Embed Size (px)
Citation preview
Enterprise Risk Management
Wayne L. Brannan, CPHRM, CBCP, CHSP, ARMDirector, Risk Management
The Medical University of South Carolina
What is Enterprise Risk Management?
The COSO* Definition:“Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
*The Committee of Sponsoring Organizations of the Treadway Commission www.coso.org
ERM Key Elements
Analyzes risk “across the enterprise” Manages multiple risks in an integrated
manner – rather than in separate risk “silos”
Elevates Risk Management as a strategic partner in achieving corporate goals and objectives
Elements of ERM Framework
Education and Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring
Why ERM?
Corporate ScrutinyRegulatory Issues
Research
CHIEF UROLOGIST CHARGED
WITH RESEARCH
CONFLICT OF INTEREST
EIGHT MORE HOSPITAL LAWSUITS ADDED TO ALLEGED
CHARITY CARE VIOLATIONS
MEDICAL CHIEF SURVIVES
SCANDAL –TIES TO ENRON AND
IMCLONE CALLED BAD
LUCK
UNIVERSITY MEDICAL
CENTER MISUSES FEDERAL GRANT =
$32M FINE
AUDIT FINDS HOSPITAL FAILED TO REPORT HUNDREDS
OF MISTAKES
MEDICAL OVER-
BILLING RESULTS IN $5.6M FINE
MEDICAL CENTER
CHARGED WITH
RESEARCH FRAUD AND
ABUSE
Why ERM?
Foreign IssuesOutsourcingTechnology
TELEMEDICINE AT HEART
OF DIAGNOSTIC
CHANGES
STUDENT SEARCHING
FOR INFORMATION
ABOUT DOCTOR IS LINKED TO
PRIVATE PATIENT FILES
CASE HEARING ON KIDNAPPING
MEMBER OF DOCTORS WITHOUT BORDERS
MISSION TO START ON MONDAY
EXTORTION THREATS TO
RELEASE PATIENT RECORDS –
CLIENTS NOT INFORMED OF INDIA STAFFS
BREACH
DETAILED PSYCHOLOGICAL
RECORDS ACCIDENTALLY POSTED ON WEBSITE FOR
EIGHT DAYS
THE DOCTOR IS IN BUT NOT IN
THE U.S. – “nighthawking” to India, Israel,
Australia . . .
HACKERS ACCESS 7000
PATIENT FILES
RAPIST ACCESSES PATIENT RECORDS HOSPITAL
MULLS CRIMINAL
SCREENING
Why ERM?
Risk Outliers
THE ETHICS OF BABY MAKING
WILLED BODY PROGRAM
SUSPENDED AMID
ALLEGATIONS OF ILLEGAL BODY PARTS SALES
DOCTOR SELLS OWN
SPERM FOR IN VITRO
FERTILIZATION
WHY DID THEY DIE IN
COSMETIC SURGERY?
BABY KIDNAP STAGED TO SUE HOSPITAL FOR
BREACH OF SECURITY
LAWSUITS FILED OVER CUSTODY
OF FROZEN EMBRYOS
ORGAN REMOVAL
RULED HOMICIDE
CA PHYSICIANS
FIND SUCCESS IN
THE SPA BUSINESS
Why ERM?
Loss of AccreditationLoss of Federal Funding
NON-COMPLIANCE
INTERIM LIFESAFETY MEASURES
FAILURE TO GET
INFORMED CONSENT
FOR MINORS PARTICIPATI
NG IN CLINICAL TRIALS
FACULTY CONSULTING
WITH PRIVATE SUPPLIERS OF
MEDICAL DEVICE
INAPPROPRIATE BILLING FOR TIME AND ACTIVITY WHILE WORKING UNDER
FEDERALLY FUNDED GRANT
LACK OF SUPERVISION OF STUDENTS’
ROTATIONS
INACCURATE REPORTING OF NONRESIDENT
ALIENS
NON REGISTRATION OF SELECT AGENTS USED IN RESEARCH
The Value of ERM
The underlying premise of ERM is that every entity exists toprovide value for its stakeholders
Stakeholders of not-for-profit entities realize value when theyrecognize receipt of valued social benefit—i.e. “the Mission”
A key to achieving that social benefit and a key to survival is toidentify and manage risk across the enterprise rather thannarrowly focusing in certain “traditional” risk areas
ERM facilitates an entity’s ability to achieve its performance and profitability targets; it prevents loss of resources; it ensures compliance with laws and regulations; avoiding damage to reputations, and achieving corporate goals and objectives – and does this froma broader perspective than traditional RM
ERM identifies areas where due diligence/auditing is prudent due to increased corporate scrutiny (Leapfrog Initiative, Sarbanes Oxley)
Roadblocks
Complex & takes time Needs transition from Theory to Action plan Requires combined knowledge and focus –
legal, financial, internal audit, clinical, insurance, compliance, operations, etc.
Turf Wars between departments and divisions can occur
Requires a new paradigm
How to Achieve ERM within your Facility
Embrace “enterprise-wide” risk oversight Require that RM evaluate risk issues from new
strategies well in advance of implementing those strategies
Foster a collaborative effort to address risk and quality concerns – and to make pro-active decisions including risk management considerations as well as operational strategies
Determine and assign authority levels for managing risks
Facilitate open communication of risk
Develop an ERM Roundtable
HR
Affiliates
Operations
Research
Marketing
InternalAudit
Quality/Safety
Finance
Faculty &Students
MedicalStaff
Legal
ComplianceIT
Chief Risk Officer
Role of Risk Officer
Establish ERM policies and set goals for implementation
Frame accountability and authority Promote ERM competence throughout the entity Guide integration of ERM with other business
planning and management activities Oversee development of entity-wide and business
unit specific risk tolerances Facilitate managers’ development of reporting
protocols (ERM Roundtable) Report to senior leadership on progress and
recommend action as needed
Develop a Strategy Matrix
Define key organizational short and long term goals
Strategic Operational Financial
Map key risk management issues that will support goals or that could threaten the goals
Identify and prioritize risk management strategies
Document assignments of responsibility and timelines for achieving goals and objectives
The Strategy MatrixStrategy Matrix
Mission
Objectives
Strategies
Risk Management Issues
Prioritize and apply RM Steps across the Enterprise
Action Plan to further objective/prevent failure of objective
Strategic Operational Financial
Quality ReportingLoss Control Compliance
The Strategy Matrix - SAMPLE
Strategy Matrix for ABC Hospital
Strategy Matrix for ABC Hospital (cont)
Strategy Matrix for ABC Hospital (cont)
The ERM Fusion Model
PatientIdentification
Communication
MedicationSafety
ReduceInfections
Reconcile Medications
Slipsand Falls
ERM
Incorporating JCAHO Patient Safety Goals
The ERM Fusion Model
ERM
Incorporating JCAHO Patient Safety Goals
PatientIdentification
Communication
MedicationSafety
ReduceInfections
Reconcile Medications
Slipsand Falls
The ERM Fusion Model
ERM
Incorporating JCAHO’s Top 10 Items that will Make or Break You
Inability to Articulate
Section/Unit PI Processes
Insufficient/Non-existent Documentation
Use of Non-calibrated/Non-
verified Equipment
Inability to Validate
Physician/Staff Competency
Unfamiliarity with NPSGs
Expired Medications/Supplies
By-passing Informed Consent
Violations of Patient Confidentiality
Unfamiliarity with EM Procedures
Improper Storage/Cluttered
Areas
PatientIdentification
Communication
MedicationSafety
ReduceInfections
Reconcile Medications
Slipsand Falls
Questions?
