Exchange eNewsletter Exchange eNewsletter
Exchange • Winter 2013 > Thought Leadership > Risk Management for Law Firms

Risk Management for Law Firms

Interview with Risk Expert Elisabet Hardy

Thomson Reuters Elite Vice President of Product Management Elisabet Hardy was interviewed on how law firms can better manage risk. Hardy has an extensive background and depth of knowledge in risk management and understands how law firms and businesses should approach the issues associated with managing risk. “Better risk management that can peer into every part of a law firm is coming, but firms need to take a more proactive approach to risk and information,” says Hardy. “In the legal industry several years ago, the focus on risk was more internal than external today however those worlds are colliding.”

Widening the scope of risk management to get a more global perspective means pulling a massive amount of information together, outside of just processing matters. With this in mind we asked Elisabet Hardy how today's new compliance officers for legal practice and financial can get enough visibility into that information to ensure risk is being managed as well as it can be.

"It’s important to make a distinction between managing risk and avoiding risk,” says Hardy. “Risks cannot be avoided – in any business, and law firms are no different. There are going to be risks that you have to take, but you need to make sure you take the right ones. To make those decisions, you have to have insight into information. You have to have a good idea of where risk is being introduced and where controls are breaking down. This can be very challenging to manage and could require lots of manual work unless you have a unified way to review look your data, are able to think of risk management proactively, and rely on systems to highlight potential issues.”

How proactive can a firm really be and how do you get there?

“It's all in the patterns. You need technology that's smart enough to identify patterns in your systems, your data, and your transactions very early and alert you to something that might be falling out of the norm sooner than you could by running a report or running a metric, for example. Software can see patterns faster than humans can. The checks and balances within workflows and processes that produce the vital information on compliance have to be thought about up front,” says Hardy. “They should be an integral part of the system. Taken together, more proactive systems that play an integral part of a firm-wide IT system and system of behaviors and processes, should produce a firm-wide level of consistent procedures that make firms easier to risk manage,” she says.

The challenge for firms is going to be how do I as the compliance officer build those controls in so that I can get alerted proactively. How do I make that a part of the workflows?

“In the end it's about information architecture, not compliance rulebooks and case management,” says Hardy. Next-generation compliance relates directly to how the firm handles information and how it understands the relationships between items of information. That's the only way to be truly proactive in seeking out possible conflicts, problems and bad activity.”

Hardy says that one of Thomson Reuters Elite’s clients is a good example of this. "One of our clients has done a great job of defining workflows and business processes, and taken into account every step to make sure that the right controls are embedded in that process so that business can flow seamlessly. Any outliers that might be risks can be flagged quickly, and they’re now in the process of doing the same thing across all their locations. It was very interesting to see how they thought about risk proactively: it wasn’t thinking about risk management as an afterthought, it was embedding risk management as part of the business and part of how they think about the business."

Consistent approaches to work across the enterprise is a vital part of creating a more compliant business and a vital component in creating consistency and the ability to control risk and proactively manage processes across the whole legal business — not just legal matters — is the ability to share information across business departments and IT systems. How do law firms ensure this consistency?

"The critical point is that any IT systems should properly share information. They have to share workflows across applications, and this ranges from business development and includes a CRM system, contact management and on to case and matter management — with a very heavy focus there, obviously, on new business intake — right into the financial management system. Systems that can share information and report proactively into the business need more and better risk teams but bigger teams need more automation, otherwise they will be swamped with data. Systems today whether you rely on Thomson Reuters Elite systems or not, have to share information because when risk occurs usually it’s because you can’t put two and two together.”

Back to Elite Exchange front page »