Ilta09 Law Firm Risk Management  D Cunningham
Upcoming SlideShare
Loading in...5
×
 

Ilta09 Law Firm Risk Management D Cunningham

on

  • 1,942 views

Presented by Dave Cunningham at ILTA 2009.

Presented by Dave Cunningham at ILTA 2009.

Statistics

Views

Total Views
1,942
Views on SlideShare
1,934
Embed Views
8

Actions

Likes
0
Downloads
38
Comments
0

2 Embeds 8

http://www.slideshare.net 7
http://blackboard.edcc.edu 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Ilta09 Law Firm Risk Management  D Cunningham Ilta09 Law Firm Risk Management D Cunningham Presentation Transcript

  • Law Firm Risk Management: Can It Grow Profitability? Moderator: Adam Hansen Director of Information Security, Sonnenschein Nath & Rosenthal Panel: Pat Archbold, VP of Risk Practice, IntApp David Cunningham, Managing Director, Baker Robbins & Company
  • Agenda • Risk Defined • Legal Risk Types • Business Benefits • UK vs. US Risk Environment • Risk Roles and Organization • Risk Management Approach • Future of Risk Management • Three Next Steps • Questions and Answers
  • Risk Defined Risk is the uncertainty caused by the occurrence of an event that might affect the achievement of objectives. • The management of a law firm’s risks involves decisions that are not simply about avoiding a negative impact but also about pursuing a positive (but un-guaranteed) impact on business opportunities. • Consequently, effective risk management not only mitigates losses but can also positively contribute to the competitive standing of a firm. • This tension between adverse risks and desirable business opportunities makes risk management an essential element of firm governance.
  • Legal Risk Types Risk Types Example Risks Key Roles IT Systems: Continuity, Recovery, Security, and Access Management. CIO, Data: Confidentiality, Integrity, Ethical Walls, Retention, Data General Counsel Protection, Data Transfers, Hosting of Third-Party or Client Data. Third Party Suppliers: Maintenance/Support, Contracts and Outsourcing. Financial Audit, Financial Internal Controls, Financial Transparency and CFO Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks. Practice Client Relations, Lateral, Professional Responsibilities (including Practice Leaders, General Management malpractice, conflicts, records, and litigation support), and Counsel, Directors of Professional Development Risks. Conflicts, Records, Lit Support, Library, and KM. Strategic / Firm Governance, Risk Management Governance, Reputational, Managing Partner, Corporate Marketing, and Market Risks. Marketing Director, General Counsel Operational Employment, Fraud, Damage to Assets, and Insurance Mediation HR Director, COO, Risks. General Counsel Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
  • Business Benefits • Loss Prevention • Cost Savings • Departmental Efficiencies • Competitive Edge – Growth in Lateral Talent – Growth and Retention of Clients – Quality of Client Relationships – Alternative Fee Arrangements • Quality of Working Environment • Reputation
  • In the News… (03/10/2009) Top five risks identified as facing law firms (order of severity): • Bankruptcy or acquisition of significant clients • IT security • Pressure on fees and the need for 'instant' advice leading to claims • Conflicts of interest •Errors made by staff/lawyers on complex, high-value transactions A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
  • UK vs. US Risk Environment
  • In the News… (05/21/2009) “The Financial Services Authority (03/13/2009) (FSA) has brought charges of “In a much-touted speech on insider trading against two Thursday (12 March), FSA chief lawyers – including a current executive Hector Sants outlined a partner in the London office of break with light-touch, principles- Dorsey & Whitney – it has based regulation, arguing the emerged. City should be ‘very frightened’ of the body.” The move marks a more aggressive stance from the FSA, which earlier this year secured its first successful insider trading prosecution…”
  • US News 3/20/2009 08/06/2009 The FTC Strikes Back: (Essentially) Everyone Should Be Complying Dept. of Heath and Human Services With Red Flags Rules, Especially 45 CFR Parts 160 and 164 The Healthcare Industry Examples of business associates include The FTC, with unusual third party administrators or pharmacy frankness, emphasizes that no benefit managers for health plans, claims industry is exempt as a “creditor” processing or billing companies, …….The FTC also pulls no punches when identifying potential “creditors,” transcription companies, and persons who listing a wide range of industries and perform legal, actuarial, accounting, businesses, including physicians, management, or administrative services for lawyers, merchants” covered entities and who require access to protected health information.
  • Who’s Ultimately Responsible for Risk Management? 2007 2009 Single Individual: 36% Single Individual: 63%
  • Risk Roles and Organization • Firm Internal Roles – General Counsel – Directors of Loss Prevention, Conflicts, Records – Professional Responsibility Partners/Ethics Partner – CIO or IT Director – Directors of Security, Business Continuity – Business Departmental Directors – Partners / Lawyers – Committees • External Roles – Insurance Underwriters/brokers – Clients – External Assessors
  • Risk Management Becomes a Department in Law Firms
  • Risk and IT Speak in Different Languages DR, Engagement Letters, Malware, VPN, Vicarious Disqualification, LDAP, SharePoint, Rule 1.10, SLAs, Five-9s, P2P Advanced Waivers, Consider: Matter Centricity + Search= Exposure
  • Future Org Chart?
  • Risk Management Approach • Successful Risk Management Environment – Communicate and Consult – Establish the Context – Promote Self Assessment – Monitor and Review
  • Risk Management Approach • Risk Assessment Process • Risk Treatment Process – Identify Options – Evaluate and Select Options – Prepare and Implement Treatment Plans
  • Future: Risk Register/ERM The Risk: The Consequence What can of an Event Adequacy Happening Consequence Likelihood Level of Risk # Happen and of Existing Rating Rating Risk Priority How Can it Conse- Like- Controls Happen? quence lihood
  • Future: Client Requests 2007 2009 Clients have asked firm for Clients have asked firm for additional protections: 61% additional protections: 86%
  • Intake and Insider List Next Steps: Integrate Risk and Management TechnologyManagement List Insider Management Workflow software to manage intake processes Matter designated “confidential” Tracks access, locks across “firm confidential” systems, hides matter “price sensitive” names
  • Next Steps: Leverage Risk Management Budgets
  • Next Steps: Plan for Certification
  • Adam Hansen Director of Information Security, Sonnenschein Nath & Rosenthal ahansen@sonnenschein.com Pat Archbold VP of Risk Practice, IntApp pat.archbold@intapp.com David Cunningham Managing Director, Baker Robbins & Company dcunningham@brco.com
  • SRA Rule 5: http://www.sra.org.uk/solicitors/code-of-conduct/215.article Marsh UK Risk Study-Insurance Journal: http://www.insurancejournal.com/news/international/2009/03/10/98539.htm KornFerry Evolution of Law Firm Risk Management Article: http://www.insurancejournal.com/news/international/2009/03/10/98539.htm UK Conflicts Rule Changes Article-Legalweek http://www.legalweek.com/legal-week/analysis/1156494/conflicts-comfort Red Flag Rules Article: http://www.securityprivacyandthelaw.com/2009/03/articles/recent-legislation-1/the-ftc-strikes-back-essentially- everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/ HITECH Act Update, DHHS: http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf Risk Roundtable www.riskroundtable.com West Legal Education, Practice Area Ethics and Professional Responsibility http://westlegaledcenter.com/home/homepage.jsf