01 Oct A New Approach to Risk Management
A New Approach to Risk Management
Automating legal processes and mitigating risk are two sides of the same coin
There’s a front door and back door into every problem, including risk management. Often, in parallel, there’s a top-down vs. a bottoms-up solution. With something as critical as risk management, most law firms take a back-door, top-down (big-stick!) approach. You can’t blame them. There’s a lot at stake, not the least of which is money and reputation. Human nature being what it is, the top-down approach is not nearly as effective as a collaborative approach that respects the needs and working styles of the lawyers in the firm. Firms struggling to advance the adoption of the electronic file know this lesson well. Simply put, the processes you put into place to manage risk must be easy to automate and natural to adopt—part and parcel of the matter work stream like another box you check—or you are just setting yourself up for failure.
In addition to the people issues, any solution for risk management needs to address the other strategic goals of the firm. Is the firm trying to create standard methodologies in certain practice areas? Is the firm trying to leverage lawyers and staff for a matter across multiple offices? Is the firm trying to simplify the handoff of a matter when someone leaves? Is the firm struggling to stay clear on what data is owned by the firm what data is owned by the client? All these goals—and many others—need to be taken into account when developing a strategy for risk management.
Traditional approaches take a limited back-door, top-down approach
Traditional software solutions take a top-down approach to risk management, designing processes that are flawed from the onset because they treat risk management as an isolated process that is not integrated into the matter work stream. IT adds the risk management software to the stack of other single-focus applications they have in their arsenal. These single-focus solutions almost always rely on the responsible lawyer to proactively notify the risk manager of confidentiality issues. They hamstring themselves with the 1995 assumption that lawyers can barely use a computer and, for the most part, they don’t take advantage of the powerful automation tools available today.
Prosperoware establishes a new gold standard for risk management
Prosperoware, in contrast, takes a holistic view of risk management. Operating under the assumption that every matter requires some level of control, Prosperoware seamlessly builds it into the matter stream beginning with the opening of the matter. We view automating legal processes and mitigating risk as two sides of the same coin. Prosperoware solutions consciously strike a balance between giving lawyers and support staff more latitude in managing electronic files and identifying team members while retaining the firm’s ability to apply policy and confidentiality standards, including information barriers. (We call this “eLatitude.”) And we do this for every stage and process associated with the matter. In short, risk management is an “always on” underlying element of our software versus an incremental “push button” process.
Information barriers are executed by the responsible lawyer
In Prosperoware’s solutions, the need to make information confidential continues to be driven by the responsible lawyer (the matter owner) whether from a client request, protective order, or a concern about the sensitivity of the matter. However, unlike most systems today, which require the responsible lawyer to email the confidentiality request to an individual in the risk management or IT group, Prosperoware gives lawyers the ability to easily create information barriers themselves. A single command executes an information barrier across multiple systems including document management systems and Time & Billing systems and automatically notifies the risk management team and other custodians of the matter and requests acknowledgments.
Distributing control without compromising security
Prosperoware introduces the concept of a matter owner for every matter and decentralizes and distributes process control and security control. This decentralization, made possible by web services, is critical in the context of risk management because it enables Prosperoware to parse tasks in a way that automates legal processes while mitigating risk. For example:
- A matter team and a matter owner are automatically associated with every matter when it is provisioned. The matter owner manages the folder structure as work on the matter progresses and secures the matter at the document, folder, or workspace level without requiring IT support.
- Matter owners restrict or grant access to the matter, sharing work-in-progress documents with the firm while restricting access to sensitive content, such as emails or medical records, to the matter team.
- Matter owners also restrict or grant rights to individual members of the matter team, restricting who can create folders in a workspace, for example.
- The firm can distribute some rights to the help desk, allowing the help desk to manage iManage WorkSite documents, workspaces, users, and groups without compromising security by searching on metadata and performing a number of other pragmatic functions, such as importing and exporting documents in bulk.
- The firm can set information barriers and determine standards of confidentiality with inclusive walls without constraining the responsible lawyer’s ability to manage the matter team.
- The firm can establish granular business rules for documents and emails that control moves, folder, and workspace changes as well as changes in metadata and security permissions. Accidental failure to follow firm policy is automatically intercepted and self-healed.
Mitigating risk at the feature level
This same duality—the ability to automate legal processes while mitigating risk—is at the heart of a number of Prosperoware software features. For example:
- The ability to seamlessly navigate email and content repositories in a browser window as if they were one application gives matter teams a single view of client matter content across multiple systems that is actionable. This feature mitigates risk by giving the firm the ability to identify all of the content sources for a matter and to ensure that all content, not just the content in the document management system, is effectively secured.
- The ability to monitor activity allows firms to set up reward systems associated with activity and to anticipate growth in storage requirements. This feature mitigates risk by raising a red flag related to inappropriate activity.
- The ability to validate that content has been re-filed ensures that the content is associated with the right client matter. This feature mitigates risk by identifying the content you need to put under legal hold.
- The ability to automate a number of core processes, such as the Pleadings Bible, and facilitate secure collaboration on a matter. Electronic templates for tasks mitigate risks by ensuring that lawyers are following the firm’s best practices to deliver good service and avoid malpractice. A secure social wall for collaboration on the matter mitigates risk by providing a clear information trail for all of the court filings.
- The ability to send notifications and request acknowledgements to the matter team when a matter is designated confidential and to the matter team and to the individual excluded when someone is excluded by policy from access to the matter. This feature mitigates risk by ensuring that the firm has policy-driven audit trails that track communications related to a matter, including confidentiality requests.
Want to learn more about Milan?
Read more about Milan from our product page.