Start your contingency planning with a risk assessment

Especially for sole practitioners and small firms, evaluating risk is an essential aspect of contingency planning

Start your contingency planning with a risk assessment
iStock
Kevin Cheung

Lawyers are constantly reminded about the importance of having a contingency plan. For many of us, however, "contingency planning" is a vague and overwhelming phrase suitable for putting off to a later date.

Too often, the emphasis is on the end product – the plan itself, while what we are planning for is assumed to be common knowledge. Where we need to start is to break the process down into manageable parts:

  • Risk assessment;
  • Plan to minimize risk occurrence;
  • Plan for risk occurrence

Conducting a risk assessment for your firm will help you develop an appreciation for the risks that can compromise your ability to deliver legal services. This will establish an understanding of what you are planning for.

Identify key components of your firm
The first step in a risk assessment is to identify key parts of your practice that keep it running. This can range from your computer systems, software you use daily, internet service provider, trust accounts, to your staff and yourself.

Events that could affect the functioning of each component
For each key component, brainstorm a list of events that could compromise its functionality. For example, it could be the destruction of office contents and client materials. A computer might become infected with a virus, or a laptop stolen.

A staff member may need to take a leave of absence, planned or unplanned. The incapacity of you or another lawyer should also be included in this list. While it is tempting to come up with solutions to these events at this stage, the focus must be on identifying reasonably possible disruptive events.

Estimate the probability of the risk happening
Having a sense of the likelihood of a business disrupting event happening will help prioritize risks that most urgently need a mitigation plan.

Minimizing risk occurrence
Once you have completed a risk assessment, you can create risk mitigation plans for each component. For example, for your computer, install and keep virus and malware protection updated.

For you and your staff, a plan to invest in your health should ideally be part of the strategy to reduce the risk of disruptions due to health.

Planning for risk occurrence
Once you have risk mitigation plans, then you can plan a response to each disruptive event. This is where you put your mind to a procedures manual, practice memorandum and a power of attorney for your practice.

Going through these steps will allow you and your staff to calmly and effectively resolve a business disruption, rather than panicking when such an event occurs. A side benefit of having gone through this process for the core aspects of your firm is that you can expand the exercise to higher-level threats, such as a potential upcoming recession, or competition in the market place.

The worst thing one can do with respect to business disruption risks is to do nothing and hope the risks never materialize. Contingency planning is particularly critical for sole and small firms because unlike larger firms, the resources to maintain business continuity during significant business disruptions are limited. Planning for risks that can undermine your ability to deliver legal services is an important task for any lawyer and should not be put off.