Manajemen Risiko Klinik Pertemuan 5
Risk Management Process and Enterprise Risk Management (ERM)
Dr Arjaty Daud MARS Disampaikan pada Kuliah Program Magister Administrasi RS Univ Esa Unggul
Semsester 2 - 2016 Pembahasan Proses Manajemen risiko
Definisi Enterprise Risk Management
(ERM) Frame work ERM Elemen penting dalam ERM Domain risiko Area untuk di ases
Risk Management Process
1. Risk Identification and Analysis
2. Risk Treatment
- Risk Control
- Risk Financing
3. Evaluation of Risk Treatment Strategies
Structure Of The Risk Management Process
Identify/Analyze Exposure Treat the Exposure Through RM Techniques Risk Control Risk Financing Risk Risk Analysis
Identification + Loss Frequency: How likely is it that
- Identify the loss
a loss will happen? Risk Avoidance Transfer Retention
- Loss Severity:
How serious will the
Loss Prevention (frequency)
loss be?Non-Insurer Passive Active Insurer Hold Not Non-insurance
Loss Reduction (severity) A carrier harmless recognize & agreements d Self-insurance
Loss Segregation Contractual Transfer Property Net Income Liability Personnel (noninsurance)
The Five Steps In The Risk Management Process
1. Identify loss exposures
2. Examine potential risk management technique(s)
3. Select risk management technique(s)
4. Implement technique(s)
5. Monitor results
(Standard Australia / New Zealand / AS/NZS)
Why a centralized approach to risk management?
- globalization of fnancial and
business markets, / globalisasi keuangan & bisnis
- continued integration of the
insurance industry, / integrasi industri asuransi
- increased regulation,
/ meningkatnya regulasi
- greater focus on corporate
governance. / lebih fokus pada tata
Definisi Enterprise Risk Management (ERM) :
Suatu Proses yg dilakukan oleh BOD dan manajemen di semua level unit yang dirancang dalam suatu strategi Institusi untuk mengidentifikasi kejadian potensial yang dapat
mempengaruhi Institusi dan mengelola
risiko tersebut untuk pencapaian tujuan institusiERM menggunakan pendekatan fungsi silang untuk ases, evaluasi, dan mengukur semua risiko institusi, tidak hanya yang terkait dengan risiko yang bisa ditransfer seperti The traditional six-step risk management process : 1. risk identifcation, 2. risk analysis,
3. development of alternative techniques to treat risks,
4. selection of best risk-treatment techniques, 5. implementation of selected techniques, 6. monitoring and evaluation of efectiveness of the chosen risk management techniques and strategies.ERM expands the process to more fully integrate
risk management into the organization’ s structure. /
lebih mengintegrasikan manajemen risiko kedalam struktur organisasi This entails an interactive approach to risk identifcation, analysis,and treatment through anentrenchment of risk management principles into
corporate operations and strategic planning./ pendekatan interaktif untuk identifkasi risiko,analisa & kelola melalui prinsip manajemen riisko
The ERM Framework KATEGORI
KOMPONENi
Achievement of Objectives
Within the context of an entity’s established mission or vision, management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise. / Dalamkonteks menetapkan misi atau visi korporasi, manajemen menetapkan
tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan
dengan korporasi Framework ERM diarahkan untuk mencapai tujuan korporasi :1.Strategic – high-level goals, aligned with and supporting its mission / tujuan kedepan sesuai dengan misi Operations – effective and efficient use of its resources
- Reporting – reliability of reporting
- Compliance – compliance with applicable laws & regulations
- .
Components of Enterprise Risk Management Enterprise risk management consists of eight interrelated
components. These are derived from the way management runs an
enterprise and are integrated with the management process . / ERM
terdiri dari DELAPAN KOMPONEN saling terkait yang diperoleh dari cara manajemen mengelola korporasi dan integrasikan dengan proses manajemen DELAPAN KOMPONEN ERM :the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. / Lingkungan internal meliputi “Tone” organisasi, dan menetapkan dasar bagaimana risiko dipandang dan ditangani oleh orang2 dlm Institusi, termasuk filosofi manajemen risiko dan risk appetite, integritas dan nilai2 etika, dan lingkungan di mana mereka bekerja
2. Objective Setting – Objectives must exist before management
can identify potential events afecting their achievement.
Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’ s mission and are consistent with its risk appetite. / tujuan harus ada sebelum manajemen bisa identifkasi event yang mempengaruhi pencapaian mereka. ERM memastikan bahwa manajemen berjalan utnuk menentukan tujuan sejalan dengan misi3. Event Identification – Internal and external events afecting
achievement of an entity’ s objectives must be identifed,
distinguishing between risks and opportunities.Opportunities are channeled back to management’ s
strategy or objective-setting processes. / event internal &
eksternal mempengaruhi pencapaian tujuan korporasiharus diidentifkasi, bedakan antara risiko dan peluang.
Peluang merupakan alat untuk kembali ke strategi atau
proses untuk menentukan tujuan4. Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they
should be managed. Risks are assessed on an inherent
and a residual basis./ Risiko dianalisa, dihitung peluang
dan dampak, sebagai dasar menentukan mengelola risiko5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite./ manajemen memilih
respon – tolak, terima, reduksi, atau transfer- buat aksi
untuk menangani riisko sesuai toleransi & risk appetite
6. Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out./ kebijakan & prosedur ditetapkan & diimplementasi utnuk memastikan
7. Information and Communication
- – Relevant information is
identifed, captured, and communicated in a form and
timeframe that enable people to carry out their responsibilities. Efective communication also occurs in abroader sense, fowing down, across, and up the entity./
informasi yang relevan diidentifkasi, dikomunikasikan
dalam bentuk & jnagkawaktu yang membuat individumelaksanakan tanggungjawabnya. Komunikasi efektif
juga terjadi sangat luas diseluruh korporasi
8. Monitoring – The entirety of enterprise risk management is
monitored and modifcations made as necessary.Monitoring is accomplished through ongoing
management activities, separate evaluations, or both./
ERM dimonitor & dimodifkasi jika diperlukan.
Monitoring dicapai melalui aktiiftas manajemen yang
berjalan, evaluasi yang terpsah, atau keduanyaERM considers activities at all levels of the organization:
THREE LEVEL :
1. Enterprise-level
2. Division
3. Subsidiary
4. Business unit processes
KEY ELEMENTS OF ERM
Risk Strategy •What is your organization’s ERM strategy?
- How is the ERM strategy communicated and executed throughout the company? Risk Ownership •How does each division / unit team contribute to meeting
the goals of the ERM strategy?
- How are teams/individuals held accountable for success? Risk Identification • What is your organization’s definition of risk?
- What are your organization’s
Risk Ranking •What are the estimated probability,
time to impact and severi dimensions for the top five risks?- What are the financial consequences to you company?
- Which risks are material?
- How should the identified risks be prioritized? Risk Treatment •How are these risk currently managed?
- Is the approach effective? Risk Solutions •What risk management processes are appropriate based upon the findings of the above elements?
- What action plans should be in place?
Areas to Assess
Risiko tidak terjadi secara terisolasi (silos) namun diidentiifkasi secara kelompok dan dikategorikan dlm Domain Risiko :
1. Operational
2. Financial
3. Human Capital
4. Strategic
5. Legal/Regulatory
6. Technology
DOMAIN RISIKO :
1.Risiko operasional. timbul dari praktik bisnis
utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan kesehatan.2.Risiko keuangan. berhubungan dengan
kemampuan organisasi untuk meningkatkan dan
mempertahankan akses ke modal, masalah kontrak, biaya risiko, dan evaluasi dukunganpemasok. Domain ini termasuk risiko memenuhi
syarat untuk risiko pembiayaan, seperti asuransi.3. Risiko modal manusia. kemampuan organisasi untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi
pekerja, pekerjaan dan lingkungan bahaya,
omset, absensi, kekerasan di tempat kerja,
pelecehan, dan diskriminasi masuk dalam domain ini4. Risiko strategis. Risiko yang berdampak pada pertumbuhan organisasi. Risiko strategis
termasuk merger, akuisisi, usaha patungan,
dan kewajiban iklan. Selain itu, domain risikostrategis meliputi risiko reputasi yang terkait
dengan hubungan masyarakat dan ekspektasi
yang terkait dengan aturan yang diamanatkan,
peraturan, UU dan standar. Dalam pelayanan kesehatan, peraturan dan standar2 ini banyak dan rumit. Contoh akreditasi dan privasi dan peraturan keamanan.6. Risiko teknologi. berhubungan dengan teknologi baru. Ini adalah domain resiko yang tumbuh dalam pelayanan kesehatan dan termasuk perangkat biomedis, telemedicine, obat elektronik, sistem informasi manajemen risiko dan teknologi informasi lainnya, dan peralatan usang
Areas to Assess
1. Operational risks
2. Financial
3. Human capital
4. Strategic
5. Legal/regulatory
6. Technology
Enterprise Risk Management
Operational
Operational
Strategic Strategic
Human Capital Human Capital
Financial Financial
Legal/ Regulatory Legal/ Regulatory
Technology Technology
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology
Areas To Assess: Operational
Quality initiatives
Risk management
Adverse event management
Board governance
Areas To Assess: A Board’s Legal Risks
Select competent
JCAHO compliance
Regulatory and
environment
Provide safe
bidding
Require competitive
administrator
Duty to
supervise/manage
Provide satisfactory
insurance
Provide adequate
facilities and equipment
Conflict of interests Provide adequate
physicians
Select competent
patient care
Areas To Assess:
Operational
Credentialing and staffing
- – Initial appointment
- – Reappointment – Affiliated staff
Areas To Assess: Operational
● Clinical
- – Patient communication
- – Patient care records
- – Confidentiality – Informed decision making
- – Telephone protocols
- – Tracking diagnostic information
- – Primary care screening and monitoring
- – Supervision
Areas To Assess: Operational
● Clinical
- – Patient satisfaction/complaints
- – Referrals and consultations
- – Coverage issues
- – Infection control
- – Medication safety
- – Emergency response
- – Patient and staff education
Areas To Assess: Operational
General Liability Assessment Topics
- – Safety program
- – Security program
- – Facility management Parking (lighting, location, security)
- – Visitor control procedures
- – Valuables
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment
Financial Technology
Areas To Assess: Financial
Risk Financing Treatments
- – Insurance – Self-insurance
Ability to raise capital Reimbursement Billing and collection
Areas To Assess:
Financial
Contract Administration
- – Scope of service and method of payment /
ruanglingkup layanan dan metode pembayaran
- – Professional services provided / layanan profesional
- – Quality expectations / ekspektasi mutu
- – Contractual terms
- – Termination provisions
- – Risk-sharing agreements
- – Apparent agency liability
- – Hold harmless and indemnity agreements
- – Remedies for breach
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology
Areas To Assess: Human Capital
Employment Practices/ Human
Resources Topics
- – Workers’ compensation
- – Harassment – Negligent firing
- – Discrimination – Testing – Background checks
- – Grievance procedures
- – Confidentiality
Areas To Assess: Human Capital
Employment Practices/Human Resources Topics
- – Education orientation
continuing education CPR
- – Employee health
exposures
- – Employee assistance programs (EAPs)
- – Benefits – Staff rights and staff competency
Areas To Assess: Human Capital
Environmental issues related to
employees
- – Safety – Security – Occupational hazards
- – Environmental hazards
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology
Areas To Assess: Strategic
Strategic plan and mission
- – Immediate goals vs. long range goals Business ventures
- – Mergers – Acquisitions and divestitures
- – Joint ventures Competition’s status Advertising liability Reputational risks
- – Patient and community relations
- – Media relations
Areas To Assess:
Strategic
New Projects and Services Topics
- – “Fit” with existing organization structure
- – Identification of insurance needs
- – Staff requirements
- – Contract needs
- – Competitive impacts
- – Process development
Policies/procedures
- – Implementation schedules
Areas To Assess: Strategic
Construction/Renovation
- –Licenses/permits
- –Contracts
- –Disruption of services
- –Hazards
Air quality Interim and design safety
- –Communication issues
- –Approvals
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology
Areas To Assess: Legal and Regulatory
Statutes, standards and regulations
- – Federal, state and local impacts Licensure Accreditation
Areas To Assess: Legal and Regulatory
Corporate Compliance Program/Interface
- – Identification of related compliance factors
/ identifikasi faktor terkait kepatuhan
- – Compliance assessment results / hasil
asesmen kepatuhan
- – Program components - education,
reporting, data maintenance, review, monitoring
- – Relationships
Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology
Areas To Assess: Technology
Information systems Telemedicine Equipment New technologies Inventory control
Areas To Assess
Setting priorities for program development /
buat prioritas untuk pengembangan program
- – Utilize information from external and
internal assessment sources / gunakan informasi dari sumber ekstrenal & internal
- – Goals should be:
Flexible Short and long term
- – Priorities should be:
Politically correct Financially correct Ethically correct