Risk steadiness

If you are reading this, you may already be working from home and ineffectually smacking your modem because you’ve been kicked off your office computer network … again. If you’re like me, you may also be trying to work with one hand, while fending off bored young children with the other.

Covid-19 has indeed caught global economies, businesses, health services and governments by surprise. And for me it’s offered some real practical lessons around risk management.

For example, which resources or efforts should have been directed towards planning for, and managing, such a remote risk? Was it ever really that remote? Other lessons centre around how swiftly we should respond – which is difficult to determine when we’re working with an imperfect understanding of the risk. For example, protecting staff from an outbreak would seem to be an immediate priority. At the very least, it will ensure business continuity. However, it would have been a brave risk manager, general counsel or CEO who ordered staff to self-isolate at the beginning of March.

The most important risk-management tool you can have in these rapidly-evolving circumstances is a nimble management team with clear roles and responsibilities – one that communicates daily. Dithering, ambiguity and splintered purpose could be disastrous.

Here are a few thoughts, at the time of writing, on managing the risks that have been presented by Covid-19:

• Governance – Set up working groups, regionally if applicable, to assess, plan and respond to Covid-19 risks by country and office. Make the roles of these groups clear to everyone across the business.
• Remote working – Agree a clear trigger for remote working and phase it in (if you haven’t already). Ensure you have suitable remote-working platforms (we use Citrix) and enough licences. Have everyone test their homeworking equipment and prepare detailed technical guidance for confidential working. Consider solutions to permit, for example, e-signatures and online collaboration.
• Social distancing – Keep abreast of the symptoms to look out for based on current advice from medical authorities and make sure staff know where to report symptoms, so the business can accurately assess its risk exposure.
• Suppliers – Identify suppliers that are key to the provision of services and assess them for Covid-19 risk. Ask them to confirm what measures they have to manage this risk and how they will ensure continuity of service.
• Insurance – Check whether existing insurance provides cover for sustained or high levels of business interruption. Is your professional indemnity insurance sufficient to cover negligence claims arising from lack of staff availability?
• Cyber risks – The risk of phishing attacks on staff will increase, as will the risk of data theft through hacking home computers or personal email accounts. Ensure that protections are up-to-date.

In addition, deputise key leadership positions and start reviewing budgets and expenditure to weather a potentially prolonged period of economic disruption. See the crisis as a ‘burning platform’ to escalate and accelerate business transformation and efficiency initiatives. This may herald a very different way for law firms to work in the future.