Trends shaping the future of legal risk management by dave cunningham and meg block 2010

438 views

Published on

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
438
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Trends shaping the future of legal risk management by dave cunningham and meg block 2010

  1. 1. TrendsShaping theFuture ofLegal RiskManagement by Dave Cunningham and Meg BlockD espite the growing awareness, complexity and consequence of risk, risk management is still challenging to define in the legal environment. Each person involved has a different perspective of the situation, probability, severity and theconsequent priorities and scope of responsibilities.Risk Management IssuesRecent events highlight a variety of issues. A number of law firms,for example, have been in the news because private informationwas leaked to the public. This type of event, as well as multiplesearch engine rollbacks (after private information was uncoveredthrough internal searches) and HIPAA compliance initiatives, havecaused firms to focus on data security, confidentiality and controlacross systems. Ongoing management of ethical walls, legal holds,data transfer agreements and data from lateral lawyers add to theneed for secure systems. For practice leaders, fixed fee engagements and requirementsto “know your client” are creating a stir around how assertively afirm manages engagements. For general counsels, an increasedlikelihood that clients will “go bad” in these troubled economictimes puts pressure on validating the client’s business integrityupon intake and monitoring it throughout the life of theengagement. Regulatory compliance obligations are so complex Peer to Peer the quarterly magazine of ILTA 41
  2. 2. “The legal market is conservative when it comes to risk management, and firms often view the proactive identification of risks, along with the subsequent setting of policies and compliance expectations, as activities that cause more peril than they resolve.”that a management team — the general counsel, IT and content • Data Confidentiality:specialists — is needed to set the course. Protecting the confidentiality of information has already Beyond these recent hot buttons, the traditional areas emerged as a leading issue for the legal community. Whileof risk including records, conflicts, new business intake, the improper use of information in written and spoken formfinance, employment and IT disaster recovery, are areas where is critical to control, it is the electronic form of informationinvestments in people and technology continue to be sustained. that dominates IT’s agenda. The volume of data, as well asThe pressure to deal with risk effectively is increasing as more varying ownership and location, complicate compliance withassets are vulnerable and the consequences are more severe. preservation orders, ethical walls, HIPAA regulations and otherFor now, risk management efforts are focused on the events that expectations of security. In 2010, the widespread adoption ofcreate risks to the firm’s data, image and profitability, and many enterprise search and the maturity of software to automate dataof these revolve around the IT department. confidentiality, as well as concerns about law firm data security breaches, are expected to accelerate the tackling of compliance and privacy issues. Some firms are considering how digital rightsRisk Management Themes management (DRM) can be applied, and, over the longer term,Hildebrandt Baker Robbins recently conducted a study to gather others are considering working toward meeting the ISO 27001the insights of general counsels, IT leadership, professional information security standard.liability insurers, risk directors and risk vendors, and their inputhas given us a unique viewpoint of risk management issues and • Engagement of Professional Liability Insurers:trends. Jim Jones, Co-Managing Director of Hildebrandt Baker Law firm insurers are active in risk discussions and periodicRobbins and facilitator of the General Counsel Forum and five assessments, yet they’ve not traditionally been aggressivegeneral counsel roundtables held each year, also contributed his in exploring new boundaries in risk mitigation. Recently,perspective. progressive insurers have increased investments in education We observed the following trends that are shaping risk for the market and have made funds available to help lawmanagement: firms hire third-party resources to improve risk management and compliance. Some law firms are attempting to negotiate• Partnership of Risk Leadership and IT Leadership: discounts to their premiums by improving their own handlingWhile risk management in law firms is quite fragmented, general of risks and compliance. While the insurance underwritingcounsels and IT leadership are increasingly working together process is expected to remain at a high level in most situations,at the center of related activities. This partnership reflects the insurers are eager for law firms to develop coordinated riskhow much law firms depend on technology and electronic management programs.information, with technology both creating and mitigating risks.As products that address risk issues come to market, general • Practice Risk:counsels will be more likely to drive technology decisions, Partners are finding themselves at the center of one of thefurthering a joint risk management role with IT. fastest changing risk areas: client and engagement risk. There is increasing need to identify and control these risks. Pressure42 www.iltanet.org Peer to Peer
  3. 3. Trends Shaping the Future of Legal Risk Managementfrom clients for alternative fee arrangements (e.g., fixed, capped • Internal Assessments:or contingency) increases the likelihood that some clients will An elemental aspect of professional risk management is thebecome “bad clients,” especially in this rough economy. In ability to create a sustainable education and complianceaddition, the increased outsourcing of legal processes is forcing environment. While periodic external audits are appropriate,lawyers to adopt principles of project management, including an internal assessment capability ensures day-to-day analysisscope definition and budgets, scope change control and status of progress and improvements. Some larger firms have hiredcommunications. “Know-your-client” obligations are being director-level risk leaders to facilitate this process, althoughgiven more serious consideration, with some firms re-validating these roles still have limited purview to reach across the firmclients from time-to-time and some contemplating teaming to identify risks. As the multi-disciplinary risk teams mature,experienced project managers with partners to lead matters. the internal assessment process is expected to be high on the agenda.• Client Sophistication with Risk Requirements:The continuing formalization of client relationships has • From Loss Prevention to Competitive Advantage:created a noticeable increase in questions from corporate The main focus of risk management in law firms has beenlegal departments about law firms’ risk handling capabilities. minimizing losses from malpractice claims. The newly developedQuestions in RFPs are common, and a few law firms have been ISO 31000 risk management standard offers a more positiveaudited for risk mitigation protocols by their largest clients. perspective; it notes that risk management is not only theBased on current trends, we are expecting risk questions to mitigation of loss, but also the improvement of “efficiency inbecome more specific and sophisticated over the next two years. operations, environmental protection, financial performance, corporate governance, human health and safety, product• Outsourcing of IT Risk: quality, legal and regulatory compliance, public acceptance,Law firms have made huge investments in IT recovery capabilities and reputation.” By addressing risks represented by the topicsas they understand the effort and diligence necessary to discussed above, law firms can find ways to create businessmaintain redundant systems and data. IT has increasingly viable advantages.options to lean on third parties for the expensive and not-so-often-used recovery capabilities. These transitions to outsourcing It took ten years for general counsels and risk partners tohave the potential to notably reduce costs and save staff time. be commonplace in law firms, and we expect that some of these trends will also take years to become the norm. In the interim,• From Implicit to Explicit Risk Mitigation: IT’s proactive participation in understanding and addressingThe legal market is conservative when it comes to risk risks helps to ensure that consequences for risk events do not fallmanagement, and firms often view the proactive identification disproportionately on IT’s shoulders. ILTAof risks, along with the subsequent setting of policies andcompliance expectations, as activities that cause more perilthan they resolve. While the expectation for explicit policiesand education is growing in general, specific IT policies andthe automation of assessment and compliance (for risks such asdata confidentiality and system change management) are stillexceptions. We expect that to change in the next two years.• Centralization of Risk Management Responsibilities:Responsibilities for risks are as fragmented as the risksthemselves. A slowly emerging practice is to create amultifunction risk team that includes business leaders across thefirm and some representatives from practice groups. The chartersfor these committees include governance, risk and compliance(GRC). Governance refers broadly to the rules, processes or lawsby which organizations are operated, regulated and controlled.An organization’s perception of and tolerance for risk rest on thebackbone of its governance. Risk management comprises theplans, policies and procedures designed to control activities inorder to accept, avoid or minimize risk. To understand whetherrisk management controls are being followed, compliance,the organization’s behavior relative to those controls, must bemonitored and measured. Peer to Peer the quarterly magazine of ILTA 43

×