Insights

On the Audit Trail

Written by Alex Ktorides
07/04/2014

OFR offers greater flexibility to law firms in how they can achieve high standards through the new SRA handbook and a compliance plan. Compliance Officers for Legal Practice (COLPs) and Compliance Officers for Finance and Administration (COFAs) are key players as “champions of legal risk management”.

File reviews

File reviews are a key plank in compliance and legal risk management, bringing major benefits to law firms. The SRA, which threatens thematic visits and more enforcement in the future, will be pleased to see a robust system of file audits as will professional indemnity insurers, who are also big fans of file reviews. Underwriters place increasing importance on risk management systems and quality control.

File reviews show that a law firm takes quality and compliance seriously. Put simply, by selecting files at random, checks can be carried out to make sure quality is hitting the right level, policies the firm has taken the trouble to create are being followed consistently and they also allow learning to happen. If that wasn’t enough, it’s a fact that file reviews can reduce the risk of future claims and complaints. They also result in lower premiums.

File reviews and audits provide meaningful statistics, and if things were to go wrong, the audit information can be fed into a risk register or other plan and remedial steps implemented.

File review checklist:

1. Are terms of business being sent out consistently with engagement letters?
2. Are clients being told at the outset all the important cost information?
3. Are attendance notes on file?
4. Are complaints handled properly?
5. Is Know Your Customer (KYC) information being obtained?
6. Are information barriers and secrecy agreements being observed?

Running hot and cold

File reviews do what they say on the tin, but a lot can be learned from accountants who have been conducting file reviews internally for many years. They implement a system of so-called “hot” and “cold” file reviews.

Hot reviews are carried out in real time whilst the matter is live. Basically, they are a peer review conducted by someone who is able to work alongside other lawyers and be a resource, sounding board or just a reminder for the person carrying out the work. These types of review should be handled sensitively or the fee earner will perceive this to be an unhelpful layer of bureaucracy. It may be useful to explain that hot reviews are there to avoid problems in line with the law firm’s risk appetite.

How to conduct a hot review

It’s crucial to set relevant triggers:
1. Politically sensitive matters (ask yourself what your law firm’s involvement in the matter might look like on the front page of the Daily Mail) engagements need careful handling. Is advice being given with the PR in mind?
2. Each department should set a financial limit that triggers an automatic hot review. For instance, conveyancing transactions or a series of transactions worth more than £5m for a mid-sized 10-20 partner firm
3. New areas of law where there is a higher risk of things going wrong
4. Where the lawyer is acting for family members or close associates. This type of scenario could give rise to pressure on the fee earner and an independent view may be of great assistance.

Hot reviews should be conducted by a peer who understands the work as well as the firm’s policies. Here, a COLP or COFA can provide crucial advice in selecting the right person and guiding through ethical and other compliance dilemmas. If there is a subject matter expert in the firm, he or she would be ideally placed to advise in this context. This collaboration with fee earners has been known to encourage and improve team spirit.

Finally, a report should be produced to be shared with the fee earner to avoid any ill feeling. The report should also go to a head of department or risk committee if there is one, marking the same as “private and confidential: legally privileged”.

How to conduct a “cold” review

So-called cold reviews take a more traditional approach and should be conducted on a quarterly basis. They can be carried out independently either by the firm’s compliance team or an outside expert. In-depth knowledge of the firm’s policies and procedures will be quickly gained by the external practitioner, who in turn can offer experience and benchmarking.
1. Questionnaires are a great tool for cold reviews, circulated prior to the auditing of the files
2. Select a sample of files from each department over a range of types of work and value
3. The right team of reviewers needs to be selected in terms of their experience and ability. They should be supervised by a risk manager where possible or some other person responsible for the management of the firm
4. A plan should be put in place as well as a report on the findings, which should have a section on how recommendations are to be implemented
5. Typically, the reviewers will look for agreed areas and may assist with maintaining additional standards, such as Lexcel. This will also be of interest to professional indemnity insurers.
6. Use a checklist, such as that listed below, that is firm appropriate and reflects your firm’s culture, work and practices.

File management checklist

1. Are files in the right format and are documents secure?
2. Is the firm meeting data protection requirements?
3. Are Anti-Money Laundering (AML) standards being achieved?
4. Are case management systems and diary systems being used appropriately?
5. Are there engagement letters and are they signed by the right parties?
6. Is there sufficient liability capping?
7. Are duties to third parties being avoided?
8. Are “hold harmless” agreements and disclaimers being appropriately used?
9. Is conduct appropriate within the firm?
10. Is IT use secure?

Quality of advice

A file review can sense check the advice being given and whether clients’ wishes are being taken into account. They can also indicate how clients are treated and whether they are having their options explained to them clearly. In addition, reviews will reveal what is happening when complaints are raised and whether they are being reported to the COLPs and COFAs.

Time keeping or recording, staff training and client care can also be audited, which tend to lead to better practices, fewer claims and complaints.

By implementing these procedures, valuable learning and management information can be gained. COLPs and COFAs also pick up on key issues and as a result will have the opportunity to address them. In this way, a culture of risk management becomes gradually and deeply embedded by the use of file audits and reporting back the results. Ultimately, this can lead to fewer risky firms and more confident lawyers, who are free to advise clients as well as increase billing and efficiency.

Contact the Author

Profile image of Alex Ktorides

Alex Ktorides

After reading law, politics and philosophy at the University of Hertfordshire, I qualified as a solicitor in 1997. In 2007, I went in house, specialising in risk, financial crime and regulation. I joined Gordon Dadds in 2012, before which I was senior counsel at BDO LLP. Recognized in the Legal 500 as a recommended gaming lawyer, I advise and support clients on regulatory issues in sectors including accountancy, legal, property and gaming. The sorts of issues I help with are anti-money laundering, bribery and corruption, defence to investigations/responding to unauthorised visits and criminal/civil aspects arising, as well taking the lead for Gordon Dadds own ethics and risk management functions. Other matters that I deal with for clients are financial crime risk management strategies and technology solutions for the client on boarding process and lean process.

coverage & attachments

Test Attachment
Test Attachment2

Gordon Dadds