The challenge posed by file audits and the question of how to go about them

From enquiries received by the Master Policy team at Marsh, it seems that more practices than ever before have introduced, or are thinking about introducing, file audit procedures. It is clear that, while many practices see advantages of obtaining management information which file audits can bring, once they embark upon the process of devising and introducing a file audit system they find it to be more of a challenge than initially anticipated.

Questions which arise include: What should we audit? Should we audit partners’ files as well as other fee earners’ files? Should we audit only closed files? How often should we carry out an audit? How many files should we audit? Who should carry out the audit?

File audit processes will vary from practice to practice, reflecting not only the specific needs of the practice but also acknowledging that audits can be carried out for different purposes possibly requiring different approaches. There is no one-size-fits-all solution.

Compliance with practice procedures

Although a file audit process can be aimed at reviewing the quality of advice given to clients, significantly (in the context of risk management) a file audit process may be designed to establish whether there is evidence on file that fee earners are complying with the systems and procedures which the practice has introduced to minimise the risk of complaints and claims. This procedural audit approach can also be used to check compliance with practice rules, such as those relating to anti-money laundering, conflicts of interest and terms of engagement.

Case study

A & Co’s practice manager decided to carry out a file audit to ascertain the extent of the practice’s compliance with the Solicitors (Scotland) (Client Communication) Practice Rules 2005. Although he found that terms of engagement had been issued in all cases, he discovered that there was widespread non-compliance with the practice’s rule that only terms of engagement in one of the styles approved by the practice’s risk committee should be issued to clients.

The following list of audit checks is by no means comprehensive but could be used as a starting point in devising a file audit checklist. The Master Policy claims experience shows that absence of risk controls, or non-compliance with risk controls, are common causes (or contributory factors) of claims or, in the event that a claim is made against a practice, may reduce the likelihood of a successful defence of the claim.

Addressing practice’s claims experience

Analysis of the practice’s own claims experience will reveal the common denominators, recurring factors and underlying causes of claims. A risk-specific file audit process should enable the practice to establish for its own benefit that the risk management systems and procedures introduced to prevent recurrence of claims are being complied with. If it has top-up insurance, the practice might well have to satisfy top-up insurers of targeted and effective risk improvement in certain circumstances. Such a risk-specific approach might also be appropriate where issues have arisen that require to be addressed urgently, as in the following example.

Case study

A claim had recently been made against B & Co arising out of their failure to raise a court action within the applicable limitation period of two years on behalf of a client who had sustained personal injuries in an accident on board an aircraft. B & Co decided to carry out an audit of all open personal injury files where there were potentially such unusual time limits to make sure that the correct critical date had been identified, advised to the client and diarised.

Compliance with agreed service standards

Case study

C & Co handle a large number of reparation actions for an insurance company and have a service level agreement with their clients covering such matters as time limits for acknowledging instructions and submitting their initial report on liability and quantum. Representatives from their clients will be coming into the office in three weeks time to carry out an audit.

It is not uncommon for service levels to be agreed with commercial clients, particularly where practices are carrying out volume work for those clients; nor is it unusual for such clients to insist on carrying out their own audits. An internal audit procedure should discover whether fee earners are aware of, and are applying, the provisions of the service level agreement. If it is found that there is widespread non-compliance, the reasons can be addressed in advance of any external audit by the client – for example, perhaps the relevant fee earners are unaware of the agreed service levels or need more training; perhaps their workloads are too heavy; perhaps more support staff are required. It is much better for the practice to discover any such problems before the client does.

Conducting an audit

Where the file audit requires the completion of one or more checklists from documented information to verify whether or not the practice’s risk management systems and procedures are being observed, the audit could be carried out by anyone trained to do it – no special legal or technical expertise is necessary. On the other hand, if the audit involves a more substantive, qualitative assessment, for example involving the review of the quality of advice given to the client, it may require to be carried out by a fee-earner, perhaps by an experienced solicitor.

Both the frequency of file audits and the number of files to be audited are likely to vary from practice to practice and may also be dependent on the purpose of the audit as well as the number of files potentially auditable. For example, in the case study relating to B & Co, it would be necessary to audit all files of a particular type in order that the practice could be satisfied that no similar problem existed.

If the purpose of the file audit is to monitor compliance with a service level agreement with a particular client, it might be thought necessary to audit all the files, perhaps on a regular rolling basis if there are a large number of them. Otherwise, in principle, a practice may take the view that it would wish a sufficient number of files to be audited so that it could be satisfied that the files selected for audit were likely to be representative of the practice’s files as a whole. Practical, logistical, and resourcing issues clearly require to be taken into account in planning an audit process.

Practice management or case management systems may contain built-in risk controls and may provide a convenient means to carry out remote electronic file audits.

Analysing the results

The following case study was included in the materials for the Risk Management Roadshow 2008.

A firm’s latest internal audit results are shown in the following tables and charts

How do you rate the firm’s performance based on this snapshot?

Terms of engagement – Why is the percentage not 100%? There may be a good reason for this – perhaps some of the files audited related to matters where in terms of the Solicitors (Scotland) (Client Communication) Practice Rules 2005, no terms of engagement were required.

Critical dates – the practice would expect all litigation files to have the relevant critical date(s) logged and it should be of concern that over a four month period the highest recorded percentage is 75%. Clearly, the practice would wish to carry out further investigations to establish the reason(s) and take any necessary corrective and preventative action.

Conflict checking – again 100% compliance would be expected. While it is possible that part of the reason may be that the practice’s conflict checking process has been complied with but the outcome not recorded on the file, that could only be established by further investigation.


Russell Lang and Marsh

Russell Lang is a former solicitor in private practice who works in the FinPro (Financial and Professional Risks) National Practice at Marsh, the world’s leading risk and insurance services practice. To contact Russell, email:

The information contained in this article provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues.

The Author
Marsh Ltd is authorised and regulated by the Financial Services Authority.
Share this article
Add To Favorites