How to manage risk

Fee earners want autonomy, but law firms want managed risk. How can they align risk and compliance into a workflow process?

There is potentially an immediate conflict when squaring the issue of risk management with the aspirations of many fee-earners, who naturally want to practise good law with a fair degree of autonomy.

Complete fee-earner autonomy is now less acceptable for risk-conscious management. Where elements in case workflow have been consolidated or standardised as far as the process can be across the practice, the amount of risk reduction that can be achieved and the attendant benefit for partners and fee-earners can be significant.

The niche lawyer may still say ‘my work is too complex and too varied to be commoditised’ – but just because work isn’t highly repetitive doesn’t mean it cannot be risk-managed properly. To introduce elements of warning into case flow, or better still automated alerts at various points in the transaction, must improve awareness of risk.

Some of these alerts may work best as mandatory, requiring the fee-earner to deal with them before the transaction could go any further. All practices have generic risk, risk that is common to all, which should be monitored and controlled. Those who resist are perhaps more concerned with change management than how to make sure that as much is done automatically to maintain compliance as possible.

The profession is increasingly regulated not only by the Code of Conduct but also by statute. Finding ways of avoiding the pitfalls is essential to good practice management. Who, for instance, would not want to be reminded about a limitation date?

Code of Conduct
When sitting down to design a new case flow, a good starting point is the relevant statutory and compliance requirements, and their timing as the transaction proceeds. This commences with the Code of Conduct. Many of the associated documents are the same across all the disciplines – terms of business being one good example. Before starting any transaction, solicitors should perform identity conflict checks. Some of this may fall into document management, but it is risk management too. To omit these checks from workflows is to increase risk.

What managers of the business need to know is that they can be sure that, in providing services, the intended outcome is achieved and delivered in good time, and that mistakes are eliminated or minimised to reduce complaints and claims. Apart from anything else, this optimises the service being provided and contributes to client satisfaction, as well as saving time and money.

But many do not like the thought of being ‘standardised’, and this is often a challenge for management to overcome. Management need to find straightforward ways of following the rules and to discourage flouting them.

In an earlier ‘In Business’ article, I suggested that if a law firm is finding ways to comply with the regulations and statute there is a saving that directly improves the bottom line. After writing that article, one law firm partner said to me: ‘The trouble with lawyers is that they are trained to question, and therefore some of them appear to try to find ways to get around rules, rather than complying – treating them almost as a challenge.’ He painted the analogy of receiving a lease from an opposing party, where the object of the exercise was to get the best possible outcome for his client by deleting, inserting or changing paragraphs to suit. ‘It is therefore difficult for some,’ he argued, ‘to apply at the same time an opposing principle when running a case or transaction though a standardised process which follows rules that can’t be changed to their liking.’ Mind you, that partner was a MLRO (money laundering reporting officer)…

Automated processes
Case management systems can deal with workflows best of all, despite it being not essential to have them to satisfy compliance. The ideal workflow is what used to be – or should have been – a list of jobs to be done and jobs completed. After all, lawyers worked perfectly competently without IT for many years and it is still possible to find lawyers who still work that way.

But the profession and the world in general is more regulated than it has ever been, and with all the complication this brings why make life harder, when certain processes could be automated to reduce risk and worry? It is much easier to handle a visit from the Solicitors Regulation Authority and to show how you handle risk and file management if all the necessary elements are in the case flows.

The larger the practice, of course, the more complicated this becomes. Tim Dexter, Lexcel assessor for training and assessment company Quality South East, told me that ‘compliance won’t just happen – you have to define the objective and not muddle through. It is clear that those firms who have worked it out and used IT systems in support of good work flow are best placed to reduce risk and maintain compliance’.

Any practice undergoing the process of obtaining a quality standard such as ISO 9001-2000 or Lexcel will see the benefit of automating case flows to implement the consistency required. They are still able to meet the standard without such automation, but usually they recognise that full use of case management systems means they are more likely to comply with the Code of Conduct as well as the quality standards. Lexcel sets the bar at a level above the Code of Conduct. But there is always a chance that fee-earners will go their own way – and this is more likely where case flows do not exist in a case management system which is accessible to all. As has been said on many occasions, it is not bad law that causes most complaints and claims – it is failure of processes. Clients are more likely to complain about bad service than anything, even if it does not lead to a claim.

When the SRA audits your practice, a most likely breach is the failure to show evidence of compliance requirements. Electronic case management systems can eliminate the risk of oversight if you choose to set them up this way. File reviews are then important because they back up the firm’s policy and procedures set by management, and see that they are carried out. Internal audit by way of file reviews has come late to the legal profession compared with other industries, which have audited and systemised work processes. This is the case for manufacturing as well as services, and is not a new concept in the commercial world.

Valuing staff
For management, risk control is a ‘no-brainer’, but for many partners and fee-earners it is also sometimes seen as an imposition on the integrity of the professional who, understandably, wants to be trusted and respected. People also need to feel valued and to be able to use their initiative. This is important, but can be more difficult to manage, especially when the difference between a loose cannon and someone who usefully thinks outside the box can be a grey area.

Equally, it has become apparent to a partner I spoke to in a large firm, who is responsible for improving and working towards recognised quality standards, that newly qualified solicitors appreciate the value of greater supervision engendered by good risk management policies and procedure.

This theme is echoed by Gerard Whitehouse, senior partner of Birmingham firm Blakemores: ‘One of the many benefits of Lexcel and a good case management system is the reduction of risk. Lexcel promotes protocols and policies to ensure conformity of good practice by the experienced and the inexperienced, which is perpetuated in a firm’s case management system.’

Uniform workflow procedures in case management systems underpin the importance of risk control, and this has been recognised by an increasing number of more advanced law practices.

But what goes on behind the scenes is not simple and will usually require a senior person, who knows what he is doing, to be accountable and responsible for managing it.

With this in mind it is not difficult to see why the Code of Conduct now requires such responsibility to be defined.

It is, however, worth repeating that the front-end should be as simple as possible for the users. Most IT case management systems are barely used to half their capability. To increase their complexity will only reduce the willingness to use them and therefore push further away the objective of risk reduction.

Mike Gorick is now a partner at consultants SSG Legal, specialising in mergers, risk and quality standards.