1. What are operational risks?
Operational risks cover mainly the following:
- External events
People are essential in any business entity. In a law practice, people comprise not only lawyers but also each and every employee who works at the practice.
Every employee must be competent, efficient, and professional in the tasks that he or she is engaged to perform. Staff must be supervised, be honest and ethical as the business of law is also a regulated profession.
Succession planning is also essential for business continuity, in the event key personnel of the practice leave or have to be replaced.
Many hands are involved in a client matter, including support staff, legal secretaries and even the client himself or herself.
Processes ensure efficient and professional delivery of legal services.
Work flow systems (case management) enable every stage of a client matter and any money received to be tracked from the time a client file is opened until the matter is closed.
Risks of human errors/omissions and complaints for non-compliance with professional practice and ethical rules made under the Legal Profession Act are also addressed.
Case management need not be complex. There is affordable generic software designed for case management for law practices of every size.
Finally, processes include business development strategies and insurance risks review by a practice. This makes good business sense.
- Are there new areas of practice /business opportunities?
- Does the practice’s work carry any increased risk?
- Is our professional indemnity insurance cover sufficient?
- Do we need Key Man insurance or public liability insurance?
Systems relate mainly to technology both hardware and software. Technology is used to store data and documents. Client matter related data and documents must be protected in view of obligations relating to client confidentiality and protection of personal data.
Technology is used in legal practice for filing requirements, as required by the Courts, government agencies and statutory boards, as well as for the deposit and withdrawal of conveyancing money.
Technology risks in a practice are varied. They can range from poor or weak password management to clicking on unknown e-mail attachments. They can also arise from using obsolete technology or outsourcing IT to a third party with poor management. Cyber-attacks and data breaches through the lack of security technology are a significant risk and well-publicised.
Unexpected events external to a law practice can have a significant impact on the practice, such as a disease outbreak (e.g. the 2003 SARS outbreak in Singapore), cyber-attacks or the loss of key suppliers or vendors of the practice.
2. Who should address operational risks?
Operational risks are addressed by the proprietor, partners or directors of the practice, staff (whether HR, accounting, IT, paralegal or other support) and the other lawyers in the practice.
Where applicable, certain types of operational risks can also be addressed by the appropriate external vendors engaged by the practice.
3. How to address operational risks
Operational risks are identified and addressed by knowing what risks your practice faces, and anticipating and managing them with:
- checklists; and
- template forms and documents.
The good news is that strategies, policies and documentation can be found in the Law Society's Practice Management Guide (2017 edition) (the 'Guide'). The Guide contains written templates of precedent checklists, strategies and policies to address operational risks such as business continuity, business development, and HR management covering recruitment policies, induction, training and appraisal.
The Guide also has comprehensive templates for client file management processes including checklists for file opening, on-going file management and file closing. A comprehensive compliance checklist for anti-money laundering and countering of terrorism financing is also published in the Guide.
4. What's next?
Start to identify what the operational risks of your practice are.
Ask how severe and frequent the risks that you have identified in the following areas occur:
- External events
Begin to implement your plans and processes to address the operational risks that you have identified. As you do, begin to ensure operational risk management becomes an important part of your practice.
Help and support are available to practices and lawyers under the Law Society’s risk management training programmes and resources.