Reprint of Healthcare Financial Management Association article discussing the importance of implementing enterprise risk management in a healthcare setting. 14 years later ERM in healthcare may now be critical to organizational survival.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
It has become increasingly important for companies to
use sophisticated analytics as the basis for risk-financing
decisions. Marsh Global Analytics (MGA) helps our
clients make these decisions, using award-winning tools,
cutting-edge technology, and quantitative risk
management expertise developed over decades of
experience. MGA Risk Economics provides clients with
risk-financing optimization (RFO), which allows
companies to structure insurance programs in the most
economically efficient manner, while also meeting the
risk-tolerance goals of the organization as a whole.
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
MODULE 1:
Definition of Risk and uncertainty- Classification of Risk, Sources of Risk-external and internal. Risk Management-nature, risk analysis, planning, control and transfer of risk, Administration of properties of an enterprise, provision of adequate security arrangements. Interface between Risk and Insurance- Risk identification, evaluation and management techniques, Risk avoidance, Retention and transfer, Selecti9on and implementation of Techniques. Various terminology, perils, clauses and risk covers.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Variance based Case Study done by Predictive analytics for Market based , Credit based Risk
( Source & Inferences : Saxton Report on Housing crisis to US Congress) and Operational Risk
( Source & Inferences : The Time Cycle Module Volume I, Product launch of a soft drink brand)
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
It has become increasingly important for companies to
use sophisticated analytics as the basis for risk-financing
decisions. Marsh Global Analytics (MGA) helps our
clients make these decisions, using award-winning tools,
cutting-edge technology, and quantitative risk
management expertise developed over decades of
experience. MGA Risk Economics provides clients with
risk-financing optimization (RFO), which allows
companies to structure insurance programs in the most
economically efficient manner, while also meeting the
risk-tolerance goals of the organization as a whole.
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
MODULE 1:
Definition of Risk and uncertainty- Classification of Risk, Sources of Risk-external and internal. Risk Management-nature, risk analysis, planning, control and transfer of risk, Administration of properties of an enterprise, provision of adequate security arrangements. Interface between Risk and Insurance- Risk identification, evaluation and management techniques, Risk avoidance, Retention and transfer, Selecti9on and implementation of Techniques. Various terminology, perils, clauses and risk covers.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Variance based Case Study done by Predictive analytics for Market based , Credit based Risk
( Source & Inferences : Saxton Report on Housing crisis to US Congress) and Operational Risk
( Source & Inferences : The Time Cycle Module Volume I, Product launch of a soft drink brand)
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
The webinar covers:
• ISO 31000 as the adopted standard, for ISO standards that have risk components, such as ISO 27005 and OHSAS 18001
• Description of Management of Risk (MoR) – how organizations can benefit
• Complementary values that ISO 31000 and MoR bring to each other
• How Risk Managers can evolve a practical approach to carrying out Risk Processes
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, an experienced Enterprise Architect and Chief Trainer for Training Heights Limited.
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
Business and Risk go hand in hand, the professionals like chartered accountants with expertise in finance, management and audit are well suited for the role of forecasting, evaluating, and mitigating prospective risk involve in any organization’s activity and seize opportunities to take the growth of business on next level. This article brings you in-depth details of the role of a chartered accountant in Enterprise Risk Management.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxrusselldayna
ERM: Evolving From Risk Assessment to Strategic Risk
Management
hfma.org/Content.aspx
Changes in the healthcare system are bringing new risks, which hospitals and
health systems need to manage effectively to remain competitive.
The U.S. healthcare ecosystem represents a $5 trillion market and is projected to grow to a
$5.5 trillion market by 2025. The exponential growth comes from several thematic drivers,
including the shift from volume to value and the rise of the consumer, both of which are turning
the industry on its head as new payment models and greater expansion of consumer options
are being introduced to the marketplace. Other drivers include evolving mobile strategies, new
entrants, an aging population, and continued uncertainty in political and regulatory
environments. With medical device cybersecurity vulnerabilities being reported at record
levels, it is evident that new risks are constantly threatening the quality of patient care and
providers’ long-term prosperity.
As the healthcare market expands and evolves, the inherent risks also are increasing, as
shown in the sidebar.
Moving Beyond Risk Identification
Traditionally, the healthcare industry has exceled in risk identification and assessment. The
industry has been less proficient at prioritizing and managing risk, however, and it has a vital
need to tackle these areas. To do so, healthcare providers must invest more in building
enterprise risk management (ERM) capabilities.
As a defensive strategy, a focus on avoiding risk may seem to hold promise, but no hospital or
health system can avoid risk entirely. By giving an organization insight into how to take the
right risks at the right time, an effective ERM program can help the organization more
successfully execute its strategic imperatives.
Getting Beyond Basic Effectiveness
Despite the growing importance of programs today, and the raised awareness of their
importance, many healthcare providers have been slow to adopt a more sophisticated
approach. As shown in the exhibit below, the current state for most providers falls between
“basic” and “evolving” maturities for ERM programs.
Levels of ERM Maturity
a
b
1/5
http://www.hfma.org/Content.aspx?id=60137
Organizations classified as basic recognize the implications of risk to
achieving the organization’s objectives and are just beginning to have
important discussions on the topics of risk. Often defined as hazards
and considered only in the context of their adverse consequences, risks
managed at a basic maturity levels are identified on an annual basis; risk mitigation and
controls are seldom factored in, and reporting is seldom, most often biannually at best.
Organizations at basic maturity also may have disparate risk management processes that
aren’t managed in a coordinated method (e.g., compliance, IT/cyber security, operations, and
legal/insurance) and that exist outside normal management processes or cadences. Moreover,
the internal ERM risk assessment is s.
STRATEGIC PLANNINGManaging Risks A NewFrameworkby Rob.docxsusanschei
STRATEGIC PLANNING
Managing Risks: A New
Framework
by Robert S. Kaplan and Anette Mikes
FROM THE JUNE 2012 ISSUE
W
Editors’ Note: Since this issue of HBR went to press, JP Morgan, whose risk management practices are
highlighted in this article, revealed significant trading losses at one of its units. The authors provide
their commentary on this turn of events in their contribution to HBR’s Insight Center on Managing
Risky Behavior.
hen Tony Hayward became CEO of BP, in 2007, he vowed to make safety his top
priority. Among the new rules he instituted were the requirements that all
employees use lids on coffee cups while walking and refrain from texting while
driving. Three years later, on Hayward’s watch, the Deepwater Horizon oil rig exploded in the Gulf
of Mexico, causing one of the worst man-made disasters in history. A U.S. investigation commission
attributed the disaster to management failures that crippled “the ability of individuals involved to
identify the risks they faced and to properly evaluate, communicate, and address them.” Hayward’s
story reflects a common problem. Despite all the rhetoric and money invested in it, risk
management is too often treated as a compliance issue that can be solved by drawing up lots of rules
and making sure that all employees follow them. Many such rules, of course, are sensible and do
reduce some risks that could severely damage a company. But rules-based risk management will not
diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did
not prevent the failure of many financial institutions during the 2007–2008 credit crisis.
Identifying and Managing
Preventable Risks
In this article, we present a new categorization of risk that allows executives to tell which risks can
be managed through a rules-based model and which require alternative approaches. We examine
the individual and organizational challenges inherent in generating open, constructive discussions
about managing the risks related to strategic choices and argue that companies need to anchor these
discussions in their strategy formulation and implementation processes. We conclude by looking at
how organizations can identify and prepare for nonpreventable risks that arise externally to their
strategy and operations.
Managing Risk: Rules or Dialogue?
The first step in creating an effective risk-management system is to understand the qualitative
distinctions among the types of risks that organizations face. Our field research shows that risks fall
into one of three categories. Risk events from any category can be fatal to a company’s strategy and
even to its survival.
Category I: Preventable risks.
These are internal risks, arising from within the organization, that are controllable and ought to be
eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal,
unethical, incorrect, or inappropriate actions and the risks from br.
Case study in Enterprise Risk Management (ERM) showing paired comparison method to evaluate risk, allocate ERM resources and to highlight the different perspective or context for different levels of company management.
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxketurahhazelhurst
CHAPTER 34
Turning Crisis into Opportunity
Building an ERM Program at General Motors
MARC S. ROBINSON
Assistant Director, Enterprise Risk Management, GM
LISA M. SMITH
Assistant Director, Enterprise Risk Management, GM
BRIAN D. THELEN
General Auditor, GM
This case study chronicles the ground-up implementation of enterprise riskmanagement (ERM) at General Motors Company (GM), starting in 2010through the first four years of implementation. Discussion topics include
lessons learned during implementation and some of the unique approaches, tools,
and techniques that GM has employed. Examples of senior management reporting
are also included.
I think risk management is an element of all good executive management teams
and boards. It will ensure viability in downturns and high-risk periods. I think if
that is done not only within the automotive industry, but on a global and specif-
ically on a national scale, economies will be in better shape because it is additive.
If everybody is doing their job in assessing and understanding risk, the ultimate
outcome will be much more positive for our national economy and society, and it
is incumbent that corporate leadership understands that responsibility.
—Daniel F. Akerson, Chairman and Chief Executive Officer,
General Motors, October 2012
BACKGROUND AND IMPLEMENTATION
The enterprise risk management (ERM) program at General Motors was founded
in late 2010 at the direction of GM’s then newly appointed chief executive officer
(CEO), Daniel F. Akerson, who sought to leverage the program as another means to
achieve a competitive advantage in the industry. Having gone through bankruptcy
in 2009 as a new board member, Akerson felt that a more robust risk management
program would help guide the organization around the drivers of killer risks1
going forward. His goal was to help the company ensure that it was prepared,
607
www.it-ebooks.info
608 Implementing Enterprise Risk Management
agile, and fast to respond in an ever-changing world. Perhaps most importantly,
Akerson wanted an ERM program that would focus not only on risks but on oppor-
tunities as well.
A chief risk officer (CRO) was selected and appointed from within, and the
Finance and Risk Policy Committee of the board of directors was chartered to over-
see risk management as well as financial strategies and policies. In support of the
program, a senior manager and director joined the team. Risk officers were also
identified and aligned to all direct reports of the CEO; this helped to ensure that
all aspects of the business were covered. The CEO is the ultimate chief risk officer,
and his direct reports are the ultimate risk owners. Members of the risk officer team
were carefully selected by senior leadership based on their strong business expe-
rience, financial acumen, and most of all their ability to lead in the identification
and discussion of risk in an objective and transparent manner. These representa-
tives were expected to actively p ...
Similar to HFMA Searching for Risk, April 2004 (20)
QA Paediatric dentistry department, Hospital Melaka 2020Azreen Aj
QA study - To improve the 6th monthly recall rate post-comprehensive dental treatment under general anaesthesia in paediatric dentistry department, Hospital Melaka
How many patients does case series should have In comparison to case reports.pdfpubrica101
Pubrica’s team of researchers and writers create scientific and medical research articles, which may be important resources for authors and practitioners. Pubrica medical writers assist you in creating and revising the introduction by alerting the reader to gaps in the chosen study subject. Our professionals understand the order in which the hypothesis topic is followed by the broad subject, the issue, and the backdrop.
https://pubrica.com/academy/case-study-or-series/how-many-patients-does-case-series-should-have-in-comparison-to-case-reports/
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
Defecation
Normal defecation begins with movement in the left colon, moving stool toward the anus. When stool reaches the rectum, the distention causes relaxation of the internal sphincter and an awareness of the need to defecate. At the time of defecation, the external sphincter relaxes, and abdominal muscles contract, increasing intrarectal pressure and forcing the stool out
The Valsalva maneuver exerts pressure to expel faeces through a voluntary contraction of the abdominal muscles while maintaining forced expiration against a closed airway. Patients with cardiovascular disease, glaucoma, increased intracranial pressure, or a new surgical wound are at greater risk for cardiac dysrhythmias and elevated blood pressure with the Valsalva maneuver and need to avoid straining to pass the stool.
Normal defecation is painless, resulting in passage of soft, formed stool
CONSTIPATION
Constipation is a symptom, not a disease. Improper diet, reduced fluid intake, lack of exercise, and certain medications can cause constipation. For example, patients receiving opiates for pain after surgery often require a stool softener or laxative to prevent constipation. The signs of constipation include infrequent bowel movements (less than every 3 days), difficulty passing stools, excessive straining, inability to defecate at will, and hard feaces
IMPACTION
Fecal impaction results from unrelieved constipation. It is a collection of hardened feces wedged in the rectum that a person cannot expel. In cases of severe impaction the mass extends up into the sigmoid colon.
DIARRHEA
Diarrhea is an increase in the number of stools and the passage of liquid, unformed feces. It is associated with disorders affecting digestion, absorption, and secretion in the GI tract. Intestinal contents pass through the small and large intestine too quickly to allow for the usual absorption of fluid and nutrients. Irritation within the colon results in increased mucus secretion. As a result, feces become watery, and the patient is unable to control the urge to defecate. Normally an anal bag is safe and effective in long-term treatment of patients with fecal incontinence at home, in hospice, or in the hospital. Fecal incontinence is expensive and a potentially dangerous condition in terms of contamination and risk of skin ulceration
HEMORRHOIDS
Hemorrhoids are dilated, engorged veins in the lining of the rectum. They are either external or internal.
FLATULENCE
As gas accumulates in the lumen of the intestines, the bowel wall stretches and distends (flatulence). It is a common cause of abdominal fullness, pain, and cramping. Normally intestinal gas escapes through the mouth (belching) or the anus (passing of flatus)
FECAL INCONTINENCE
Fecal incontinence is the inability to control passage of feces and gas from the anus. Incontinence harms a patient’s body image
PREPARATION AND GIVING OF LAXATIVESACCORDING TO POTTER AND PERRY,
An enema is the instillation of a solution into the rectum and sig
Struggling with intense fears that disrupt your life? At Renew Life Hypnosis, we offer specialized hypnosis to overcome fear. Phobias are exaggerated fears, often stemming from past traumas or learned behaviors. Hypnotherapy addresses these deep-seated fears by accessing the subconscious mind, helping you change your reactions to phobic triggers. Our expert therapists guide you into a state of deep relaxation, allowing you to transform your responses and reduce anxiety. Experience increased confidence and freedom from phobias with our personalized approach. Ready to live a fear-free life? Visit us at Renew Life Hypnosis..
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfSachin Sharma
Pediatric nurses play a vital role in the health and well-being of children. Their responsibilities are wide-ranging, and their objectives can be categorized into several key areas:
1. Direct Patient Care:
Objective: Provide comprehensive and compassionate care to infants, children, and adolescents in various healthcare settings (hospitals, clinics, etc.).
This includes tasks like:
Monitoring vital signs and physical condition.
Administering medications and treatments.
Performing procedures as directed by doctors.
Assisting with daily living activities (bathing, feeding).
Providing emotional support and pain management.
2. Health Promotion and Education:
Objective: Promote healthy behaviors and educate children, families, and communities about preventive healthcare.
This includes tasks like:
Administering vaccinations.
Providing education on nutrition, hygiene, and development.
Offering breastfeeding and childbirth support.
Counseling families on safety and injury prevention.
3. Collaboration and Advocacy:
Objective: Collaborate effectively with doctors, social workers, therapists, and other healthcare professionals to ensure coordinated care for children.
Objective: Advocate for the rights and best interests of their patients, especially when children cannot speak for themselves.
This includes tasks like:
Communicating effectively with healthcare teams.
Identifying and addressing potential risks to child welfare.
Educating families about their child's condition and treatment options.
4. Professional Development and Research:
Objective: Stay up-to-date on the latest advancements in pediatric healthcare through continuing education and research.
Objective: Contribute to improving the quality of care for children by participating in research initiatives.
This includes tasks like:
Attending workshops and conferences on pediatric nursing.
Participating in clinical trials related to child health.
Implementing evidence-based practices into their daily routines.
By fulfilling these objectives, pediatric nurses play a crucial role in ensuring the optimal health and well-being of children throughout all stages of their development.
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cell
R3 Stem Cells and Kidney Repair: A New Horizon in Nephrology" explores groundbreaking advancements in the use of R3 stem cells for kidney disease treatment. This insightful piece delves into the potential of these cells to regenerate damaged kidney tissue, offering new hope for patients and reshaping the future of nephrology.
Immunity to Veterinary parasitic infections power point presentation
HFMA Searching for Risk, April 2004
1. An audit of a teaching hospital notes that not all funds
from a research grant were used for the project; these
funds were subject to unrelated business income tax, but
the tax was not paid.
A national competitor hires away the hospital’s most
highly regarded and profitable surgery team.
A health system receives a request from a congressional
task force for all records that might indicate excessive
Medicare charges.
Unexplained deaths occcur over a period of years in
different facilities; the only common denominator is the
nurse on duty.
These examples are just a few of a seemingly endless
list of possible business risks healthcare organizations
face. Each scenario can produce a ripple effect
resulting in both immediate and long-term exposures.
Many of these risks go well
beyond traditional insur-
able risk, such as the
potential for malpractice
when providing patient
care. Given the breadth and
complexity of potential
risks, hospitals need a
logical framework for iden-
tifying the true scope of
potential risks, measuring
risk exposure, and
responding to risks. Such
an approach benefits both the hospital and all its
stakeholders, including patients, staff (and their fami-
lies), vendors, and the community served. This holistic
approach is often called “enterprise risk management.”
Enterprise Risk Management Defined
Enterprise risk management (ERM) is the process by
which organizations develop a formal organization-
wide plan to identify, analyze, evaluate, manage or
mitigate, and monitor risk. ERM is a detailed,
tailored process that involves developing strategic
goals and objectives, and identifying both the
independent and interdependent risks of the
organization that could affect its mission.
One objective of ERM is to understand the organiza-
tion’s risks on a holistic basis. This view of risk goes
healthcare financial management association www.hfma.org
APRIL 2004 healthcare financial management
hfm APRIL 2004 1
Thomas Heim
COVER STORY
The search for business
risk will take you on
an enlightening journey
throughout your
organization.
searching for risk
2. COVER STORY
beyond avoiding actions—such as overbilling or
private inurement—that create obvious legal liability
for the organization. The view of risk should also
embrace the relationship between risk and opportu-
nity, such as the risks and opportunities an
organization encounters when it establishes a new
service line or makes a significant investment in a
new technology.
Similarly, the benefits of effective ERM are not
limited to avoiding financial or legal repercussions
(such as reducing potential fraud). Rather, the bene-
fits include increased management effectiveness,
increased stakeholder value, greater stability, repu-
tation safeguard, and board confidence.
Establishing Goals
Establishing goals for ERM is like planning a cross-
country trip. You need a map to determine your
route, and you need mileposts on the way to measure
progress. Questions that need to be answered on the
ERM “trip” include:
> What is our destination?
> Why are we going there?
> What vehicle will we use to get there?
> What route or routes are we going to take?
> What are we going to do once we get there?
> Who do we want coming along with us (staff,
patients, suppliers, community)?
> Who is responsible for bringing needed supplies?
> Who is going to drive and lead the exercise?
> Who has overall authority?
> How many miles will we go each day; what are our
measurable objectives?
> How long will the trip take, and when do we need to
get to our destination?
Too often, hospitals’ business risk assessment is
limited to a particular unit, department, division, or
subsidiary. Yet risk tends to transcend these bound-
aries and include not only the entire organization,
but also “external” constituencies such as vendors
and the community. ERM attempts to pull all
constituencies together.
Getting input across divisional and departmental
boundaries helps create an atmosphere of improved
communication with the goal of avoiding crisis
management in the event that a risk is triggered.
Hospitals can employ two broad methods to
identify risk:
> Internal—through facilitated brainstorming,
internal interviews, and employee surveys
> External—through research using peer groups,
industry benchmarks, and association statistics
Once potential risks are identified, they need to be
organized in a way to understand their basic nature.
For example, risks could be categorized as:
> Financial (e.g., credit rating, bad debt, market risk)
> Operational (e.g., risks associated with medication
administration and information management)
> Strategic (e.g., risks associated with a joint venture
or competition)
> Involving hazards (i.e., risks such as patient injury,
worker injury, and product malfunction that have a
specific financial risk to the organization and are
typically covered under liability insurance)
2 APRIL 2004 healthcare financial management
“The underlying premise of enterprise risk manage-
ment is that every entity, whether for profit, not-for-
profit, or a governmental body, exists to provide value
for its stakeholders. All entities face uncertainty, and
the challenge for management is to determine how
much uncertainty the entity is prepared to accept as it
strives to grow stakeholder value. Uncertainty pres-
ents both risk and opportunity, with the potential to
erode or enhance value. Enterprise risk management
provides a framework for management to effectively
deal with uncertainty and associated risk and opportu-
nity and thereby enhance its capacity to build value….
[ERM is] a process, effected by an entity’s board of
directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to
identify potential events that may affect the entity, and
manage risks to be within its risk appetite, to provide
reasonable assurance regarding the achievement of
entity objectives.”
—CommitteeofSponsoringOrganizations(COSO),Enterprise
RiskManagementFramework(draft),2003.COSOisaninde-
pendentnongovernmentalbodyofpubliccompanies,independ-
entaccountingfirms,SecuritiesandExchangeCommissionoffi-
cials,andotherswhosemissionisimprovinginternalcontrolsand
corporategovernancewithintheUnitedStates.
WHAT IS ENTERPRISE RISK MANAGEMENT?
3. Specific risks within those categories might be subdi-
vided as internally driven (such as risks associated
with gaps in accounting controls or inadequate supply
chain management), or they could be externally
driven (such as changes in Medicare payment or
competitive pressure to adopt a new care procedure
like drug-eluting stents). The specific method of
categorizing risks will vary in each hospital.
Assessing Risks
Once risks are identified and grouped into some
basic categories, an assessment is necessary to set
priorities for action. An assessment requires both
qualitative and quantitative information.
Qualitative information. Qualitative information
helps describe the risk and what it entails. Qualita-
tive information can include location, category,
effect, trigger, and consequence. In this exercise,
risk can refer to events that occur in the past,
present, or future.
Quantitative information. Quantitative information
helps provide specific information for comparative
assessment. The quantitative information you need
includes a “score” of risk probability and severity. The
scores can be on a one-to-five scale. For example,
risk probability might be scored as follows:
1. Rare—event may only occur in exceptional
circumstances
2. Unlikely—event could occur at some time
3. Possible—event will occur at some time
4.Likely—event will probably occur in most
circumstances
COVER STORY
hfm APRIL 2004 3
RISK LEVELS
Consequences
1. Insignificant 2. Minor 3. Moderate 4. Major 5. Catastrophic
1. Rare Low - 1 Low - 2 Low - 3 Moderate - 4 High – 5
Likelihood 2. Unlikely Low - 2 Low - 4 Moderate - 6 High - 8 Extreme - 10
3. Possible Low - 3 Moderate - 6 High - 9 Extreme - 12 Extreme - 15
4. Likely Moderate - 4 High - 8 Extreme - 12 Extreme - 16 Extreme - 20
5. Almost certain High - 5 Extreme - 10 Extreme - 15 Extreme - 20 Extreme - 25
RISK RANKS
In this model, each risk is assigned a score from 1 to 5 to indicate likelihood and another score from 1 to 5 to indicate severity or impact. Multiplying the two
scores yields a total, which suggests priority.
RISK MAP
Consequences
Low 1 2 3 4 5 High
High
5
4
3
2
1
Low
Likelihood
1
2
3
4
5
6
7
The organization’s risks can be consolidated in a risk map, with the identified risks plotted
to illustrate priority. This tool is especially useful for giving boards and senior management
an at-a-glance view of organizationwide risk.
The color code shows a way of ranking action based on the score.
Risk level Risk Responsible group Time frame
description for action
Red Extreme Board 2 days
Yellow High Senior management 5 days
Blue Moderate Division management 90 days
Green Low Department/unit management 180 days
4. 5. Almost certain—event is expected to occur in most
circumstances
Risk severity might be ranked as follows:
1. Insignificant
2. Minor
3. Moderate
4.Major
5. Catastrophic
(This example assumes a risk is a threat. Risks that
accompany opportunities would, of course, be
assessed differently.)
With the risk probability and severity determined,
multiplying the probability by the severity will yield a
risk score. That risk score indicates the level of effect
the risk holds for the organization, which in turn
suggests the level of action the organization should
bring to bear on the risk.
The total score of each risk can also be represented
graphically in what is commonly called a risk map. A
risk map is the process in which previously identified
risks are prioritized based on their likelihood of occur-
rence and the impact they would have on the entity.
Mitigating the Risks
After the risks have been identified, analyzed, and
ranked, you need to determine the most effective way
to deal with them. Risks can be treated or mitigated
either prospectively or retrospectively. Techniques of
dealing with risks can be categorized as risk retention
or risk transfer.
Although a thorough discussion of these categories is
beyond the scope of this article, a brief explanation
will help distinguish the approaches.
Risk retention. Risk retention is the process of using
the organization’s working capital to pay for losses.
Retained losses can be considered either unfunded
or funded. According to Christopher L. Culp’s book
The ART of Risk Management (Wiley, 2002), “Unfunded
retention is the retained risk of a firm for which any
losses are financed as they are incurred, whereas
funded retention involves the allocation of specific
funds to carrying particular losses.”
Risk transfer. Risk transfer involves an unaffiliated
third party assuming the responsibility for payment
of the risk usually in exchange for a premium. This
transfer can occur contractually via indemnification
clause, or through the use of an insurance company.
Healthcare organizations typically use several types of
risk-retention models, including self-insured reten-
tion, self-insured trusts, and single-parent captives.
In health care, the most popular type of funded reten-
tion program is the single-parent captive. A captive is
a special-purpose company formed by its parent
company to provide coverage to its subsidiaries, its
employees, or others, as opposed to obtaining insur-
ance directly from the traditional insurance market.
Premiums are paid to the captive rather than to a
traditional insurer. The captive then invests the
premiums and uses the money to pay out claims as
and when they occur. The various structures used for
a single-parent captive include a reinsurance
company, an insurance company, and a self-insured
funding mechanism.
Since the 1970s, single-parent captives have been
the preferred method to fund the medical malprac-
tice risks of many of the largest national health
systems (both not-for-profit and for-profit) and
many of the largest regional integrated healthcare
systems. Over the past 30 years, the number of
regional and rural systems creating these facilities
has made the single-parent captive the formalized
funding mechanism of choice. As many of the older
facilities continue to “mature,” many of these
systems have begun to realize the functionality of
their captive in helping them establish a formalized
funding mechanism for other risks.
COVER STORY
4 APRIL 2004 healthcare financial management
Since the 1970s, single-parent captives
have been the preferred method to fund the
medical malpractice risks of many
of the largest national health systems.
5. One of the major benefits afforded by the captive is that
its owners have the ability to look at the individually
identified risks of the organization in a concise fashion
using premiums paid into the facility as an estimated
representation of the value associated with the risk. By
assigning a dollar amount to the identified risk, the
owner can then apply traditional capital and cash-flow
management techniques to more effectively deal with
the financial implications associated with each risk.
Monitoring, Reviewing, Optimizing
Only through established lines of communication and
documented policies and procedures can the organi-
zation fully monitor, review, and optimize risk.
The organization’s internal and external stakeholders
need to have access to different information to fulfill
their roles in managing risk. Internal stakeholders
include the board of directors, senior executives,
department directors, and staff. Risk communication
standards that articulate risk-related duties and
responsibilities need to be developed and imple-
mented for each set of stakeholders.
The Association of Insurance and Risk Managers, in
its Risk Management Standard, places ultimate
COVER STORY
hfm APRIL 2004 5
WHEN TO USE A
SINGLE-PARENT
CAPTIVE
Single-parent captives
may be suitable for risks
associated with:
• Contract physicians
• Managed care
• Clinical trials
• Products and services
• Contractual liability
• Workers’ compensation
• Brand, image, reputation,
press relations
• Federal and statutory
regulations
• Management liabilities
• Employment practices
• Environmental issues
• Internet/cyber liability
RISK-RETENTION MODELS
Self-Insured Retention
Self-Insured Trust
Single-Parent Captive
Does not impair working capital
No start-up expenses
Typically no requirement for
adequate or appropriate funding
Usually no collateral requirement
Not deemed insurance
Ability to unbundle services
Minimal start-up expenses
Timely implementation
Does not impair working capital
Usually no collateral requirements
Formalized funding mechanism
Not deemed insurance
Vendor selection
Formalized funding mechanism
May be deemed insurance
Direct access to reinsurance
Premium smoothing
Underwriting surplus and invest-
ment income build-up
Unaffiliated or profit business
Risk management elevation
Retention flexibility
Less reliance on commercial
insurance
Greater coverage flexibility
Vendor selection and management
Must qualify for certain
coverage lines
No direct access to reinsurance
Set-aside funds could be
depleted for other uses.
Only to be used for certain
coverage lines
Usually first-party coverages
only
Often irrevocable
May require appropriate
funding
Potential dividend and
investment issues
Capital and surplus
requirements
Cost of capital
Minimum actuarial funding
levels
Regulatory restrictions
Long-term strategy
Management time and
oversight
Limited spread of risk
May not be deemed insurance
Mechanism Advantages Disadvantages
6. responsibility for establishing a process for moni-
toring, reviewing, and optimizing risk with the board
of directors.
The Journey and the Destination
The destination of ERM is undeniably important:
identifying and mitigating risk throughout the
organization. Yet the journey toward that destination
is equally important.
Along the way, you will discover innumerable oppor-
tunities to better understand and manage your
organization’s processes, yielding not just reduced
risk, but also improved efficiency and outcomes—
including patient and staff satisfaction. Another
reason the journey is important is that risks emerge
and transform constantly. Consider
the list at the beginning of this
article—clinical research, competi-
tion, billing practices, patient
safety. When you put down this
article and turn to your e-mail box,
you may well find a new proposed
regulation, initiative, press report,
or financial finding that constitutes
a potential business risk for your
hospital. The journey to identify and mitigate risk
never ends.
COVER STORY
ReprintedfromtheAprilissueofHealthcareFinancialManagement.
Copyright2004byHealthcareFinancialManagementAssociation,TwoWestbrookCorporateCenter,Suite700,Westchester,IL60154.
Forreprintinformation,call1-800-252-HFMA.
6 APRIL 2004 healthcare financial management
The destination of ERM is undeniably important:
identifying and mitigating risk throughout
the organization. Yet the journey toward that
destination is equally important.
About the author
Thomas Heim