Formulating a risk management policy
Formulating a risk management policy

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Formulating a risk management policy
  • What is risk?
  • Regulatory requirements
  • Interaction with the risk register
  • Key features of the risk management policy
  • Implementing your risk management policy
  • Monitoring and reviewing your risk management policy

A risk management policy outlines the risks posed to a business and provides a set of actions to be taken to both prevent the risk from occurring and reduce the impact of the risk should it happen.

This Practice Note provides a guide to the features usually included in a risk management policy.

What is risk?

There is a widely accepted definition of risk, ie:

Risk = probability x impact

So, for any given risk faced by your business, there are two questions:

  1. how likely is it that the risk will materialise, ie what’s the probability?

  2. if the risk does materialise, how bad will it be, ie what’s the impact?

Regulatory requirements

General risk

You must identify, monitor and manage all material risks to your business.

This obligation extends to risks that may arise from a connected practice, ie a person or company, LLP or partnership etc that is connected to your firm by virtue of: 

  1. being a parent undertaking

  2. being jointly managed or owned, or having a partner, member or owner in common, or controlled by or, with your firm

  3. participating in a joint enterprise or across its practice generally, sharing costs, revenue or profits related to the provision of legal services with your firm, or

  4. common branding

Financial risk

You must actively monitor your financial stability and business viability—once you are aware that