In November of 2011, I wrote a column on the value of risk management for law firms and put forward the proposition that “[d]espite th[e] considerable grounding in working with risk and counseling clients on methods to minimize and avoid risk, seemingly very few law firms in Canada actually engage in any sort of structured or coordinated risk management activities for their own organizations.” I was recently contacted by a reporter for a legal industry publication to discuss risk management for law firms and thus had the opportunity to reflect on my original statement. When asked a question regarding the growth of risk management in recent years and the adoption of risk management programs by law firms I was reluctantly forced to report the fact that while risk management programs have increased in popularity and use amongst organizations in Canada in general, their adoption in the legal services sector has remained rare.
In an attempt to continue to spark interest in the legal sector in the field of risk management (and in recognition of recent shakeups such as the failure of a significant national law firm), I thought it was time to revisit the topic of risk management for law firms and set out some examples of practical steps that law firms can take in regards to risk. As a starting point for the discussion, it can be generally observed that organizations fall on a spectrum of awareness regarding risk management. At one end of the spectrum is a reactive organization that has no formalized risk management practices and is applying an ad hoc approach to dealing with unexpected events. In the middle of the spectrum is an organization that is aware of risk management and perhaps integrates some level of risk management practice into their everyday business decisions. At the far end of the spectrum is an organization that is addressing risk in a strategic manner through the adoption of a comprehensive risk management program that is addressed in their annual strategic planning process and is integrated into the everyday functioning of the firm.
While there are many different approaches to risk management, a common approach is to follow a step-by-step procedure that begins with establishing the context for the risk management program and ends with the application of what is known as risk treatment. The beginning of any risk management program should entail a consideration of various foundational considerations including establishing baseline definitions of risk for the organization and making clear the goals of the program. The next step in the process is a risk assessment that entails the identification and description of potential risks as well as their evaluation. This is perhaps the most important and time-consuming step. The final step in a basic risk management process includes the development of a plan for the treatment of the priority risks that have been identified. Common treatments include transferring the risk (for example through insurance), terminating the risk (by ceasing the risk generating activity), treating the risk (by engaging in risk reduction activity) or terminating the risk (by ceasing the risk generating activity altogether). While steps above are a considerable simplification of the risk management process, they nonetheless capture the common baseline approach to the subject.
In order to make the above discussion less abstract, it is useful to examine a few of the main categories of risk that may be applicable to an average law firm in Canada and that would be considered in the risk assessment step set out above. A sampling of four of these categories is as follows:
- Economic – Economic risks are those that arise due to changing economic conditions. An example of an economic risk that had a significant effect on law firms throughout Canada was the crash in the global economy that occurred in 2009.
- Regulatory – Regulatory risks are those that are associated with new or changing laws and regulations. An example of regulatory risk was the closing of the tax loophole regarding income trusts that occurred in 2006 that significantly altered many lawyers practices who focused in this area.
- Environmental – Environmental risks are those that are faced due to uncommon, adverse or extreme environmental conditions. An example of an environmental risk that negatively impacted the operations of many law firms in Canada was the ice storm of 1998 in Quebec and Ontario.
- Human Resources – Human Resources risks are those that arise from the management of human resource functions within an organization. The most pressing example of a human resource risk in the legal marketplace today is the failure of many law firms to adequately plan for succession.
As I stated in my original column in 2011 “..risk management has grown to become a multi faceted management discipline that is an important component of the strategic management activities of organizations both big and small.” Unfortunately, in my experience, while lawyers play the role of risk managers for their clients, the legal services industry itself has been slow to adopt formal risk management processes. While the brief comments above only scratch the surface of this complex discipline, it is my hope that they spur some readers on to research the issue further and consider the application of risk management activities to their law firms.