Enterprise Risk Management - Towards Resilience In Aged Care
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Enterprise Risk Management - Towards Resilience In Aged Care as PDF for free.
More details
- Words: 1,853
- Pages: 5
Integrating business and clinical risks systems key to sustainability and resilience Today’s health and aged care environment are experiencing problems brewing in various fronts. Connectivity, integration, convergence are challenging providers to navigate a world of reduced margins to do much more with much less and further impacting quality outcomes. The challenge is in providing quality care within astute business models. The key is in strengthening risk management and resilience to achieve long term sustainability. Failings of traditional risk management Traditional risk management is focused on specific categories of risk (silos) and how a particular risk might affect one aspect of organisational health (e.g. insurance costs, accreditation). Identifying clinical risks associated with liability costs and sanctions very often leads to not considering impact of non-financial risks – e.g. financial and otherwise, that could also be identified and measured, reputational risks, etc. It also fails to take into account impact of one risk upon another, thus compounding impact of potential downside. For example, literature is replete with human resource issues relating to: • Workforce fatigue; • Educational levels of nurses and their effect on patient outcomes; • Staff intimidation in the area of safe medication practices; and • The decreasing labour pool. It is not easy to identify how the impact these issues have on each other. However, one could see how a decreasing professional labour pool can create a demanding and stressful work environment that promotes workplace fatigue. Similarly, events like 9/11, Victorian Bushfires, etc have escalated the focused effort on emergency management and disaster recovery planning. To be successful, these efforts have had to adopt enterprise wide risk management. Risk management –enterprise wide approach Risk management for health and aged care providers is not a socially or legally ordained program. It is simply an organised effort to identify, assess and reduce, where appropriate, risks to patients, visitors, staff, and organisational assets. Risk management is nothing new, as Shakespeare’s Julius Caesar puts it, “the fault…is not in our stars, but in ourselves.” Untoward or adverse outcomes tend to yield a broad spectrum of possible explanations. What steps or programmes have we put in place to ensure we reduce the incidence of preventable accidents and injuries to minimize the financial loss to the institution should an accident occur? It is difficult for those outside the sector to grasp the uniqueness of health and aged care risk management. Whilst there are some similar elements to risk management in other industries such as workers’ compensations, fleet safety, workplace safety, hazard identification and mitigation, the potential severity of a catastrophe injury to a patient/resident is distinct. Aged care functions 24/7 and poor outcomes can result in
dire consequences, sometimes viability. As a result, traditional risk managers have placed emphasis on addressing clinical risks. Such narrow approach can be limiting and might not result in greatest enhancement of safety outcomes for patients/residents. What about the new challenges posed by continuous advances in medical research and technology? Although these advances support the goal of improved patient care, they come with a price tag: new risks. What is the risk that these advancement would threaten the ethical and moral values of an institution? Enterprise risk management (‘ERM’) therefore considers a broader approach for addressing the institution’s health and aged care risks. With stakeholders demanding greater risk transparency, efforts are increasing to assess an institution’s myriad of risks and cover them in a strategic risk management program. Emerging risk management priorities From our work with leading organisations, we are witnessing an evolving role for risk officers who have identified the following three risk management priorities: • Ensuring that the organisation is in full compliance with regulations; • Monitoring and identifying emergent risk; and • Extending risk principles into the wider business strategies. We are seeing more of a focus on driving integration of compliance, governance and risk efforts – how can we do less and achieve more? Scenario planning, sensitivity analysis and forecasting also provide valuable insight and depth to risk management discussions. For example, protecting patient confidentiality is often identified as a compliance risks/legal risks. Scenario planning will open up a whole plethora of discussions and possibilities. The way information is obtained, stored, retrieved, access, archived, destroyed and the medium with which it is stored, communicated and transmitted have points of vulnerabilities. Trend forecasting also provides key insights on trends and expectations of things to come. Risk identification, analysis, management and planning A systematic approach to risk management in progression or combination will help achieve effective risk management. Many risk management frameworks are available for use such as the AS/NZS4360, IS31000 and COSO framework. Whichever you choose to adopt, the key to achieving effective risk management are founded in the following key steps: • Identify the risks to be managed by adopting a comprehensive, well structured and systematic process. Any risks not identified at this stage are well excluded from
further analysis. It is therefore important to obtain a holistic and integrated view of possible risks. Risk identification should not be static snapshots! Risk-mapping stakeholders/team participants Legal
OHS
Finance
Public Relations
Operations Internal Audit/ Compliance
Insurance
Risk Manager
Strategic
Nursing/ Medical Quality Assurance
Environment Planning & Development
Security Source: Shirley Liew
Human Resource
Information technology
• Consider the potential consequences of risk events in terms of their severity Ensure there is sufficient rigour of the risk analysis in keeping with the context and risk criteria, the level of uncertainty in the analysis and the needs of decision makers. Liability
Property
Personnel
Financial
Operations
Strategic
• Real -facility
Business interruption • Net income
• Slips and falls • Medical
• Employee injury
• Price
• Productivity
• Funding
• Personal
• Extra expenses
• Benefits
• Credit
• Information
mechanism
professional
• Intellectual
• Contingent
• Retention
• Loss of
management
• Viability of
• Clinical trials
property
business interrruption
profits
• Process • Regulatory risk – sanctions,
mergers • What services or products to offer
fines, penalties
• Evaluate risks – compare the estimated level of risk with the pre-established criteria and rank the risks to identify management priorities. Ascertain tolerance levels and tolerable risks, based on parameters set by the board. Develop a risk treatment and response plan. • Treat risks- Upon identifying risks, develop a range of response options for treating risks, assess these options. Options range from avoiding the risk, in which case you decide not to proceed with the activity likely to create the risk, change the probability of occurring to enhance outcomes and reduce probability of losses, change the consequences of risk, share the risks or retain the risk and make appropriate provisions for dealing with risk should it arises. • Given the dynamic context resulting from the constantly changing external and internal environments, an institution should monitor and review the effectiveness and performance of its risk management process and changes as well as that of the risk treatment plans. Intrinsic in the risk treatment plan should be that of effective controls. By analysing incident reports and understanding the root-causes, risk managers often able to identify opportunities to strengthen organisational control designs. • Last but not least, communicate, communicate, communicate!
Monitoring key risk indicators through routine monitoring of particular parameters, e.g. cashflow forecasting provides clear indication of not only how well the organisation is tracking financially but also potential problems pertaining to operations such as lodgements and claims, payment terms to suppliers, spiralling areas of costs, etc. Some examples of key risk indicators associated with non-compliant homes include: • Total number of claims for a given time • Total number of potential claims – events that relate to potential patient harm • Incidences of errors or refunds – may relate to issues pertaining to integrity of financial and administration process • Number of patient complaints • Staff turnover and churn • Adequacy of staff training and orientation as well as level of ongoing training • Percentage of new stage over total workforce • Staff/patient ratios • Timeliness of management reporting • Variances to budgets • Cashflow and liquidity ratio indicators usually provide key insights to viability of an institution. Adopt a strategic approach to risk management. Also look at culture and the importance of risk culture is greatly influenced by leadership from the board. Walking the talk forms the basis of a successful risk framework Key business risks Whilst the above issues relate mainly to patients, some key business risks which are often ignored has proven critical to ultimate financial risks and hence long term solvency and viability of the institution. One example is that of contract management and service level agreements with third party providers/contractors, e.g. IT, managed care, transaction processing, consultants and physicians etc. Service failures or interruptions could result in unintended increases in medical and operating expense that might negatively impact cash flow, liquidity, financial performance and capital. They might also result in injury or damage to third parties what might result in expense to the institution. Some key risks issues relate to provider credentialing, vicarious exposures, apparent authority and ostensible agency, good faith and fair dealing, provider selection and compliance. Other liabilities include board of directors operating a company whilst insolvent. Boards of directors therefore need to have a clear and unfettered view of cashflow positions and financial risks.
Revenue risks can arise from the time a resident is registered to the point of billing with many numerous opportunities for things to go wrong. Demographic information, charges missing and outdated codes? Knowledge is power and knowing where the revenue cycle risks empowers organisations to control the threats to financial, compliance and operating performance. Advertising risks may pose a legal risk to the institution – e.g. exaggerating qualities of a product, and when you cannot live up to the claims it makes for itself. Be clear whether you are adopting a strategy of factual message or opinion message. Factual messages provide objective, verifiable information to the consumer. Certain facts about the facility may determine consumer preference in certain cases, e.g. religious or ethnic affiliation, the cost of the services, hours, etc. Opinion messages try to influence the consumer to believe that the facility offers a positive subjective attribute. Advertiser should be able to substantiate claims and types of testimony used. Languages such as “best care”, “world class facility” ‘first class staff’, “extraordinary”, “individualised care”, should be avoided. Benefits of ERM If avoiding sanctions is not incentive enough, try resilience. Apart from a broad base approach, ERM provides opportunities to improve efficiencies, streamline compliance costs and provides management and stakeholders a better view of risks. This further facilitate improved decision making and creates greater empowerment, control and monitoring of risks. Understanding and reporting key risks indicators also helps to improve transparency. Streamlining of governance, risk and compliance reduces the much loathed paperwork and effort surrounding accreditation and audits. Finally, having clear view of risk and an integrated model of risk management increases flexibility and responsiveness of a provider to respond and be more opportunistic. This is critical for organisations to be successful and build the resilience and challenges which abound.
If you require further information, please contact Shirley Liew, +61416287694, [email protected] or visit www.shirleyliew.com
dire consequences, sometimes viability. As a result, traditional risk managers have placed emphasis on addressing clinical risks. Such narrow approach can be limiting and might not result in greatest enhancement of safety outcomes for patients/residents. What about the new challenges posed by continuous advances in medical research and technology? Although these advances support the goal of improved patient care, they come with a price tag: new risks. What is the risk that these advancement would threaten the ethical and moral values of an institution? Enterprise risk management (‘ERM’) therefore considers a broader approach for addressing the institution’s health and aged care risks. With stakeholders demanding greater risk transparency, efforts are increasing to assess an institution’s myriad of risks and cover them in a strategic risk management program. Emerging risk management priorities From our work with leading organisations, we are witnessing an evolving role for risk officers who have identified the following three risk management priorities: • Ensuring that the organisation is in full compliance with regulations; • Monitoring and identifying emergent risk; and • Extending risk principles into the wider business strategies. We are seeing more of a focus on driving integration of compliance, governance and risk efforts – how can we do less and achieve more? Scenario planning, sensitivity analysis and forecasting also provide valuable insight and depth to risk management discussions. For example, protecting patient confidentiality is often identified as a compliance risks/legal risks. Scenario planning will open up a whole plethora of discussions and possibilities. The way information is obtained, stored, retrieved, access, archived, destroyed and the medium with which it is stored, communicated and transmitted have points of vulnerabilities. Trend forecasting also provides key insights on trends and expectations of things to come. Risk identification, analysis, management and planning A systematic approach to risk management in progression or combination will help achieve effective risk management. Many risk management frameworks are available for use such as the AS/NZS4360, IS31000 and COSO framework. Whichever you choose to adopt, the key to achieving effective risk management are founded in the following key steps: • Identify the risks to be managed by adopting a comprehensive, well structured and systematic process. Any risks not identified at this stage are well excluded from
further analysis. It is therefore important to obtain a holistic and integrated view of possible risks. Risk identification should not be static snapshots! Risk-mapping stakeholders/team participants Legal
OHS
Finance
Public Relations
Operations Internal Audit/ Compliance
Insurance
Risk Manager
Strategic
Nursing/ Medical Quality Assurance
Environment Planning & Development
Security Source: Shirley Liew
Human Resource
Information technology
• Consider the potential consequences of risk events in terms of their severity Ensure there is sufficient rigour of the risk analysis in keeping with the context and risk criteria, the level of uncertainty in the analysis and the needs of decision makers. Liability
Property
Personnel
Financial
Operations
Strategic
• Real -facility
Business interruption • Net income
• Slips and falls • Medical
• Employee injury
• Price
• Productivity
• Funding
• Personal
• Extra expenses
• Benefits
• Credit
• Information
mechanism
professional
• Intellectual
• Contingent
• Retention
• Loss of
management
• Viability of
• Clinical trials
property
business interrruption
profits
• Process • Regulatory risk – sanctions,
mergers • What services or products to offer
fines, penalties
• Evaluate risks – compare the estimated level of risk with the pre-established criteria and rank the risks to identify management priorities. Ascertain tolerance levels and tolerable risks, based on parameters set by the board. Develop a risk treatment and response plan. • Treat risks- Upon identifying risks, develop a range of response options for treating risks, assess these options. Options range from avoiding the risk, in which case you decide not to proceed with the activity likely to create the risk, change the probability of occurring to enhance outcomes and reduce probability of losses, change the consequences of risk, share the risks or retain the risk and make appropriate provisions for dealing with risk should it arises. • Given the dynamic context resulting from the constantly changing external and internal environments, an institution should monitor and review the effectiveness and performance of its risk management process and changes as well as that of the risk treatment plans. Intrinsic in the risk treatment plan should be that of effective controls. By analysing incident reports and understanding the root-causes, risk managers often able to identify opportunities to strengthen organisational control designs. • Last but not least, communicate, communicate, communicate!
Monitoring key risk indicators through routine monitoring of particular parameters, e.g. cashflow forecasting provides clear indication of not only how well the organisation is tracking financially but also potential problems pertaining to operations such as lodgements and claims, payment terms to suppliers, spiralling areas of costs, etc. Some examples of key risk indicators associated with non-compliant homes include: • Total number of claims for a given time • Total number of potential claims – events that relate to potential patient harm • Incidences of errors or refunds – may relate to issues pertaining to integrity of financial and administration process • Number of patient complaints • Staff turnover and churn • Adequacy of staff training and orientation as well as level of ongoing training • Percentage of new stage over total workforce • Staff/patient ratios • Timeliness of management reporting • Variances to budgets • Cashflow and liquidity ratio indicators usually provide key insights to viability of an institution. Adopt a strategic approach to risk management. Also look at culture and the importance of risk culture is greatly influenced by leadership from the board. Walking the talk forms the basis of a successful risk framework Key business risks Whilst the above issues relate mainly to patients, some key business risks which are often ignored has proven critical to ultimate financial risks and hence long term solvency and viability of the institution. One example is that of contract management and service level agreements with third party providers/contractors, e.g. IT, managed care, transaction processing, consultants and physicians etc. Service failures or interruptions could result in unintended increases in medical and operating expense that might negatively impact cash flow, liquidity, financial performance and capital. They might also result in injury or damage to third parties what might result in expense to the institution. Some key risks issues relate to provider credentialing, vicarious exposures, apparent authority and ostensible agency, good faith and fair dealing, provider selection and compliance. Other liabilities include board of directors operating a company whilst insolvent. Boards of directors therefore need to have a clear and unfettered view of cashflow positions and financial risks.
Revenue risks can arise from the time a resident is registered to the point of billing with many numerous opportunities for things to go wrong. Demographic information, charges missing and outdated codes? Knowledge is power and knowing where the revenue cycle risks empowers organisations to control the threats to financial, compliance and operating performance. Advertising risks may pose a legal risk to the institution – e.g. exaggerating qualities of a product, and when you cannot live up to the claims it makes for itself. Be clear whether you are adopting a strategy of factual message or opinion message. Factual messages provide objective, verifiable information to the consumer. Certain facts about the facility may determine consumer preference in certain cases, e.g. religious or ethnic affiliation, the cost of the services, hours, etc. Opinion messages try to influence the consumer to believe that the facility offers a positive subjective attribute. Advertiser should be able to substantiate claims and types of testimony used. Languages such as “best care”, “world class facility” ‘first class staff’, “extraordinary”, “individualised care”, should be avoided. Benefits of ERM If avoiding sanctions is not incentive enough, try resilience. Apart from a broad base approach, ERM provides opportunities to improve efficiencies, streamline compliance costs and provides management and stakeholders a better view of risks. This further facilitate improved decision making and creates greater empowerment, control and monitoring of risks. Understanding and reporting key risks indicators also helps to improve transparency. Streamlining of governance, risk and compliance reduces the much loathed paperwork and effort surrounding accreditation and audits. Finally, having clear view of risk and an integrated model of risk management increases flexibility and responsiveness of a provider to respond and be more opportunistic. This is critical for organisations to be successful and build the resilience and challenges which abound.
If you require further information, please contact Shirley Liew, +61416287694, [email protected] or visit www.shirleyliew.com
Related Documents
White Paper Enterprise Risk Management
July 2020 4
Aged Care Report
May 2020 2
Risk To Resilience
June 2020 6
Risk Management In Mexico
April 2020 22