Building a Strong Risk Culture at the Start of the Year

Your own development is foundational to everything else. Yet many practitioners treat continuing professional development (CPD) as a compliance exercise rather than a genuine investment in becoming a better solicitor.

At the start of the year, consider what knowledge and skills will make you a better solicitor. Ask yourself: What gaps exist in your current knowledge? What emerging areas do you need to understand? What additional skills do you need to acquire? Answering these questions early will help you plan a training program that builds your capability throughout the year. In today's fast-paced world, lifelong learning is essential, and achieving your development goals requires deliberate planning.

It’s also important to think beyond your own learning. Establish development objectives for the firm and create individual plans for each staff member so everyone contributes to a culture of improvement. Identify the firm’s development needs and assign clear levels of responsibility for addressing each area. Hold regular team meetings so staff can share updates and learning.

Schedule learning throughout the year rather than cramming at CPD year-end. Regular check-ins to track development help ensure learning is being applied and retained.

How you delegate work, supervise those who do it, mentor their development, and train them in both the legal work and the skills they need (such as effective communication) and disciplined practice management procedures (such as always making a file note) are fundamental to risk management and firm culture. This development and training can't be left to chance. Structured supervision of junior solicitors and support staff is the key touchpoint to influence, train and mentor the firm’s people into the team the firm wants and needs to consistently generate good-quality work. As you move into the new year, review how well your firm is leading and developing its junior staff. Could you improve this to take the firm forward?

Supervisors should be trained on how to delegate, supervise and mentor staff. It should be a focus and key part of their role, defined in their job description. Allocating time to do it well and scheduling one-on-one supervision sessions is important.

Building trust with team members is important so they have confidence to speak up if they feel something has been missed or an issue needs to be raised. Don't wait for problems to emerge.

Don't assume senior staff don't need supervision. The legal landscape changes, technology evolves, procedures update. Proactive supervision supports everyone's ongoing professional development and risk management.

Plan your regular training and updates. Short monthly or quarterly training sessions on relevant topics (ethics updates, new procedures, emerging legal issues) keep risk awareness top of mind and ensure everyone learns together.

Systematic file audits and reviews are one of the simplest and most effective ways to identify and manage risk. Regularly reviewing both closed and active files helps you spot recurring issues early, ensure compliance with professional standards, and provide learning opportunities for the whole team.

Frame audits as learning opportunities, not blame exercises. Use findings to improve your systems. When you identify issues and fix them, you're building a more competent, risk-aware firm. Use the LPLC file audit checklist when reviewing files. This structured approach ensures consistency and helps you focus on key risk areas.

The systems, checklists, precedents, and templates you use shape the quality and consistency of your work. At the start of the year, take time to review and refresh them. If you've learned something from a matter or a file audit, build it into your systems.

Update your precedent letters and documents to reflect current best practice. Better precedents mean better work, more consistently. Review and strengthen your checklists. Checklists prevent steps from being skipped and help junior staff learn correct procedures. Refine your workflows. Consider if technology can automate any steps. Better processes mean faster, higher-quality work.

One of the most important risk management decisions a law firm makes is what work to take on. Firms that do well are clear about what they do and disciplined about what they don't do.

At the start of the year, review and write down the work you will take on. Be specific. What practice areas? What types of clients? What complexity levels? Equally important: write down the work you will not do. If you don't have expertise in a particular area, don't take it on. If a matter is outside your focus area, refer it out. If a client or situation isn’t a good fit, decline it.

Share this clarity with your team. Everyone should know what types of work your firm takes on and what you turn away. When reception, business development, or junior solicitors all understand these boundaries, you reduce the risk of inappropriate work slipping into the firm.

Cybersecurity remains one of the most significant risks for law firms as cyber-attacks on law firms continue unabated. Conduct an annual cybersecurity audit to assess your firm's vulnerability to data breaches, evaluate backup and recovery systems, and ensure compliance with confidentiality obligations. If you lack in-house cybersecurity expertise, engage a qualified consultant. Talk to your cybersecurity consultant about the latest threat intelligence. Plan any security uplift or development needed throughout the year. The investment in a thorough audit is far less than the cost of a breach.

One specific cyber-activity that can be undertaken in the quieter period is to practise your cyber response plan. This may require the firm come to a standstill for several hours, depending on the cyber-scenario planned. Testing your response plan now means you'll be ready if an incident actually occurs.

Taking the time at the start of the year to strengthen your firm's fundamentals will pay dividends throughout the rest of the year. You don't need to do everything. Pick one or two areas where you'll make meaningful improvements. Schedule it. Put it in your calendar. Assign ownership. And set a timeline. If it's not scheduled, it’s unlikely to happen. Build it into how you work. The goal isn't a one-off improvement project but embedding better practices into your normal operations.

Communication is the key. Involve your team. Communicate why this matters. Get their input. Share responsibility. Risk management works best when everyone understands and supports it.

Most importantly, view risk management as an ongoing cultural commitment rather than a one-time checklist. The start of the year provides momentum, but sustaining these practices throughout the year is what truly builds a resilient, risk-aware firm.