How to fasttrack a riskmanagement plan for 2016

Failure to implement a sophisticated risk and compliance plan for the new year exposes law firms to unnecessary dangers, writes Ronwyn North.

Does your practice already have a risk and compliance plan for 2016? If not, why not? Do you have such a plan for 2015-16, but are too busy, too tired or lacking motivation to review it? Whether or not you have a plan, how confident are you that next year you will meet all business and professional compliance deadlines and make inroads into reducing your biggest risk exposures? The truth is that all law practices can benefit from organising such activities into an annual calendar and reminder system.

Most firms run on an annual cycle, with December and January being the time when practice plans are reviewed and adjusted or when new plans are made for the coming year – or not. This is also the time of year when the people who should be doing the reviewing and planning can be busy with other tasks, or they may be on holidays or  suffering from ‘planning fatigue’ or all of the above.

Lack of systems

For reasons that are not entirely clear, planning and prioritising around risk and compliance management is often less developed or less sophisticated than other aspects of strategic or operational planning. That is, many firms have no systematic process for identifying and managing key risks and no plan for ensuring lawyers and the law practice are on track to meet compliance deadlines. Lawyers and firms, it seems, can be so busy managing their clients’ risks that they forget to manage their own.

Yet all law practices are familiar with calendar and reminder systems for client work. Systems can be as simple as a paper diary or more sophisticated electronic applications that integrate appointments, events, deadlines and workflow tracking and escalation functions. The same kinds of approaches that work for client-related activities can work for practice risk and compliance events, deadlines and accountabilities. A risk and compliance calendar provides an overview of the annual risk and compliance cycle and allows a firm to, in effect, make appointments with itself to make sure that what should happen does happen in a planned and coordinated way. Hence the risk and compliance calendar should cover what, when and who:

• What: a description of the items or actions that need to be scheduled
• When: the due dates for deadlines, lead times, reminders and follow-up
• Who: determining who has responsibility for ensuring and overseeing that action is taken and dates are met.

To help get you started in developing or checking your risk and compliance calendar, below is a list of items or actions that could be scheduled for a typical law practice. The list is indicative only. Some items may need several actions and not all are listed here.

Setting up a risk and compliance calendar

(indicative items to be scheduled)

Risk and compliance calendar

• Determine a cycle for setting up, updating and monitoring the calendar itself
• Set a reporting cycle for risk and compliance to the board or partnership, management, team meetings and for the annual report

Legal regulatory compliance

• Organise mandatory Continuing Professional Development (track progress, issue reminders of deadlines and check compliance)
• Set trust account routines such as monthly reconciliations, annual statements and adjustments to statutory deposits
• Ensure the trust account examiner’s report is obtained in time for renewal of PCs
• Ensure compulsory professional indemnity insurance is in place in time for renewal of PCs
• Ensure practising certificates are renewed on time (note: different jurisdictions have different approaches to deadlines, renewal periods, late fees)

Risk, quality and control monitoring

• Determine risk reviews and set priorities for risk reduction (professional and business risks)
• Manage audits and reviews of client files, processes and performance of personnel
• Review the adequacy of professional and business insurances
• Set professional indemnity insurance ‘circumstances’ declarations; for example, quarterly
• Organise risk-ethics education for all law firm personnel

Business compliance and critical dates

• Meet expiry and renewal dates for leases, licences, supply contracts, IP assets
• Comply with returns and payments such as corporate returns, tax payments (GST, superannuation, income)
• Review adequacy of contingency plans.

Even the smallest law practice needs to pay attention to most of these items and, if all firms attend to these bare bones of a risk and compliance plan, then there is a good chance a lot of angst will be avoided.

For those that want to take managing risk and compliance to another level, such a calendar provides a framework or structure for putting flesh on the bones. That is, the calendar items can prompt deeper inquiry and consideration of risk and compliance priorities and planning. For example:

• Ensuring risk and compliance reporting is on the agenda for various meetings may prompt consideration of risk structures, accountabilities and communications
• Risk and insurance reviews and reporting may require data collection and analysis processes (e.g. incident and audit data will reveal  lessons to be learned and opportunities to plug weaknesses or strengthen controls, and monitoring of external  trends and practice changes may indicate new or emerging risks)
• The outcome of data analysis and review should, in turn, inform goal-setting and the priorities, focus or topics of the next round of audits, process improvements and education.

All of the above require that some provision be made in financial or time budgets.

Management expert Alan Lakein once described planning as “bringing the future into the present so you can do something about it now”. A good plan has focus, goals, accountabilities and, most importantly, timeframes for action in the hope and expectation of shaping the future the way you want it to pan out.

Planning purists may say that scheduling a bunch of actions before setting goals for the plan is putting the cart before the horse. However, who says a cart must only ever be pulled? Practice managers may be time poor, but I do not believe they are into busy-ness for the sake of busy-ness. However, a good risk and compliance calendar and reminder system can be a simple but effective push towards doing more of the right things with managing risk and compliance.

Safe practice and season’s greetings.

Ronwyn North is the managing director of Streeton Consulting and a qualified lawyer who specialises in consulting to the legal profession on practice management issues, including risk management. She can be contacted at rjnorth@streetonconsulting.com.au.