Enterprise Risk Management
Download
Report
Transcript Enterprise Risk Management
Enterprise Risk
Management
Wayne L. Brannan, CPHRM, CBCP, CHSP, ARM
Director, Risk Management
The Medical University of South Carolina
What is Enterprise Risk
Management?
The COSO* Definition:
“Enterprise Risk Management is a process,
effected by an entity’s Board of Directors,
management and other personnel, applied in a
strategy setting and across the enterprise,
designed to identify potential events that may
affect the entity, and manage risks to be within
its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives.”
*The Committee of Sponsoring Organizations of the
Treadway Commission www.coso.org
ERM Key Elements
Analyzes risk “across the enterprise”
Manages multiple risks in an integrated
manner – rather than in separate risk
“silos”
Elevates Risk Management as a strategic
partner in achieving corporate goals and
objectives
Elements of ERM Framework
Education and Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
Why ERM?
CHIEF
UROLOGIST
CHARGED
WITH
RESEARCH
CONFLICT OF
INTEREST
UNIVERSITY
MEDICAL
CENTER
MISUSES
FEDERAL
GRANT = $32M
FINE
MEDICAL CHIEF
SURVIVES SCANDAL
–TIES TO ENRON
AND IMCLONE
CALLED BAD LUCK
MEDICAL OVERBILLING
RESULTS IN
$5.6M FINE
Corporate Scrutiny
Regulatory Issues
Research
MEDICAL
CENTER
CHARGED WITH
RESEARCH
FRAUD AND
ABUSE
EIGHT MORE
HOSPITAL
LAWSUITS ADDED
TO ALLEGED
CHARITY CARE
VIOLATIONS
AUDIT FINDS HOSPITAL
FAILED TO REPORT
HUNDREDS OF MISTAKES
Why ERM?
THE DOCTOR IS IN
BUT NOT IN THE
U.S. – “nighthawking”
to India, Israel,
Australia . . .
TELEMEDICINE
AT HEART OF
DIAGNOSTIC
CHANGES
EXTORTION THREATS
TO RELEASE PATIENT
RECORDS – CLIENTS
NOT INFORMED OF
INDIA STAFFS BREACH
RAPIST ACCESSES
PATIENT RECORDS
HOSPITAL MULLS
CRIMINAL
SCREENING
Foreign Issues
Outsourcing
Technology
HACKERS ACCESS
7000 PATIENT
FILES
CASE HEARING ON
KIDNAPPING
MEMBER OF
DOCTORS
WITHOUT BORDERS
MISSION TO START
ON MONDAY
STUDENT
SEARCHING FOR
INFORMATION
ABOUT DOCTOR
IS LINKED TO
PRIVATE
PATIENT FILES
DETAILED PSYCHOLOGICAL
RECORDS ACCIDENTALLY
POSTED ON WEBSITE FOR
EIGHT DAYS
Why ERM?
THE ETHICS OF
BABY MAKING
CA PHYSICIANS
FIND SUCCESS
IN THE SPA
BUSINESS
LAWSUITS FILED
OVER CUSTODY OF
FROZEN EMBRYOS
Risk Outliers
WHY DID THEY DIE
IN COSMETIC
SURGERY?
ORGAN REMOVAL
RULED HOMICIDE
DOCTOR SELLS
OWN SPERM FOR
IN VITRO
FERTILIZATION
WILLED BODY
PROGRAM
SUSPENDED AMID
ALLEGATIONS OF
ILLEGAL BODY
PARTS SALES
BABY KIDNAP STAGED TO SUE
HOSPITAL FOR BREACH OF
SECURITY
Why ERM?
NON-COMPLIANCE
INTERIM
LIFESAFETY
MEASURES
NON
REGISTRATION
OF SELECT
AGENTS USED
IN RESEARCH
FACULTY
CONSULTING WITH
PRIVATE SUPPLIERS
OF MEDICAL
DEVICE
LACK OF
SUPERVISION OF
STUDENTS’
ROTATIONS
FAILURE TO
GET
INFORMED
CONSENT FOR
MINORS
PARTICIPATING
IN CLINICAL
TRIALS
Loss of Accreditation
Loss of Federal Funding
INACCURATE
REPORTING OF
NONRESIDENT
ALIENS
INAPPROPRIATE BILLING FOR
TIME AND ACTIVITY WHILE
WORKING UNDER FEDERALLY
FUNDED GRANT
The Value of ERM
The underlying premise of ERM is that every entity exists to
provide value for its stakeholders
Stakeholders of not-for-profit entities realize value when they
recognize receipt of valued social benefit—i.e. “the Mission”
A key to achieving that social benefit and a key to survival is to
identify and manage risk across the enterprise rather than
narrowly focusing in certain “traditional” risk areas
ERM facilitates an entity’s ability to achieve its performance and
profitability targets; it prevents loss of resources; it ensures
compliance with laws and regulations; avoiding damage to reputations,
and achieving corporate goals and objectives – and does this from
a broader perspective than traditional RM
ERM identifies areas where due diligence/auditing is prudent due to
increased corporate scrutiny (Leapfrog Initiative, Sarbanes Oxley)
Roadblocks
Complex & takes time
Needs transition from Theory to Action plan
Requires combined knowledge and focus –
legal, financial, internal audit, clinical, insurance,
compliance, operations, etc.
Turf Wars between departments and divisions
can occur
Requires a new paradigm
How to Achieve ERM within your
Facility
Embrace “enterprise-wide” risk oversight
Require that RM evaluate risk issues from new
strategies well in advance of implementing those
strategies
Foster a collaborative effort to address risk and
quality concerns – and to make pro-active
decisions including risk management
considerations as well as operational strategies
Determine and assign authority levels for
managing risks
Facilitate open communication of risk
Develop an ERM Roundtable
IT
HR
Compliance
Affiliates
Operations
Legal
Medical
Staff
Chief Risk
Officer
Faculty &
Students
Research
Marketing
Finance
Internal
Audit
Quality/
Safety
Role of Risk Officer
Establish ERM policies and set goals for
implementation
Frame accountability and authority
Promote ERM competence throughout the entity
Guide integration of ERM with other business
planning and management activities
Oversee development of entity-wide and business
unit specific risk tolerances
Facilitate managers’ development of reporting
protocols (ERM Roundtable)
Report to senior leadership on progress and
recommend action as needed
Develop a Strategy Matrix
Define key organizational short and long term
goals
Strategic
Operational
Financial
Map key risk management issues that will
support goals or that could threaten the goals
Identify and prioritize risk management
strategies
Document assignments of responsibility and
timelines for achieving goals and objectives
The Strategy Matrix
Strategy Matrix
Mission
Objectives
Strategic
Operational
Financial
Strategies
Risk Management Issues
Quality
Loss Control
Reporting
Compliance
Prioritize and apply RM Steps across the Enterprise
Action Plan to further objective/prevent failure of objective
The Strategy Matrix - SAMPLE
Strategy Matrix for ABC Hospital
Strategy Matrix for ABC Hospital (cont)
Strategy Matrix for ABC Hospital (cont)
The ERM Fusion Model
Incorporating JCAHO Patient Safety Goals
Patient
Identification
Reconcile
Medications
Reduce
Infections
Slips
and Falls
ERM
Communication
Medication
Safety
The ERM Fusion Model
Incorporating JCAHO Patient Safety Goals
Patient
Identification
Reconcile
Medications
Reduce
Infections
Slips
and Falls
ERM
Communication
Medication
Safety
The ERM Fusion Model
Incorporating JCAHO’s Top 10 Items that will Make or Break You
Violations of Patient
Confidentiality
Inability to
Articulate
Section/Unit PI
Processes
Expired
Medications/Supplies
Patient
Identification
Slips
and Falls
Use of Noncalibrated/Nonverified Equipment
Unfamiliarity with
EM Procedures
ERM
Reconcile
Medications
Communication
Unfamiliarity
with NPSGs
Inability to
Validate
Physician/Staff
Competency
Reduce
Infections
Medication
Safety
Insufficient/Non-existent
Documentation
By-passing
Informed Consent
Improper
Storage/Cluttered
Areas
Questions?