COFA: Firms' planning and processes
By Max Masters
Max Masters explores the practical steps COFAs can take to fulfil their responsibilities
The role of the COFA (Compliance Officer for Finance and Administration) is a challenging one for firms of any size. Larger firms may not dedicate sufficient overheads to implementing appropriate systems and procedures, but those that do certainly see the benefits of this. Many in small and medium size firms experience difficulty dedicating sufficient time to this role when juggling many other responsibilities, be that looking after clients, credit control, AML or other things. Irrespective of size, it is an important role and time needs to be taken to understand the key requirements. If you can do three things, it demonstrates robust systems, as well as being a learning curve to tweak and develop processes.
Implement formal written policies and procedures
It became more important for firms to document systems and procedures in order to evidence that Solicitors Regulatory Authority (SRA) rules have been considered. In our experience, some firms were quick to finalise written policies, and to demonstrate that these are adhered to, but there are still many firms where documentation is yet to be drafted.
For firms that have not yet implemented these formal written policies, we strongly recommend it be done at the earliest opportunity, particularly in relation to:
- Electronic payments
- Receipt and payment of cash
- Three-way reconciliations
- Dealing with client’s own accounts
- Transfer of costs
- Process on completion of the matter
These policies would demonstrate a firm has robust systems and, therefore, a good understanding of accounts rules.
COFA register of breaches
It is not sufficient to just have formal documentation in place. It needs to be regularly monitored to ensure compliance across the firm. This is where the COFA register of breaches becomes useful. Much specialist software is able to produce a register of breaches, but the most useful registers are maintained separately – often on Excel. As well as details of the breach (e.g. date, matter reference, description), they will often include:
- Weakness identified
- Remedial action taken – we would suggest that recommendations are made on how similar breaches can be prevented in the future
- Part of a pattern of recurring breaches?
These breaches should also be reviewed to consider whether the firm should self-report to the SRA.
Maintaining the register in a timely manner is a great practice to have in place, but in itself is meaningless if subsequent steps aren’t taken to address issues and weaknesses. The register should be reviewed frequently, alongside notes of systems and procedures, to determine whether further training is required, if there is a systems weakness that needs to be addressed, or even if systems and procedures are inappropriate and need to be amended.
A further step to demonstrate good corporate governance is for the COFA to regularly report the findings of the register to the management board, to ensure all relevant parties are aware of issues and can make informed decisions.
Internal checks
The firm does not have to wait for the reporting accountants or the SRA to visit to determine whether systems and procedures are adhered to appropriately. COFAs should be undertaking their own internal checks throughout the year.
File reviews can be undertaken to assess adherence to the processes listed above in the written policies. Naturally, this won’t work if the written policies aren’t in place!
Evidencing that this work is undertaken will demonstrate to your reporting accountant that you take the protection of client money seriously. Given that Reporting Accountants are allowed to plan based on ‘professional judgement’, many, like ourselves, will take this into account when planning. As a result, they may determine that there is a lower risk. Lower risk may mean less work, and lower fees!
In summary, we appreciate that the majority of COFAs are juggling a lot of roles, so feel free to seek support from other members of your team to undertake these checks – just ensure that they are all aware of the intricacies of the accounts rules, and that this process is overseen and reviewed by the COFA. Written policies and procedures, as well as a robust register of breaches are two of the fundamental responsibilities of the COFA. Therefore, it is important these are implemented as soon as possible, if they are not already.
Max Masters is Business Advisory Manager at Kreston Reeves: krestonreeves.com