Upload
donhu
View
216
Download
3
Embed Size (px)
Citation preview
Enterprise Risk Management: What’s It All About?
Roberta Carroll, RN, Arm, MBA, CPCU, CPHRM, CPHQ, HEM, DFASHRM, LHRM
Senior Vice President
Aon Healthcare
2Enterprise Risk Management: What’s It All About
Setting the Stage
The focus of risk management has changed, expanding to identify and assess risks proactively in tandem with other risks, involving the highest levels of the organization (Board and C‐Suite) requiring the collaborative effort of all employees. No longer can healthcare risk management simply react to clinical risks and hope that patient safety is achieved; efforts must focus on risks that affect the entire organization and not just one aspect of operations.
3Enterprise Risk Management: What’s It All About
What has Changed?
Sarbanes Oxley Act
COSO
Rating Agencies
4Enterprise Risk Management: What’s It All About
ERM as a decision Making Process
The risk management process includes the following steps:
1) risk identification and analysis of an organization’s
exposures to loss,
2) examining alternate risk techniques,
3) selecting the best technique,
4) implementing the technique chosen and
5) monitor and makes changes as necessary.
5Enterprise Risk Management: What’s It All About
ERM Defined
“Enterprise risk management can best be described as an on‐going business decision‐making process instituted and supported by the healthcare organization’s board of directors, executive administration and medical staff leadership. ERM recognizes the synergistic effect of risks across the continuum of care, and has as its goals to assist theorganization reduce uncertainty and process variability, promote patient safety and maximize the return on investment (ROI) through asset preservation, and the recognition of actionable risk opportunities”
6Enterprise Risk Management: What’s It All About
Domains/Centers of Risk
Operational
Financial
Human capital
Strategic
Legal / regulatory
Technology
Hazard
7Enterprise Risk Management: What’s It All About
Risks related to the business operation that results from inadequate or failed internal processes, people or systems (medical professional liability)
Information SystemsQuality Initiatives– P4P
– Variability Documentation Adverse event management Chain of commandCredentialing and staffing DisclosureMedication errors Patient SafetyTransparency
Operational Risks
8Enterprise Risk Management: What’s It All About
Risks that affect the profitability, cash position, access to capital or external financial ratings through business relationships or the timing and recognition of revenue and expenses
Access to capital Billing and collection
Credit and interest rate fluctuations Capitation contracts
Foreign exchange Days of cash on hand
Growth in programs and facilities, Accounts receivable
Capital equipment MMSEA/MSP
Corporate compliance (fraud & abuse) HACs, RACs, & Never Events
Financial Risk
9Enterprise Risk Management: What’s It All About
Environmental
– Wrongful termination
– Sexual harassment
– Discrimination– Morale– Diversity– Fatigue– Appropriate staffing
– Safety / Ergonomics
Hiring practices– Competency
– Literacy
– Criminal background checks
– Substance abuse
– Employee handbook– Orientation & continuing education
Breach of contract
Human Capital Risk
An explosive area of exposure in today’s tight labor market including employee selection, retention and turnover, absenteeism, and compensation
10Enterprise Risk Management: What’s It All About
Strategic Risks
Managed care relationships
Antitrust
Conflict of interest
Marketing and sales
Advertising
Insurance coverage
Media relations
Business ventures
M&A&DContract administration
Brand and reputational risks and risks associated with business strategy, failure to adopt to changing health care environment, changing customer priorities and competition
11Enterprise Risk Management: What’s It All About
Legal & Regulatory Risk
Statutes, standards & regulations
– EMTALA – NPDB– HIPAATJC & LicensureCMS / DHHS /OIG
Hazardous waste disposal
Integrity programs
3rd party reports
External reviews
Stark I & II safe harbors
Private inurement
Incorporates risks arising out of licensure, accreditation, product liability, management liability, as well as issuesrelated to intellectual property.
12Enterprise Risk Management: What’s It All About
Technology in Healthcare
CPOE / Bar CodingEMR / EHRRFIDRoboticsSimulationTelehealth– PACS– TeleradiologyeICU
RFID surgical sponge
Remote robotic surgery
Those risks associated with the use of machines, hardware, equipment, devices and tools, but can also include techniques, systems and methods of organization. Health care has seen an explosion in the use of technology.
13Enterprise Risk Management: What’s It All About
Risks attributable to physical loss of assets or a reduction in their value. Traditionally insurable risk related to natural hazards and business interruption
Facility management Valuables
Plant age Earthquakes
Parking (lighting, location, security) Windstorms
Valuables Tornadoes
Construction/Renovation
Natural/Hazard Risks
12.26.04 Indonesia Tsunami
ERM Framework
1. IdentifyRisk
II. Analyze Risk
III. Prioritize Risk
V. Continuous Improvement
Quantify impact
Opportunities
Risk finance
Cost benefit
“low-hanging” efforts
Resource conservation
FormalInformalExternalInternal
Monitor-Risk-Environment-Organization
Change
IV. Solutions & Strategies
Initiatives
Work groups
Reporting
Carroll R - 2007
15Enterprise Risk Management: What’s It All About
Frameworks, Tools and Solutions
FrameworksEnterprise Risk Management Process
ToolsRisk Scoring, Risk Mapping, Interviews, Claims Analysis
SolutionsSafe Practices, PSET, NPSG, CPOE, RFID
Frameworks are analytical methods that can be used to define and evaluate complex business
problems.
Tools are techniques, both quantitative and qualitative, to analyze data to
develop risk strategies and
solutions.
Solutions are techniques that
mitigate identified risk exposure to promote patient
safety.
16Enterprise Risk Management: What’s It All About
Risks Relationships
There are generally considered to be twotypes of risk:
– Speculative risk ~ which offers both the potential for loss as well as gain. The best example is the stock market or gambling.
– Pure risk ~ which creates only the potential for loss. Not all pure risks will necessarily result in a loss but, there will never be the opportunity for gain. Pure risk maintains the status quo at best and in the worst case scenario, creates a loss.
17Enterprise Risk Management: What’s It All About
Risks Correlations
Risks can be positively correlated ‐ as the probability of one risk increases so does that of an associated risk
Risks can be negatively correlated ‐ the probability or impact of increasing one risk, decreases that of an associated risk.
18Enterprise Risk Management: What’s It All About
Responsibility for ERM
The Board of Directors is ultimately responsible for the Enterprise Risk Management Program
– Role in on‐going, continuous
Commitment from senior leadership and medical staff is critical
19Enterprise Risk Management: What’s It All About
Organizational Risk Appetite
Risk Adversity
Risk Taker
GuaranteedCost
SelfInsurance Captives
Cash flow programsRetro dividend programs
20Enterprise Risk Management: What’s It All About
Risk Identification and Analysis
The identification and analysis of risk is management’s attempt to determine what risks can impact strategy and the achievement of organizational goals.
Both formal and informal methods are used to identify organizational risk.
Risk can be internal within an organization or external to it.
Risks can be identified retrospectively, concurrently, pre‐interventional and prospectively.
21Enterprise Risk Management: What’s It All About
Risk Assessment & Evaluation
Once all organizational risks have been identified, and analyzed, the next step is to:
Understand and attempt to quantify the potential magnitude
or materiality of each identified risk
Considers the positive and negative consequences of events
underlying identified risks across an organization
Incorporate at least two dimensions of risk: likelihood and
severity
Recognize that there may be a range of possible results
associated with an event
22Enterprise Risk Management: What’s It All About
Risk Scoring
Once an exhaustive list of risks is assembled, evaluate the importance of one risk vs. another. Develop a score/rank for each risk.
Scores are used to place risks in priority order.
The results might then be arrayed graphically for easy viewing. This process is known as risk mapping.
Sample Formula Calculating a Risk Score
(Probability + Time to Impact) x Severity = Risk Score
23Enterprise Risk Management: What’s It All About
Risk Map Im
pact
Likelihood
O1
S1S2 O2
L1
L2
O3
O5O4
S3
O6
S4
H1
T1
O7
S5
L3
O8S6H2
F1 H3
O9
H4
H5
S7H6
T2 L4
L5 L6
L7S8
F2H7
O10
S9
F3T3
T4
S10S11
H8
O11
Legend
= Critical risk
= Moderate risk
= Relatively low risk
O12
24Enterprise Risk Management: What’s It All About
Heat Map
5 2.10 2.2
4 2.9, 3.4,4.5, 4.6,
6.4
1.5, 2.7,2.8, 5.3
1.4, 2.5,2.6, 5.2
1.1, 1.2, 1.3,2.3, 2.4, 3.1,3.2, 4.1, 4.2,
5.1, 6.1
2.1
3 3.7, 6.6 1.6, 2.9,3.3, 3.5,4.5, 4.7,
6.3
4.3, 4.4,6.2
2 4.8 2.11, 3.6,6.5
1 5.6 5.5 2.12, 5.4
2 3 4 5 6 7 8Frequency +Time
Seve
rity
25Enterprise Risk Management: What’s It All About
Strategy Setting and Solutions
Low‐Hanging Fruit
Resource allocation and availability
– Human capital
– Financial/cost
– Time to complete
– Expertise needed – internal/external
– Frequency and severity of risk
26Enterprise Risk Management: What’s It All About
Barriers to Implementation
Territorial turf
Cultural incompatibility
Inability to team and effectively communicate
Limited use and availability of technology
Inadequate senior‐level support
No commonly accepted risk metrics
Length of time to implement
Limited understanding of ERM principles
27Enterprise Risk Management: What’s It All About
Barriers to Implementation cont…
Difficult to quantify results or return on investment (ROI)
No follow through
Inflexible process
Establishing solution before defining root cause of problem
Not including users in development
28Enterprise Risk Management: What’s It All About
Benefits of Enterprise Risk Management
ERM allows the Organization to step back from the minutia of risks and take a global or strategic perspective. This new top‐down view should result in:
– A strategic, organizational framework for managing risk
– Understanding relationships (correlations) between risks
– Efficient and effective treatment of risk
– Risk prioritization
– Ability to understand and assess future risks
– A common risk taxonomy
29Enterprise Risk Management: What’s It All About
Benefits of Enterprise Risk Management cont…
– Promotes transparency
– Supports board educational initiatives and framework for
meeting financial disclosure requirements
– Encourages better decision‐making
– Allows for allocation of limited resources
– Enhances success of regulatory and compliance initiatives
– Creates formal linkages
30Enterprise Risk Management: What’s It All About
Success Factors
The following are considered success factors when implementing an ERM program:
– Leadership support and a positive culture
– Broad‐based employee involvement
– Consistencyin assessment
in scoring measurement
– Quantify and benchmark results
– Decreased variability through evidence‐based practice (EBP)
– Monitoring and evaluationInternal
External
31Enterprise Risk Management: What’s It All About
Future of the Risk Management Professional
The evolution of enterprise risk management is redefining the “scope of practice” for the professional charged with risk management responsibilities. Risk management professionals need to be facilitators of change, action seekers and well‐networked within their own organizations and externally, enabling them to call upon outside experts when necessary. Changing risk management into organizational‐wide strategies to address ERM is not for the “weak at heart”. Increased responsibilities require enhanced skills.
32Enterprise Risk Management: What’s It All About
In Summary
Enterprise risk management is charged with the protection and preservation of organizational assets [people, property, money, etc.]. The best way to accomplish this task in healthcare is to deliver quality patient care in an environment that is safe, equitable and efficient for all [visitors, patient, staff, employees, volunteer, etc.] with minimal practice variation. As healthcare advances so do the risks associated with those changes. The development, implementation and support of an enterprise risk management program will meet the challenge of addressing organizational risk proactively.
33Enterprise Risk Management: What’s It All About
Questions
Questions
34Enterprise Risk Management: What’s It All About
For More Information
Roberta Carroll, RN, ARM, MBA, CPCU, CPHQ, CPHRM, HEM, LHRM
Senior Vice President
Aon Healthcare
Tampa, Fl. 33556
Phone: (813) 926‐8069
Fax: (813) 926‐8084
E‐Mail: ([email protected])