This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Let's define the risk universe for professional services firms

News
Share:
Let's define the risk universe for professional services firms

By

By Louise Fleming, Partner, Aretai Consulting

To the best of my knowledge, no one has defined the risk universe for professional services firms (PSFs). There does not seem to be a consistent and widely-accepted industry standard for categorising and defining the risks faced by firms of accountants, lawyers, surveyors and others.

Is this an insurmountable barrier to effective risk management? No. We are all getting on with identifying and defining risk on a firm-by-firm basis. It is, however, a barrier to efficient risk management. We could streamline our approach to managing risk if we had an industry standard for the risks facing PSFs. As well as being more efficient, having such a blueprint would facilitate a more complete and accurate risk assessment by firms.

I am not saying that all firms should slavishly follow a single framework, but it is much easier to have an outline for people to review and challenge than to start with a blank piece of paper. Even in the absence of an industry standard, it is good practice for firms to have a view of their own risk universe.

Below is a four-step process which we could use to define the risk universe for accountants, lawyers, surveyors or, indeed, all PSFs.

1. Categorise risks

To replicate best practice in other sectors, we should start by setting out the risk categories and then identifying the typical risks facing PSFs. Drawing on other sectors, examples of categories might be strategic, credit, market, operational, compliance and reputation.

2. Identify risks

The next step is to identify all the relevant risks that PSFs might face. Some of these will be the same risks as those facing financial or business services companies, or perhaps manufacturers, retailers or charities. Other risks will be specific to or higher profile in our sector.

Where possible, the identified risks should meet the highly technical 'it does what it says on the tin' test. In other words, we need to identify risks that resonate with those running PSFs by using plain language. Risks to achieving our strategic objectives using language that everyone in the business understands.

If your firm already has an agreed risk universe that follows a different approach, you of course do not need to change it. Well, not unless you have missed a whole category of risks or realised you have failed to consider a number of specific risks. If you have identified and assessed the right risks, their categorisation matters less and, on all counts, engagement with business stakeholders matters more.

3. Define risks

Without creating a weighty document that no one will ever read, it is important to define what we mean by each risk. This may only be a sentence or two, but brief risk definitions aid clarity and, therefore, effective risk management.

4. Cross-check risks

This approach of articulating a wider 'risk universe' is not designed to cut across the process of working through risks to achieving the firm's strategic objectives. Risks do not exist in a vacuum. However, a robust risk universe is a really useful tool to cross check the risks identified and to establish whether there are any glaring omissions, duplicated risks or double-barrelled risks (those that should really be split out to be managed separately).

Risk outlook

If you work in the legal sector, you may be itching to remark that the Solicitors Regulation Authority (SRA) has already published a risk universe for law firms. But, you would be wrong. The SRA's Risk Outlook is focused on risks to the SRA's objectives. The regulator is focused on:

  • the protection of people who use legal services;

  • the operation of the rule of law; and

  • the proper administration of justice.


So, whilst the Risk Outlook helps to highlight the biggest risks currently faced by law firms of all sizes, it does so from the perspective of the regulator. The risk of bogus law firms is on the SRA's top eight priority risks, but we would not expect this to be part of a firm's risk universe. Similarly, I hope the risk of 'disorderly closure' is not on your radar.

Whilst law firms will rightly wish to protect their clients and adhere to the rule of law and the administration of justice, their risk management priorities will, inevitably, be the risks to achieving their own strategic objectives. That said, the Risk Outlook should be reviewed as an input to your risk assessment process. It is a tool to help inform your risk universe, if not the answer to the universe itself.

Is this gap in the market something you think we should address? Or do you think someone has already addressed it? Help to define the risk universe for PSFs by joining the conversation on Twitter using the hashtag #PSFriskuniverse.

Louise Fleming has 20 years' experience of working with professional and financial services firms in business and risk management (www.aretai.net)