Our webinar training session was this week focused on Risk Management for law firms. (The slides are available here if you are interested). A key part of the training was around the risk register.
In the session we talked about Identifying, Monitoring and Mitigating risks that arise in practice, whether they are “big picture” or “targeted” risks.
- “Big Picture” risks are the types of risks that affect all law firms, such as Anti-money laundering, protecting client money and cybercrime. They would also include business continuity risks.
- “Targeted” risks are those which are more relevant to your particular firm. This would include firm culture, your practice areas, client base and file-specific issues.
Why you need a risk register
A risk register is a simple tool that allows you to prioritise and manage risk that you have identified. It is also the centrepiece of the Monitoring part of risk management.
Without a risk register, you would struggle to persuade the SRA (and possibly insurers) that you have complied with your duty to:
“identify, monitor and manage all material risks to your business” (para 2.5 of the SRA Code of Conduct for Firms)
There is no single best format for a risk register. There are lots of different versions around.
Our free template (in Excel format) can be downloaded below.
- Sheet 1 contains the risk register itself. This is intended to be a live document, updated and reviewed regularly.
- Sheet 2 is the risk matrix (in 5×5 format). This is your way of scoring and prioritising risks.
- Sheet 3 suggests some categories of risk – you might have your own which are more relevant.
- Sheet 4 gives some instructions to help populate the risk register.
Done correctly, a risk register is both an incredibly useful risk management tool as well as a valuable audit trail.