Risk Management Process and Enterprise Risk Management (ERM)
Risk Management Process and Enterprise Risk Management (ERM)
Dr Arjaty Daud MARS Disampaikan pada Kuliah Program Magister Administrasi RS Univ Esa Unggul
Tujuan
1. Mahasiswa dapat menyebutkan tujuan
mata ajar risk management process and enterprise risk management
2. Mahasiswa dapat menguraikan topik- topik
dan jadwal mata ajar risk management process and enterprise risk management
3. Mahasiswa dapat menggambarkan sistem
evaluasi pembelajaran dan buku wajib
4. Mahasiswa mampu memahami kompetensi
yang diharapkan dari mata ajar
The Five Steps In The Risk Management Process
(ARM)
Identify loss exposures 1.
2.Examine potential risk management technique(s)
3.Select risk management technique(s)
4.Implement technique(s)
5.Monitor results
The Risk Management Process Identify/
Treat the Exposure Analyze Through RM Exposure Techniques
Risk Risk Risk Risk Contro Financin Analysis Identific l g
Loss + ation
Frequenc Risk Tran Rete
- Avoidan sfer ntion y: Identify
ce Howlikely the loss
Loss is it that a
Prevention Active Non- Ins Pass
(frequency) loss will
Loss urer Non- Insure ive happen? insuran
Reduction A Hold Not r ce
- Loss
carri (severity) reco harmle
Lo Segre &
Severity: er ss gnize ss gation
Self- Howseriou agree
Contractua insuran s will the ments l Transfer Prop Net Liab Pers (nonins ce loss be? erty Incom ility onnel urance)
Risk Management Process
1. Risk Identification
- – Mengkategorikan dan mencatat sumber2 kemungkinan kerugian
1. Risk Analysis
- Menetapkan Frequency of Occurrence / Loss • Menetapkan Probable Severity / Effect Potential Loss
on Organization (Financial & Operational)
Risk Treatment
3.Risk control
techniques :3. Risk Avoidance
4. Loss Prevention
5. Loss Reduction
6. Segregation of Exposure Units
7. Non-Insurance Transfer
4.Risk financing
Risk Management Process
•Risk Transfer
•Risk retention
RISK CONTROL
1. Risk Avoidance
•Menghindari / tidak terlibat dalam Kegiatan risiko
terkait- Satu-satunya teknik Risik kontrol yang sepenuhnya menghilangkan kemungkinan Loss dengan tidak terlibat dalam risiko
2. Loss Prevention
Reduksi / Eliminasi kemungkinan Loss Contoh : Surgical Instrument Counts Infection Control Procedures Safety Programs Credentialing Effective Screening Monitoring of Care
3. Loss Reduction
- Reduksi potensial dampak Loss / Reduksi
potensial Severity Loss
- Examples – Team to Respond to Cardiac or Respiratory Distressed Patients / Code Blue)
- – Sprinkler System – Crisis Management Team
4. Segregation of Exposure Units
- Pemisahan (Separation):
- – Membagi Aset / kegiatan menjadi dua atau lebih di lokasi yang terpisah (Mengurangi Risiko Rugi dalam satu kejadian)
- Membuat Kontrak dan Pergeseran
Tanggung Jawab Hukum kerugian dari satu pihak
ke pihak lain
• Contractual Transfer (Non-Insurance)
Saat ini perkembangan RM menjadi lebih sentralisasi (ERM) karena :
•Globalisasi keuangan & bisnis
- Integrasi industri asuransi
- Meningkatnya regulasi
- Lebih fokus pada tata kelola
korporasi
- Clinical governance &
keselamatan pasien
The traditional six-step RM process :
1. Identifkasi risiko
2.Analisa risiko
3.Mengembangkan teknik pengelolaan risiko
(treat risks)4.Memilih teknik kelola risiko yang terbaik (selection of best risk-treatment techniques),
5.Implementasi teknik yang dipilih
6.Monev efektivitas manajemen risiko Enterprise Risk Management : 2.lebih mengintegrasikan manajemen risiko kedalam struktur organisasi 3.pendekatan interaktif untuk identifkasi
Definisi Enterprise Risk Management (ERM):
- Suatu Proses yg dilakukan oleh BOD dan manajemen di semua level unit yang dirancang dalam suatu strategi Institusi untuk mengidentifikasi kejadian potensial yang dapat mempengaruhi Institusi dan mengelola risiko tersebut untuk pencapaian tujuan institusi
ERM menggunakan pendekatan fungsi silang untuk
ases, evaluasi, dan mengukur semua risiko institusi,
tidak hanya yang terkait dengan risiko yang bisa ditransfer seperti keuangan & risiko hazard
4 LEVEL The ERM Framework
4 KATEGORI
8 KOMPONENi
Tujuan
- Dalam konteks menetapkan misi atau visi korporasi, manajemen menetapkan tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan dengan korporasi
- Framework ERM diarahkan untuk mencapai tujuan korporasi.
EMPAT KATEGORI : sesuai dengan misi
- Strategic – tujuan
- Operations – effective and efficient use of its resources
- Reporting – reliability of reporting
- Compliance – compliance with applicable laws &regulations .
Delapan Komponen ERM
ERM terdiri dari DELAPAN KOMPONEN saling terkait yang
diperoleh dari cara manajemen mengelola korporasi dan integrasikannya dalam proses manajemen- Internal Environment Lingkungan internal meliputi “Tone” organisasi, dan menetapkan bagaimana risiko diidentifikasi dan ditangani Manajemen termasuk filosofi manajemen risiko, integritas dan nilai2 etika, dan lingkungan di mana mereka bekerja
- Objective Setting
Tujuan harus dibuat sebelum manajemen mengidentifkasi potensial event. ERM memastikan bahwa organisasi dijalankan
3. Event Identification
Kejadian internal & eksternal yg mempengaruhi
pencapaian tujuan korporasi harus diidentifikasi, bedakan antara risiko danpeluang. Peluang (lihat kembali Renstra
dalam menentukan tujuan)4.Risk Assessment
Risiko dianalisa, dihitung peluang dan dampak, sebagai dasar mengelola risiko
- Risk Response Manajemen memilih respon terhadap risiko :
a. tolak,
b. terima,
c. reduksi,
6. Control Activities
Kebijakan & prosedur ditetapkan & diimplementasi untuk memastikan respon riisko dilaksanakan dengan efektif
- Information and Communication
Informasi yang relevan diidentifkasi,
dikomunikasikan dalam bentuk & jnagkawaktu
yang membuat individu melaksanakan tanggungjawabnya. Komunikasi efektif juga terjadi sangat luas diseluruh korporasi (kebawah, kesamping dan keatas)- Monitoring
ERM dilakukan disetiap level orgsnisasi : EMPAT LEVEL :
- Entity-level
- Division
- Business unit processes
- Subsidiary
Areas to Assess Definitions of Risk. (ERM )
1.Definisi pertama : event atau aksi yang bisa berdampak
pada kinerja keuangan atau operasional RS.—Risiko harus: 1.didefiniskan secara spesifik 2.terukur, gunakan standar akunting unit seperti revenue atau kunjungan pasien
- bisa diamati sepanjang waktu
2.Definisi kedua: risiko tidak terjadi secara terisolasi namun diidentiifkasi secara kelompok Domain risiko
1. Operational
2. Financial
3. Human Capital
4. Strategic
5. Legal/Regulatory
6. Technology
DOMAIN RISIKO :
1.Risiko operasional. timbul dari praktik
bisnis utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan kesehatan.
- Risiko keuangan. berhubungan dengan kemampuan organisasi untuk meningkatkan dan mempertahankan akses ke modal, masalah kontrak, biaya risiko, dan evaluasi
dukungan pemasok. Domain ini termasuk risiko
untuk pembiayaan, seperti asuransi.
3. Risiko modal manusia. kemampuan organisasi
untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi pekerja, pekerjaan dan lingkungan bahaya, omset, absensi, kekerasan di tempat kerja, pelecehan, dan diskriminasi masuk dalam domain ini4. Risiko strategis. Risiko yang berdampak pada pertumbuhan organisasi. Risiko strategis termasuk merger, akuisisi, usaha patungan, dan kewajiban iklan. Juga meliputi risiko reputasi yang terkait dengan hubungan masyarakat dan
ekspektasi kinerja bagi organisasi oleh pasien
5. Hukum dan peraturan risiko. termasuk risiko
yang terkait dengan aturan yang diamanatkan,peraturan, UU dan standar. Dalam pelayanan
kesehatan, peraturan dan standar2 ini banyak
dan rumit. Contoh akreditasi dan privasi dan
peraturan keamanan.6. Risiko teknologi. berhubungan dengan teknologi baru. Ini adalah
domain resiko yang tumbuh dalam pelayanan
kesehatan dan termasuk perangkat biomedis,
telemedicine, obat elektronik, sistem informasi manajemen risiko dan teknologi informasiDomain Description / Example
1 Operational The business of healthcare is the delivery of care that is safe, timely, effective, efficient, and patient- centered within diverse
populations. Operational risks relate to those risks resulting from inadequate or failed internal processes, people, or systems that affect business operations. Included are risks related to: adverse event management, credentialing and staffing, documentation, chain of command, and deviation from practice. Risks associated with the delivery of care to residents, patients and other healthcare customers. Clinical risks include: failure to follow evidence based practice, mediation errors, hospital acquired conditions (HAC), serious safety events (SSE), and others.
2 Strategic Risks associated with the focus and direction of the organization. Because the rapid pace of change can create unpredictability, risks
included within the strategic domain are associated with brand, reputation, competition, failure to adapt to changing times, health reform or customer priorities. Managed care relationships/partnerships, conflict of interest, marketing and sales, media relations, mergers, acquisitions, divestitures, joint ventures, affiliations and other business arrangements, contract administration, and advertising are other areas generally considered as potential strategic risks.
3 Financial Decisions that affect the financial sustainability of the organization, access to capital or external financial ratings through business
relationships or the timing and recognition of revenue and expenses make up this domain. Risks might include: costs associated with malpractice, litigation, and insurance, capital structure, credit and interest rate fluctuations, foreign exchange, growth in programs and facilities, capital equipment, corporate compliance (fraud and abuse), accounts receivable, days of cash on hand, capitation contracts, billing and collection.
4 Human Capital This domain refers to the organization’s workforce. This is an important issue in today’s tight labor and economic markets. Included
are risks associated with employee selection, retention, turnover, staffing, absenteeism, on-the-job work-related injuries (workers’ compensation), work schedules and fatigue, productivity and compensation. Human capital associated risks may cover recruitment, retention, and termination of members of the medical- and allied-health staff.
6 Legal / Regulatory
Risk within this domain incorporates the failure to identify, manage and monitor legal, regulatory, and statutory mandates on a local, state and federal level. Such risks are generally associated with fraud and abuse, licensure, accreditation, product liability, management liability, Centers for Medicare and Medicaid Services (CMS) Conditions of Participation (CoPs) and Conditions for Coverage (CfC), as well as issues related to intellectual property.
6 Technology This domain covers machines, hardware, equipment, devices and tools, but can also include techniques, systems and methods of
organization. Healthcare has seen an explosion in the use of technology for clinical diagnosis and treatment, training and education, information storage and retrieval, and asset preservation. Examples also include Risk Management Information Systems (RMIS), Electronic Health Records (EHR) and Meaningful Use, social networking and cyber liability.
- Competition
Employment Practices
Philanthropy / Fundraising / Capital Campaign
Failureto Meet Margin Uncompensat ed Care
Accessto Capital Contract
Management
Revenue Enhancement
Daud/Esa Unggu
Confictsof Interest Fraud,Theft and
Embezzlement
Governance, Compliance and Oversight
ACO
HIPAAPrivacy & Security
HealthReform
l 2016
Payer Mix / Reimburseme nts
Multiple Vendors Social
Networking
Information Breach Bar Coding
HybridEMR
IT Infrastructure & Security
Paucity of IT Professionals
FailuretoAct in a Timely Manner Incompatible
Programs
Natural Disaster FailuretoPlan
FailuretoAct Timely
Inability to Manage a Crisis
NoBackup Systems or Appropriate Duplicate systems
Pension/ Retirement Obligations
Accuracy / Compliance
Sample Risk List Strategic / External Operational Human Capital Financial Legal & Compliance Technology Hazard
Diagnosis
Afliation, Mergers & Acquisitions
Variability in Patient- Related Volume Research Grant
/ Funding Availability
NewModels for Care Delivery Diminished Market
Regulatory Change / Healthcare Reform Confict of Interest
Decreased Capital Spending Hospital/ Physician Relationship
Availability of Public Data Business
Management Discipline / Cost Management
Equipment Maintenance Failureto
Identify & Follow EBM
Facility Maintenance Timely Access to Care
Failureto Refer Failureto
Clinical Continuity Insufcient
Financial Performance Billing
Discharge Planning
Inconsistent Clinical Competency Hiring&
Retention
Organizational Structure, Alignment & Direction Succession
Planning
Unionization Turnover
Recruitment Aging
Workforce
Disruptive Behavior FlexStafng
Workers’ Compensation
Physician Shortage
Arjaty
Credit / Collections
25
Enterprise Risk Management Operational
Human Capital Financia
l
Legal/ Regulatory Technolog
Assessment Model Technology Financial PATIENT / ORGANIZATION Operational Human Capital Legal/Regulatory Enterprise Risk Management Assessment
Areas To Assess: Operational
Quality initiatives (Data Indikator)
Adverse event management (Data IKP)
Board governance Credentialing and staffing
- – Initial appointment
- – Reappointment – Affiliated staff
Areas To Assess: A Board ’ s Legal Risks Duty to supervise/ manage
Select competent physicians
Conflict of interests
Provide adequate facilities and equipment
Provide adequate insurance
Provide satisfactory patient care
Select competent administrator
Require competitive bidding
Provide safe environment
Regulatory and JCAHO compliance
Areas To Assess: Operational General Liability Assessment Topics
- – Safety program
- – Security program
- – Facility management Parking (lighting, location, security)
- – Visitor control procedures
- – Valuables
Clinical
Areas To Assess: Operational ●
- – Patient communication
- – Patient care records
- – Confidentiality
- – Informed decision making
- – Telephone protocols
- – Tracking diagnostic information
- – Primary care screening and monitoring
- – Supervision
- – Patient satisfaction/complaints
- – Coverage issues
- – Infection control
- – Medication safety
- – Emergency response
Areas To Assess: Financial Risk Financing Treatments
- – Insurance – Self-insurance Ability to raise capital Reimbursement Billing and collection
Areas To Assess: Financial Contract Administration
- – Scope of service and method of payment /
ruanglingkup layanan dan metode pembayaran
- – Professional services provided
/ layanan profesional
- – Quality expectations
/ ekspektasi mutu
- – Contractual terms
- – Termination provisions
- – Risk-sharing agreements
- – Apparent agency liability
- – Hold harmless and indemnity agreements
- – Remedies for breach
Areas To Assess: Human Capital Employment Practices/ Human
Resources Topics
- – Workers compensation
’
- – Harassment – Negligent firing
- – Discrimination – Testing – Background checks
- – Grievance procedures
- – Confidentiality
Areas To Assess: Human Capital
Employment Practices/Human Resources Topics
- – Education orientation
continuing education CPR
- – Employee health
exposures
- – Employee assistance programs (EAPs)
- – Benefits – Staff rights and staff competency
Areas To Assess: Human Capital Environmental issues related to employees
- – Safety – Security – Occupational hazards
- – Environmental hazards
Areas To Assess: Strategic Strategic plan and mission
- – Immediate goals vs. long range goals Business ventures
- – Mergers – Acquisitions and divestitures
- – Joint ventures Competition ’ s status Advertising liability Reputational risks
- – Patient and community relations
- – Media relations
Areas To Assess: Strategic New Projects and Services Topics
- – Fit
䇾 䇾 with existing organization structure
- – Identification of insurance needs
- – Staff requirements
- – Contract needs
- – Competitive impacts
- – Process development
Policies/procedures
- – Implementation schedules
Areas To Assess: Strategic Construction/Renovation
- – Licenses/permits
- – Contracts – Disruption of services
- – Hazards Air quality
Interim and design safety
- – Communication issues
- – Approvals
Areas To Assess: Legal and Regulatory Statutes, standards and regulations
- – Federal, state and local impacts Licensure Accreditation
Areas To Assess: Legal and Regulatory Corporate Compliance
Program/Interface
– Identification of related compliance
factors / identifikasi faktor terkait kepatuhan
- – Compliance assessment results /
hasil asesmen kepatuhan
– Program components - education,
reporting, data maintenance, review, monitoring
Areas To Assess: Technology Information systems Telemedicine Equipment New technologies Inventory control
Areas To Assess Setting priorities for program development /
Buat prioritas untuk pengembangan program
- – Utilize information from external and
internal assessment sources / gunakan informasi dari sumber ekstrenal & internal
- – Goals should be:
Flexible Short and long term
- – Priorities should be:
Politically correct Financially correct Ethically correct