Riliance: the importance of developing an effective risk management framework
Risk management can be a contentious issue for law firms, as it’s one more added pressure that doesn’t seem to relate directly to the firm’s core business.
Various organisations have already found out the hard way that a failure to deal properly with risks can have devastating consequences. For instance, Enron, with assets worth US$63.4 billion, suffered from the largest insolvency in US history, having fallen foul of credit and audit risks.
Risk management is important because some risks are inevitable within any progressive organisation that is seeking to grow and succeed. This is particularly applicable to firms in the legal sector, which encounter risks every day. Being aware of these risks also raises awareness of the need for good risk management. This shouldn’t be seen just as a necessary evil. Indeed, if companies are more aware of both the threats and opportunities they face, and know how to manage them, they’re likely to gain a significant advantage over their competitors.
So far, the legal sector has fallen behind others in this area, as law firms have failed to approach the running of their companies as a business activity. This is partly because many lawyers are suspicious of technology and believe that they don’t have the necessary time or ability to focus on such issues. This, of course, is nonsense, as a good system will be easy to use and, once implemented, will save much time, trouble, and potential expense. Despite this, too many professionals still see risk as something that isn’t their responsibility and this is an attitude that needs to change.
So, why is the development of effective risk management systems so important and how can it be seen as something beneficial rather than an onerous duty?
1. A better performance. Good risk management can enhance your firm’s performance against its objectives by helping it to avoid many unexpected problems. It should also lead to a lower cost of capital.
2. Better use of resources. A strong risk management framework will help your firm to use its resources more effectively and manage contingent and maintenance activities more efficiently.
3. Less risk of fraud. A real-time, automated risk management system will reduce the risk of your firm becoming a target for money laundering or other fraudulent or criminal activities.
4. More powerful strategies. Risk management also has an important role to play in the development of new change initiatives and other innovations; and in the development of both internal and external strategies.
A framework to die for
For firms in the legal sector, the SRA has produced some guidelines about the key elements that are required from a risk management system. These include:
• A clear view of the risks in relation to the regulations and the firm’s exposure to these risks
• An ability to show where the most significant risks lie
• The development of controls that will address these risks in a ‘proportionate and effective manner’
• Clear governance arrangements that ensure that any risks will be escalated appropriately and that there is accountability for the effective management of the risk.
One approach you could take in order to achieve these objectives is to develop an interactive risk register. This will enable you to show and monitor identified risks and the actions that need to be taken to mitigate them. This is where technology becomes essential – there’s little incentive for legal professionals to spend their time on paper-based or spreadsheet systems based on the minutes from a risk management meeting. This is because monitoring, evaluating, reporting and developing such a system is time-consuming and dreary.
As a result, many of the necessary improvements or changes that need to be introduced fall by the wayside. Risk management becomes a start-stop process that’s pushed by management meetings and minutes but that has little impact on the culture of the firm or on the development of more effective policies and procedures. According to UK regulators, this is a recognised area of failure in terms of achieving best practice in risk management, which needs to be a continuously evolving process.
In contrast, a technology-based approach to risk management is both simpler and quicker to use once the initial system has been set up. Numerous risk management frameworks and practices have been developed in industry and by regulators to help to define best practice. These include specific approaches that take into account the type of risks involved (for example, operational, credit and so on).
Ultimately, however, any risk management approach will only work if it becomes part of the corporate culture and is embraced and supported by the firm’s leadership team. It needs to be carefully implemented and administered, with a clear reporting structure. This should ultimately involve reporting to the senior leadership team – and the lack of such a structure is where these approaches often fail in the long term. Risk managers must have direct and unfettered access to senior managers and the board of directors.
Law firms are increasingly using technology for many operations, from promotions on websites right through to storing information in the cloud. However, the legal sector lags behind other industries as it is still heavily dependent on paper-based processes rather than using the latest technology to streamline its activities. This is particularly true for risk management, even though this is an area which can really benefit from technology and automated processes that can save legal firms time, trouble and money.
For instance, technology can help through benefits such as: automated risk registers, better quality, real-time results, central visibility and control of risk management, task-driven processes, the delegation of compliance tasks, and the development of a new, risk-focused corporate culture. Of course, care must be taken when changing a company’s systems and culture. There needs to be proper training and an approach that doesn’t compromise the security of existing systems. However, technology can still make a huge difference to your ability to manage risk effectively.
Establish best practice
Some of the measures you’ll need to take involve the development of a risk register, audits, processes for reporting any breaches and so on. There will also need to be a risk committee that will be responsible for managing risk within your businesses and which reports to senior management. The risk committee will also oversee the continuing evolution of risk management within your firm. This will include updating the risk framework to reflect such issues as the changing business environment, risk appetite, new business objectives, and so on.
This might seem very daunting at first, but help is at hand! To enable firms to migrate more easily to an efficient, technologically-based approach, Riliance has developed a cloud-based risk and compliance management platform. Once you’ve identified the risks inherent in your business, we’ll help you to implement central planning and mitigation strategies. With our risk management framework, you can record and categorise your risks and delegate the operation and review of the mitigation strategy to specific employees.
So, risk management has become a vital issue that needs to be embraced by law firms. It won’t just go away; every firm should have a good risk management strategy in place, hopefully aided by technology. If you need further help or advice on this issue or would just like to know more, please don’t hesitate to contact us.
This article appeared in LPM magazine. Download the full issue of LPM July: Who are you? here.