Popular in Course
verified elite notetaker
Popular in Business
This 4 page Document was uploaded by an elite notetaker on Monday December 21, 2015. The Document belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 9 views.
Reviews for The-Role-of-Enterprise-Risk-Management-in-Health-Systems-Development
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 12/21/15
IOSR Journal of Business and Management (IOSR-JBM) e-ISSN: 2278-487X, p-ISSN: 2319-7668. Volume 16, Issue 9.Ver. III (Sep. 2014), PP 47-50 www.iosrjournals.org The Role of Enterprise Risk Management in Health Systems Development Ass. Prof. Festus M Epetimehin PhD Joseph Ayo Babalola University, Ikeji-Arakeji Abstract: There are a growing number of issues facing the healthcare industry today that make Enterprise Risk Management, ERM an attractive strategy for managing risks. Examples of such issues are research, regulating issues, loss of accreditation, technology, loss of Federal funding and where the organization was found non- compliant in interim life-safety measures. Given the breath and complexity of potential risks such as these, healthcare organizations require a logical framework for identifying the scope of potential risks, evaluating risks exposures and responding to risks. According to survey results conducted on 150 health workers and administrators, an overwhelming number of respondents (88%) say that enterprise level risk management is more of a priority today and useful in managing risks than it was years ago. Furthermore the data reflects the move from the traditional risk silo approach to ERM in an effort to improve communication on risk management throughout the organizations. By taking a proactive approach to risk management using ERM model, Healthcare organizations will be better equipped to focus on all risks throughout the organization while maintaining patient safety, ensuring compliance and improving their organization bottom lines. Key Words: Enterprise Risk Management (ERM), Health, Development, COSO I. Introduction The current economic climate is continuing to force health care organizations to evaluate operational efficiencies. Maximizing profits or at least not operating at a loss has been at the forefront of business objectives of most of the health organizations. It is a known fact that few organizations can survive in the long run without meeting their expenditures but how much risk can or should be taken to achieve this objective has always been the bone of contention. Managing of risk varies with the culture of the organization but in the health system, medical errors should be averted by proactive risk management. The purpose of risk management is to allow organizations to handle uncertainty including new problems that are arising from changing circumstances. In essence, risk management is simply a way to deal with the uncertainties that can prevent any organization from achieving its strategic objectives. It is a controlled, logical and rational means of understanding the past and project possible alternative futures in order to make better decisions. Enterprise risk management is one of the latest bits of vocabulary to emerge from the risk management industry, and all it signifies is the application of risk management techniques to all aspects of an enterprise, including profit creation activities as well as loss prevention. Enterprise risk management is simply risk management on a broad scale. In the health systems, disasters and other emergencies often result in significant impacts on people’s health including the loss of many lives. Every new threat reveals the challenges for managing health risks and effects of emergencies and disasters. Deaths, injuries, diseases, disabilities, psychosocial problems and other health impacts can be avoided or reduced by disaster risk management measures involving health and other sectors. The whole objective of this paper is to look at the need for assessment of risks in health and health systems, determine risk management measures based on risk assessments and surveillance and monitoring of potential threats to health, particularly from biological natural and technological (such as chemical and radiological hazards) sources to enable early detection and warning to prompt action by the public health workers and other sectors within the Health system. The paper also addressed the steps needed to achieve ERM with the introduction of a model depicting how ERM can bring value to a healthcare organization. II. Literature Review In 2005, the World Bank explained what health systems are compose of taking a look at the hospitals and health infrastructure and the development of adaptable and resilient health care system. Health systems are composed of public, private and non-governmental facilities which work together to serve the community; these include hospitals, primary health care services, laboratories, pharmacies and blood banks, safe hospital programmes ensures health facilities are safely built to withstand hazards, remaining operational in emergencies. In developing adaptable and resilient health care systems therefore, Health care systems need to prepare to cope with large numbers of patients. This may require mobilising staff around the country to aid affected areas. www.iosrjournals.org 47 | Page The Role of Enterprise Risk Management in Health Systems Development Flexibility to deliver different functions is an essential component of health care delivering. This may mean reducing some services in order to increase others. Not only these plans to maintain the continuity of health sector operations which includes identifying priority services, mechanisms for response coordination and communicating with staff and partner organizations but also includes the adequate protection of possible risks and unexpected disaster that are likely to happen . Risks are present in every business activity we undertake, therefore the need for risk management. The objective of risk management is to add maximum sustainable value to all the activities in the organization. It marshals the understanding of the potential upside and downside of all those factors which can affect the organization. It increases the probability of success, and reduces the probability of failure and the uncertainty of achieving the organization’s overall objectives, (Slovic, 2002) The role of risk management is to allow organizations to handle uncertainty, including new problems that arise from changing circumstances. In other words, it is simply a way to deal with the uncertainties that can prevent any organization from achieving its strategic objectives. Today, risk managers embrace risk management on a broader scale known as Enterprise risk management. ERM is an articulated management discipline with a growing importance to to boards and finance departments, because rating agencies, such as Standard and Poor’s are starting to include it in their assessment criteria. ERM signifies the application of risk management techniques to all aspects of an enterprise, including profit creation activities, as well as loss prevention. According to COSO (2004) the definition of enterprise risk manager (ERM) is ‘’A process, effected by an entity’s board of directors, managerial and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. These are two basic ways that a company can choose to manage risks, it can manage one risk at a time, or it can manage them on an interpreted holistic basis. This latter approach is often referred to as enterprise risk management (Nocco and Stulz, 2006) the goal of enterprise risk management is to measure risk and capital across a wide range of diverse business objectives. This requires methodology for aggregating risk types whose distributional shapes may vary considerably (Rosenberg and Schuermann, 2004). To meet these new challenges many health organizations are examining their policies, methodologies and infrastructures. These three building blocks form the core of any enterprise risk management environment (Cronghy, Galai and Mark 2005). Policies define the tolerance that an organization has for risk. The policies should be consistent with business strategy and should be communicated both internally and externally. The methodologies are the underlying mathematical models that are tied back into performance management. These models must be properly designed, implemented and vetted. The infrastructure refers to having the appropriate people, and operational processes such as data, systems etc. are in place to control and report on the risks (Crouhy et al 2005). Smith (2000) discusses the importance of data governance as a long standing objection of the health care industry. He sees data governance as a way of helping a health system identify the source of data and store it, if necessary, in the appropriate place. Mary and Rita (2013) define Data governance as a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and has people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for an organization, altering the entity’s way of thinking and setting up the processes to handle information so that it may be utilized by the entire organization. It’s about using technology when necessary in many forms to help aid the process. When healthcare desire, or are required, to gain control of their data, they empower their people, set up processes and get help from technology to do it. Smith (2000). In governance the third challenge, infrastructure is where the health organization may benefit from external, third party experience in terms of personnel, processes and information technology. It may be best for the organization to leverage the knowledge, experience and products from third parties that do have hardware and software development among their distinctive core competencies. Traditionally, risks are identified in separate risk areas, or silos, with insurance risks handled by the insurance department, market risks handled by the sales or marketing department, risks of employee injuries handled by occupational safety and Health or workers compensation patient safety risks handled by the quality department and so on. Compensation for patient are placed on the back burner and business continuity, disaster recovery is focused on maintaining customer and regulatory confidence (Jablonowski, 2006). Shaws (2005) is of the opinion that the traditional method of identifying risks also fails to address two critical aspects of risk management from ERM perspective; corporate risk appetite or the amount of risk a company is willing to absorb for the returns it expects to gain and the management of emergent risks. The underlying premise of ERM is that every entity exists to provide value for its stakeholders. Stakeholders of not-for-profit entities realize value when they recognize receipt of valued social benefit (Hale, Boone and Maley 2004). Moreover ERM www.iosrjournals.org 48 | Page The Role of Enterprise Risk Management in Health Systems Development allows for wider responsibility to society which leads to long term profitability and sustainable growth (Jablonowski, 2006). Also, a key to achieving that social benefits and a key to survival is to identify and manage risk across the enterprise rather than narrowly focusing on certain traditional risk areas. Conceptual Framework of ERM Different theoretical framework and models structure the concepts of EMR, but they are only guidelines. Each business has its own culture, risk exposures and strategies and needs to work out its own approach because its organizational structure and culture will mainly determine what it needs to do, how far it wants to go and low to implement EMR in its processes. Enterprise Risk Management Framework is made up of five process components derived from the committee of sponsoring organizations (COSO) of the Treadway Commission ERM Framework, on which the development of good and sound health development should stand to achieve their objectives of managing risks. 1. Event Identification & Risk Assessment: As part of the strategic planning process and day-to-day management of the health organization, functional leaders should identify internal and external events that may affect the achievement of the organization’s objectives. Risk management function personnel help identify and assess these risks through their experts, formal assessments and analysis of business intelligence and trends. 2. Risk Response: A response is determined based upon the overall risk exposure, considered as a function of likelihood and impact of the occurrence. Risk responses may include avoiding or evading, accepting, reducing, and sharing or transferring risk. 3. Control Activities: Control activities are established to ensure that risk responses are carried out effectively and consistently throughout the organization. This involves formalizing risk response in organization policies, ensuring clear accountability, utilizing self–assessment and monitoring tools and designing controls into the systems and critical processes. 4. Information & Communication: Information and communication channels should be in place to make the organization aware of risks that fall into their area of responsibility and expected behaviour and actions to mitigate negative outcomes. 5. Monitoring: management reviews, as well as assurance activities, such as testing, auditing and assessments, should be in place to ensure that risks are effectively identified and assessed, and that appropriate responses, controls and preventive actions are in place. While no risk management system can ever be absolutely complete, the goal is to make certain that identified risks are managed within acceptable levels. III. Research Methodology Both primary and secondary data were considered in this research work. Literature was reviewed from journals, books and magazines. Also, 150 questionnaires were sent out to collect secondary data from health workers and administrators from the South West States of Nigeria. Though the questionnaire was not tested for validity but only used to capture the information necessary for this work. According to the survey conducted on 150 health workers and administrators, an overwhelming number of respondents (88%) say that enterprise level risk management is more of a priority today and far useful in risk management than it was years ago. Furthermore the data reflects the move from the traditional risk silo approach to ERM in an effort to improve communication on risk management throughout the organizations. www.iosrjournals.org 49 | Page The Role of Enterprise Risk Management in Health Systems Development IV. Conclusion To embrace ERM in an organization, it requires a new paradigm and organization must transition from theory to action. The idea of ERM requires compiled knowledge and focus from key areas including legal, financial, internal audit, clinical, insurance, compliance, operations and others.ERM can be achieved provided the steps given are followed. The first step is to analyze risk from a broader enterprise-wide perspective. Looking at this step from a health care perspective, identifying business streams and associated risks throughout the entire scope of activities, including facilities, physicians, managed care, education, research, technology and ancillary services. Each head responsible for a unit, function, process or activity needs to develop an assessment of risk for that unit. The definition of risk must be standardized and communicated to ensure a unified view of risk across the organization. A health organization must come up with strategic objectives and strategies to achieve the development of ERM. This may involve assisting physicians in utilizing technologies in order to improve physician productivity, improve convenience for patients and improve patient safety. With the above example, one possible risk issue may include security breaches, viruses and information theft among others. It is also mandatory that when defining possible risk issues, it is important to prioritize them in order to provide proper focus on larger more costly risks. The final step to achieving ERM is to embrace enterprise-wide risk oversight by creating ERM responsibilities. According to COSO, everyone in an entity has some responsibility for ERM. Is therefore necessary to foster a collaborative effort to address risk and quality, and make proactive decisions regarding risk management considerations as well as operational strategies. An ERM roundtable unites managers from all areas across the organizations including , but not limited to, Information Technology, Internal Audit, Finance, Quality/Safety, Marketing Operations, Legal, Research and Medical Staff. Part of what to do to achieve the implementation is to develop solutions to risks identified, which can be done through documenting assignments of responsibility and creating timetable for achieving the set goals and objectives. A solution to risks may involve reviewing network security policies and contracts from third party vendors as well as reviewing the need and cost/benefit for cyber liability risk transfer . References . Boone B. Hale, J.L., and Maley R (2004). Working Man’s Approach to Enterprise Risk Management. ASHRM. Orlando, FL 2004. 1-33 . Crouhy, M, Galai, D and Mark, R (2005) Risk Management New York, McGraw-Hill . Enterprise Risk Management – Integrated Framework (2004) Commission of Sponsoring Organizations of the Tread way Commission (COSO) executive summary and complete report.. . Jablonowski, M. (2006) The Real Value of ERM. Risk Management Magazine. Feb. pp 33-37 . Mary, G R and Bowen R (2013) Developing a Data Governance Model in Healthcare. Risk Management Journal pp 34-38 . Nocco, Brain and Stulz, Rene (2006) Enterprise risk management: theory and practice, Journal of Applied Corporate finance, 18 (14), pp 8-20 . Rosenberg, Joshua and Schuermann, Till (2004) A general approach to integrated risk management with skewed, fat-tailed risks, Federal Reserve Bank of New York, Staff Report . Shaw, J. (2005) Managing All of Your Enterprise’s Risks. Risk Management Magazine. . September pp: 34-38 . Slovic, P (2000) The Perception of Risk London, Earthscan Publishers p150 . Smith, E (2000) Cognitive Fuzzy Modelling for enhanced risk assessment in a healthcare Institutions. IEEE Expert Dec. 4-9 . World Bank (2005) The World Bank: Global Health or Global Harm ? American Journal of Public Health Vol. 95 (7) www.iosrjournals.org 50 | Page
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'