Risk Management Process and Enterprise Risk Management (ERM)

  Dr Arjaty Daud MARS Disampaikan pada Kuliah Program Magister Administrasi RS Univ Esa Unggul

  Semsester 2 - 2016 Pembahasan  Proses Manajemen risiko

 Definisi Enterprise Risk Management

  (ERM)  Frame work ERM  Elemen penting dalam ERM  Domain risiko  Area untuk di ases

Risk Management Process

  1. Risk Identification and Analysis

  2. Risk Treatment

• Risk Control
• Risk Financing

  3. Evaluation of Risk Treatment Strategies

Structure Of The Risk Management Process

  Identify/Analyze Exposure Treat the Exposure Through RM Techniques Risk Control Risk Financing Risk Risk Analysis

  Identification + Loss Frequency: How likely is it that

• Identify the loss

  a loss will happen? Risk Avoidance Transfer Retention

• Loss Severity:

  How serious will the

Loss Prevention (frequency)

loss be?

  Non-Insurer Passive Active Insurer Hold Not Non-insurance

  Loss Reduction (severity) A carrier harmless recognize & agreements d Self-insurance

  Loss Segregation Contractual Transfer Property Net Income Liability Personnel (noninsurance)

The Five Steps In The Risk Management Process

  1. Identify loss exposures

  2. Examine potential risk management technique(s)

  3. Select risk management technique(s)

  4. Implement technique(s)

  5. Monitor results

  (Standard Australia / New Zealand / AS/NZS)

  Why a centralized approach to risk management?

• globalization of fnancial and

  business markets, / globalisasi keuangan & bisnis

• continued integration of the

  insurance industry, / integrasi industri asuransi

• increased regulation,

  / meningkatnya regulasi

• greater focus on corporate

  governance. / lebih fokus pada tata

Definisi Enterprise Risk Management (ERM) :

  Suatu Proses yg dilakukan oleh BOD dan manajemen di semua level unit yang dirancang dalam suatu strategi Institusi untuk mengidentifikasi kejadian potensial yang dapat

mempengaruhi Institusi dan mengelola

risiko tersebut untuk pencapaian tujuan institusi

  ERM menggunakan pendekatan fungsi silang untuk ases, evaluasi, dan mengukur semua risiko institusi, tidak hanya yang terkait dengan risiko yang bisa ditransfer seperti The traditional six-step risk management process : 1. risk identifcation, 2. risk analysis,

3. development of alternative techniques to treat risks,

4. selection of best risk-treatment techniques, 5. implementation of selected techniques, 6. monitoring and evaluation of efectiveness of the chosen risk management techniques and strategies.

  ERM expands the process to more fully integrate

risk management into the organization’ s structure. /

lebih mengintegrasikan manajemen risiko kedalam struktur organisasi This entails an interactive approach to risk identifcation, analysis,and treatment through an

entrenchment of risk management principles into

corporate operations and strategic planning./ pendekatan interaktif untuk identifkasi risiko,

analisa & kelola melalui prinsip manajemen riisko

  The ERM Framework KATEGORI

  KOMPONENi

  

Achievement of Objectives

Within the context of an entity’s established mission or vision, management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise. / Dalam

konteks menetapkan misi atau visi korporasi, manajemen menetapkan

tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan

dengan korporasi Framework ERM diarahkan untuk mencapai tujuan korporasi :

  1.Strategic – high-level goals, aligned with and supporting its mission / tujuan kedepan sesuai dengan misi Operations – effective and efficient use of its resources

• Reporting – reliability of reporting
• Compliance – compliance with applicable laws & regulations
• .

  Components of Enterprise Risk Management Enterprise risk management consists of eight interrelated

components. These are derived from the way management runs an

enterprise and are integrated with the management process . / ERM

terdiri dari DELAPAN KOMPONEN saling terkait yang diperoleh dari cara manajemen mengelola korporasi dan integrasikan dengan proses manajemen DELAPAN KOMPONEN ERM :

  the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. / Lingkungan internal meliputi “Tone” organisasi, dan menetapkan dasar bagaimana risiko dipandang dan ditangani oleh orang2 dlm Institusi, termasuk filosofi manajemen risiko dan risk appetite, integritas dan nilai2 etika, dan lingkungan di mana mereka bekerja

  2. Objective Setting – Objectives must exist before management

can identify potential events afecting their achievement.

Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’ s mission and are consistent with its risk appetite. / tujuan harus ada sebelum manajemen bisa identifkasi event yang mempengaruhi pencapaian mereka. ERM memastikan bahwa manajemen berjalan utnuk menentukan tujuan sejalan dengan misi

  3. Event Identification – Internal and external events afecting

achievement of an entity’ s objectives must be identifed,

distinguishing between risks and opportunities.

  Opportunities are channeled back to management’ s

strategy or objective-setting processes. / event internal &

eksternal mempengaruhi pencapaian tujuan korporasi

harus diidentifkasi, bedakan antara risiko dan peluang.

  

Peluang merupakan alat untuk kembali ke strategi atau

proses untuk menentukan tujuan

  4. Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they

should be managed. Risks are assessed on an inherent

and a residual basis./ Risiko dianalisa, dihitung peluang

dan dampak, sebagai dasar menentukan mengelola risiko

  5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite./ manajemen memilih

respon – tolak, terima, reduksi, atau transfer- buat aksi

untuk menangani riisko sesuai toleransi & risk appetite

  6. Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out./ kebijakan & prosedur ditetapkan & diimplementasi utnuk memastikan

  7. Information and Communication

• – Relevant information is

  

identifed, captured, and communicated in a form and

timeframe that enable people to carry out their responsibilities. Efective communication also occurs in a

broader sense, fowing down, across, and up the entity./

informasi yang relevan diidentifkasi, dikomunikasikan

dalam bentuk & jnagkawaktu yang membuat individu

melaksanakan tanggungjawabnya. Komunikasi efektif

juga terjadi sangat luas diseluruh korporasi

  

8. Monitoring – The entirety of enterprise risk management is

monitored and modifcations made as necessary.

  Monitoring is accomplished through ongoing

management activities, separate evaluations, or both./

ERM dimonitor & dimodifkasi jika diperlukan.

  

Monitoring dicapai melalui aktiiftas manajemen yang

berjalan, evaluasi yang terpsah, atau keduanya

  ERM considers activities at all levels of the organization:

THREE LEVEL :

  1. Enterprise-level

  2. Division

  3. Subsidiary

  4. Business unit processes

KEY ELEMENTS OF ERM

  Risk Strategy •What is your organization’s ERM strategy?

• How is the ERM strategy communicated and executed throughout the company? Risk Ownership •How does each division / unit team contribute to meeting

  the goals of the ERM strategy?

• How are teams/individuals held accountable for success? Risk Identification • What is your organization’s definition of risk?
• What are your organization’s

  

Risk Ranking •What are the estimated probability,

time to impact and severi dimensions for the top five risks?

• What are the financial consequences to you company?
• Which risks are material?
• How should the identified risks be prioritized?   Risk Treatment •How are these risk currently managed?
• Is the approach effective? Risk Solutions •What risk management processes are appropriate based upon the findings of the above elements?
• What action plans should be in place?

Areas to Assess

  Risiko tidak terjadi secara terisolasi (silos) namun diidentiifkasi secara kelompok dan dikategorikan dlm Domain Risiko :

  1. Operational

  2. Financial

  3. Human Capital

  4. Strategic

  5. Legal/Regulatory

  6. Technology

  DOMAIN RISIKO :

  

1.Risiko operasional. timbul dari praktik bisnis

utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan kesehatan.

  2.Risiko keuangan. berhubungan dengan

kemampuan organisasi untuk meningkatkan dan

mempertahankan akses ke modal, masalah kontrak, biaya risiko, dan evaluasi dukungan

pemasok. Domain ini termasuk risiko memenuhi

syarat untuk risiko pembiayaan, seperti asuransi.

  3. Risiko modal manusia. kemampuan organisasi untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi

pekerja, pekerjaan dan lingkungan bahaya,

omset, absensi, kekerasan di tempat kerja,

pelecehan, dan diskriminasi masuk dalam domain ini

  4. Risiko strategis. Risiko yang berdampak pada pertumbuhan organisasi. Risiko strategis

termasuk merger, akuisisi, usaha patungan,

dan kewajiban iklan. Selain itu, domain risiko

strategis meliputi risiko reputasi yang terkait

dengan hubungan masyarakat dan ekspektasi

  

yang terkait dengan aturan yang diamanatkan,

peraturan, UU dan standar. Dalam pelayanan kesehatan, peraturan dan standar2 ini banyak dan rumit. Contoh akreditasi dan privasi dan peraturan keamanan.

  6. Risiko teknologi. berhubungan dengan teknologi baru. Ini adalah domain resiko yang tumbuh dalam pelayanan kesehatan dan termasuk perangkat biomedis, telemedicine, obat elektronik, sistem informasi manajemen risiko dan teknologi informasi lainnya, dan peralatan usang

Areas to Assess

  1. Operational risks

  2. Financial

  3. Human capital

  4. Strategic

  5. Legal/regulatory

  6. Technology

Enterprise Risk Management

  Operational

Operational

  Strategic Strategic

  Human Capital Human Capital

  Financial Financial

  Legal/ Regulatory Legal/ Regulatory

  Technology Technology

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology

Areas To Assess: Operational

   Quality initiatives

   Risk management

   Adverse event management

   Board governance

Areas To Assess: A Board’s Legal Risks

   Select competent

  JCAHO compliance

   Regulatory and

  environment

   Provide safe

  bidding

   Require competitive

  administrator

   Duty to

  supervise/manage

   Provide satisfactory

  insurance

   Provide adequate

  facilities and equipment

   Conflict of interests  Provide adequate

  physicians

   Select competent

  patient care

  

Areas To Assess:

Operational

   Credentialing and staffing

• – Initial appointment
• – Reappointment – Affiliated staff

Areas To Assess: Operational

  ● Clinical

• – Patient communication
• – Patient care records
• – Confidentiality – Informed decision making
• – Telephone protocols
• – Tracking diagnostic information
• – Primary care screening and monitoring
• – Supervision

Areas To Assess: Operational

  ● Clinical

• – Patient satisfaction/complaints
• – Referrals and consultations
• – Coverage issues
• – Infection control
• – Medication safety
• – Emergency response
• – Patient and staff education

Areas To Assess: Operational

   General Liability Assessment Topics

• – Safety program
• – Security program
• – Facility management  Parking (lighting, location, security)
• – Visitor control procedures
• – Valuables

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment

  Financial Technology

Areas To Assess: Financial

   Risk Financing Treatments

• – Insurance – Self-insurance

   Ability to raise capital  Reimbursement  Billing and collection

  Areas To Assess:

Financial

   Contract Administration

• – Scope of service and method of payment /

  

ruanglingkup layanan dan metode pembayaran

• – Professional services provided / layanan profesional
• – Quality expectations / ekspektasi mutu
• – Contractual terms
• – Termination provisions
• – Risk-sharing agreements
• – Apparent agency liability
• – Hold harmless and indemnity agreements
• – Remedies for breach

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology

Areas To Assess: Human Capital

   Employment Practices/ Human

  Resources Topics

• – Workers’ compensation
• – Harassment – Negligent firing
• – Discrimination – Testing – Background checks
• – Grievance procedures
• – Confidentiality

Areas To Assess: Human Capital

   Employment Practices/Human Resources Topics

• – Education  orientation

   continuing education  CPR

• – Employee health

   exposures

• – Employee assistance programs (EAPs)
• – Benefits – Staff rights and staff competency

Areas To Assess: Human Capital

   Environmental issues related to

  employees

• – Safety – Security – Occupational hazards
• – Environmental hazards

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology

Areas To Assess: Strategic

   Strategic plan and mission

• – Immediate goals vs. long range goals  Business ventures
• – Mergers – Acquisitions and divestitures
• – Joint ventures  Competition’s status  Advertising liability  Reputational risks
• – Patient and community relations
• – Media relations

  Areas To Assess:

Strategic

   New Projects and Services Topics

• – “Fit” with existing organization structure
• – Identification of insurance needs
• – Staff requirements
• – Contract needs
• – Competitive impacts
• – Process development

   Policies/procedures

• – Implementation schedules

Areas To Assess: Strategic

   Construction/Renovation

• –Licenses/permits
• –Contracts
• –Disruption of services
• –Hazards

   Air quality  Interim and design safety

• –Communication issues
• –Approvals

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology

Areas To Assess: Legal and Regulatory

   Statutes, standards and regulations

• – Federal, state and local impacts  Licensure  Accreditation

Areas To Assess: Legal and Regulatory

   Corporate Compliance Program/Interface

• – Identification of related compliance factors

  / identifikasi faktor terkait kepatuhan

• – Compliance assessment results / hasil

  asesmen kepatuhan

• – Program components - education,

  reporting, data maintenance, review, monitoring

• – Relationships

  Assessment Model PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment Financial Technology

Areas To Assess: Technology

   Information systems  Telemedicine  Equipment  New technologies  Inventory control

  

Areas To Assess

   Setting priorities for program development /

  buat prioritas untuk pengembangan program

• – Utilize information from external and

  internal assessment sources / gunakan informasi dari sumber ekstrenal & internal

• – Goals should be:

   Flexible  Short and long term

• – Priorities should be:

   Politically correct  Financially correct  Ethically correct