Enterprise Risk Management for law firms

Why enterprise risk management matters for law firms

Our Partners from Marsh talk about Enterprise risk management and determining the scope of a solicitor’s duty of care in their latest Risk Newsletter.

Enterprise risk management (ERM) requires the ongoing identification, evaluation, and treatment of key risks and opportunities an organisation faces in order to create assurances regarding its objectives. This process has become a topic for law firms, including in their discussions with clients, insurers, and regulators. These stakeholders are increasingly expecting practices to have embedded ERM as the foundation of their strategy to address evolving risks.

There are various definitions of ERM and differing methodologies, but the main aim of a framework is to:

  • Create a culture where an organisation’s objectives are clear, and that any risks that may have an impact on them are identified, understood, and actively managed.
  • Set controls and monitor their effectiveness.
  • Ensure there is communication about the techniques and that information concerning risks is shared to help build a culture of risk management.

Levels of materiality need to be kept in mind, as there is likely little point in senior management applying the process to every risk a firm faces, although local ownership and control of lower level risks makes good sense.

To continue reading, access the full article here