The issue of risk management is so important to insurers that they have devoted the largest part of the annual professional indemnity insurance (PII) common proposal form to this subject.

As we now approach the PII renewal period, in a market with a reduced number of insurers and increased premiums almost guaranteed for many firms, firms should now consider how to effectively manage risk.

Top ten tips

1. Good client engagement procedures. Think before taking on a new client. Has the firm the capacity, capability and competence to accept instructions? Is the client/case too good to be true? Are there higher-than-normal risk factors?
   
   At a minimum, firms should have a detailed letter of engagement, including all relevant terms and section 150 notices. The set-up procedures should be uniformly applied in your firm to ensure quality and consistent standards.
   
   
2. Manage your critical registers. Firms can either operate manual or systemised registers, but they need to be used by everyone in the firm, they need to be reviewed regularly, and the overall responsibility for this must be given to a principal or a partner in your firm.
   
   The advantages of using an automated system means that there will be a firm and matter-centric view of this information, which is essential to managing risk. In relation to critical dates, there must be a system to establish that the correct date was initially entered. Solicitors should check the legislation wording if they are in any doubt.
   
   
3. Use your case management system effectively. This might seem obvious, but it is surprising how many firms are not maximising the use of their case-management systems. Many firms have invested significantly in advanced systems, but due to either time constraints or a reluctance to implement change, these systems are not being used either efficiently or effectively.
   
   Your case-management system will allow you to enter estimated fees and expected invoice dates, ensuring compliance with your obligations under section 150. Time recording should be kept up to date. All fee earners should time-record on every matter, regardless of the fee structure. This will enable the firm to keep track of the profitability of the case/matter.
   
   
4. Implement a file-audit system. It is imperative that firms have a system to audit files regularly, as early identification of issues is key to reducing the risk. As per the common proposal form guidance notes, the file is audited against specific criteria: fee earners should not audit their own files; a form is generally used; and the file should be scored.
   
   
5. Regularly monitor your own files. A system should be implemented to ensure that files are regularly monitored and reviewed. The common proposal form guidance notes define a file review as a “quick, frequent review of files to monitor progress, which can be done by fee earners on their own files or by a supervising partner”. Files should be kept up to date and progressed promptly.
   
   
6. Get everyone involved. Having eyes and ears throughout this process, as well as buy-in from all staff, is crucial. From the most junior member of staff to the most senior partner in the firm, everyone should be encouraged to contribute to the management of risk within the organisation.
   
   
7. Allocate time and sufficient resources to this process. This will take time but, in the long run, it will reap rewards, as time spent identifying potential issues and implementing appropriate controls will save a firm multiple hours when (not ‘if’) something goes wrong. The best firms we have worked with have a dedicated risk-management partner or even a risk-management team, who meet regularly with a representative from each department.
   
   
8. Review policies and procedures at least annually. All of your firm’s policies and procedures should be updated as required, but at least annually. Updated policies should be made available to all staff. Relevant and regular training should be provided to all staff, in particular in the areas of cybersecurity, GDPR, anti-money-laundering, and any other regulatory changes. If completing the full common proposal form, be mindful of the detail in the questions being asked in relation to risk-management procedures.
   
   You should not answer ‘yes’ to any question unless you can provide clear evidence that you have implemented the relevant policy or control. Be very wary of multi-part questions, as you must be compliant with all elements of the question. It is a regulatory offence to give a knowingly misleading answer to any question on the common proposal form.
   
   
9. Blame-free culture. It is so important that all members of staff in your firm are encouraged to seek assistance at the earliest opportunity if they make a mistake. No matter how big the error, early identification of the issue, along with the implementation of any remedial action, can greatly reduce a firm’s exposure.
   
   
10. Seek outside assistance. There is no need for your firm to start reinventing the wheel when it comes to drafting relevant policies and procedures. There are many risk-management resources and relevant templates available to firms, without charge, in the Law Society’s members’ area.
    
    There are many providers offering specialist staff training in relevant fields. External advisors, such as the Institute of Legal Research and Standards, can be engaged to assist firms in managing this area, either through an annual audit or by providing staff training and template policies to deal with all potential risk areas. 

Reasons to manage risk

• It increases the likelihood that you will achieve your objectives,
• It brings focus on what matters,
• You will make better-informed decisions,
• You will have fewer losses,
• It is forward looking and acts as an early warning indicator,
• The process also identifies opportunities,
• Good corporate governance demands it, and
• In short, managing risk reduces uncertainty to tolerable levels.

Gerard Joyce (chief technical officer of Cal Q Risk) concludes: “If I were to sum up the benefits of formally managing risk in two words, they would be ‘improved performance’.

Investment in risk management is returned in the form of better, more efficient operations, with less uncertainty and greater consistency. Consistency is fundamental to quality.”