Better data, less risk by Graham Moore, Katchr
This article was originally featured as a column in the July issue of LPM. To read the issue in full, download LPM.
One aspect of management law firms fall short with is using data to minimise risk.
Risk is a very broad topic that must be considered by all firms from financial, regulatory, legal process, business environment, physical environment and reputational angles. Some risk areas are clearly outside the scope of data held by firms – for example, the risk of flooding. But other risks, particularly financial, regulatory and legal process can be easily measured and monitored using existing systems and through better use of collected data.
Take financial risks associated with cashflow, for example. Running out of cash has been the primary cause of law firm failures in recent years, yet monitoring and even predicting cashflow is a relatively straightforward process, providing the right data is available.
A subtler cash-related risk is non-payment of bills by clients. This is a well-aired theme of many law firm management consultants today, and the consensus is that the best way to avoid debtor disputes is better communication – updating the client before costs exceed estimates. How do law firms make this happen? They simply need to make every fee earner responsible for recording a costs estimate and updating it, with client agreement, every time actual costs approach the estimate. Make this into two performance KPIs – number of matters with no costs estimate and number of matters within X% of costs estimate – and then monitor with the usual carrot and stick.
Not only will such a process encourage the right behaviour in the future, it will also give firm management an ongoing measure of the value of this particular risk – unless of course they would rather not know.
In a recent survey of our own clients, the majority (over 70%) stated that primary responsibility for managing risk lies with the compliance officer or managing partner/ director. While these individuals may carry a regulatory responsibility, I would argue that most risks are effectively managed at the coal face. The centralised management of risk across an entire firm is a daunting and, some would argue, impossible task. Surely devolution of responsibility is the only way to effectively ensure all risks are effectively surfaced and appropriate follow-up action is taken.
In our experience, most law firms have significant amounts of risk data buried in practice management systems. The problem they face is in extracting useful information from that raw data. We find firms are often able to point to data relating to missing client care letters, file reviews, client identity checks and undertakings not discharged. They also have data relating to potential accounts rules breaches, inactive matters (potential complaints) and limitation dates. What they lack is a systematic approach to turning this data into actionable information, assessing the overall risk to the firm and communicating that to all stakeholders.
There are three principles I would always advocate for a data-driven approach to minimising risk. First, record all the data – information in people’s heads is no use if you want an objective approach to management. Don’t use spreadsheets – Excel is a great tool for the right job, but there is no substitute for a centralised database. And finally, devolve responsibility and communicate – set KPIs for all staff relating to risk and then ensure they have easy access to those KPIs.