Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham oct 2009

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Pat


  • 1. Collaborate to Mitigate: The Roles of the Risk and IT Departments in Enterprise Risk Management
    • Moderator:
      • David B. Cunningham, Managing Director, Baker Robbins & Company
    • Panel:
      • Beth Chiaiese, National Director of Loss Prevention, Foley & Lardner LLP
      • John Isaza, Partner, Howett Isaza Law Group, LLP
      • Rick Patterson, Director of Security, Sidley Austin LLP
      • Dave Rigali, Manager of Information Technology, Thompson Coburn LLP
    October 15, 2009
  • 2. Legal Risk Types Risk Types Example Risks Key Internal Roles IT Systems: Continuity, Recovery, Security, and Access Management. Data: Confidentiality, Integrity, Ethical Walls, Retention, Data Protection, Data Transfers, Hosting of Third-Party or Client Data. Third Party Suppliers: Maintenance/Support, Outsourcing, Contracts, and Compliance Assessment. CIO, General Counsel, Risk Director, Security Director Financial Audit, Financial Internal Controls, Financial Transparency and Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks. CFO Practice Management Client Relations, Lateral, Professional Responsibilities (including malpractice, conflicts, records, and litigation support), and Professional Development Risks. Practice Leaders, General Counsel, Risk Committees, Directors of Conflicts, Records, Lit Support, Library, and KM. Strategic / Corporate Firm Governance, Risk Management Governance, Reputational, Marketing, and Market Risks. Managing Partner, Marketing Director, General Counsel, Risk Director Operational Employment, Fraud, Damage to Assets, and Insurance Mediation Risks. HR Director, COO, General Counsel, Office Director Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
  • 3. Risk Roles and Organization
    • External Roles Defining Risk Expectations
      • Insurance underwriters
      • Clients and client regulators
      • External assessors
      • Peer pressure from actions of other firms
  • 4. IT Risk Issues
    • Hosting client electronic files at third party or remote servers
    • Creating and maintaining electronic ethical walls
    • Implications of “unified messaging” and universal search on confidentiality and discoverability
    • Balancing IT security with lawyer ease of use and lack of willingness to conform with best practices
  • 5. IT Risk Issues
    • Providing remote access and supporting Small Office Home Offices (SoHo)
    • Managing the lifecycle of data
    • Addressing data leakage and breaches
    • Creating and assessing third party relationships
  • 6. Practice Management Risk Issues
    • Traditional practice issues: conflicts, docket, attorney mistakes, records management, etc.
    • Emerging practice issues:
      • Increasing levels of regulatory control over lawyers in the U.S.
      • Migrating electronic files with lateral partnerships
      • Protecting against insider trading
      • EU regulatory requirements – money laundering, etc.
      • Supporting the pricing and management of alternative fee arrangements
    • Managing travel risk and work place violence
    • Coordinating practice risk with all of the other risk areas (IT, Operational, Strategic, etc.)
  • 7. Strategic / Corporate Risk Issues
    • Marketing via networking sites and websites
    • Establishing the gatekeeper for the law firm risk management program
      • Is it the business side of the firm (COO) or the legal side (General Counsel)?
      • If the firm has a Chief Risk Officer, to whom does this person report?
      • Is there a place for a Chief Security Officer?
  • 8. Risk Management Approach
    • Successful Risk Management Environment
      • Communicate and Consult
      • Establish the Context
      • Evaluate Asset Values
      • Promote Self Assessment
      • Monitor and Review
    • Risk Assessment Process
    • Risk Treatment Process
      • Identify Options
      • Evaluate and Select Options
      • Prepare and Implement Treatment Plans
    Risk Identification Risk Analysis Risk Evaluation Risk Assessment Process
  • 9.
    • David B. Cunningham,
    • Managing Director, Baker Robbins & Company
    • [email_address]
    • Beth Chiaiese,
    • National Director of Loss Prevention, Foley & Lardner
    • [email_address]
    • John Isaza,
    • Partner, Howett Isaza Law Group
    • [email_address]
    • Rick Patterson,
    • Director of Security, Sidley Austin
    • [email_address]
    • Dave Rigali,
    • Manager of Information Technology, Thompson Coburn
    • [email_address]