Enterprise Risk Management Wayne L Brannan CPHRM CBCP

Enterprise Risk Management Wayne L. Brannan, CPHRM, CBCP, CHSP, ARM Director, Risk Management The Medical University of South Carolina

What is Enterprise Risk Management? n The COSO* Definition: “Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. ” *The Committee of Sponsoring Organizations of the Treadway Commission www. coso. org

ERM Key Elements Analyzes risk “across the enterprise” n Manages multiple risks in an integrated manner – rather than in separate risk “silos” n Elevates Risk Management as a strategic partner in achieving corporate goals and objectives n

Elements of ERM Framework n n n n Education and Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring

Why ERM? CHIEF UROLOGIST CHARGED WITH RESEARCH CONFLICT OF INTEREST UNIVERSITY MEDICAL CENTER MISUSES FEDERAL GRANT = $32 M FINE MEDICAL CHIEF SURVIVES SCANDAL –TIES TO ENRON AND IMCLONE CALLED BAD LUCK MEDICAL OVERBILLING RESULTS IN $5. 6 M FINE Corporate Scrutiny Regulatory Issues Research MEDICAL CENTER CHARGED WITH RESEARCH FRAUD AND ABUSE EIGHT MORE HOSPITAL LAWSUITS ADDED TO ALLEGED CHARITY CARE VIOLATIONS AUDIT FINDS HOSPITAL FAILED TO REPORT HUNDREDS OF MISTAKES

Why ERM? THE DOCTOR IS IN BUT NOT IN THE U. S. – “nighthawking” to India, Israel, Australia. . . TELEMEDICINE AT HEART OF DIAGNOSTIC CHANGES EXTORTION THREATS TO RELEASE PATIENT RECORDS – CLIENTS NOT INFORMED OF INDIA STAFFS BREACH RAPIST ACCESSES PATIENT RECORDS HOSPITAL MULLS CRIMINAL SCREENING Foreign Issues Outsourcing Technology HACKERS ACCESS 7000 PATIENT FILES CASE HEARING ON KIDNAPPING MEMBER OF DOCTORS WITHOUT BORDERS MISSION TO START ON MONDAY STUDENT SEARCHING FOR INFORMATION ABOUT DOCTOR IS LINKED TO PRIVATE PATIENT FILES DETAILED PSYCHOLOGICAL RECORDS ACCIDENTALLY POSTED ON WEBSITE FOR EIGHT DAYS

Why ERM? THE ETHICS OF BABY MAKING CA PHYSICIANS FIND SUCCESS IN THE SPA BUSINESS LAWSUITS FILED OVER CUSTODY OF FROZEN EMBRYOS Risk Outliers WHY DID THEY DIE IN COSMETIC SURGERY? ORGAN REMOVAL RULED HOMICIDE DOCTOR SELLS OWN SPERM FOR IN VITRO FERTILIZATION WILLED BODY PROGRAM SUSPENDED AMID ALLEGATIONS OF ILLEGAL BODY PARTS SALES BABY KIDNAP STAGED TO SUE HOSPITAL FOR BREACH OF SECURITY

Why ERM? NON-COMPLIANCE INTERIM LIFESAFETY MEASURES NON REGISTRATION OF SELECT AGENTS USED IN RESEARCH FACULTY CONSULTING WITH PRIVATE SUPPLIERS OF MEDICAL DEVICE LACK OF SUPERVISION OF STUDENTS’ ROTATIONS FAILURE TO GET INFORMED CONSENT FOR MINORS PARTICIPATIN G IN CLINICAL TRIALS Loss of Accreditation Loss of Federal Funding INACCURATE REPORTING OF NONRESIDENT ALIENS INAPPROPRIATE BILLING FOR TIME AND ACTIVITY WHILE WORKING UNDER FEDERALLY FUNDED GRANT

The Value of ERM n The underlying premise of ERM is that every entity exists to provide value for its stakeholders n Stakeholders of not-for-profit entities realize value when they recognize receipt of valued social benefit—i. e. “the Mission” n A key to achieving that social benefit and a key to survival is to identify and manage risk across the enterprise rather than narrowly focusing in certain “traditional” risk areas n ERM facilitates an entity’s ability to achieve its performance and profitability targets; it prevents loss of resources; it ensures compliance with laws and regulations; avoiding damage to reputations, and achieving corporate goals and objectives – and does this from a broader perspective than traditional RM n ERM identifies areas where due diligence/auditing is prudent due to increased corporate scrutiny (Leapfrog Initiative, Sarbanes Oxley)

Roadblocks n n n Complex & takes time Needs transition from Theory to Action plan Requires combined knowledge and focus – legal, financial, internal audit, clinical, insurance, compliance, operations, etc. Turf Wars between departments and divisions can occur Requires a new paradigm

How to Achieve ERM within your Facility n n n Embrace “enterprise-wide” risk oversight Require that RM evaluate risk issues from new strategies well in advance of implementing those strategies Foster a collaborative effort to address risk and quality concerns – and to make pro-active decisions including risk management considerations as well as operational strategies Determine and assign authority levels for managing risks Facilitate open communication of risk

Develop an ERM Roundtable IT HR Compliance Affiliates Operations Legal Medical Staff Chief Risk Officer Faculty & Students Research Marketing Finance Internal Audit Quality/ Safety

Role of Risk Officer Establish ERM policies and set goals for implementation n Frame accountability and authority n Promote ERM competence throughout the entity n Guide integration of ERM with other business planning and management activities n Oversee development of entity-wide and business unit specific risk tolerances n Facilitate managers’ development of reporting protocols (ERM Roundtable) n Report to senior leadership on progress and recommend action as needed n

Develop a Strategy Matrix n Define key organizational short and long term goals n n n Strategic Operational Financial Map key risk management issues that will support goals or that could threaten the goals Identify and prioritize risk management strategies Document assignments of responsibility and timelines for achieving goals and objectives

The Strategy Matrix Mission Objectives Strategic Operational Financial Strategies Risk Management Issues Quality Loss Control Reporting Compliance Prioritize and apply RM Steps across the Enterprise Action Plan to further objective/prevent failure of objective

The Strategy Matrix - SAMPLE

Strategy Matrix for ABC Hospital

Strategy Matrix for ABC Hospital (cont)

The ERM Fusion Model Incorporating JCAHO Patient Safety Goals Patient Identification Reconcile Medications Reduce Infections Slips and Falls ERM Communication Medication Safety

The ERM Fusion Model Incorporating JCAHO’s Top 10 Items that will Make or Break You Violations of Patient Confidentiality Inability to Articulate Section/Unit PI Processes Expired Medications/Supplies Patient Identification Slips and Falls Use of Noncalibrated/Nonverified Equipment Unfamiliarity with EM Procedures ERM Reconcile Medications Communication Unfamiliarity with NPSGs Inability to Validate Physician/Staff Competency Reduce Infections By-passing Informed Consent Medication Safety Insufficient/Non-existent Documentation Improper Storage/Cluttered Areas

Questions?