SRA Accounts Rules – where might
the main challenges lie?
Last year, the Solicitors Regulation Authority (SRA) issued some guidance which
set out what processes and procedures they consider would indicate 'above
adequate', 'adequate' and 'below adequate' control environments for a law firm.
Here we set out where the biggest challenges may lie.
Previous documents have summarised the guidance to allow
Compliance Officers for Finance and Administration
(COFAs) and firms to consider how their existing approach,
systems and mind-set maps out against what the SRA
considers above adequate, adequate and below adequate to
look like. Whilst the SRA guidance should be considered as
only that – rather than being strict criteria, they have further
commented that they would only expect firms in the 'below
adequate' section to lead to the issue of a qualified report and
therefore if a firm isn't achieving the level set out as being
'adequate' there is a heightened risk that a qualification will
need to be proposed by the Reporting Accountant.
Therefore, in this document we set out what the SRA is
indicating it considers to be 'adequate' in each of the main
areas of focus and, using our experience of working across a
wide range of law firms, indicate – in a 'traffic light fashion' those areas where we think firms may find it challenging to
meet these 'adequate' levels.
Area
1 Client
money in
client
account
Red
many may struggle to meet
the level described as
'adequate' without system
improvements
Amber
some may struggle to meet
the level described as
'adequate' without system
improvements
Green
most will meet
the level described as
'adequate' already
Systems and approach considered 'Adequate' in the SRA
guidance
Minimal incidents of client money being placed in any account or location
other than a client bank account.
In such incidents, the law firm rectified the issue promptly (within five
working days), transferring client money to an appropriate client bank
account.
No incidents noted of banking client money into a client bank account with
a delay of in excess of five working days (these include money in an office
account that becomes client money through, for example, overpayments,
credit notes issued to clients in respect of paid bills and cancelled
cheques on disbursements).
No incidents noted of transfers between client accounts and the office
account that were not within the Rules and appropriately authorised.
© 2016 Grant Thornton UK LLP. All rights reserved.
Risk that
firms fail to
meet the
standard
Area
Systems and approach considered 'Adequate' in the SRA
guidance
Debit balances on client ledgers are reviewed at least weekly and
2 Overdrawn
necessary action taken to remove the debit balance.
client /credit
office ledgers A listing of credit balances on the office ledger is reviewed at least
shortages
monthly and each credit balance is investigated, fully understood and
action taken where necessary to remove client funds in office account.
3 Withdrawals
from client
account
A client account withdrawals process exists and is adhered to, but is not
formally documented. Withdrawals can only be processed once the
proper authorisation has been obtained.
4 Control
systems
Password access to the IT systems and passwords are changed at
least annually.
IT user access controls are in place.
Program changes to the IT system are always fully documented and
approved before changes commence.
Risk that
firms fail to
meet the
standard
We don’t see this being done
regularly and with the rigour
that will be required to ensure
all balances are being picked
up and resolved in this sort of
timeframe. Potentially
therefore a new area of focus
for many firms.
Note smaller firms may find
some of these IT controls
more challenging to meet.
Leavers IDs and passwords are removed from the IT system within one
month of the individual leaving the law firm.
Firewalls are in place.
IT general controls are documented to a standard that is commensurate
with the size and complexity of the business.
The client accounting system is not fully documented, but notes exist
which support the necessary cycles, e.g. billing, payments, transfers,
new client take on, etc.
5 General
control
environment
The COFA, a member of the finance team or the Internal Audit team
reviews the systems and processes every two to three years and
implements actions for improvement where appropriate.
The COFA ensures action is taken for all issues included in the
Accountant's Report (and any subsequent or additional work
commissioned by the firm).
6 General
Compliance
with
the Rules
A challenge here is likely to
be whether these reviews
are satisfactorily
documented / evidenced.
The COFA, or another appropriate individual within the firm, performs at
least a five-weekly review of SRA Accounts Rules compliance, including
a review of
(i) client bank account reconciliation,
(ii) office bank account reconciliations,
(iii) three way reconciliation of the cash book, client ledger listing and
bank accounts
(iv) breach register.
The COFA, or another appropriate individual within the firm, performs a
review annually, or as appropriate, of the client money control
environment and, where appropriate, takes action to improve
processes.
The COFA, or another appropriate individual within the firm, performs a
detailed annual review of the training requirements for staff – both
finance and legal professionals and ensure appropriate training is
delivered to
these individuals.
If it is not the COFA who performs these tasks, there should be
evidence of reporting to and review by the COFA.
© 2016 Grant Thornton UK LLP. All rights reserved.
Our view is that this is an
area that is being tackled in
an ad hoc way by most and
therefore the challenge will be
evidencing the rigour being
applied. Documenting the
extent and outcome of this
review would be an important
step toward meeting the
challenge.
In many firms annual training
of this nature isn't
documented as having
occurred. It will also prove
challenging to most to be able
to demonstrate that a high
proportion of the legal and
finance professionals have
attended such.
Area
7 Accounting
records
Systems and approach considered 'Adequate' in the SRA
guidance
Risk that
firms fail to
meet the
standard
All client and office transactions are accounted for, either in the system or
through an alternative system (e.g. through use of spreadsheet before
batch processing in the system) by 5 working days following the
transaction.
The law firm would be able to account to clients for client money held.
8 Failure to
account
Residual client balances are returned to clients, although, this can take
up to 90 days. Residual client balances do exist at any one time;
however, the finance team are aware of all of these and are in the
process of returning the funds or of dealing with them in accordance with
Rules 20.1 (k) and/or Rule 20.2.
9 Suspense
ledgers
Where a suspense account is used, items are usually no more than 30
working days old.
The main challenge here is
around whether firms have a
system in place that ensures
that action will be taken on
balances. We often see lists
being circulated but no
remedial action being taken if
a fee earner doesn't follow up
or respond.
In conclusion
We recommend that you map your existing procedures, controls and actions against these requirements to establish, pre period
end the areas where you may not currently be attaining this 'adequate' standard. You can then address any areas of shortcoming
so that by the time the Reporting Accountant's review is performed, you have evidence of action having been taken to enhance
the control environment. We can use our experience to support the COFA, Compliance Officers for Legal Practice (COLP) and
finance team to enhance and refine the systems and controls so as to help manage areas of common breach and focus on
identifying the gaps in fee earner knowledge of the rules so we can work with you to find solutions to issues.
© 2016 Grant Thornton UK LLP. All rights reserved.
SRA Accounts Rules review – helping
you manage your relationship with the
regulator
Whilst on one level, this work is about sample testing
against a set of rules and an assessment of your procedures
and processes against guidance issued by the regulator, we
believe it is our role to deliver far greater value to you than a
simple 'compliance' output. A law firm's relationship, and
reputation, with the regulator in each territory is key and
therefore we will use our experience of the regulatory 'hot
spots' and work with you to enhance your systems and
controls in those areas.
Key elements of our approach are:
• early liaison with firms to hear your views on where the
potential risks lie and to consider which aspects of your
work we may be able to leverage from during our work
• early sample selection to allow you to obtain files
in advance
• extensive use of IDEA (our customised data
interrogation software) to enable us to review and
interrogate transaction patterns in a way that is not
possible in the more ‘standard’ non-IT based approach
• provision of a separate SRA Accounts Rules report to
management, providing constructive advice to help
you to improve each year, rather than just record problem
areas
• supporting the COFA, COLP and finance team to:
– enhance and refine the systems and controls so as to
help manage areas of common breach
– focus on identifying the gaps in fee earner
knowledge of the rules so we can work with you to
find solutions to issues.
Our expert knowledge of the
rules means…
that we can work with you to provide training to the cashier and
fee earner teams and the training and education we can bring to
a firm's finance team and fee earners means we can assist you in
enhancing your systems and processes and lessen the chances
of issues arising in the future.
Peter Gamson
Head of Professional Practices
T 020 7728 2861
E [email protected]
© 2016 Grant Thornton UK LLP. All rights reserved.
‘Grant Thornton’ refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers
to one or more member firms, as the context requires. Grant Thornton UK LLP is a member firm of Grant Thornton International Ltd (GTIL). GTIL and the
member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does
not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or
omissions. This publication has been prepared only as a guide. No responsibility can be accepted by us for loss occasioned to any person acting or refraining
from acting as a result of any material in this publication.
grantthornton.co.uk
GRT102780