Protecting your practice—an introduction to law firm risk management
Produced in partnership with Pam Grover-Mitchell
Protecting your practice—an introduction to law firm risk management

The following Practice Compliance practice note Produced in partnership with Pam Grover-Mitchell provides comprehensive and up to date legal information covering:

  • Protecting your practice—an introduction to law firm risk management
  • What is risk?
  • Where to start
  • Who sets risk management strategy?
  • Considering risk
  • Typical exposures in the firm’s practice areas
  • Issues arising from your practice composition
  • Patterns or themes in PII notifications, claims, breaches and complaints
  • List and prioritise risks
  • Accountability
  • More...

Risk management is a cornerstone of a firm's governance, culture and business strategy. It requires the application of principle to specific circumstances. The challenge for law firms is that they must define their own principles.

Most lawyers easily detect potential weaknesses in day-to-day practice, but strategic management of risks to the entire practice comes less naturally.

This Practice Note sets out practical steps and considerations for law firms in managing their risks.

What is risk?

There is a widely accepted definition of risk, ie:

Risk = probability x impact

So, for any given risk faced by your business, there are two questions:

  1. how likely is it that the risk will materialise, ie what’s the probability?

  2. if the risk does materialise, how bad will it be, ie what’s the impact?

Where to start

Sound risk management starts with identifying the risks that your firm faces in the first instance. It may help to think of these as falling into some common categories:

Category of riskExplanationExample
Strategic riskRisks that could materially affect your firm's survival or profitabilityReputational damage
Moving into or out of specific areas of practice
Inadvertent involvement in money laundering
Opening a new office
Succession planning
Competition from peers
A planned merger
Major business continuity event
Operational riskRisks that are associated with day-to-day activities and managementIneffective or non-existent internal policies and procedures
Failure of case management system
Poor supervision
Moderate business continuity event
Outsourcing
Regulatory riskThe risks you

Popular documents