Risk is for everyone, not just management
5 February 2007
10 June 2013
11 November 2013
16 January 2014
11 September 2013
30 September 2013
Risk touches on every area of an organisation's operations, and both legal practices and in-house lawyers have in recent years become exceptionally conscious of the importance of risk management. Law firms in particular face a myriad of perils, any of which could close their businesses. Risk management isn't a question of just ticking boxes - firms need to demonstrate that managing risk is at the top of their agendas.
The traditional way of mitigating risk has been to introduce internal audit and compliance procedures, concentrating responsibility at the top of the organisation and considering how to insure or underwrite insurable risks, while limiting the likelihood of making a claim and thus reducing premiums. However, a more effective methodology that is gaining acceptance is the adoption of a top-down strategy that starts in the boardroom.
This approach is to consider engendering a culture of 'functional self-responsibility' in a business, which cascades down through an organisation and creates absolute clarity about how the business as a whole operates.
At the core of this concept is the need to address the functional structure within the practice, looking at the fundamental issues about how it is run profitably and assessing who does what role and whether they are appropriately skilled or experienced for the job. It divides the functions required in a successful law firm into three groups and colour codes them. By colour-coding activities as red, blue or black the firm can demonstrate where time is currently spent across the organisation.
Red activities are non-revenue-generating and include such activities as compliance, administration, HR and IT. Blue activities include all revenue-generating functions and are client-related. As well as fee-generating lawyers, this will also include anyone involved in marketing, for example. The third category, coded black, denotes strategy activities related to business growth and includes joint ventures, mergers and business positioning.
Too often boards are busy handling red and blue activities instead of strategic black activities and can be unwilling or not feel confident in delegating downwards. Getting the correct functionality in place means getting the most appropriate people in a business undertaking activities for which they have the skills, improving skills where this is needed and then empowering staff to understand the responsibilities attached to each role.
By each person within an organisation taking responsibility, risk issues are identified at an individual level and are no longer seen by employees as merely a responsibility of the organisation. Risk management, therefore, becomes an integral part of the culture and is adopted by each person as part of their employment function.
A firm that has its functionality balanced correctly , that has a resource management strategy in place aligned to business objectives, and has a distribution programme to manage and develop business relationships, is much less a risk for financial institutions.
The colour analysis not only allows a board to manage this functionality, but also allows the implementation to be assessed externally. This means that these procedures, which enable risk management and which the company has implemented, could be a tangible measurement used in the calculation of premiums.
It is a methodology that is being considered by the insurance and financial sectors as a key performance indicator by which businesses can be measured and premiums or loan security reduced accordingly.
The framework can also be used to assess potential risks inherent in joint ventures, mergers or acquisitions. Opinions vary as to the failure rate of mergers or acquisitions, but it is thought to be between 35 and 75 per cent, despite rigorous due diligence procedures.
The technique of assessing a business through analysis of its functionality can form the basis of a cultural due diligence practice, which assesses specifically the level of match between two organisations by exploring the areas of alignment (or lack of).
By using these assessments alongside the commercial due diligence procedures, the likelihood of failure is mitigated and the potential to reach financial and operational goals increased.