This is the second article of a risk management series and covers 10 steps for successful risk management. The first article Eight Steps to Establish a Firm Risk Management Program highlighted the benefits and steps of establishing risk management program and the third will focus on business continuity planning and risk mitigation strategies. The articles are a result of discussions at recent IFAC SMP Committee meetings, which involves practitioners from around the world sharing their perspectives and insights and material included in the Guide to Practice Management for Small- and Medium-Sized Practices, which includes a whole module on risk management, including professionalism and ethics, client engagement, quality control and business continuity planning and disaster recovery.
Ten key steps include:
1. Start with a Quality Recruitment Process
The firm recruitment process should attract high-caliber employees who are trustworthy and honest and have the technical abilities required. Attention should also be focused on “soft skills” including good communication skills and the capability to work in a team, which supports high-performing practices. The references of short-listed applicants should be screened and checked, with any job offer conditional upon satisfactory validation of academic, professional, and reference records.
2. Ensure that Employees are Properly Trained
Good training programs provides employees with the adequate technical, communication and other initial important skills. It should show them how to deliver high-quality work, describe essential communication skills and reinforce the need for a professional approach in their dealings with clients and team members. The PM Guide includes a whole module ‘People Power: Developing a People Strategy’, which covers leadership, managing and retaining employees, recognition, training and development.
3. Do not Delegate Tasks beyond Capability Levels
Delegation is essential to allow for the continued growth of the firm. Good delegation will see that tasks are only delegated to employees capable of handling them. Effective delegation will stretch each employee’s professional skills slightly; the partner or manager must guide the employee through the new or unfamiliar aspects of that work.
4. Ensure that Employees are Aware of Systems and Standard Procedures
Without proper systems in place, the team might not have clear and concise guidelines to work within. In turn, this could lead to the firm risking its professional reputation and losing the confidence of clients. The systems and procedures are an integral part the firm’s approach to quality management.
5. Have a Procedure to Identify Weaknesses or Problems with Systems
Each member of the team should look for any deficiencies in systems. Once a deficiency, weakness or problem is identified, it should be reported to the firm manager or the relevant partner to be addressed and resolved.
6. Employ Proper Review Processes
There should be an established process to review all completed tasks. This is just as essential for senior employees and partners as it is for intermediate and graduate employees. Everyone makes mistakes, and the best way of avoiding any problems which may arise is to have a review system in place. This allows for a second pair of eyes to go over all the work, identify mistakes and correct them prior to incorrect material leaving the office.
7. Maintain an Adequate Spread in the Fee Base
Identify the firm’s “ideal client.” They might be one who uses a broad range of the firm’s services, is not fee resistant and is enjoyable to work for. The firm should be built around these clients.
Every firm will have its larger clients. It should, however, be careful to resist letting a single client or a small group of clients dominate the fee base because if they leave for any reason the firm may be exposed. Where a single client dominates the client base, there is also the risk that the employees might be unreasonably influenced by the demands of that client.
8. Have Adequate Insurance
The principles outlined above are all forms of insurance against accidents. However, the firm will also need to have formal commercial insurance policies in place for protection. The risks are many, for example, an office fire or a professional indemnity claim against the firm. The premiums offer some protection, but they do not cover the firm against all possible losses. While it is simple to say that the best form of protection is to avoid the problem in the first place, it is still prudent to have insurance policies in place.
9. Back up Technology and Records
The need for proper technology and records back-up procedures is critical. For example, consider a complete back-up server for the main files, or cloud back-up options. Frequent back-ups of data must be made and a copy kept off-site. Periodically, run a recovery test to see what happens and check what would happen if the firm needed to restore or replace a file server or key piece of equipment. For further details see ‘Developing A Technology Strategy’.
10. Be Fully Aware of Privacy and Client Confidentiality Guidelines
Finally, professional training puts great store in the need to maintain confidentiality about business information. Complying with both the spirit and the letter of the various requirements (ethical and/or legal) for client confidentiality and security of private information is now a fact of business life. Make sure the team is aware of the high duty of care that is required.