Enterprise Risk Management - HCCA Official Site
Enterprise Risk ManagementThe Basics or ERM 1011
Enterprise Risk ManagementEnterprise risk management deals withrisks and opportunities affecting valuecreation or preservation, defined as:Enterprise risk managementis a process, applied instrategy setting across theenterprise, designed toidentify potential events thatmay affect the entity, andmanage risk to be within itsrisk appetite, to providereasonable assuranceregarding the achievement ofentity objectives. COSOCOSO’s ERM FrameworkWho Regulates Health CareFederal Circuit CourtsSupreme CourtStateSurvey & CertificationCongressMedicare IntegrityProgram ContractorsCenters forMedicare andMedicaid ServicesCourtsDepartmentalAppealsAttorneys GeneralMedicaidHealth BoardsOIGMedical BoardsLocal GovernmentsPRRBDME diariesCarriersPROsFDADOTRegional Home HealthIntermediariesOSHADEAHealth d 7-12
The ConnectionCompliance and ERM Compliance Risk Activities OIG Work Plan Advisories and Opinions What issues are health care entitiesbeing sued for or settling out of court ERM Regulatory/Legal Finance Operational ReputationalRisk Activities Internal Audit ServicesInternal Control EvaluationsLegalExternal AuditorsComplianceLacks coordinationExternal View3
Managing RiskUsually not IntegratedExternal AuditorsAnnual Audit, QuarterlyReviewsFinanceHuman ResourcesInternal Audit ServicesComplianceInformation TechnologySecurityEnvironmentalLegal DepartmentPatient CareMedical SchoolResearch ServicesBoard of DirectorsASSESS RISKRisk assessment is the identificationand analysis of risks to theachievement of business objectives.It forms a basis for determining howrisks should be managed.4
The Seven Elements1. Code of Conduct – Policies andProcedures2.3.4.5.6.7.8.CO and Compliance CommitteeEducationMonitoring and AuditingReporting and InvestigationEnforcement and DisciplineResponse and PreventionRisk Assessment1 - Policies and Procedures What will be your process? Interviews Leadership “Disruptors” “Diverse Thought Leaders” Surveys Internally conducted Consultant effort Initial Refreshing5
2 - Oversight Board of DirectorsAudit and Compliance CommitteeCommitteeRole of CEO and/or CAORisk Officer or a combination of people CO IAS Risk Management (Hospital)3 - Education Creating an ERM cultureFocusedSelectiveJust in time6
4 – Risk Identification andMitigation Reputational – StrategicFinancialOperationalRegulatory - Legal5 - Reporting Ranking risk processConnections from year to yearOld risks versus new risksLeadership Verification7
6 - Commitment CEO and CA0Board of DirectorsAudit and Compliance CommitteeTIME!7 – Response and Prevention ControlsEmerging RisksManagement AccountabilityGovernance Oversight8
ERM High Level Process OverviewIdentifyEvaluateReport e &CategorizeRiskRiskAssessments-Leadership RiskAssessments-Operating ObjectiveAssessmentsCERMMT ERMDashboardBOG- Heat Maps- Audit Risk &Control MatrixRiskFollow-UpAuditCommitteeNOW WHAT? Hundreds of potential risks identifiedEach person has their risk prioritiesThis process is qualitative at bestWhere do you go from here?9
RANKING RISKS Consequence Financial Reputational Legal/compliance Operational Likelihood Short Term 18 months Long Term 5 years Past experience Experience of others National TrendsDETERMINE RISK APPETITE Risk appetite is the amount of risk — on abroad level — an entity is willing to accept inpursuit of value. Use quantitative or qualitative terms (e.g.earnings at risk vs. reputation risk), andconsider risk tolerance (range of acceptablevariation).10
DETERMINE RISK APPETITEKey questions: What risks will the organization notaccept?(e.g. environmental or quality compromises) What risks will the organization take onnew initiatives?(e.g. new product lines) What risks will the organization acceptfor competing objectives?(e.g. gross profit vs. market share?)RISK EVALUATION1. Primary Ownership within onedepartment or work unit2. Inter-departmental ownership occurswhere risks cuts across multipledepartments3. Those dependent on strategicinitiatives or strategic plan11
IDENTIFY RISK RESPONSES Quantification of risk exposure Options available:- Accept monitor- Avoid eliminate (get out of situation)- Reduce institute controls- Share partner with someone(e.g. insurance) Residual risk (unmitigated risk – e.g. shrinkage)VALIDATING RISKS ANDRANKINGS Core Group Compliance Office Internal Audit Services Internal Control Activities Validate with CEO, CAO, CFO, CLO12
PREPARE REPORTS Management Leadership BoardsHiHeat MapsMONITORSTRATEGIC CHOICESLikelihoodURGENT i13
Risk Control and Audit MatrixOwnership / OversightRisk InformationRef #SpecificRiskRatingRisk and/orProcedureReviewCycleAudit Plan orCompliancePlanStrategic nce/LegalC-11C-12ConfidentialRisk Assessment: Prioritization and ResponsibilitiesPriorityRankingBusiness RiskSenior Management ResponsibleBODCommittee12345678910111219202714
Mayo Clinic ERM COSO ConsiderationsObjective SettingExternal Benchmarking with HealthCare Industry, Other Industry &External Experts.Internal EnvironmentLeadership (MT, BOG & ACC)Commitment to Risk Management.Information & Communication1. ERM Heat Maps2. ERM Risk, Control, & Audit MatrixMonitoringMonthly Management Team meetingsto include risk assessment for eachrisk.Event Identification / Risk Assessment / Risk Response / Control Activities1. Leadership Risk Assessments2. Operating Objective AssessmentsSource : COSO Enterprise Risk Management CubeERM Calendar OverviewQ4DECExternal BenchmarkingQ1JANFEBDistribute RiskIdentificationSurvey20 Leadership InterviewsWorkgroups &AssessmentsApproval / tributePrioritizationSurveySummarizeSurvey Results20 Leadership Interviews20 Leadership Interviews20 Leadership InterviewsIdentify KeyStrategicRisksStrategic PlanningRiskAssessments(Facilitated Dialogues)APRHealth Care Industry,Other Industry &External ExpertsSurveyInterviewsQ2MAREstablish StandardizedProcess & ReportingOngoing Reporting to Mayo Clinic Enterprise Risk ManagementMonthly Management Team Meetings: Leadership Risk Assessments and Operating Objective Assessments (Strategic Planning)Quarterly ERMReporting toACCQuarterly ERMReporting toACCQuarterly ERMReporting toACCQuarterly ERMReporting toACC15
RISK PROCESS IdentifyRankPrioritizeAssign/Recognize AccountabilityMitigationLIMITATIONS Decision making - responsesHuman failure – simple errorsCircumvention collusionAbility to override controls16
17
Enterprise Risk Management Enterprise risk management is a process, applied in strategy setting across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. COSO COSO's ERM Framework
Email to helpteam@hcca-info.org — Due to PCI compliance, do not provide credit card information via email. You may email this form (without credit card information), then call HCCA at 888.580.8373 with payment information. Invoice me Check enclosed (payable to HCCA) Wire transfer requested Cre
credentialed program. Hispanic Chamber of Commerce. Several people were hired on the spot. HCCA continues to work with the NVHCC to improve job fairs like this one and provide bilingual resources for construction crews in the future. High School Signing Day June 15 Lord Fairfax, Prince William County Schools, Fauquier County Schools, and HCCA
HCCA Research Compliance Conference June 5‐8, 2016 1 Presented To: Research Billing Compliance and Human Research Protections How to Create and Sustain a Happy Marriage June 5, 2016 Scott J. Lipkin, DPM Managing Director: FTI Consulting . HCCA Research Compliance Conference June 5‐8, 2016 6 11
management and Board Established risk officer or head of risk position (may not be solely focused on risk) Functioning cross-functional senior management risk committee Risk management viewed as a "partner" by the business units Resources dedicated to risk management at the enterprise level Existence of some risk policy
operational risk management as part of enterprise risk management. Keywords: Operational Risk, Enterprise Risk, Banking, Financial Services, Cyber Risk 1 Clinical Associate Professor, Managerial Economics and Decision Sciences. Kellogg School of Management Northwestern University, Evanston, IL USA. E-mail: russell-walker@kellogg.northwestern.edu
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
HCCA Research Compliance Conference June 5‐8, 2016 2 Awareness - or increased awareness of - the: relation between research operations and compliance program seven elements of an effective compliance program the basics of risk assessment Reflection on and practice in designing a research compliance program suited to your organization .
BCS Foundation Certificate in Artificial Intelligence V1.1 Oct 2020 Syllabus Learning Objectives 1. Ethical and Sustainable Human and Artificial Intelligence (20%) Candidates will be able to: 1.1. Recall the general definition of Human and Artificial Intelligence (AI). 1.1.1. Describe the concept of intelligent agents. 1.1.2. Describe a modern .
