Risk Management Workshop

Transcription

1 Risk Management Workshop Lexcel: Common Non Compliances in Risk Management Ms Shazia Saleem Solicitor Lexcel Assessor ISO9001 & Auditor

2 Contents Introduction Risk What is it? Risk Identification Risk Treatment/Assessment Common Non compliances in Risk Conclusion Questions

3 Risk what is it? Risk A situation involving exposure to danger (Oxford Dictionary) SRA We take an outcome focused risk based approach to regulation to make sure individuals and Firms we regulate operate independently and with integrity in the interests of their clients and in the wider public interest. FCA We consider risk to be the combination of impact (the potential harm that could be caused) and probability (the likelihood of the particular issue or event occurring).

4 Risk What is it? As Solicitors, our approach to risk management is often determined by a number of factors : - Our regulatory body Our business model Accreditations Stakeholder Requirements Clients

5 Risk What is it? The SRA publish their Risk Outlook annually Contains an overview of: risks for the protection of people who use legal services the operation of the rule of Law & proper administration of justice. Amongst other things, it is designed to help Solicitors & Firms manage risk

6 Risk Identification The 2015/2016 Risk Outlook identified these priority risks A good starting point? How does this tie in with Lexcel?

7 Risk Identification Lexcel Practice Management Standard broadly identifies 3 types of Risk : Strategic Risks Operational Risks Regulatory Risks Risk Index Process approach

8 Risk Identification Risk Index's are helpful in: Identifying risk Categorising risk Providing methodology Risk Profiling Monitoring & Controlling Risk Continual review and improvement A useful example: SRA Risk Index

9 Risk Identification

10 Risk Assessment/ Treatment Identify the Risk Assess/Measure its importance (impact v probability of occurrence) Give it a score Accept, Reduce/Transfer or Eliminate Monitor & Review Continually Improve the QMS Examples provided

11 Common Non Compliances: Lexcel Lexcel: The are three accredited Lexcel bodies: - Inspiring Business Performance Centre For Assessment Recognising Excellence Identified top 5 non compliance areas within Risk Management

12 Common Non Compliances: Lexcel Top 5 : Compliance Plan & Risks Register File Reviews Operational Risk/ Instructions: Opening, Interim and Closing Risk Assessment Bribery Annual Risk Assessment of Data

13 Compliance Plan & Risk Register 5.1 of the Law Society s Lexcel Standard: Practices must have a risk management policy which must include: a) Compliance Plan b) Risks Register

14 Compliance Plan A Compliance Plan: Identify key personnel (COLP/COFA/ MLRO/ CO) State the Practices/ Personnel Authority & responsibility for Compliance Identify key policies crucial to the compliance plan for example: SRA (COLP/ COFA) Solicitors Accounts Rules Accountants Report

15 Compliance Plan Health and safety Anti-money laundering Anti-bribery Data protection Draft the policies Control of documents Diarise key dates for review/ reporting Establish Internal reporting procedures Comply with external regulatory reporting requirements Review and Improve

16 Compliance Plan Auditing experience (examples of Non compliances) How to meet the requirements Implications for large Firms

17 Risk Register Risks Register Lexcel Guidance: The Risks register often divides risks into the following categories: Strategic Financial Operational Compliance Breaches (material and non-material)

18 Risk Register Auditing experience (examples of Non compliances) How to meet the requirements for large organisations Implications for large Firms

19 File Reviews 5.11 Practices must have a procedure for regular, independent file reviews of either the management of the file or its substantive legal content, or both. In relation to file reviews, the practice must: a) Define and explain the selection criteria b) Define and explain the number and frequency of reviews c) Retain a record of the file review on the matter file and centrally d) Ensure that the designated supervisor reviews and monitors the data generated by the file review e) Conduct a review at least annually of the data generated by file reviews.

20 File Reviews Devise rationale for file selection, for example: - Sample size - Frequency - Representative sampling - Risk Profiling - Composition of review - Experience/ Expertise of reviewer - Format - Documented record on file of review and central register of reviews (5.11.c)

21 File Reviews Auditing experience (examples of Non compliances) How to meet the requirements for large organisations Benefits for large Firms

22 Operational Risk/ Instructions 5.12 of the Law Society s Lexcel Standard: Operational risk must be considered and recorded in all matters before, during and after the processing of instructions.

23 Operational Risk/ Instructions Before the matter is undertaken the Fee Earner must: a) Consider if a new client and/or matter is accepted by the practice, in accordance with section 6.1 (client care policy) and 6.7 (accepting/ declining instructions) b) Assess the risk profile of all new instructions and notify the supervisor, in accordance with procedures under 5.4, of any unusual or high risk considerations in order that appropriate action may be taken.

24 Operational Risk/ Instructions During the retainer the fee earner must: c) Consider any change to the risk profile of the matter and report and advise on such circumstances without delay, informing the supervisor if appropriate d) Inform the client in all cases where an adverse costs order is made against the practice in relation to the matter in question.

25 Operational Risk/ Instructions At the end of the matter the fee earner must: e) Undertake a concluding risk assessment by considering if the clients objectives have been achieved f) Notify the supervisor of all such circumstances in accordance with documented procedures in section 5.4 (higher risk profile matters) above. Opening, interim and closing risk assessments must be documented on the matter file.

26 Operating Risk/ Instructions Potential risks throughout matter: - - Venerable clients - Difficult clients/ Clients that are likely to complain - Unpalatable Advice - High Profile/ Public interest matter - Effective management of client care A concluding risk assessment is a consideration of: Have the client objectives been met? Is the client likely to complain? Potential for negligence?

27 Operating Risk/ Instructions Auditing experience (examples of Non compliances) How to meet the requirements for large organisations Implications for large Firms

28 Bribery 5.15 Practices must have a policy setting out the procedures to prevent bribery in accordance with current legislation.

29 Bribery Guidelines for drafting Bribery policy: Set out clear objectives Identify and establish boundaries No exceptions/ No tolerance Create and maintain a register of gifts and hospitality If in doubt, record and report internally Continual review and improvement

30 Bribery Auditing experience (examples of Non compliances) How to meet the requirements for large organisations Implications for large Firms

31 Annual Risk Assessment of Data 5.16 Practices will analyse at least annually all risk assessment data generated within the practice. This must include: a) Any indemnity insurance claims b) An analysis of client complaint trends c) Data generated by file reviews d) Any matters notified to the COLP/COFA e) Any material breaches notified to the SRA f) Any non material breaches recorded g) Situations where the practice acted where a conflict existed. h) The identification of remedial action

32 Annual Risk Assessment of Data Annual Risk Assessment: Collate data/ statistics Identify trends Review policies to ensure effective operation Be proactive, take steps to improve the QMS The role of the COLP/COFA cannot be understated All breaches must be recorded material or non material.

33 Annual Risk Assessment of Data Auditing experience (examples of Non compliances) How to meet the requirements for large organisations Implications for large Firms

34 Conclusion & Questions Questions Thank you Contact Shazia Saleem Solicitor Lexcel Assessor ISO 9001 & Auditor E: T: