by Bizibody Technology Pte Ltd


Managing Practice Risks

In today’s business climate, no  law practice can afford to  neglect the active management  of practice risk.

Clients are more educated in their demands, less tolerant of poor service delivery and delays AND they are well aware that lawyers can be sued successfully. While we may adopt a phlegmatic view that as long as lawyers and their staff continue to be plagued by time pressures and human foibles, the threat of negligence claims is a given “constant” in legal practice – in fact, that is why we buy professional indemnity insurance!

However  the  lessons learnt from the demise of Andersen  should not be ignored. A single well-publicised claim can have devastating effects in terms of “reputation collapse” and the actions of a singe rogue

department or individual can affect the survival of the whole enterprise.

While law practices may vary in their appetite for embracing risks, the issue at the core is for the management to decide which risks are acceptable and which are not, and not  to slide into a risk situation through apathy or ignorance. In fact, the word “risk” has its roots in the latin “risicare” meaning “to dare”.

This article addresses the fundamental principle that risk management is a matter of Making Choices about the actions we take.

Risk management encompasses more than accounting for the costs associated with  potential negligence claims. Risk Management is a keystone of good law practice management and embodies a formalised set of enterprise-wide standards, policies and procedures designed to minimise exposure to risk.

Effective risk management can be achieved by adopting these basic principles that apply to every

commercial enterprise, not merely a law practice –

1. Identify areas of exposure to risk

2. Analyse the causes of specific risk situations as identified

3. Devise solutions that address specific risk situations as identified

4. Implement systems and procedures to manage your general risk exposure.

5. Monitor compliance by lawyers and staff; dealing with change management issues as they arise.

Types of Risk

The first step in effective risk management is to identify areas of risk exposure.   Your analysis will form the basis for formulating policies that actively manage all identified threats to the practice.

Most lawyers, when asked what they consider to be the greatest threats to their practice, limit their replies to missed deadlines and  cash flow. If your risk management policy is restricted to avoiding negligence claims and meeting your overheads, then operational and financial risk is all that you need to address.

However, we would like to challenge you to take a much wider  view of risk management  that  includes addressing situations which threaten the “commercial interest or reputation of the Practice”.

The types of risks that any law practice will face can be broadly categorised into the following –

(a) Operational Risk – this involves the management of internal business processes. Operational risk management  includes  processes to ensure that deadlines are kept, work output is monitored and quality standards in client care and service delivery are met.  The other main area of focus under this broad categorisation is the threat to business continuation by terrorist activity or natural disaster. To address such risks, your strategies will include IT  network redundancy, data backups,  off-site storage and disaster recovery plans.

(b) Quality Risk – this addresses ignorance of the law and professional rules of conduct relating to terms of engagement, client confidentiality, conflict of interest rules, etc. The aim of managing quality risk is to ensure that your lawyers and staff are fully equipped to perform  assigned tasks  and their actions meet practice standards. Actions that address  quality risks involve staff recruitment and training programmes, fee earner supervision and delegation;  and engagement policies  (in considering whether  or not  to accept  a new engagement, you will need to consider the skills and experience of your team and the amount of resources available to deliver the service).

(c) HR or Intellectual Risk – this addresses  succession planning, staff departures and partner defections.

The aim of managing HR risk is to ensure  that knowledge residing in the heads of key personnel AND  the goodwill of your clients is retained by the practice when the key personnel leaves. Addressing staff redundancy requires dedicated efforts to promote an environment that fosters knowledge sharing, mentoring and collaboration within your practice.

Knowledge management strategies in law practices tend to focus on capturing and storing “legal” knowledge while overlooking process-specific knowledge. For example, if your IT administrator is the only person with  a working knowledge of your practice’s IT systems  and network passwords, his departure is likely to cause severe disruption and loss of efficiency; at least until his replacement is up to speed.

(d) Strategic or Business Risk – this addresses the effect of a reduction in engagements from a key client or from any given sector of the economy. While market forces may well be outside your control, its impact can be addressed to a large extent by understanding the level of exposure that the practice has in any given industry or practice area; and if necessary, allocating resources to penetrate new areas.

(e) Regulatory Risk – the environment in which law  practices operate is becoming  increasingly regulated.

Apart from the professional rules of conduct by the Law Society, non-compliance with national andinternational directives on money laundering, data protection and records management  will  have a direct adverse impact on your practice.

Identification of Risks 

To make a sound assessment of the specific risk situations in your practice, you should be prepared to –

1. Initiate Dialogue with Staff & Lawyers (at all levels and every department)

Engage positively with your support staff in this process and you will receive constructive feedback on  how things are being done and how they can be improved.

In your discussions with  your partners, do not confine your questions to risks associated with delivery of legal service, but include discussions on business risks and marketing strategy.

2. Study your Practice’s Claims History

This will give you an indication of the areas of weakness in risk management, especially if a pattern of claims shows that they emanate from a particular department or individual. If you are fortunate enough to have avoided being subject to  any claims, then an alternative starting point is your Client Complaint / Client Feedback forms. You can learn not only from your mistakes but also from the “near misses”

3. Study Management Reports of the Practice

Management Reports will  show you how long any file has been opened, movement in  your client account ledgers, amount of work in progress unbilled, which clients have not paid your bills. Use these to identify credit / cash flow risks.

4. Undertake Random File Audits

File Audits involves looking out for evidence of failure to meet the practice’s quality standards, eg, inordinate delays, failure to keep client informed on developments, lack of supervision or monitoring, failure to comply with procedures in relation to key dates, giving of undertakings, safe custody of original documents…etc. These examples are not exhaustive and any practice that is serious about the quality of their service will have devised their own checklist according to the standards they have set for themselves.

When you have completed this process of identifying areas of risk in your practice, you are likely to be faced with a daunting list of risk issues that need to be addressed.

There will be core risks that affect the practice as a whole (eg,  Quality or HR risks). To  varying degrees, depending on the specific department concerned, you will discover that each department has a different risk exposure. What may be a major risk in one department (such as time limits in bulk transactional work) may not be in another (in  commercial practice, greater risk arise from poor communication between the lawyer and the client).  Risks can be prioritised  according to the likelihood of occurrence  o r to the consequence or impact if the event does occur.

The next stage is to decide on a course of action aimed at addressing the areas of risk you have identified.

Management of Risk

An identification of the risks to which the practice is exposed is only half the battle.  Your analysis must be followed up by action which  is likely to  involve imposing more rules, re-engineering current work  processes and generally, exacting greater control over the day to day decisions made  by support staff and lawyers.

Hopefully some of the more obvious risks  will be addressed by existing functions within the practice.  For example, the  finance partner may have devised credit collection policies, or a more efficient way to issue interim bills for work done.  In such cases there may be no need to allocate further resources except to monitor the effectiveness of the risk management activity.

For the other areas not currently addressed, we suggest the following actions –

1. Appoint a “Risk Manager”.

The Risk Manager will  take on active responsibility for implementation of appropriate risk management processes and the ongoing monitoring of these processes. His  role must be clearly defined and receive sufficient authority and support from the Management.

2. Decide on the Risk Management goals or “standards” for the Practice.

Set up clear objectives and a time table for achieving them; including instituting  a regular reporting mechanism to chart  the progress of these initiatives. There must be consensus and commitment to these objectives at executive level by the managing heads of the practice.

3. Record Risk Management Procedures and Policies in writing.

This can be your Office Manual, backed up and supplemented by departmental SOPs which may impose more detailed and rigorous procedures for  specific work processes  undertaken by the department.  These manuals will serve as reference points and t raining guides for the induction of new staff to the Practice.

4. Enforce Risk Management Procedures.

This can be done through “remedial action” for persistent breach or flagrant non-observance.  However, penalties may not always be effective in all cases. A softer approach involving closer supervision or additional training could be deployed instead.

5. Encourage a  Culture of Ongoing and Open Communication.

This is the best way to instil ownership of programmes  and personal responsibility in your staff and lawyers.

Changing the way people work will not be achieved overnight. But you will face less resistance if you explained the reasons for the change and the objectives you wish to achieve.

6. Provide In-house Training

Use these training sessions to disseminate policies and process changes. This will  ensure that the staffknow what is expected of them.

Using PRIMELAW Standards as Risk Management Goals

The Risk Manager will need some guidance on the risk management goals for the Practice.

An effective and useful  checklist  is the PRIMELAW standards. PRIMELAW is the quality mark awarded by the Law Society of Singapore  to law firms in recognition of their efforts and commitment towards achieving and maintaining excellence in practice management standards.

PRIMELAW sets out the objectives for sound risk management in the following areas –

1. Business Planning – to address structural and business risks.

2. General Management  – to ensure that  back office administrative  functions (including HR and communication policies) are functioning optimally.

3.  Financial Management – to address financial risks and to  set the standards for effective management of budgets and cash flow.

4.  Case Management  – to address operational risk such as meeting deadlines, supervision of work output of staff and client care.

Changing Attitudes

Adopting a prescriptive approach in a law practice where the  Lawyers enjoy a high level of autonomy, particularly in relation to the client-partner relationship, is not going to  be easy as no one enjoys having their actions monitored or their discretion fettered.

Change management in any organisation is uphill enough, but  take an organisation as large and unwieldy as a law practice managed by  autonomous “fee-earners” and your task is monumental. Individuals will recognise the need for change when they are in a crisis. The greater challenge is to exact that very change before the crisis occurs and so avert it.

Risk management policies that are enforced solely by prescriptive rules may be seen as an administrative hassle; at worst, a diversion from fee earning activity that is unproductive and inefficient. We propose that you tie desired behavioural change to the practice’s stated Risk Management targets or Practice Standards; thereby making it a virtue to demonstrate these characteristics. This can go a long way to reinforcing key messages, and over time, creating a risk-aware culture within your practice.

An alternative to the prescriptive approach is to increase the individual’s ability to make the right decision in any given circumstance. What you hope to achieve is a “comfort” zone for risk taking so that potential consequences of failure arising from straying outside the zone becomes more severe than the potential satisfaction to be gained from its success.

Individuals are likely to make decisions about what risks they will take, conscious or otherwise, based on their past experiences or perceptions.  By increasing their awareness of the consequences of failing to address specific risk situations, you will be able to influence their decision  making process.

You may discover that sharing “horror”  stories and other cautionary “real life” experiences exert their  influence far more persuasively than any number of prescriptive rules.

Your ultimate goal is to introduce a  Culture of Risk Awareness within your practice. For this, visible and active support from the management is crucial as success can be fundamentally undermined if messages become confused or are not supported by the actions of the leaders. “Leadership by Example” is key to the success of any enterprise-wide change management initiative.


There is no single turnkey solution for successful risk management in any enterprise, let alone the legal profession with all its diversities in practice areas and management styles. To implement an effective risk management programme, you must first address your current risk exposure by analysing the risk to which the practice is exposed. Following that analysis, you can then devise a methodology for changing the day to day decision-making processes of your lawyers and staff.


Bizibody Technology is a  specialist  practice management and technology solution provider to the legal industry in Singapore. As consultants to  the Law Society in the  PRIMELAW Standards and an Approved Training Provider for Practice Management under the Continuing Professional Development  (“CPD”) Scheme, we conduct PracticeManagement Workshops and  PRIMELAW Consulting for Law Firms. You may contact Bizibody at 65 6236 2840 or email info@bizibody.biz