risk Framework and understand the regulations in the context of practice and risk management as well as the legal cashiering function.
How many of you were surprised to read the point made in bullet point two, regarding the annual reporting requirement? All COFA’s should already be aware that the 8th version of the SRA Handbook was released 1st October 2013. This update includes amongst others the change to remove the requirement to report minor breaches to the SRA (unless the firm is an ABS) although minor breaches do still need to be recorded.
Perhaps more pertinent though is to seek and share knowledge with your peers on the practical implications of compliance and the role itself. Make the time to attend networking events or an ILFM COFA workshop (shameless plug I know!), which enables delegates to benefit from the experiences, and good practices that the presenters and their co-delegates employ in their everyday working lives.