24
Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director, Enterprise Risk & Insurance, Cleveland Clinic Angela Hoon Principal, KPMG LLP

Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Embed Size (px)

Citation preview

Page 1: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Cleveland Clinic and Enterprise Risk

Management: From Compliance to a

Strategic Tool

Charles Kolodkin, JD, MBA Executive Director, Enterprise Risk & Insurance, Cleveland Clinic

Angela Hoon Principal, KPMG LLP

Page 2: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• ERM in the Healthcare Industry

• Practical Approach to Starting your ERM

Journey

• ERM At Cleveland Clinic

– Planning & implementing an ERM program

– Linking ERM to strategy & objectives

Today’s Discussion Topics

2

Page 3: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Risk Management in a Healthcare Organization from “Top to Bottom”

Risk information as part of

management reporting

ERM Program

Risk in the

Board Room

Risk in Management

Decision Making

Risk in Operations

Risk in Strategic Initiatives, and

Transformation Projects

Research

Clinical Quality

Operations

Compliance Technology/IT

EMR Implementation HiPAA and ICD 10 Care System

Redesign

Risk considered and

monitored for each

initiative

3

Page 4: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Questions to ask

• Does your ERM initiative provide appropriate level and

timely risk information that conveys risk in the business

and level of mitigation?

• Does your executive team use consistent approach to

considering strategies or opportunities and the

associated risk? Are alternatives or exposures discussed

as part of decision making?

• Are top risks tied to Strategic direction and initiatives?

ERM Program

4

Page 5: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Questions to ask

• Is risk information or associated metrics used as part of

every day management information? Is the risk

information used consistently across organization and

tied to strategic level?

• Is risk information or associated metrics used as part of

every day management information? Is the risk

information used consistently across organization and

tied to strategic level?

Risk in Management

Decision Making and

Operations

5

Page 6: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Questions to ask

• Are the only risks discussed and reported in for your

strategic initiatives, the project related ones (on time,

on budget)?

• What about business risks that evolve as the

implementation progresses such as drain on resources

etc?

Risk in Strategic

Initiatives, and

Transformation Projects

6

Page 7: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Current Healthcare

Industry Risk Trends

7

Page 8: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Practical Approach to Starting your ERM Journey

8

Top Risks (those

that threaten)

1. Strategic

Priorities

2. Business

Model

3. Corporate

Existence

Start by Creating Content Then Create the Process

Page 9: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Planning & Governance

• Initial - Top Risk Assessment

• Implementation – Detailed Risk Assessment

• Modifications

ERM at Cleveland Clinic

9

Page 10: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

ERM at Cleveland Clinic (cont.)

Governance Structure

10

Board of Directors

CEO Council

ERM Working

Team

ERM Steering

Committee

Financial

Planning

Strategic

Planning

Continuous

Improvement

Internal

Audit

Operations

Cont. Improvement

Accounting

Physician 1

Risk Management

Legal

Internal Audit

Physician 2

Membership

Page 11: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Clinical

Quality

• Patient

Safety

• Succession

Planning

• Performance

Management

• Information

Security

• Regulatory

Compliance

• Capital

Planning

• Investments

• Economic

Risks

• Competition

• Cost Structure

• Joint Ventures

ERM at Cleveland Clinic (cont.)

Risk Profile – example risks

11

Strategic Compliance People Operational External Financial

REPUTATION AT RISK

The risks considered in ERM are not just operational risks

Page 12: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Planning & Governance

• Initial - Top Risk Assessment

• Implementation – Detailed Risk Assessment

• Modifications

ERM at Cleveland Clinic

12

Page 13: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

ERM at Cleveland Clinic (cont.)

Top Risk Profile

13

Strategic Compliance People Operational External

• Ability of

Business Model

to Respond

• M&A and

Affiliations

Consistent with

Strategy and

Culture

• Impact of

Healthcare

Reform

• An Extended or

Limited

Economic

Recovery

Nationally and/or

in Northeast Ohio

• Physician

Relationships &

Contracting

• Maintenance of

High Level of

Clinical Quality &

Safety

• Maintenance of

Environmental &

Operational

Safety

• Prioritization of

Initiatives &

Ability to Address

Opportunities and

Challenges

• Maintaining

Cultural

Consistency

• Training and

Succession

Planning

• Increased

Regulatory

Compliance

• Protection of

Patient

Information

Financial

REPUTATION AT RISK

Page 14: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

14

ERM at Cleveland Clinic (cont.)

Initial Top Risk Assessment

135 Risk Components

24 Sub Risks

7 Top Risks

Page 15: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Planning & Governance

• Initial - Top Risk Assessment

• Implementation – Detailed Risk Assessment

• Modifications

ERM at Cleveland Clinic

15

Page 16: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

ERM at Cleveland Clinic (cont.)

Initial Top Risk Assessment – Program Timeline

16

Q1

Q3

Q4 Q2

Q1

Q3

Q4 Q2

Q1

Q3

Q4 Q2

Define ERM Program

Structure

Perform Assessments

Develop Mitigation Plans

Implement Mitigating

Activities

2011 2012

Phase I

Planning Audit Cte /

BOD Update

2010

Phase III Phase IV

Develop Program

& Structure

Perform Detailed

Assessment &

Implement Change

CEO Council /

ET Update

Top Risk

Prioritization

Risk Environment

Assessment

On-Going

into 2013

Develop Mitigation Plans

Phase II

Initial Risk

Identification &

Assessment

Page 17: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

17

Sub-Risk:

Sub-Risk Components: Response

Effectiveness Current Risk Response Mitigation Activities:

Components

Mitigated:

Governance: Executive Sponsor –

Risk Owner –

Committee Oversight –

Strategic Initiatives: •

Potential Impacts to CC: •

Risk Indicators: •

ERM at Cleveland Clinic (cont.)

Risk Assessment ( Deep Dive at an Individual Risk Level)

Page 18: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

18

Work Team Status

Highest Risk Areas

(selection from all risk components)

Status Mitigating Activity

Developing an operating and decision structure with

clear responsibilities and authority

Developing

Plan

Executive leadership has

recommended cross

functional structure

Inadequate strategy to support the shift of self pay

population to Medicaid; greater utilization and lower

reimbursement

Developing

Plan

Medicaid Team to develop

plan. Will align with strategy.

Potential negative impact to volumes and/or margins

due to state's restructuring of managed care (i.e.

exchange impact)

Developing

Plan

Preparing insurance

exchange and transparency

strategy

Executive Leadership restructure focused on responding to health reform. Launched Value

Based Care (VBC) team. Some risks will need to be reassessed with changes to strategy.

Assess

Annual Assessment

Plan

Mitigate

Monitor

ERM at Cleveland Clinic (cont.)

Health Care Reform – Detailed Risk Assessment

Page 19: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Planning & Governance

• Initial - Top Risk Assessment

• Implementation – Detailed Risk Assessment

• Monitoring & Modifications

ERM at Cleveland Clinic

19

Page 20: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

ERM at Cleveland Clinic (cont.)

20

Risk Identification & Assessment

Detailed Risk Analysis

Mitigation and Response Embed Risk

Management in the Business

Monitoring and Reporting

Create, then sustain the momentum 50 management interviews

Analysis of comparable

industry risks

Validation with Steering

Committee

Develop work groups

ERM timeline

Work group training

Work group reporting

structure

AC Reporting

Periodic refreshes

Physician

involvement

Link to CC objectives

Page 21: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

• Resources

• Organizational changes

• Communication

• Ongoing engagement

• Quantifying results

• Linkage

– Financial Planning

– Strategy

– Continuous Improvement

Ongoing ERM Challenges

21

Page 22: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Key Steps to Consider As you embed risk management in the business

22

1. Develop Risk Management Framework & Process

2. Develop a Risk Governance and Monitoring Process

Risk Identification & Assessment

Risk Analysis

Mitigation and Response

Embed Risk Management

in the Business

Monitoring and Reporting

Page 23: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Key Steps to Consider As you embed risk management in the business

23

3. Embed and Enhance Risk Management Activities

4. Establish Risk Culture and Behavior through Training

Page 24: Cleveland Clinic and Enterprise Risk Management: … · Cleveland Clinic and Enterprise Risk Management: From Compliance to a Strategic Tool Charles Kolodkin, JD, MBA Executive Director,

Thank You