Creating a risk register is something that a number of UK Law Firms are looking at as part of the changes brought in on the 6th of October 2011 with the introduction of “outcomes focused regulation“
The question is are there opportunities for Law Librarians to add value to this process and demonstrate our knowledge? I believe there are, but first some context.
On 6th October 2011 the Solicitors Regulation Authority (SRA) of England and Wales introduced ‘Outcomes Focused Regulation‘ to the profession as a ‘risk based’ alternative to the traditional rule book format of the Solicitors’ Code of Conduct. This new approach to regulation was created to help deliver good outcomes for both consumers of legal services and the public interest by being ‘proportionate, targeted and effective’.
Law firms, like businesses, need to take risks in order to be successful and grow. However for a firm to be able to manage its risk exposure, it must first identify its risk profile. Firms which are categorised as ‘high risk’ by the SRA, have been allocated a relationship manager with whom meetings are held every couple of months.
To assess the regulatory risk a particular firm poses the relationship manager needs to receive information from it about its own perception of the risks it faces, including the extent to which other risks (for example operational, strategic, business and financial risks) might impact on regulatory risk and to understand the arrangements it is making to mitigate these risks. As a matter of good risk management practice many firms will record this information by means of an risk register or risk matrix. It is intended that this document will be a working copy to be updated regularly and that any gaps in the risk register can then feed into a risk and compliance plan for the firm.
Typically a Risk Register will contain the following:
- A description of the risk
- The impact should this event occur
- The probability of its occurrence
- Risk Score (a multiplication of Probability and Impact)
- A summary of the planned response should the event occur
- A summary of the mitigation (the actions taken to reduce the probability and/or impact of the event)
The risk register helps communicate what the Law Firm considers are significant risks that might affect how it does business, it also helps Law Firms manage those significant risks, with the aim of lowering all risks perceived as being high or very probable to low or unlikely to happen.
Given that most UK Law Firms will have Risk Management teams and professionals trained in identifying and understanding risks and their potential impact you might be thinking that the role Law Librarians have to play in this process would be minimal. But I believe there are a number of ways in which Law Librarians can add value. First is our understanding of the legislative framework within which we work. There are number of significant pieces of legislation in the UK that affect how Law Librarians and other information professionals provide their services. For example anyone involved of the management of an intranet or any web based tool, should be aware of the implications of the following:
- Regulation of Investigatory Powers Act 2000 (“RIPA”)
- Data Protection Act 1998 (“DPA 1998″)
- EU Data Protection Directive 95/46
- Equality Act 2010
- Defamation Act 1996
- Trademark Act 1994
- Copyright, Designs and Patents Act 1998
And that’s barely scraping the surface, UK Law Librarians should also be aware of legislation like the Digital Economy Act 2010, recent changes to libel law, digital content and platforms and perhaps most significantly issues around the use of open access tools and social networking sites. Demonstrating the impact of infringing these pieces of legislation is something that Law Librarians should be actively involved in and incorporating within a Risk Register. By doing so not only are we demonstrating our knowledge of the legislative framework which we work in but the impact this legislation has on our work, the way fee-earners work and ultimately the services we provide.
Another opportunity provided as part of this process is demonstrating how valuable our work is. Lets say LexisNexis is unavailable for a few hours, yes it’s annoying, but lets imagine that in the few hours LexisNexis is unavailable a fee-earner looks for and finds a case or a case commentary on an untrustworthy or inappropriate source. What’s the risk associated with them doing this? Well it’s quite high if the fee-earner uses this information as part of legal advice to a client. Demonstrating the risk of doing so should be part of the risk register. But there’s also an opportunity for Law Librarians to say, we have some fantastic databases you should be using, also everyone in the Library is professionally qualified and has been trained to identify the best resource to use to answer your enquiry.
Law Librarians, through their interactions with users, also have a good understanding of how individuals are creating, managing and consuming information. With this understanding Law Librarians can add value where there are perceived risks around the management of information, perhaps in the IT Department where individuals will be very experienced at managing backups, processes and infrastructure. But might not necessarily have as good a knowledge of policies, legislation and protocols. Many of which will need to be taken into account when completing a risk register.
In my mind Law Librarians have a key role to play in the production of a risk register and it
offers a number of opportunities for us to demonstrate our knowledge and to show the impact of the tools we use. Finally I read the following quote which is from a Law Librarian in “Adding value in Corporate Libraries and Information Services”
Never describe what we do. Rather we must describe the impact and results of the unique expertise we possess (1)
I thought that was a good way to end this post
(1) Colleen Cable – Cost Recovery to cost prevention – Five steps to success – From Adding value in Corporate Libraries and Information Services edited by Constance Ard: Ark Group (2012)