The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
the quarterly magazine of ILTA 45 Peer to Peer Trends Shaping the Future of Legal Risk Management from clients for alternative fee arrangements (e.g., fixed, capped or contingency) increases the likelihood that some clients will become "bad clients," especially in this rough economy. In addition, the increased outsourcing of legal processes is forcing lawyers to adopt principles of project management, including scope definition and budgets, scope change control and status communications. "Know-your-client" obligations are being given more serious consideration, with some firms re-validating clients from time-to-time and some contemplating teaming experienced project managers with partners to lead matters. client sophistication with Risk Requirements: • The continuing formalization of client relationships has created a noticeable increase in questions from corporate legal departments about law firms' risk handling capabilities. Questions in RFPs are common, and a few law firms have been audited for risk mitigation protocols by their largest clients. Based on current trends, we are expecting risk questions to become more specific and sophisticated over the next two years. outsourcing of it Risk: • Law firms have made huge investments in IT recovery capabilities as they understand the effort and diligence necessary to maintain redundant systems and data. IT has increasingly viable options to lean on third parties for the expensive and not-so- often-used recovery capabilities. These transitions to outsourcing have the potential to notably reduce costs and save staff time. from implicit to Explicit Risk Mitigation: • The legal market is conservative when it comes to risk management, and firms often view the proactive identification of risks, along with the subsequent setting of policies and compliance expectations, as activities that cause more peril than they resolve. While the expectation for explicit policies and education is growing in general, specific IT policies and the automation of assessment and compliance (for risks such as data confidentiality and system change management) are still exceptions. We expect that to change in the next two years. centralization of Risk Management Responsibilities: • Responsibilities for risks are as fragmented as the risks themselves. A slowly emerging practice is to create a multifunction risk team that includes business leaders across the firm and some representatives from practice groups. The charters for these committees include governance, risk and compliance (GRC). Governance refers broadly to the rules, processes or laws by which organizations are operated, regulated and controlled. An organization's perception of and tolerance for risk rest on the backbone of its governance. Risk management comprises the plans, policies and procedures designed to control activities in order to accept, avoid or minimize risk. To understand whether risk management controls are being followed, compliance, the organization's behavior relative to those controls, must be monitored and measured. internal assessments: • An elemental aspect of professional risk management is the ability to create a sustainable education and compliance environment. While periodic external audits are appropriate, an internal assessment capability ensures day-to-day analysis of progress and improvements. Some larger firms have hired director-level risk leaders to facilitate this process, although these roles still have limited purview to reach across the firm to identify risks. As the multi-disciplinary risk teams mature, the internal assessment process is expected to be high on the agenda. from loss Prevention to competitive advantage: • The main focus of risk management in law firms has been minimizing losses from malpractice claims. The newly developed ISO 31000 risk management standard offers a more positive perspective; it notes that risk management is not only the mitigation of loss, but also the improvement of "efficiency in operations, environmental protection, financial performance, corporate governance, human health and safety, product quality, legal and regulatory compliance, public acceptance, and reputation." By addressing risks represented by the topics discussed above, law firms can find ways to create business advantages. It took ten years for general counsels and risk partners to be commonplace in law firms, and we expect that some of these trends will also take years to become the norm. In the interim, IT's proactive participation in understanding and addressing risks helps to ensure that consequences for risk events do not fall disproportionately on IT's shoulders. ILTA David b. cunningham is a Managing Director of baker Robbins & company and leads the firm's strategic technology services practice. for the last 18 years, he has helped law firm leaders with assessments and plans focused on cost, risk, and lawyer effectiveness. he created the law firm technology scorecard to provide a more fair and in-depth approach to benchmarking it and the law firm Risk Register to provide a more comprehensive approach to risk management. he can be reached at dcunningham@brco.com. Meg block has over 25 years of experience consulting to the legal community and leads baker Robbins & company's Records Management | Workflow | Risk Management solution lines. she is a member of baker Robbins' information life cycle Management Group where she teams with e-mail and document management experts to develop practical and defendable digital records management strategies. she can be reached at mblock@brco.com.