• No results found

Enterprise Risk Management

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Enterprise Risk Management"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Enterprise Risk Management

(2)

Enterprise Risk Management

Enterprise risk management is a process, applied in strategy setting across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance

regarding the achievement of entity objectives. COSO

COSO’s ERM Framework

Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as:

Federal Circuit Courts Supreme Court

Who Regulates Health Care Who Regulates Health Care

Health Care Carriers Intermediaries

Congress DepartmentalAppeals

DME Regional Contractors Regional Offices PROs OIG Medicare Integrity Program Contractors PRRB Centers for Medicare and Medicaid Services

Regional Home Health Intermediaries

DEA

State

Survey & Certification Courts Attorneys General Medicaid Health Boards Medical Boards Local Governments Licensure DOI OSHA DOT FDA

(3)

The Connection

Compliance and ERM

Compliance Risk Activities

OIG Work Plan

Advisories and Opinions

What issues are health care entities being sued for or settling out of court

ERM

Regulatory/Legal

Finance

Operational

Reputational

Risk Activities

Internal Audit Services

Internal Control Evaluations

Legal

External Auditors

Compliance

Lacks coordination

(4)

Managing Risk

Usually not Integrated

Finance

External Auditors Annual Audit, Quarterly

Reviews

Internal Audit Services

Compliance

Environmental Information Technology

Security Legal Department

Patient Care

Medical School Research Services

Board of Directors

Human Resources

Risk assessment is the identification

and analysis of risks to the

achievement of business objectives.

It forms a basis for determining how

risks should be managed.

(5)

The Seven Elements

1.

Code of Conduct – Policies and

Procedures

2.

CO and Compliance Committee

3.

Education

4.

Monitoring and Auditing

5.

Reporting and Investigation

6.

Enforcement and Discipline

7.

Response and Prevention

8.

8.

Risk AssessmentRisk Assessment

1 - Policies and Procedures

What will be your process?

Interviews

Leadership

“Disruptors”

“Diverse Thought Leaders”

Surveys

Internally conducted

Consultant effort

Initial

(6)

2 - Oversight

Board of Directors

Audit and Compliance Committee

Committee

Role of CEO and/or CAO

Risk Officer or a combination of people

CO

IAS

Risk Management (Hospital)

3 - Education

Creating an ERM culture

Focused

Selective

(7)

4 – Risk Identification and

Mitigation

Reputational – Strategic

Financial

Operational

Regulatory - Legal

5 - Reporting

Ranking risk process

Connections from year to year

Old risks versus new risks

(8)

6 - Commitment

CEO and CA0

Board of Directors

Audit and Compliance Committee

TIME!

7 – Response and Prevention

Controls

Emerging Risks

Management Accountability

(9)

Interviews Prioritize & Categorize Risk Risk Assessments

-Leadership Risk Assessments -Operating Objective

Assessments Survey Strategic Planning Risk Follow-Up CERM MT ERM Dashboard

- Heat Maps - Audit Risk &

Control Matrix

ERM High Level Process Overview

Workgroups & Assessments Report & Monitor Evaluate Identify External Benchmarking Approval BOG Audit Committee

NOW WHAT?

Hundreds of potential risks identified

Each person has their risk priorities

This process is qualitative at best

(10)

RANKING RISKS

Consequence

Financial

Reputational

Legal/compliance

Operational

Likelihood

Past experience

Experience of others

National Trends

Short Term < 18 months

Long Term > 5 years

DETERMINE RISK APPETITE

Risk appetite is the amount of risk — on a

broad level — an entity is willing to accept in pursuit of value.

Use quantitative or qualitative terms (e.g.

earnings at risk vs. reputation risk), and consider risk tolerance (range of acceptable

(11)

Key questions:

What risks will the organization not

accept?

(e.g. environmental or quality compromises)

What risks will the organization take on

new initiatives?

(e.g. new product lines)

What risks will the organization accept

for competing objectives?

(e.g. gross profit vs. market share?)

DETERMINE RISK APPETITE

RISK EVALUATION

1.

Primary Ownership within one

department or work unit

2.

Inter-departmental ownership occurs

where risks cuts across multiple departments

3.

Those dependent on strategic

(12)

Quantification of risk exposureOptions available:

- Accept = monitor

- Avoid = eliminate (get out of situation) - Reduce = institute controls

- Share = partner with someone

(e.g. insurance)

Residual risk (unmitigated risk – e.g. shrinkage)

IDENTIFY RISK RESPONSES

VALIDATING RISKS AND

RANKINGS

Core Group

Compliance Office

Internal Audit Services

Internal Control Activities

(13)

PREPARE REPORTS

Management

Leadership

Boards

MONITOR STRATEGIC CHOICES URGENT ACTIONS

ACCEPT

EVALUATE ALTERNATIVES

L

ike

li

hood

L

o

H

i

(14)

Risk Control and Audit Matrix

Risk Information Ownership / Oversight Coverage

Ref # Specific Risk Rating Risk Owner Operational Governance/Committee Policy and/or Procedure

Review Cycle

Audit Plan or Compliance Plan Strategic Risks S-1 S-2 Financial F-5 F-6 Operational O-8 O-9 Compliance/Legal C-11 C-12

Risk Assessment: Prioritization and Responsibilities

Confidential 1 2 3 4 5 6 7 8 9 Priority

Ranking Business Risk Senior Management Responsible BOD Committee

(15)

Internal Environment Leadership (MT, BOG & ACC) Commitment to Risk Management.

Objective Setting External Benchmarking with Health Care Industry, Other Industry & External Experts.

Information & Communication 1. ERM Heat Maps

2. ERM Risk, Control, & Audit Matrix

Monitoring Monthly Management Team meetings to include risk assessment for each risk.

Mayo Clinic ERM COSO Considerations

Source : COSO Enterprise Risk Management Cube

Event Identification / Risk Assessment / Risk Response / Control Activities 1. Leadership Risk Assessments

2. Operating Objective Assessments

Q1 Q2 Q3 Q4

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Interviews Survey

Risk Assessments

(Facilitated Dialogues)

20 Leadership Interviews ERM Calendar Overview

Distribute Risk Identification Survey

Strategic Planning Identify Key Strategic Risks

20 Leadership Interviews 20 Leadership Interviews Distribute

Prioritization Survey

Q4

DEC

Monthly Management Team Meetings: Leadership Risk Assessments and Operating Objective Assessments (Strategic Planning) 20 Leadership Interviews Summarize

Survey Results

External Benchmarking

Health Care Industry, Other Industry & External Experts

Workgroups &

Assessments Ongoing Reporting to Mayo Clinic Enterprise Risk Management

Approval / Board Communications

Quarterly ERM Reporting to

ACC

Establish Standardized Process & Reporting

Quarterly ERM Reporting to ACC Quarterly ERM Reporting to ACC Quarterly ERM Reporting to ACC

(16)

RISK PROCESS

Identify

Rank

Prioritize

Assign/Recognize Accountability

Mitigation

LIMITATIONS

Decision making - responses

Human failure – simple errors

Circumvention collusion

(17)

References

Download now ( PDF - 17 Page - 1.41 MB )

Related documents

iFIX51_Pulse10 hotfix

* Workspace crashes when opening a picture multiple times which contains Data Links consisting of Tag Group Symbols and mathematical expression and the Tag Group Symbols are mapped

Hydration and fluid balance: Studies on body composition, drink formulation and ageing

The maintenance of fluid balance is an important concern for regular exercisers, athletes, older adults and clinicians. Whilst the balance between fluid intake and fluid loss, and

Changes in home-ownership patterns : Focus on Māori and Pacific people

While the proportion of all people living in a dwelling they own fell 15.3 percent by 2013, the decline was much greater for Pacific people (down 34.8 percent) and Māori (down

DPWH MATERIALS ENGINEERING EXAM REVIEWER FOR ITEM 300 WITH NOTES FROM A MATERIALS ENGINEER ll

The accepted quantity, measured as prescribed in Section 311.4, shall be paid for at the contract unit price for Portland Cement Concrete Pavement, which price and payment shall

Frameworx 11 Certification Report

Figure 2.1 illustrates the Information Framework Level 3 ABEs that were presented in scope for the Assessment, and the textual callouts represent the domain areas of the

Tanabata's Wife

In his foreword to Hamada’s collected works, Arcellana calls “Tanabata’s Wife” “the finest love story ever written by a Filipino.” Now this is the highest praise

Kotler Mm15e Inppt 09

 –  – Initiator  Initiator   –  – Influencer  Influencer   –  – Decider  Decider   –  – Buyer  Buyer   –  – User  User .. USER

Optimizing electrocoagulation process for treatment of biodiesel wastewater using response surface method

Box-Behnken design was used to create 15 different sets of experimental trails for various values of initial pH, applied voltage and reaction time using MINITAB