The document discusses a panel presentation on law firm risk management. The panel addresses how effective risk management can both mitigate losses and contribute to a firm's competitive standing. They cover types of legal risks including IT, data, third parties, financial, practice management, strategic, operational and environmental. Benefits of risk management include cost savings, efficiencies, growth and client retention. The discussion notes trends of risk management becoming a formal department and integrating more closely with technology.
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...David Cunningham
The document discusses the roles of risk and IT departments in enterprise risk management for law firms. It identifies different types of legal, operational, and strategic risks firms face. It also outlines key issues for managing IT, practice, and strategic risks. Finally, it proposes a risk management approach of communicating, establishing context, evaluating risks, and monitoring risks.
Convergence-based Approach for Managing Operational Risk and Security In Toda...Marc S. Sokol
This white paper provides a multidimensional approach that inspires convergence of resources, thinking and collaboration by business and support operations professionals across the organization to implement and maintain a holistic and efficient risk management program. As a result, the program can be integrated into every day business decisions and the culture of a company maximizing value and business decision capability. Through this integration, an organization will ensure sustained and optimal enterprise stewardship and full alignment with its risk tolerance.
This document discusses managerial strategies to minimize liability through risk management and preventative law. It identifies various risks an organization may face related to employment, facilities, premises, clients, intellectual property, and more. The preventative law process involves identifying these risks, assessing them, evaluating strategies to minimize risk or eliminate activities, and developing a preventative law plan.
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
The document discusses implementing an effective third party risk management program. It notes diverse challenges companies face including low interest rates, economic issues, and growing cyber threats. It highlights common issues in third party risk management like lack of due diligence and oversight. The document outlines 12 categories of third party risk and presents a framework for assessing risk. It notes how many breaches originate with third parties and examples of companies impacted. The framework involves validating the risk appetite, evaluating inherent risks, controls, and determining the residual risk.
Legal Governance, Risk Management and ComplianceEffacts
The key for corporate legal departments in minimizing risks lies in identifying relevant risks, creating and aligning controls, and monitoring them to ensure compliance.
Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26)Carl Peterson
This document summarizes a presentation on allocating risk for companies. It discusses how the compliance landscape is evolving and requiring more comprehensive risk assessment. A survey of in-house counsel found that few have formal compliance programs in place with the recommended 10 hallmarks. The presentation provides frameworks for creating a basic risk assessment and discusses potential ethical issues to consider, such as confidentiality and conflicts of interest. It also features a game segment where attendees vote on the highest risks in different categories based on survey responses. The overall message is that companies need to systematically identify, prioritize and manage risks on an ongoing basis to create a legally defensible compliance program.
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...David Cunningham
The document discusses the roles of risk and IT departments in enterprise risk management for law firms. It identifies different types of legal, operational, and strategic risks firms face. It also outlines key issues for managing IT, practice, and strategic risks. Finally, it proposes a risk management approach of communicating, establishing context, evaluating risks, and monitoring risks.
Convergence-based Approach for Managing Operational Risk and Security In Toda...Marc S. Sokol
This white paper provides a multidimensional approach that inspires convergence of resources, thinking and collaboration by business and support operations professionals across the organization to implement and maintain a holistic and efficient risk management program. As a result, the program can be integrated into every day business decisions and the culture of a company maximizing value and business decision capability. Through this integration, an organization will ensure sustained and optimal enterprise stewardship and full alignment with its risk tolerance.
This document discusses managerial strategies to minimize liability through risk management and preventative law. It identifies various risks an organization may face related to employment, facilities, premises, clients, intellectual property, and more. The preventative law process involves identifying these risks, assessing them, evaluating strategies to minimize risk or eliminate activities, and developing a preventative law plan.
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
The document discusses implementing an effective third party risk management program. It notes diverse challenges companies face including low interest rates, economic issues, and growing cyber threats. It highlights common issues in third party risk management like lack of due diligence and oversight. The document outlines 12 categories of third party risk and presents a framework for assessing risk. It notes how many breaches originate with third parties and examples of companies impacted. The framework involves validating the risk appetite, evaluating inherent risks, controls, and determining the residual risk.
Legal Governance, Risk Management and ComplianceEffacts
The key for corporate legal departments in minimizing risks lies in identifying relevant risks, creating and aligning controls, and monitoring them to ensure compliance.
Session 309 - Allocating Risk for Your Company - Playing the Feud (cjp 10.26)Carl Peterson
This document summarizes a presentation on allocating risk for companies. It discusses how the compliance landscape is evolving and requiring more comprehensive risk assessment. A survey of in-house counsel found that few have formal compliance programs in place with the recommended 10 hallmarks. The presentation provides frameworks for creating a basic risk assessment and discusses potential ethical issues to consider, such as confidentiality and conflicts of interest. It also features a game segment where attendees vote on the highest risks in different categories based on survey responses. The overall message is that companies need to systematically identify, prioritize and manage risks on an ongoing basis to create a legally defensible compliance program.
This overview of measuring and managing legal risk breaks down elements of legal risk and places them in a risk framework. The presentation also discusses risk tolerance and valuing risk for the organization. Contract managers, lawyers, risk managers and compliance officers all benefit from analyzing legal risk in quantitative terms.
The document provides guidance on developing a comprehensive third-party risk management program. It recommends identifying all third-party relationships, prioritizing them by risk, conducting risk-based due diligence on third parties, taking steps to mitigate any uncovered risks, and monitoring third parties continuously. It emphasizes the importance of having a standardized, automated process across all business units to effectively manage third-party risk.
The document provides an overview and evaluation of 14 governance, risk, and compliance (GRC) platform vendors. It finds that Enablon, Nasdaq BWise, MetricStream, Rsam, SAP, SAI Global, and EMC/RSA lead in the market based on having strong current offerings and strategies addressing future needs. It also finds that LogicManager, Protiviti, Thomson Reuters, Wolters Kluwer Financial Services, IBM, Resolver, and Navex Global are competitive due to their strong offerings, if sometimes more focused on specific solutions. Overall, the GRC platform market has matured but vendors still need to focus more on customer needs, industry expertise, and guidance over just
The Modern Slavery Supply Chain Risk Assessment Questionnaire brings together the human rights expertise of Norton Rose Fulbright, a global law firm*, with the ethiXbase 360 powerful
Third-Party Risk Management Platform to help your business identify, mitigate, and manage modern slavery risk and human rights abuses across your supply and manufacturing chains
The Modern Slavery Questionnaire uses five key indicators to
assess a supplier’s modern slavery risk:
1) Jurisdiction
2) Industry
3) Products
4) WorkForce
5) Risk-mitigating measures
The document discusses the purpose and goals of risk management in healthcare organizations. It aims to enhance patient safety and minimize financial losses through risk identification, evaluation and prevention. It also helps ensure compliance with regulatory standards. An effective risk management program has a formal structure, integrates risk and quality departments, and guarantees confidential reporting to improve safety and reduce future incidents.
1) Enterprise risk management (ERM) and governance-risk-compliance (GRC) are approaches that have emerged in the past decade but there is no consensus on how they relate.
2) Currently, GRC is seen as a top-down process that sets risk requirements, while ERM identifies and reports on risks, but the document argues this view is flawed.
3) The document contends that ERM should drive risk assessment and response, informing governance and compliance, rather than the other way around. With ERM in charge of holistic risk management, conflicts can be reduced and risks better addressed.
The document summarizes the key findings of the Wealth Management Association's (WMA) 2016 Risk Survey. Regulations remained the top risk for wealth management firms. Cyber security and fraud increased in importance, as did concerns over staffing. Suitability moved down in priority. For 2017 and beyond, regulations were again the top concern, along with Brexit and technology issues. The survey informed the WMA's advocacy, research, and guidance for its member firms.
As the volume of electronic medical data has grown, so has the number of third-party custodians who handle it. Organizations increasingly rely on third parties for infrastructure, managed applications and data management. Navigating the changing rules governing these third parties
has become more complex. The risk of these relationships is significant: Third parties are responsible for almost half of all data breaches. Compounding these challenges are new federal requirements for managing electronic protected health information. Important changes that take effect Sept. 23, 2013 in the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule broaden the definition of a business associate, set new limits on how data may be used, redefine what constitutes a breach and establish new civil penalties for violations. Failing to properly assess risks inherent in these relationships and inadequately implementing monitoring controls to address the risk of third-party relationships can be costly in terms of potential penalties and damage to an organization’s reputation.
Riskpro is an Indian risk management consulting firm with offices in major cities. It provides integrated risk management services to mid-large corporations and financial institutions. Services include governance, risk and compliance solutions. Riskpro differentiates itself by focusing exclusively on risk management and by having over 200 cumulative years of experience among its professionals. It offers a hybrid delivery model and can take on large, complex projects. Services include advisory on various types of risk like credit, market, operational, and regulatory compliance.
Top Strategies for Encouraging Employees to Use Your Whistleblower HotlineCase IQ
You don’t have to look too hard to see the effects of a company culture that discourages reporting misconduct, with glaring examples in the headlines continuously appearing. It’s clear that a company’s reputation and finances can be catastrophically affected by misconduct that is left to fester.
Employee tips are consistently found to be the most common source of detecting misconduct, with organizations with reporting hotlines detecting almost 20 per cent more fraud than those without hotlines. But getting employees to speak up about fraud, harassment, discrimination or any other type of misconduct isn’t easy. They may fear retaliation, losing their jobs, hurting their co-workers, or just being cast as a “snitch” or a liar.
Learn proven strategies you can use to get employees to report misconduct before it becomes a full-blown ethics and compliance disaster.
The slides will cover:
The importance of having an ethics/whistleblower hotline
Why anonymity is critical and how to provide it
How to train employees to appropriately use reporting tools
Addressing company culture weaknesses to encourage reporting
Anti-retaliation policies and their enforcement
Presentation: Compliance & Third Party Due DiligenceethiXbase
1) The document discusses challenges with third party due diligence including high costs and long turnaround times. It proposes redefining best practices to screen 100% of third parties through consistent and documented processes.
2) Key recommendations include understanding third party scope, conducting baseline screening for all parties, categorizing risk, escalating higher risk parties for further review, and ongoing monitoring.
3) Achieving a consistent 100% third party due diligence program requires screening all parties, clearly defining risk criteria, having standard escalation procedures, regularly reviewing the program, and monitoring third party risk over time.
Presentation: Cross-Border Anti-Corruption Programs
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on cross-border anti-corruption programs, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from the Organisation for Economic Co-operation and Development (OECD), UNDP Regional Asia Pacific Office, National Anti-Corruption Commission of Thailand, among others.
View slides from Leas Bachatene’s presentation on cross-border anti-corruption programs here, which outlines various elements of an effective cross-border anti-corruption program. Enjoy!
The document discusses e-discovery and how businesses should prepare for litigation involving electronically stored information. It recommends that businesses first identify areas at risk for litigation, take an inventory of relevant electronic data, and evaluate their resources. It also stresses the importance of building an e-discovery response team, designing a litigation hold process, and implementing an effective records management program to help contain costs during the e-discovery process. The document cautions that inadvertent errors are inevitable and outlines how businesses can avoid sanctions by cooperating with courts and opponents during litigation.
David Woodnorth of ComplyWith was one of the keynote speakers at the Law Society’s ILANZ Mini Conference on ‘Managing Legal Risk' in Auckland and Wellington last week.He shared ‘new thinking about legal risk’ with over 130 in-house lawyers, providing insights and guidance on how to better manage and communicate about legal risk.
“Success should not be defined simply by ticking boxes and producing pro-forma reports, but rather by driving participation in legal risk at the operations level of a business."
Compliance Officer update: What you should know about your Business Partner -...vivacidade
Compliance Officer update: This presentation shows why and how Compliance questionnaires are used in the context of the Third Party Compliance Due Diligence process. A proposal is made on key data and compliance information that should be obtained from the prospective Business Partner via self-questionnaire. It is the starting point for further analysis and background checks before a contractual obligation is concluded. The due diligence process should be designed to enable the identification of red flags.
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
Doing business in China – Recent anti-corruption and briberyGrant Thornton LLP
China enforcement agencies have recently made headlines in their crackdown on corruption within the several industries. As a result of these high-profile investigations, multinationals are refreshing their current anti-corruption compliance and oversight programs to address China’s bribery laws.
This document outlines the agenda and key topics for a panel discussion on law firm risk management. The panel will discuss how to define risk, common legal risk types like IT, financial, and practice management risks. They will also cover the business benefits of effective risk management, differences between the UK and US risk environments, evolving risk roles in law firms, and future directions for the field. The discussion aims to provide three next steps firms can take to improve their risk management and will conclude with a question and answer session.
The document discusses enterprise risk management (ERM) and its rising importance for information security practices. ERM aims to align security solutions with business priorities by analyzing overall IT risks, prioritizing risk mitigation actions, and taking a managed approach to enterprise investments. Key drivers of ERM adoption include changing regulations, expanding business threats, and interest in simplifying security management.
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...PYA, P.C.
PYA Compliance Consulting Manager Susan Thomas co-presented “Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance, and Risk Management,” along with Banner Health’s Process Director Jen Brooks and Rockwell Collins’ Senior Internal Audit Analyst Laurie Lutgen at the Association of Healthcare Internal Auditors (AHIA) 36th Annual Conference.
Areas of focus included:
•Defining the organizational roles and responsibilities of internal audit, corporate compliance, and risk management.
•Discovering how a partnership of audit, compliance, and risk management can be a major advantage for an overall risk strategy.
•Considering the variety of available audit tools for managing risk.
•Discussing how to move from risk-related activities to integrated risk management.
This overview of measuring and managing legal risk breaks down elements of legal risk and places them in a risk framework. The presentation also discusses risk tolerance and valuing risk for the organization. Contract managers, lawyers, risk managers and compliance officers all benefit from analyzing legal risk in quantitative terms.
The document provides guidance on developing a comprehensive third-party risk management program. It recommends identifying all third-party relationships, prioritizing them by risk, conducting risk-based due diligence on third parties, taking steps to mitigate any uncovered risks, and monitoring third parties continuously. It emphasizes the importance of having a standardized, automated process across all business units to effectively manage third-party risk.
The document provides an overview and evaluation of 14 governance, risk, and compliance (GRC) platform vendors. It finds that Enablon, Nasdaq BWise, MetricStream, Rsam, SAP, SAI Global, and EMC/RSA lead in the market based on having strong current offerings and strategies addressing future needs. It also finds that LogicManager, Protiviti, Thomson Reuters, Wolters Kluwer Financial Services, IBM, Resolver, and Navex Global are competitive due to their strong offerings, if sometimes more focused on specific solutions. Overall, the GRC platform market has matured but vendors still need to focus more on customer needs, industry expertise, and guidance over just
The Modern Slavery Supply Chain Risk Assessment Questionnaire brings together the human rights expertise of Norton Rose Fulbright, a global law firm*, with the ethiXbase 360 powerful
Third-Party Risk Management Platform to help your business identify, mitigate, and manage modern slavery risk and human rights abuses across your supply and manufacturing chains
The Modern Slavery Questionnaire uses five key indicators to
assess a supplier’s modern slavery risk:
1) Jurisdiction
2) Industry
3) Products
4) WorkForce
5) Risk-mitigating measures
The document discusses the purpose and goals of risk management in healthcare organizations. It aims to enhance patient safety and minimize financial losses through risk identification, evaluation and prevention. It also helps ensure compliance with regulatory standards. An effective risk management program has a formal structure, integrates risk and quality departments, and guarantees confidential reporting to improve safety and reduce future incidents.
1) Enterprise risk management (ERM) and governance-risk-compliance (GRC) are approaches that have emerged in the past decade but there is no consensus on how they relate.
2) Currently, GRC is seen as a top-down process that sets risk requirements, while ERM identifies and reports on risks, but the document argues this view is flawed.
3) The document contends that ERM should drive risk assessment and response, informing governance and compliance, rather than the other way around. With ERM in charge of holistic risk management, conflicts can be reduced and risks better addressed.
The document summarizes the key findings of the Wealth Management Association's (WMA) 2016 Risk Survey. Regulations remained the top risk for wealth management firms. Cyber security and fraud increased in importance, as did concerns over staffing. Suitability moved down in priority. For 2017 and beyond, regulations were again the top concern, along with Brexit and technology issues. The survey informed the WMA's advocacy, research, and guidance for its member firms.
As the volume of electronic medical data has grown, so has the number of third-party custodians who handle it. Organizations increasingly rely on third parties for infrastructure, managed applications and data management. Navigating the changing rules governing these third parties
has become more complex. The risk of these relationships is significant: Third parties are responsible for almost half of all data breaches. Compounding these challenges are new federal requirements for managing electronic protected health information. Important changes that take effect Sept. 23, 2013 in the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule broaden the definition of a business associate, set new limits on how data may be used, redefine what constitutes a breach and establish new civil penalties for violations. Failing to properly assess risks inherent in these relationships and inadequately implementing monitoring controls to address the risk of third-party relationships can be costly in terms of potential penalties and damage to an organization’s reputation.
Riskpro is an Indian risk management consulting firm with offices in major cities. It provides integrated risk management services to mid-large corporations and financial institutions. Services include governance, risk and compliance solutions. Riskpro differentiates itself by focusing exclusively on risk management and by having over 200 cumulative years of experience among its professionals. It offers a hybrid delivery model and can take on large, complex projects. Services include advisory on various types of risk like credit, market, operational, and regulatory compliance.
Top Strategies for Encouraging Employees to Use Your Whistleblower HotlineCase IQ
You don’t have to look too hard to see the effects of a company culture that discourages reporting misconduct, with glaring examples in the headlines continuously appearing. It’s clear that a company’s reputation and finances can be catastrophically affected by misconduct that is left to fester.
Employee tips are consistently found to be the most common source of detecting misconduct, with organizations with reporting hotlines detecting almost 20 per cent more fraud than those without hotlines. But getting employees to speak up about fraud, harassment, discrimination or any other type of misconduct isn’t easy. They may fear retaliation, losing their jobs, hurting their co-workers, or just being cast as a “snitch” or a liar.
Learn proven strategies you can use to get employees to report misconduct before it becomes a full-blown ethics and compliance disaster.
The slides will cover:
The importance of having an ethics/whistleblower hotline
Why anonymity is critical and how to provide it
How to train employees to appropriately use reporting tools
Addressing company culture weaknesses to encourage reporting
Anti-retaliation policies and their enforcement
Presentation: Compliance & Third Party Due DiligenceethiXbase
1) The document discusses challenges with third party due diligence including high costs and long turnaround times. It proposes redefining best practices to screen 100% of third parties through consistent and documented processes.
2) Key recommendations include understanding third party scope, conducting baseline screening for all parties, categorizing risk, escalating higher risk parties for further review, and ongoing monitoring.
3) Achieving a consistent 100% third party due diligence program requires screening all parties, clearly defining risk criteria, having standard escalation procedures, regularly reviewing the program, and monitoring third party risk over time.
Presentation: Cross-Border Anti-Corruption Programs
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on cross-border anti-corruption programs, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from the Organisation for Economic Co-operation and Development (OECD), UNDP Regional Asia Pacific Office, National Anti-Corruption Commission of Thailand, among others.
View slides from Leas Bachatene’s presentation on cross-border anti-corruption programs here, which outlines various elements of an effective cross-border anti-corruption program. Enjoy!
The document discusses e-discovery and how businesses should prepare for litigation involving electronically stored information. It recommends that businesses first identify areas at risk for litigation, take an inventory of relevant electronic data, and evaluate their resources. It also stresses the importance of building an e-discovery response team, designing a litigation hold process, and implementing an effective records management program to help contain costs during the e-discovery process. The document cautions that inadvertent errors are inevitable and outlines how businesses can avoid sanctions by cooperating with courts and opponents during litigation.
David Woodnorth of ComplyWith was one of the keynote speakers at the Law Society’s ILANZ Mini Conference on ‘Managing Legal Risk' in Auckland and Wellington last week.He shared ‘new thinking about legal risk’ with over 130 in-house lawyers, providing insights and guidance on how to better manage and communicate about legal risk.
“Success should not be defined simply by ticking boxes and producing pro-forma reports, but rather by driving participation in legal risk at the operations level of a business."
Compliance Officer update: What you should know about your Business Partner -...vivacidade
Compliance Officer update: This presentation shows why and how Compliance questionnaires are used in the context of the Third Party Compliance Due Diligence process. A proposal is made on key data and compliance information that should be obtained from the prospective Business Partner via self-questionnaire. It is the starting point for further analysis and background checks before a contractual obligation is concluded. The due diligence process should be designed to enable the identification of red flags.
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
Doing business in China – Recent anti-corruption and briberyGrant Thornton LLP
China enforcement agencies have recently made headlines in their crackdown on corruption within the several industries. As a result of these high-profile investigations, multinationals are refreshing their current anti-corruption compliance and oversight programs to address China’s bribery laws.
This document outlines the agenda and key topics for a panel discussion on law firm risk management. The panel will discuss how to define risk, common legal risk types like IT, financial, and practice management risks. They will also cover the business benefits of effective risk management, differences between the UK and US risk environments, evolving risk roles in law firms, and future directions for the field. The discussion aims to provide three next steps firms can take to improve their risk management and will conclude with a question and answer session.
The document discusses enterprise risk management (ERM) and its rising importance for information security practices. ERM aims to align security solutions with business priorities by analyzing overall IT risks, prioritizing risk mitigation actions, and taking a managed approach to enterprise investments. Key drivers of ERM adoption include changing regulations, expanding business threats, and interest in simplifying security management.
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...PYA, P.C.
PYA Compliance Consulting Manager Susan Thomas co-presented “Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance, and Risk Management,” along with Banner Health’s Process Director Jen Brooks and Rockwell Collins’ Senior Internal Audit Analyst Laurie Lutgen at the Association of Healthcare Internal Auditors (AHIA) 36th Annual Conference.
Areas of focus included:
•Defining the organizational roles and responsibilities of internal audit, corporate compliance, and risk management.
•Discovering how a partnership of audit, compliance, and risk management can be a major advantage for an overall risk strategy.
•Considering the variety of available audit tools for managing risk.
•Discussing how to move from risk-related activities to integrated risk management.
Risk Monitoring and Management Trends In CommoditiesCTRM Center
The document summarizes the results of a survey conducted by Commodity Technology Advisory LLC on risk management trends in the commodities industry. The survey found that market risk, credit risk, and regulatory risk were seen as the most important risks facing companies. While some risks are managed at the department level, there is an increasing focus on managing risks at the enterprise level. However, the survey found that companies use a mix of systems and tools to manage risks, including spreadsheets, and that risk management capabilities in existing commodity trading and risk management (CTRM) systems are not being fully utilized.
The document discusses risk assessment in laboratory settings. It explains that risk assessments are important to evaluate potential hazards of experiments and activities. Employers must analyze what could go wrong, the likelihood, and consequences to implement safety precautions. Risk assessments cover procedures, work environments, and substance handling, storage and transportation. Regulatory agencies inspect risk assessments to ensure compliance with health and safety laws and encourage improved safety practices.
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
This document discusses the importance and benefits of enterprise risk management (ERM) programs. It argues that ERM, when properly implemented, can help organizations minimize risks, accelerate growth, and foster innovation. The document outlines how ERM provides a framework to understand a company's risk exposure and allocate resources effectively to address risks. It also counters the perception that ERM hinders innovation, arguing instead that ERM can help transform ideas into successful products with less risk over the short and long term.
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
In support of International Fraud Awareness Week, Deloitte Risk Advisory has published a series of articles, the second of which has been introduced below. This article lists ten areas that executives and the audit committee should evaluate to help mitigate reputational risks of fraud, bribery and corruption
Performing a legal and compliance risk assessment. A Step-by-Step Implementation Guide-
Planning the Risk Assessment
Assessing and Prioritizing Risks
Improving Legal Risk Mitigation
The document discusses risk management in companies. It provides questions for senior executives and IT executives about risks to the business from data security, regulatory compliance, and technological issues. It also summarizes statistics about the high costs of data breaches for companies and discusses how outsourcing some risk management functions can help companies focus on compliance in today's complex regulatory environment.
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
This document provides guidance for compliance officers on managing third-party risk. It discusses increasing regulations and enforcement, common third-party risks businesses face, challenges that keep compliance officers awake at night, and provides a five-step process for risk rating and conducting due diligence on third parties. It also discusses challenges with traditional disconnected approaches to third-party management and introduces a partnership between Control Risks and GAN Integrity that provides an automated platform and suite of tools to help compliance teams more efficiently manage third-party risk.
1) The document discusses conducting a compliance risk assessment for IE Law School's Master's program in Global Corporate Compliance. It covers topics like why assessments are needed, what kinds of risks will be addressed, and what students will learn.
2) Different types of compliance risks are defined, including regulatory, criminal, internal, and ethical risks. The roles and responsibilities of the compliance officer are explored.
3) A case study example of assessing risks at Uber is presented and risks related to licenses, bribery laws, privacy laws, and employment laws are discussed.
The document summarizes the findings of a 2014 global survey on reputation risk conducted by Deloitte and Forbes Insights. Some key findings include:
- 87% of over 300 executives surveyed rated reputation risk as more important than other strategic risks facing their companies.
- Responsibility for managing reputation risk resides primarily with senior leadership, including the CEO, CRO, board of directors, and CFO.
- The top drivers of reputation risk are ethics/integrity issues, security risks, and product/service risks related to safety, health and the environment.
- Companies are investing more in tools and capabilities to improve their management of reputation risk.
Whitepaper: Misconduct Rarely Happens in Isolation: How You Can Detect Critic...Gradytl
The whitepaper discusses how misconduct often goes undetected at organizations until it is too late. While employees report issues to local managers, the information does not get escalated or documented properly. This allows small isolated incidents to accumulate without the organization's awareness. The whitepaper argues that organizations already have the necessary data in employee reports but lack centralized systems to analyze trends across different locations. An integrated case management system is proposed to document incidents in a consistent way and allow information sharing between departments to detect broader patterns of misconduct before major issues emerge.
4
Brian Dennison
John Denson
IT454 -1504B-01
Mon, 12/14/15
SECTION 4: ASSESSING RISK
Risk assessment and management is one of the highest priorities for any organization to safeguard its properties and assets. In a turbulent state, all information and security vulnerabilities should be in a conversant to many regulations. Selected and tested methodologies have been defined and framed to mitigate the risk-assessment to many organizations. The frameworks have been set to help and guide security and risk. One of the methodologies is: Factor Analysis of Information Risk, abbreviated as (FAIR).
FAIR is a methodology for understanding, analyzing and measuring information risk. Information policy and security practices have been inadequate available to aid in effectively managing information risk. For the little available information clues, managers and system owners have found it hard to make effective and well-informed decisions to safeguard their systems against such risks and uncertainties as they may happen.
FAIR is elevated to address security practice weaknesses. The major aim of this methodology is to allow organizations contribute effort and mitigate the various risk as they may happen. In one accord risk is assessed and measures be taken to counter the menace. The method ensures the organizational risk is defended and or challenge risk determined by use of advanced analysis techniques and also understand how time and resources such as money will impact the organization's security profile in general.
The Methodology works with the following components; these are; standardized nomenclature system for using the risk terms, a well-set framework for data collection, a taxonomy for information risk, Computational engine for evaluating risk model, measurement scales for all risk factors and a model for analyzing the complexity of all risk scenarios. The methodology has one best advantage; it doesn't use the normal, ordinary scale like one-to-10 rating and hence it is not subjected to the limitations the ordinary scale. The methodology uses the high or low scales to categorize its risk menace. Colors also form part of the rating red, yellow and green. FAIR methodology uses dollar estimates to indicate clearly losses and probability parameters for threats and vulnerabilities. Therefore, when merged with a range of values, confidence levels, it gives the best bargaining ground for mathematical modeling and hence loss exposures.
A risk whether quantitative or qualitative should be dealt with an organization. There are four methods to curb such: these are: accept(able), avoid, mitigate and transfer.
Accept: This is the willingness for an organization to assume the risk. This is a managerial and a business decision to accept the risk. This does not allow an organization assume the risk after its first identification. This comes after determining the level. Then assumptions later. Therefore, the best cause of action should be in plans t.
The 2015 survey uncovers the latest issues organizations are facing as they respond to risks, assess the effectiveness of their risk mitigation activities and gain a deeper understanding of what they are doing to address cybersecurity.
Enterprise risk management has become a vital component to cyber security, logistics management, asset management and supply chain management. As organizations continue to rely on data to drive workforce automation, Industrial IoT and process automation, it is becoming necessary to analyze data to discover risk before it occurs and implement effective remediation practices and processes. Seminar participants will collaborate and explore the emerging new use cases for enterprise risk management that addresses the need to better understand how to leverage critical data to predict and understand how data analytics can support risk management and mitigation in an increasingly data-dependent workforce environment.
During this seminar, participants will:
a. Explore new innovations in enterprise risk management that will provide new career opportunities for STEM professionals
b. Examine the skills and experiences necessary to take advantage of risk management career opportunities
c. Discern the applicable areas for enterprise risk management
d. Determine the importance of addressing enterprise risk management in all digital transformation initiatives
e. Identify the market growth and consulting opportunities in enterprise risk management
The document discusses risk assessment and management for non-profit organizations. It defines risk management as identifying threats to an organization, analyzing their significance, and eliminating, transferring, mitigating, or accepting the risks. The document outlines different categories of risk such as financial, operational, legal, strategic, governance, and reputational. It emphasizes that risk management is an active process of identifying risks, assessing their likelihood and impact, and developing action plans to manage risks.
Trends shaping the future of legal risk management by dave cunningham and m...David Cunningham
The legal market is conservative when it comes to risk management, and firms often view proactive risk identification and policy setting as more perilous than helpful. However, recent events related to data breaches, regulatory compliance, and client issues are driving increased focus on risk management from general counsels, insurers, and clients. Key trends include greater partnership between general counsels and IT leaders on risk issues; heightened attention to data confidentiality and security; engagement of professional liability insurers in risk discussions; and growing client sophistication in evaluating law firms' risk handling capabilities. Over time, firms may transition more risk responsibilities to centralized teams and formalize previously implicit risk mitigation.
The pre-conference workshop entitled 'Trust is a Terrible Thing to Waste' from the 2010 International Association of Privacy Professionals conference in Washington, D.C. The session reviewed why trust is important, how to handle crisis communications, and how to build trust before a crisis hits.
Similar to Ilta 2009 law firm risk management can it grow profitability - panel member dave cunningham aug 2009 (20)
The business of data analytics and business intelligence 15 nov 2016David Cunningham
Panel presentation with insight on data analytics for law firms and legal departments. Speakers include Paul Davies of Deloitte, Ben Weinberger of Prosperoware, David Cunningham of Winston & Strawn, and Rupert Collins-White of LPM Magazine.
- The document discusses how legal projects can improve operational and matter metrics that are important for law firm management. It provides examples of how implementing standardized checklists, deal profiling processes, and dedicating resources like due diligence specialists can improve matter budget accuracy and increase profits. Metrics like cost per terabyte stored, percentage of stale data, and client file completeness are examples of operational metrics that can be improved through data cleanup projects. The document advocates tying technology and information solutions to measurable impacts on metrics and business value.
1. The document discusses the fundamental elements of a matter lifecycle and project managing a matter, including intake, assessment, selection, planning, management, and review.
2. It provides an overview of the spectrum of RFP processes from traditional to lean to informal requests, when each may be used, and the full scope of a traditional RFP process including qualifying matters, setting goals, evaluation criteria, distribution, response, evaluation, approval, and selection.
3. The document poses questions for discussion around each phase of the RFP process and considerations for setting goals, criteria, distributions, evaluations, and negotiations.
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...David Cunningham
The document discusses evaluating managed IT services through case studies of law firms. It defines managed services and the most common types. Case studies describe how smaller and larger firms used managed services to improve IT capabilities, efficiency and consistency across offices. A litigation firm used managed storage services to address massive data growth. Business process outsourcing reduced costs and increased efficiency. An internal IT scorecard helped firms understand service levels and costs to determine if managed services were appropriate.
Ilta06 developing and selling an enterprise risk management approach by dave ...David Cunningham
This document discusses developing an enterprise risk management program. It defines ERM and outlines key components of an ERM program including risk identification, assessment, prioritization and monitoring tools. Technology plays an important role in both mitigating risks and providing tools to implement an ERM framework. Implementing best practices in ERM can help businesses improve performance and reduce unexpected losses. The document provides examples of how to develop an ERM program, assess maturity levels, and identify risks.
Establishing a framework for it governance by dave cunningham 2007David Cunningham
Establishing an IT governance framework is important for law firms to effectively manage IT resources, risks, and investments. Published frameworks provide guidance but also require customization for each firm. Assessing firm performance through metrics and benchmarks allows for continuous improvement.
Out with the old it in with the new by david cunningham - sep 2009David Cunningham
This document discusses how law firms can control costs while maximizing the value of their technology investments. It recommends that firms streamline their IT infrastructure to reduce costs and complexity, freeing up resources to apply technology more to legal practice. Specifically, the document recommends virtualizing core systems, optimizing storage, and consolidating data centers. It also suggests evaluating outsourcing some IT services and using practice technologies like document management systems and relationship mining software to enhance client services. With good leadership and the right balance of people, process and technology changes, firms can improve productivity, client relations and gain efficiencies from their technology.
Managing partner retreat using technology to streamline the practice of law...David Cunningham
The document discusses using technology to streamline legal practices. It addresses managing electronic content, risk management, alternative fee arrangements, and improving collaboration. Some key technologies that can help include email archiving, document management, matter-centric content management, and client portals for alternative fee arrangements. The technologies can also help reduce risks, increase cohesion across firm offices and with clients, and engage clients more through access to matter information and lawyers.
Law journal news it is dead article; long live it controlling costs while g...David Cunningham
This document discusses strategies for law firms to control technology costs while maximizing the benefits of technology. It recommends that firms shift their focus from infrastructure to applying technology to legal practice. With strong IT leadership, streamlining infrastructure through consolidation, virtualization and other measures, firms can reduce costs by at least 15% over three years while improving reliability, recovery capabilities and lawyer satisfaction. The document also discusses how electronic redaction software can help firms more efficiently redact sensitive information from large document productions compared to manual redaction methods.
Risk management for law firms chapter 1 ark 2009 by dave cunninghamDavid Cunningham
This document provides an overview of effective risk management for law firms. It discusses that risk management involves balancing risks and opportunities to positively impact a firm's competitive standing. While risk responsibilities were traditionally fragmented, firms are increasingly taking an enterprise-wide view of risk management led by roles like the general counsel. The document outlines key types of risks facing law firms and how risk roles and responsibilities are evolving to take a more proactive, holistic approach to identifying, assessing, and monitoring risks across a firm. It provides guidance on implementing an effective risk management process including communication, context-setting, assessment, treatment, and ongoing monitoring.
Risk management for law firms chapter 2 ark 2009 by meg blockDavid Cunningham
This document discusses governance models for managing conflicts of interest and new business intake at law firms. It begins by outlining the risks of the traditional "hub-and-spoke" model and argues a new centralized model is needed. The document then describes two models - the distributed hub-and-spoke model where clerical staff handle conflicts clearance, and the centralized pyramid model with a specialized research team. It argues the pyramid model places the interests of the firm over individual lawyers and allows for more thorough factual analysis of conflicts.
Ltn 2010 02 risk glossary by dave cunningham on page 23David Cunningham
Toronto-based Gavel & Gown Software has introduced its Amicus 2010 line of practice management software. The suite includes premium and small firm editions of Amicus Attorney 2010, as well as Amicus Accounting 2010 and Amicus Mobile 2010. The upgraded software features an improved calendar function to help users track adjournment histories and prioritize events and deadlines. It also includes enhanced file management capabilities.
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
The document summarizes key information security regulations relevant to law firms, with a focus on encryption requirements. It discusses regulations including HIPAA, ITAR, Massachusetts Data Privacy Law, Safe Harbor Framework, Red Flags Rule, and ISO 27001. The Massachusetts law requires law firms to encrypt transmitted records containing personal information, data stored on laptops and portable devices if technically feasible, and use access controls.
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
The document discusses using technology to reduce costs associated with key legal issues. It focuses on using technology to improve efficiency, reduce costs and risks around data privacy, email management, and alternative fee arrangements. Specific strategies are proposed for implementing alternative fee arrangements, managing email lifecycles, and protecting sensitive client data.
Ala 2005 rfp best practices by dave cunningham apr 2005David Cunningham
The document discusses improving the request for proposal (RFP) process. It suggests that RFPs should be used sparingly and that an effective selection process involves identifying new processes interactively and phasing selection and implementation. It provides tips for improving RFPs such as framing the business issues, establishing realistic scope and involvement of subject matter experts. The document also discusses example selection processes and a case study of IT outsourcing RFP.
It sourcing threat or opportunity by dave cunningham- feb 2004David Cunningham
The document discusses IT outsourcing in law firms, noting that while some firms outsource to reduce costs, most do so to improve IT services. It identifies common IT functions that are outsourced, such as help desk support and infrastructure management. The document also provides an overview of the outsourcing market for law firms, suppliers, and typical service level agreements. It argues that conducting sourcing assessments can help firms make informed decisions about improving IT effectiveness through insourcing or outsourcing.
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
The document discusses a presentation on leveraging IT in times of fiscal restraint to support evolving law firm business models, with specific focus on data privacy and security risk management and competitive advantage. Speakers include CISOs and IT risk managers from law firms who cover topics like data regulations, examples of regulated data, information security roles, ISO 27001 certification, audits, components of information security programs, service provider management, and contractual controls. The presentation then ends with a question and answer session.
The Most Inspiring Entrepreneurs to Follow in 2024.pdfthesiliconleaders
In a world where the potential of youth innovation remains vastly untouched, there emerges a guiding light in the form of Norm Goldstein, the Founder and CEO of EduNetwork Partners. His dedication to this cause has earned him recognition as a Congressional Leadership Award recipient.
Satta matka fixx jodi panna all market dpboss matka guessing fixx panna jodi kalyan and all market game liss cover now 420 matka office mumbai maharashtra india fixx jodi panna
Call me 9040963354
WhatsApp 9040963354
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART KALYAN CHART
Enhancing Adoption of AI in Agri-food: IntroductionCor Verdouw
Introduction to the Panel on: Pathways and Challenges: AI-Driven Technology in Agri-Food, AI4Food, University of Guelph
“Enhancing Adoption of AI in Agri-food: a Path Forward”, 18 June 2024
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
Discover the Beauty and Functionality of The Expert Remodeling Serviceobriengroupinc04
Unlock your kitchen's true potential with expert remodeling services from O'Brien Group Inc. Transform your space into a functional, modern, and luxurious haven with their experienced professionals. From layout reconfiguration to high-end upgrades, they deliver stunning results tailored to your style and needs. Visit obriengroupinc.com to elevate your kitchen's beauty and functionality today.
The Steadfast and Reliable Bull: Taurus Zodiac Signmy Pandit
Explore the steadfast and reliable nature of the Taurus Zodiac Sign. Discover the personality traits, key dates, and horoscope insights that define the determined and practical Taurus, and learn how their grounded nature makes them the anchor of the zodiac.
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...Herman Kienhuis
Presentation by Herman Kienhuis (Curiosity VC) on developments in AI, the venture capital investment landscape and Curiosity VC's approach to investing, at the alumni event of Amsterdam Business School (University of Amsterdam) on June 13, 2024 in Amsterdam.
Efficient PHP Development Solutions for Dynamic Web ApplicationsHarwinder Singh
Unlock the full potential of your web projects with our expert PHP development solutions. From robust backend systems to dynamic front-end interfaces, we deliver scalable, secure, and high-performance applications tailored to your needs. Trust our skilled team to transform your ideas into reality with custom PHP programming, ensuring seamless functionality and a superior user experience.
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...Adani case
Time and again, the business group has taken up new business ventures, each of which has allowed it to expand its horizons further and reach new heights. Even amidst the Adani CBI Investigation, the firm has always focused on improving its cement business.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
AI Transformation Playbook: Thinking AI-First for Your BusinessArijit Dutta
I dive into how businesses can stay competitive by integrating AI into their core processes. From identifying the right approach to building collaborative teams and recognizing common pitfalls, this guide has got you covered. AI transformation is a journey, and this playbook is here to help you navigate it successfully.
NIMA2024 | De toegevoegde waarde van DEI en ESG in campagnes | Nathalie Lam |...BBPMedia1
Nathalie zal delen hoe DEI en ESG een fundamentele rol kunnen spelen in je merkstrategie en je de juiste aansluiting kan creëren met je doelgroep. Door middel van voorbeelden en simpele handvatten toont ze hoe dit in jouw organisatie toegepast kan worden.
Call 8867766396 Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian M...
Ilta 2009 law firm risk management can it grow profitability - panel member dave cunningham aug 2009
1. Law Firm Risk Management: Can It Grow Profitability? Moderator: Adam Hansen Director of Information Security, Sonnenschein Nath & Rosenthal Panel: Pat Archbold , VP of Risk Practice, IntApp David Cunningham , Managing Director, Baker Robbins & Company
2.
3.
4. Legal Risk Types Risk Types Example Risks Key Roles IT Systems : Continuity, Recovery, Security, and Access Management. Data : Confidentiality, Integrity, Ethical Walls, Retention, Data Protection, Data Transfers, Hosting of Third-Party or Client Data. Third Party Suppliers : Maintenance/Support, Contracts and Outsourcing. CIO, General Counsel Financial Audit, Financial Internal Controls, Financial Transparency and Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks. CFO Practice Management Client Relations, Lateral, Professional Responsibilities (including malpractice, conflicts, records, and litigation support), and Professional Development Risks. Practice Leaders, General Counsel, Directors of Conflicts, Records, Lit Support, Library, and KM. Strategic / Corporate Firm Governance, Risk Management Governance, Reputational, Marketing, and Market Risks. Managing Partner, Marketing Director, General Counsel Operational Employment, Fraud, Damage to Assets, and Insurance Mediation Risks. HR Director, COO, General Counsel Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
17. Future: Risk Register/ERM Like-lihood Conse-quence Risk Priority Level of Risk Likelihood Rating Consequence Rating Adequacy of Existing Controls The Consequence of an Event Happening The Risk: What can Happen and How Can it Happen? #
18. Future: Client Requests 2009 Clients have asked firm for additional protections: 86% 2007 Clients have asked firm f or additional protections: 61%
19. Intake and Insider List Management Workflow software to manage intake processes Matter designated “ confidential” “ firm confidential” “ price sensitive” Tracks access, locks across systems, hides matter names Next Steps: Integrate Risk and Technology Management Insider List Management
Various Assigned Points: Pats Notes: Loss Prevention: Claims (claim defense), fee disgorgement, litigation costs (holds, time etc) Cost Savings: Operational Efficiency One of our clients put down on paper the three FTE’s they would replace by name, after they automated new business intake/user provisioning One client replaced one FTE based on how they were going to automate their confidentiality management. Competitive Edge ISO Certification being sought for Government business etc Reputation: Above the Law: won’t name names but large firm had leak of associate reviews due to a search tool that hit information that was not secured, corporate legal reads this, they will ask some questions next time around. “ the biggest injunction you could face is a client leaving” One firm had a OCG that said anyone working for the bank would not work for the borrower, bank client came in and a lawyer who had sued them in a past life was in on a project meeting.
Insurance Private Equity markets already use the big accounting firms to analyze insurance and promote risk management to leverage costs of insurance, typically a leading indicator. 3 rd largest expense on law firms books after rent and salary. Insurers have lost money like everyone else, rates are going to go up Annual insurance reviews set premiums, underwriters want to assess their risk, lawyers often don’t articulate what has been covered, reach out and proactively have the discussion to present what you have done and offer to document and help. Any broker will tell you that this can impact the discussions. Think like you are a business owner. Claims against firms are increasing, lawyers are perceived to have deep pockets, sue for receivable, expect a counter claim, tail of claims will occur even after recession ends. Cyber coverage being defined, it used to be that malpractice fell under general liability, now it is carved out, waiting for similar around cyber SIR Levels: The more confidence your insurance partners have, the higher SIR they may be comfortable in taking on. Long term effort to build a competent risk team, start small. Claims are the single largest contributor to increases in rates. Underwriters have a vested interest in your continual improvement in risk management. Risk Management budget funds often don’t get used, ask your insurance partners. Look at the Korn Ferry article and Stuart Pattisons comments, not only is it the insurance claim aspect buy your firms’ reptuation, if you can’t stay competitive with peer firms????
Pat UK legal market regulated by FSA and SRA Rule 5 is a list of rules on how the firm operates SRA Completing audits of law firms and coming in to check how they are managing risk, Rule 5 sets out a list of rules on how the firm operates, worth a look, risk register concept later Rule 3 around conflicts anticipated to change and will allow UK firms to be more aggressive at winning corporate work, if they have a compliant “information barrier”, US firms working in the UK typically abide by US conflicts rules and are at a disadvantage. FSA looking to defend existence and is focused more on law firms. MarketWatch is a regular update the FSA sends out and has had several public statements on law firms. Insider Reports: “price sensitive” jurisdictional variance. AML is mandatory, requires the firm assign a compliance officer, you will see this title more than GC in the UK. Risk organization grew under that title and is expanding. US Legal Market is self-regulated?? Are they? ABA Model Rules: states have varying interpretations on rules, advertising, on-going training, etc, very slow to change, concerns about self interest US has the title of GC mainly driven by claims against firms, UK does not have many claims against firms. Records was a big driver, e-discovery, courts getting smarter about technology issues. Model Rule 1.10 is the most recent change, has to do with lateral mobility. Started with Ethics 2000 commission, just go done??? Some global firms adopt ABA rules globally and are impacted by this. Says “you can take the lateral on without consent, if you put up ethical wall and give a description of the screen and the lateral and a partner attest to compliance.” Cite judges comments Common elements here is that many jurisdictions are looking more closely at how firms use technology to manage risk and compliance issues. AML, Information Barriers-Rule 4, ethical walls 1.10, Canadian Bar report on Conflicts, New South Wales.
You can see evidence of agencies that are not technically over seeing the legal market starting to focus on the traditionally “protected class” of law firms. The veil of protection because you are a lawyer or solicitor is gone. Similar investigations have taken place by the SEC with less publicity in the US.
Both of these are within the past 6 months and just a sampling of the changes, the fact that this peer group did not exist 3 years ago demonstrates the trend in this area. The ABA is fighting the red flag rules cited above, again a question of “self interest” or “self regulation”? HITECH Act has gotten many law firms scratching their heads as to what they need to do, many of our customers are taking active steps now, goes in to effect 30 days after publication in the Federal Register. Regulations that technically don’t cover lawyers, SOX, do define minimum standards from the SEC for lawyer behavior. IRS requires written documentation of conflicts waivers Client intake management, records management, conflicts management, confidentiality management, docket management
Pat: In 2 years an almost 30% gain in movement towards a centralized risk function. More and more firms are naming an individual to oversee risk issues The good news is that it gets done because someone is assigned. The bad news is that you have little support and a lack of data to get your initiatives funded with resources and tools. How many of you have a full time GC in your firm? How many of you had a full time GC 5 years ago? How many of you know who your insurer is? How many have a budget dedicated to risk management that is outside of your IT budget? ILTA and IT organizations have established a standard for 3-5% of revenue on IT but Risk does not have a set budget and is challenged to get funding, many top risk organizations are developing that standard and tying back to the insurance issues we discussed earlier.
Pat It is tough to decipher the org charts based on titles, some handle claims, some operational issues like conflicts/records or intake, some insurance, some policy?? Externally you need to be cognizant of your insurance issues, brokers etc and how IT can help to best position the firm. Clients drive risk initiatives: One of our early confidentiality management clients was based on a client demand due to a merger. IT is fundamental to almost all of the risk challenges a firm faces, many examples.
2/3rds of the amlaw 200 have a GC, org charts are growing under them this is an org chart from a 1000 lawyer firm) In order to bridge the gaps many firms have built a coherent organization. If you are a global firm this makes sense, how can you possibly execute on this if you are a 300 lawyer firm? You can’t but you need the same sort of communication and decision making ability. Just as there was no marketing department 10 years ago, there are few risk organizations but they will be a standard. Your mandate is to identify the areas you can patch up now to better manage risk. And, you can’t really see the details, but we’ve seen firms start to organize a distinct risk management organization that includes stakeholders across the firm I expect you’ll see more of this
The buzzword in IT for the past several years is the concept of matter centricity, saving all information in a central place to make it easier for lawyers to find things. How many of you have deployed a matter centric environment? How many of you have search tool? How many of you have an Enterprise Confidentiality Management solution? The main driver behind this is to better organize emails and improve how information can be managed as a record. The other big buzz word in legal IT and KM circles is “enterprise search” the IT people want to provide lawyers with a google like search capability for the information inside the firm. So they go ahead and analyze vendors (recomind, autonomy/IWOV, Microsoft, google) they install it and start testing and find it works great to find things that otherwise were not easily searched. Recent Above the Law article about associate reviews being exposed.
CRO is common in Corporate arena and now one global firm named a CRO last year, seems to be where it is going. Many lawyers that don’t want to practice but want to be engaged in a private law firm setting. Modeling the corporate space and the idea of GRC, one person can’t oversee it all, you need to build this in to the fabric of the firm.
Pat: Partnering with several UK and US firms to discuss the best way to leverage technology and risk investments to impact insurance and compliance initiatives Goal is to delegate risk management to the functional areas and report back to a central team like the CRO. HR, IT, Practice Groups etc all have duties to manage risk. This is a very easy way to demonstrate a ‘consistent, risk based approach” that the insurance and regulators like the SRA are asking of firms. Build a culture of risk awareness. How many of you have a full list of the risks you need to manage at the firm? DR, environmental, compliance, conflicts, ediscovery,
Our organization spends significant time dealing with this issue 25% increase over the past two years, 86% indicated they have seen an increase, curious what this audiences response is? Have you seen an increase in the number of client requests coming in? OCG, Bank not borrower etc, lateral hires. In an Ark session last Summer in New York we heard from the legal administrator at Axa Prudential We have compliance and privacy officers WE are governed by SOX etc I hate to use the V word, but you are a vendor You will be treated like every other vendor Anticipate questions RFP’s, government clients, stimulus spending ISO certification Audits Differntiate by demonstrating a process
Pat: Get involved in risk peer groups and study the issues, insert how IT can assist. One example, confidentiality working group as a part of our Global Risk Roundtable series, West Legal Education, The working group tied together the confidentiality lifecycle and determined that integrating intake and confidentiality is important. As an IT professional you can greatly assist the GC in assessing where the holes are, do this before it causes an issue and present management the data, they will not come to this on their own but when it fails they will come to you. Many matters are confidential but not an ethical issue, Madoff, Spitzer, Madonna, whatever the reason. To apply rules you need to have the data, matter intake is the chance you have to get it. You need seasoned experts that und Insurers are more and more starting to look for firms that can demonstrate consistency in process. By applying business rules you can also automate which information gets tracked and delivered in a report. We can tell what office the matter is billed out of from the PMS, if Germany and tagged as price sensitive, then deliver this additional set of data or different criteria to produce the data Assuming you actually got the lawyers to pay attention this something like this?, is it the best use of a highly paid lawyers time to be tracking and even thinking about these issues. If you free up even one hour for a lawyer the ROI is large independent of the process and accuracy argument.
Most US firms, unless you are an ALAS firm or self insured, have a risk management budget available, you can’t buy software or implement a tool with those funds but you certainly can pay to assess records, conflicts, confidentiality, etc Money often goes unused and GC’s don’t think about how IT might leverage those funds to get your house in order, not a lot but worth the research.
Pat; Hopefully you are never forced to get certified but you should start planning. As client requests increase, you should understand the various certifications and you don’t need to be officially certified but you should start to put processes in place that will ease the transition down the road, it takes a long time to get there and anything you do now will prepare your firm down the road. Educate the lawyers on these, they typically don’t have a clue. Norton Rose took on an initiative to get ISO certified, they compete with the Magic Circle, top 5 UK firms. They are seeking anyway possible to differentiate. One way, particularly for regulated clients or government clients is to have a certification, ISO, BSI 31100, Lexcel, From the COO’s desk they embarked on this process and are leveraging that for competitve gain. Confidentiality management was a part of this but general information management policies and procedures are critical, how do you demonstrate compliance. Many firms are working on this to respond to client requests.