Compliance audits
The Legal Profession Act 2007 (the Act) empowers us at section 130 to conduct an audit (a ‘compliance audit’) of an ILP about:
- ‘the compliance of the practice, and of its officers and employees, with the requirements of [the Act] or a regulation, the legal profession rules or the administration rules so far as they apply to incorporated legal practices’; and
- ‘the management of the provision of legal services by the incorporated legal practice, including the supervision of the officers and employees providing the services.’
The Act is silent about how we should go about conducting an audit other than requiring us to give a report of an audit to the legal practitioner director(s) of the firm subject to audit. It does however give us some powerful clues.
The Australian National Audit Office defines an audit as ‘a review or examination of any aspect of the operations of [a] person or body.’ A compliance audit by that account is a review of a firm’s ethical operations - of the firm’s and its employees’ compliance with their corporate and professional obligations and whether it ‘keeps and implements appropriate management systems’. Our audit power is a power to conduct ethics audits, in effect.
We should direct our energies as auditors not to reviewing policy and procedure manuals and the like and checking them against the best practice characteristics of documents of that kind but to trying to find out how they’re perceived down the line and what actually happens in practice. We should collect evidence about their impacts and outcomes, not about a firm’s policies and procedures per se.
And we should collect evidence about their ethical impacts and outcomes, not their impacts and outcomes more generally. We should collect evidence about the way a firm actually delivers legal services and whether it delivers them ‘under the professional obligations of Australian legal practitioners.’
We have committed with our counterpart regulators in New South Wales and Victoria to achieve a consistency of regulatory practice and we’ve agreed to that end to adopt the ‘education towards compliance’ approach that has been pioneered over recent years in New South Wales.
We want to exercise our compliance audit powers not by conducting ‘spot checks’ with a view to ‘catching out’ those incorporated legal practices that fail to meet their obligations but in such a way as to encourage the highest possible level of voluntary compliance. It’s possible of course that a compliance audit might throw up evidence of misconduct of one kind or another in which case we’ll deal with it, but that’s not their primary purpose. Their primary purpose is to engage legal practitioner directors with problem-solving how they might best develop and continually improve their management systems and processes and workplace cultures to better support and sustain high standards of conduct, and to engage them in a continuing conversation with us about their progress in that regard.
We envisage conducting two types of audit - internal or self-assessment audits that we require incorporated legal practices to undertake themselves, through their legal practitioner directors, and external audits that we undertake, looking in from the outside.
Compliance audit plan
|
COMPLIANCE AUDIT PLAN | |||||
|
Regulatory |
| ||||
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Self -assessment audits
We require legal practitioner director(s) to audit their firm’s management systems and supervisory arrangements shortly after they give the required notice of the firm’s intention to start engaging in legal practice as an incorporated legal practice and we provide them a pro forma self-assessment form for that purpose.
The initial self-assessment audit form includes (as part A) a brief survey asking legal practitioner directors to give us some basic information about their firm including information about its non-legal directors, shareholders, primary areas of practice, the services it provides other than legal services (if any), its estimated gross fee income and professional indemnity insurance claims history.
We require them to return the completed self-assessment form to us within a designated period and we evaluate the information and begin a conversation about what further steps they might take to fix any perceived weaknesses, if any. We will also require them to give us updates every three years or so and to update the basic information about their firm annually.
Go to self-assessment audits and Annual Surveys (this page under construction) for more detail. See also the self-assessment audit form and Annual Survey form.
External audits
Clearly we need to implement a program of external audits to test whether the self-assessment audits legal practitioner directors undertake at our request are giving us a fair and reasonable and for that matter an honest appraisal of the actual state of play. We can’t simply take their word for it.
A program of external audits should meet at least four fundamental criteria:
- it should be and be seen by incorporated legal practices and all our other stakeholders to be credible and robust, and sufficiently credible and robust to justify public confidence in the provision of legal services by incorporated legal practices and that as regulators we’re ‘on the job’, as it were.
- it should be fully consistent with and complement the ‘education towards compliance’ thrust of the initial self-assessment audits. It should make a difference and a difference for the better. It should add value in ways we can point to and defend.
- it should allow for the fact that we will inevitably have limited resources to put to the task.
- it should not add any unjustifiable regulatory burden but keep the compliance costs to incorporated legal practices proportionate to the potential significance of the information we seek to obtain.
We envisage accordingly conducting two types of external audit – short, sharp web-based surveys we expect all incorporated legal practices to undertake at reasonably regular intervals and that are cost-effective both from our point of view as regulators and from the point of view of the firms subject to audit, and more comprehensive on-site reviews.
We envisage ourselves conducting comprehensive external audits only occasionally, and only of those incorporated legal practices we believe are most at risk of non-compliance and in all likelihood even then only of those aspects of their practice we believe are most at risk of non-compliance.
We will design and implement a program of external audits deliberately and as a matter of principle so as not to add any significant additional regulatory burden unless there is some demonstrable risk-related reason that justifies a more intrusive approach.
We will make what we envisage will become increasingly sophisticated risk assessments based on a range of evidence including a firm’s complaints history, our analysis of the firm’s self-assessment audit and the results of the web-based surveys it has completed, and our analysis based on our experience more generally of the kinds of practice and areas and aspects of practice that are most at risk.
Go to Annual surveys, Web-based surveys (ethics checks for law firms) and On-site reviews for more detail.
See also: