Risk Management Process and Enterprise Risk Management (ERM)

  Dr Arjaty Daud MARS Disampaikan pada Kuliah Program Magister Administrasi RS Univ Esa Unggul

  

Tujuan

  

1. Mahasiswa dapat menyebutkan tujuan

mata ajar risk management process and enterprise risk management

  

2. Mahasiswa dapat menguraikan topik- topik

dan jadwal mata ajar risk management process and enterprise risk management

  

3. Mahasiswa dapat menggambarkan sistem

evaluasi pembelajaran dan buku wajib

  

4. Mahasiswa mampu memahami kompetensi

yang diharapkan dari mata ajar

  

The Five Steps In The Risk Management Process

(ARM)

  Identify loss exposures 1.

  2.Examine potential risk management technique(s)

  3.Select risk management technique(s)

  4.Implement technique(s)

  5.Monitor results

  The Risk Management Process Identify/

  Treat the Exposure Analyze Through RM Exposure Techniques

  Risk Risk Risk Risk Contro Financin Analysis Identific l g

  Loss + ation

  Frequenc Risk Tran Rete

• Avoidan sfer ntion y: Identify

  ce Howlikely the loss

  Loss is it that a

  Prevention Active Non- Ins Pass

  (frequency) loss will

  Loss urer Non- Insure ive happen? insuran

  Reduction A Hold Not r ce

• Loss

  carri (severity) reco harmle

  Lo Segre &

  Severity: er ss gnize ss gation

  Self- Howseriou agree

  Contractua insuran s will the ments l Transfer Prop Net Liab Pers (nonins ce loss be? erty Incom ility onnel urance)

  Risk Management Process

  1. Risk Identification

• – Mengkategorikan dan mencatat sumber2 kemungkinan kerugian

  1. Risk Analysis

• Menetapkan Frequency of Occurrence / Loss • Menetapkan Probable Severity / Effect Potential Loss

  on Organization (Financial & Operational)

  Risk Treatment

  

3.Risk control

techniques :

  3. Risk Avoidance

  4. Loss Prevention

  5. Loss Reduction

  6. Segregation of Exposure Units

  7. Non-Insurance Transfer

  4.Risk financing

  Risk Management Process

• •Risk Transfer

  •Risk retention

RISK CONTROL

1. Risk Avoidance

• •Menghindari / tidak terlibat dalam Kegiatan risiko

  terkait
• Satu-satunya teknik Risik kontrol yang sepenuhnya menghilangkan kemungkinan Loss dengan tidak terlibat dalam risiko

2. Loss Prevention

   Reduksi / Eliminasi kemungkinan Loss  Contoh :  Surgical Instrument Counts  Infection Control Procedures  Safety Programs  Credentialing  Effective Screening  Monitoring of Care

3. Loss Reduction

• Reduksi potensial dampak Loss / Reduksi

  potensial Severity Loss

• Examples – Team to Respond to Cardiac or Respiratory Distressed Patients / Code Blue)
• – Sprinkler System – Crisis Management Team

4. Segregation of Exposure Units

• Pemisahan (Separation):
• – Membagi Aset / kegiatan menjadi dua atau lebih di lokasi yang terpisah (Mengurangi Risiko Rugi dalam satu kejadian)
>

• Contractual Transfer (Non-Insurance)

• Membuat Kontrak dan Pergeseran

  Tanggung Jawab Hukum kerugian dari satu pihak

  ke pihak lain

  Saat ini perkembangan RM menjadi lebih sentralisasi (ERM) karena :

• •Globalisasi keuangan & bisnis

• Integrasi industri asuransi
• Meningkatnya regulasi
• Lebih fokus pada tata kelola

  korporasi

• Clinical governance &

  keselamatan pasien

  The traditional six-step RM process :

  1. Identifkasi risiko

  2.Analisa risiko

  

3.Mengembangkan teknik pengelolaan risiko

(treat risks)

  4.Memilih teknik kelola risiko yang terbaik (selection of best risk-treatment techniques),

  5.Implementasi teknik yang dipilih

  6.Monev efektivitas manajemen risiko Enterprise Risk Management : 2.lebih mengintegrasikan manajemen risiko kedalam struktur organisasi 3.pendekatan interaktif untuk identifkasi

  Definisi Enterprise Risk Management (ERM):

• Suatu Proses yg dilakukan oleh BOD dan manajemen di semua level unit yang dirancang dalam suatu strategi Institusi untuk mengidentifikasi kejadian potensial yang dapat mempengaruhi Institusi dan mengelola risiko tersebut untuk pencapaian tujuan institusi

• ERM menggunakan pendekatan fungsi silang untuk

  ases, evaluasi, dan mengukur semua risiko institusi,

  tidak hanya yang terkait dengan risiko yang bisa ditransfer seperti keuangan & risiko hazard

  4 LEVEL The ERM Framework

  4 KATEGORI

  8 KOMPONENi

  Tujuan

• Dalam konteks menetapkan misi atau visi korporasi, manajemen menetapkan tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan dengan korporasi
• Framework ERM diarahkan untuk mencapai tujuan korporasi.

  EMPAT KATEGORI : sesuai dengan misi

• Strategic – tujuan
• Operations – effective and efficient use of its resources
• Reporting – reliability of reporting
• Compliance – compliance with applicable laws &regulations .

  Delapan Komponen ERM

ERM terdiri dari DELAPAN KOMPONEN saling terkait yang

diperoleh dari cara manajemen mengelola korporasi dan integrasikannya dalam proses manajemen

• Internal Environment Lingkungan internal meliputi “Tone” organisasi, dan menetapkan bagaimana risiko diidentifikasi dan ditangani Manajemen termasuk filosofi manajemen risiko, integritas dan nilai2 etika, dan lingkungan di mana mereka bekerja
• Objective Setting

  Tujuan harus dibuat sebelum manajemen mengidentifkasi potensial event. ERM memastikan bahwa organisasi dijalankan

3. Event Identification

  

Kejadian internal & eksternal yg mempengaruhi

pencapaian tujuan korporasi harus diidentifikasi, bedakan antara risiko dan

peluang. Peluang (lihat kembali Renstra

dalam menentukan tujuan)

4.Risk Assessment

  Risiko dianalisa, dihitung peluang dan dampak, sebagai dasar mengelola risiko

• Risk Response Manajemen memilih respon terhadap risiko :

  a. tolak,

  b. terima,

  c. reduksi,

6. Control Activities

  Kebijakan & prosedur ditetapkan & diimplementasi untuk memastikan respon riisko dilaksanakan dengan efektif

• Information and Communication

  Informasi yang relevan diidentifkasi,

dikomunikasikan dalam bentuk & jnagkawaktu

yang membuat individu melaksanakan tanggungjawabnya. Komunikasi efektif juga terjadi sangat luas diseluruh korporasi (kebawah, kesamping dan keatas)

• Monitoring

  ERM dilakukan disetiap level orgsnisasi : EMPAT LEVEL :

• Entity-level
• Division
• Business unit processes
• Subsidiary

  Areas to Assess Definitions of Risk. (ERM )

  

1.Definisi pertama : event atau aksi yang bisa berdampak

pada kinerja keuangan atau operasional RS.

  —Risiko harus: 1.didefiniskan secara spesifik 2.terukur, gunakan standar akunting unit seperti revenue atau kunjungan pasien

• bisa diamati sepanjang waktu

  2.Definisi kedua: risiko tidak terjadi secara terisolasi namun diidentiifkasi secara kelompok Domain risiko

  1. Operational

  2. Financial

  3. Human Capital

  4. Strategic

  5. Legal/Regulatory

  6. Technology

  DOMAIN RISIKO :

1.Risiko operasional. timbul dari praktik

  bisnis utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan kesehatan.

• Risiko keuangan. berhubungan dengan kemampuan organisasi untuk meningkatkan dan mempertahankan akses ke modal, masalah kontrak, biaya risiko, dan evaluasi

  dukungan pemasok. Domain ini termasuk risiko

  untuk pembiayaan, seperti asuransi.

  

3. Risiko modal manusia. kemampuan organisasi

untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi pekerja, pekerjaan dan lingkungan bahaya, omset, absensi, kekerasan di tempat kerja, pelecehan, dan diskriminasi masuk dalam domain ini

  4. Risiko strategis. Risiko yang berdampak pada pertumbuhan organisasi. Risiko strategis termasuk merger, akuisisi, usaha patungan, dan kewajiban iklan. Juga meliputi risiko reputasi yang terkait dengan hubungan masyarakat dan

ekspektasi kinerja bagi organisasi oleh pasien

  

5. Hukum dan peraturan risiko. termasuk risiko

yang terkait dengan aturan yang diamanatkan,

peraturan, UU dan standar. Dalam pelayanan

kesehatan, peraturan dan standar2 ini banyak

dan rumit. Contoh akreditasi dan privasi dan

peraturan keamanan.

  6. Risiko teknologi. berhubungan dengan teknologi baru. Ini adalah

domain resiko yang tumbuh dalam pelayanan

kesehatan dan termasuk perangkat biomedis,

telemedicine, obat elektronik, sistem informasi manajemen risiko dan teknologi informasi

  Domain Description / Example

  1 Operational The business of healthcare is the delivery of care that is safe, timely, effective, efficient, and patient- centered within diverse

  populations. Operational risks relate to those risks resulting from inadequate or failed internal processes, people, or systems that affect business operations. Included are risks related to: adverse event management, credentialing and staffing, documentation, chain of command, and deviation from practice. Risks associated with the delivery of care to residents, patients and other healthcare customers. Clinical risks include: failure to follow evidence based practice, mediation errors, hospital acquired conditions (HAC), serious safety events (SSE), and others.

  2 Strategic Risks associated with the focus and direction of the organization. Because the rapid pace of change can create unpredictability, risks

  included within the strategic domain are associated with brand, reputation, competition, failure to adapt to changing times, health reform or customer priorities. Managed care relationships/partnerships, conflict of interest, marketing and sales, media relations, mergers, acquisitions, divestitures, joint ventures, affiliations and other business arrangements, contract administration, and advertising are other areas generally considered as potential strategic risks.

  3 Financial Decisions that affect the financial sustainability of the organization, access to capital or external financial ratings through business

  relationships or the timing and recognition of revenue and expenses make up this domain. Risks might include: costs associated with malpractice, litigation, and insurance, capital structure, credit and interest rate fluctuations, foreign exchange, growth in programs and facilities, capital equipment, corporate compliance (fraud and abuse), accounts receivable, days of cash on hand, capitation contracts, billing and collection.

  4 Human Capital This domain refers to the organization’s workforce. This is an important issue in today’s tight labor and economic markets. Included

  are risks associated with employee selection, retention, turnover, staffing, absenteeism, on-the-job work-related injuries (workers’ compensation), work schedules and fatigue, productivity and compensation. Human capital associated risks may cover recruitment, retention, and termination of members of the medical- and allied-health staff.

  6 Legal / Regulatory

  Risk within this domain incorporates the failure to identify, manage and monitor legal, regulatory, and statutory mandates on a local, state and federal level. Such risks are generally associated with fraud and abuse, licensure, accreditation, product liability, management liability, Centers for Medicare and Medicaid Services (CMS) Conditions of Participation (CoPs) and Conditions for Coverage (CfC), as well as issues related to intellectual property.

  6 Technology This domain covers machines, hardware, equipment, devices and tools, but can also include techniques, systems and methods of

  organization. Healthcare has seen an explosion in the use of technology for clinical diagnosis and treatment, training and education, information storage and retrieval, and asset preservation. Examples also include Risk Management Information Systems (RMIS), Electronic Health Records (EHR) and Meaningful Use, social networking and cyber liability.

• Competition 

   Employment Practices

   Philanthropy / Fundraising / Capital Campaign

   Failureto Meet Margin  Uncompensat ed Care

   Accessto Capital  Contract

  Management

   Revenue Enhancement

  Daud/Esa Unggu

   Confictsof Interest  Fraud,Theft and

  Embezzlement

   Governance, Compliance and Oversight

   ACO

   HIPAAPrivacy & Security

   HealthReform

  l 2016

   Payer Mix / Reimburseme nts

   Multiple Vendors  Social

  Networking

   Information Breach  Bar Coding

   HybridEMR

   IT Infrastructure & Security

   Paucity of IT Professionals

   FailuretoAct in a Timely Manner  Incompatible

  Programs

   Natural Disaster  FailuretoPlan

   FailuretoAct Timely

   Inability to Manage a Crisis

   NoBackup Systems or Appropriate Duplicate systems

   Pension/ Retirement Obligations

  Accuracy / Compliance

  Sample Risk List Strategic / External Operational Human Capital Financial Legal & Compliance Technology Hazard

  Diagnosis

  Afliation, Mergers & Acquisitions

   Variability in Patient- Related Volume  Research Grant

  / Funding Availability

   NewModels for Care Delivery  Diminished Market

   Regulatory Change / Healthcare Reform  Confict of Interest

   Decreased Capital Spending  Hospital/ Physician Relationship

   Availability of Public Data  Business

  Management Discipline / Cost Management

   Equipment Maintenance  Failureto

  Identify & Follow EBM

   Facility Maintenance  Timely Access to Care

   Failureto Refer  Failureto

   Clinical Continuity  Insufcient

   Financial Performance  Billing

  Discharge Planning

   Inconsistent Clinical Competency  Hiring&

  Retention

   Organizational Structure, Alignment & Direction  Succession

  Planning

   Unionization  Turnover

   Recruitment  Aging

  Workforce

   Disruptive Behavior  FlexStafng

   Workers’ Compensation

   Physician Shortage

  Arjaty

   Credit / Collections

  25

  Enterprise Risk Management Operational

  Human Capital Financia

l

  Legal/ Regulatory Technolog

  Assessment Model Technology Financial PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment

  Areas To Assess: Operational 

  Quality initiatives (Data Indikator) 

  Adverse event management (Data IKP) 

  Board governance  Credentialing and staffing

• – Initial appointment
• – Reappointment – Affiliated staff

  Areas To Assess: A Board ’ s Legal Risks  Duty to supervise/ manage

   Select competent physicians

   Conflict of interests

   Provide adequate facilities and equipment

   Provide adequate insurance

   Provide satisfactory patient care

   Select competent administrator

   Require competitive bidding

   Provide safe environment

   Regulatory and JCAHO compliance

  Areas To Assess: Operational  General Liability Assessment Topics

• – Safety program
• – Security program
• – Facility management  Parking (lighting, location, security)
• – Visitor control procedures
• – Valuables

  Clinical

  Areas To Assess: Operational ●

• – Patient communication
• – Patient care records
• – Confidentiality
• – Informed decision making
• – Telephone protocols
• – Tracking diagnostic information
• – Primary care screening and monitoring
• – Supervision
• – Patient satisfaction/complaints
• – Coverage issues
• – Infection control
• – Medication safety
• – Emergency response

  Areas To Assess: Financial  Risk Financing Treatments

• – Insurance – Self-insurance  Ability to raise capital  Reimbursement  Billing and collection

  Areas To Assess: Financial  Contract Administration

• – Scope of service and method of payment /

  

ruanglingkup layanan dan metode pembayaran

• – Professional services provided

  / layanan profesional

• – Quality expectations

  / ekspektasi mutu

• – Contractual terms
• – Termination provisions
• – Risk-sharing agreements
• – Apparent agency liability
• – Hold harmless and indemnity agreements
• – Remedies for breach

  Areas To Assess: Human Capital  Employment Practices/ Human

  Resources Topics

• – Workers compensation

  ’

• – Harassment – Negligent firing
• – Discrimination – Testing – Background checks
• – Grievance procedures
• – Confidentiality

  Areas To Assess: Human Capital

 Employment Practices/Human Resources Topics

• – Education  orientation

   continuing education  CPR

• – Employee health

   exposures

• – Employee assistance programs (EAPs)
• – Benefits – Staff rights and staff competency

  Areas To Assess: Human Capital  Environmental issues related to employees

• – Safety – Security – Occupational hazards
• – Environmental hazards

  Areas To Assess: Strategic  Strategic plan and mission

• – Immediate goals vs. long range goals  Business ventures
• – Mergers – Acquisitions and divestitures
• – Joint ventures  Competition ’ s status  Advertising liability  Reputational risks
• – Patient and community relations
• – Media relations

  Areas To Assess: Strategic  New Projects and Services Topics

• – Fit

  䇾 䇾 with existing organization structure

• – Identification of insurance needs
• – Staff requirements
• – Contract needs
• – Competitive impacts
• – Process development

   Policies/procedures

• – Implementation schedules

  Areas To Assess: Strategic  Construction/Renovation

• – Licenses/permits
• – Contracts – Disruption of services
• – Hazards  Air quality

   Interim and design safety

• – Communication issues
• – Approvals

  Areas To Assess: Legal and Regulatory  Statutes, standards and regulations

• – Federal, state and local impacts  Licensure  Accreditation

  Areas To Assess: Legal and Regulatory  Corporate Compliance

  Program/Interface

• – Identification of related compliance

  factors / identifikasi faktor terkait kepatuhan

• – Compliance assessment results /

  hasil asesmen kepatuhan

• – Program components - education,

  reporting, data maintenance, review, monitoring

  Areas To Assess: Technology  Information systems  Telemedicine  Equipment  New technologies  Inventory control

  Areas To Assess  Setting priorities for program development /

  Buat prioritas untuk pengembangan program

• – Utilize information from external and

  internal assessment sources / gunakan informasi dari sumber ekstrenal & internal

• – Goals should be:

   Flexible  Short and long term

• – Priorities should be:

   Politically correct  Financially correct  Ethically correct