Controlling paper and electronic files

How many of us can genuinely answer ‘Yes’ to the following questions?

• Is there a uniform system for dealing with the opening and closing of files?
• Is there a procedure which requires a review of the file to ensure that nothing has been left unattended to?

How many of us can truthfully say that we do have such systems and procedures and that they are consistently implemented?

And yet routine systems and procedures of this type can go a long way to reduce the risk of errors and omissions, oversights and breakdowns in communication that can lead to client dissatisfaction and claims.

File management

It’s been said many times before - Risk Management is as much about good housekeeping and good management as it is about good legal advice. If files are being well managed -

• every file should be readily locatable
• correspondence and documents should be neatly filed
• time limits should be clearly noted and diaried
• all work should be regularly reviewed.

If all of that is happening, then you are in control of your files and in a far better position to cope with the more complex, technical aspects of client work.

If those things aren’t happening, then you are not in complete control of the file and there is a greater risk that –

• instructions will get overlooked
• relying on your memory, rather than the file, assumptions will get made, sometimes erroneous
• delays will occur and critical dates will get missed

When you do stay in control of your files, work is bound to be done more efficiently with fewer panics and it is more likely that clients will be kept regularly updated.

What does ‘staying in control’ mean in practice?

It means nothing more elaborate than being disciplined about routine systems and procedures for opening, tracking, maintaining, reviewing and closing files. The Society’s ‘Better Client Care and Practice Management’ manual contains practical guidance on this, most of which is just a matter of common sense.

File Review/Audit

How do you ensure that there isn’t a file at the back of the bottom drawer of your (or a colleague’s) filing cabinet that has been completely forgotten about? How do you ensure that you are doing for your client all that you agreed to do in terms of your engagement letter? Do you simply rely on your memory?

It isn’t the only way, but one of the most effective and efficient ways of doing this is to review your files regularly. There is guidance on this in the Risk Management Flow Chart and Model Procedures issued by the Society in March 1999.

Independent file reviews or audits, by a colleague, are an effective way of monitoring:-

• client care issues - regularity of reporting to clients, speed of response
• management of time limits and deadlines
• compliance with the firm’s own systems and procedures
• workloads

These reviews can also provide an early warning of anything untoward such as colleagues not coping or out of their depth; conflicts of interest; signs of dishonesty.

For sole practitioners with no qualified staff, this arrangement is not so easy to operate, however it may be possible to set up a similar arrangement with another practice providing issues of client confidentiality can be addressed.

How about electronic files?

The genuinely paperless office is still some way in the future, however some firms are conducting at least some of their work on the basis of electronic files with the paper file being the back up.

While some issues are unique to electronic files, many of the issues are common to both formats. Equal care needs to be taken with the organisation of filing systems whether they be paper or electronic. Well organised files and filing systems make it easier to locate, review and update files while badly organised systems can reduce efficiency, create confusion and introduce risks.

Some firms have agreed that their clients may (a) conduct audits of files to satisfy themselves as to the quality of work and compliance with service standards or (b) access electronic files to check the status of transactions etc. In the latter case, clearly the structure and content of the electronic files must be well organised, otherwise the client will be unable to locate his file or to ascertain the up-to-date position.

The electronic file, properly operated, certainly gets over the problem of not being able to locate a file. Nor should there ever be complaints of filing not being up to date. When developed into a case management system, electronic files should facilitate –

• supervision of delegated work
• review of colleagues’ work and workloads
• flagging up ‘skeleton’ or dormant files
• checking that critical date warnings have been actioned
• ensuring that outstanding matters are not overlooked         

With case management systems, everyone has to operate in a consistent manner. ‘Maverick’ behaviour will show up quickly and cannot really be accommodated.

Risk issues exclusive to electronic files

The research by Charles Sandison referred to in last month’s article identifies some of the risk management issues that are exclusive to electronic files.

Back-ups - there clearly needs to be a properly structured system of backing up data and, specifically, having a back up system for your diary/reminder systems.

Training - there needs to be a proper understanding of specific IT risks, otherwise the risks will not be effectively addressed by all concerned.

Secure authorisations - these can take the form of user IDs and passwords and forced paths through the system.

Third party access - where files are held electronically and accessible by clients or other parties, there is a need for secure access and encryption.

Unauthorised third party access - firewalls are part of the defence against access to any confidential data.

Virus protection – these protections need continual updating/upgrading

Disaster recovery plans – while fires and floods can damage paper files too, there are the additional risks of corruption of electronic data by a range of threats.

The information in this page is (a) intended to provide guidance on matters of practical risk management and not on issues of law and (b) is necessarily of a generalised nature. It is not specific to any practice or to any individual and should not be relied on as stating the correct legal position.