Enterprise Risk Management PMI Healthcare SIG October 5, 2009 Diana Del Bel Belluz Risk Wise Inc.
Key definitions What is Risk? The threat or possibility that an action or event will adversely or beneficially affect an organization s ability to achieve its objectives. Health Education Funding Council for England (hefce) What is Risk Management? The culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects. AS/NZS 4360: 2004 2
Why ERM? #1 Avoid Crisis The only alternative to risk management is crisis management. James Lam 3
Why ERM? #2 Enhance Performance 37% 63% Average Performance Loss Average Realized Performance 7.5% 5.5% 4.5% 4.1% 3.7% 3.0% 3.0% 2.6% 1.9% 0.7% 0.7% Inadequate resources Poorly communicated strategy Action required not clearly defined Unclear accountabilities for action Silos and culture blocks Inadequate performance monitoring Inadequate rewards Poor senior leadership Uncommitted leadership Unapproved strategy Other (including inadequate skills) Adapted from Turning Great Strategy into Great Performance,Mankins and Steele, Harvard Business Review August 2005 4
Why ERM? #3 Build Resilience It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change - Charles Darwin 5
The risk management evolution spectrum Proactive Reactive Enterprise-wide risk management (STEWARDSHIP MODE: you enhance stakeholder confidence) Proactive risk management in silos (QUALITY MODE: your performance is good but not delivering on full performance potential) Situational risk management in reaction to losses or external requirements (SURVIVAL MODE: you avoid repeating old mistakes, but don t anticipate new ones) Risk not managed (CRISIS MODE: you are chronically fighting fires ) 6
Alignment - The greatest implementation challenge Strategic Direction & Governance Enterprise RISK Operations Management Operational RISK Source: D. Grbavac, ICORM 7
Parallels to Project Risk Management Strategic Direction & Governance Enterprise RISK Portfolio Program Operations Management Operational RISK Project 8
Risk Management Process (ISO 31000) 9
Communicate to drive alignment CEO Objectives Strategy Risk Appetite Performance Measures & Targets Risk Indicators & Risk Tolerance Vice President Objectives Strategy Risk Appetite Performance Measures & Targets Risk Indicators & Risk Tolerance Director Objectives Strategy Risk Appetite Performance Measures & Targets Risk Indicators & Risk Tolerance And so on, down the line * Risk Wise E-Zine subscribers receive exclusive access to a document that 10 explains the relationship between performance measures and risk indicators.
Example: Canada Health Infoway Infoway Mission: To foster and accelerate the development and adoption of pan-canadian electronic health information systems. Infoway Vision: Better care through timely access to secure health information when and where it s needed. 11
Example: Canada Health Infoway Infoway Business Strategies Participate in health care renewal. Collaborate with partners Target the investments Support solution deployment Promote solution adoption and benefits Source: Canada Health Infoway Corporate Business Plan 2009/2010 12
Example: Canada Health Infoway Source: Vision 2015, Canada Health Infoway 13
What are the enterprise risks? Source: Canada Health Infoway Annual Report 2008/2009 14
Assessing and managing enterprise risk Source: Canada Health Infoway Annual Report 2008/2009 15
Assessing and managing enterprise risk Source: Canada Health Infoway Annual Report 2008/2009 16
Where is healthcare on the RM journey? 1Established Management is taking the initiative to define RM and develop the capacity and core products (e.g. CRP) that are mentioned in the TBS RM Framework. Level 1: Structural 1 The use of RM is on a situational -basis, and RM is applied as required to respond to specific threats or opportunities. Established Strategic (Top-Down) 2Integrated RM principles are being supported across the organization and steps are being taken to introduce it at the operational / functional levels. Level 2: Functional 2RM is more systematically used on a day-to-day basis and is built into the management cycle. Integrated Operational Bottom-Up) Level 3: Cultural 3Optimized The operational/functional and strategic levels work together effectively including effective communication, sharing and cooperation across levels and a common approach to RM tailored to the organization s unique requirements. Optimized 17 17
Typical motivations for pursuing systematic risk management Eliminate pain: Avoid repeating a crisis Reaction to catastrophic losses, major scandal Compliance Re-enforce accountability Achieve aspiration: Stewardship Capture unrealized performance potential Sustainability Improve quality at operations level Improve resource allocation by enterprise level Create resilience in the face of change 18
Implementing ERM It s more about people than process Win commitment and support at the top demonstrate relevance, engage champions Engage buy-in across the organization craft a compelling case and sell it Treat it like a change initiative plan your route; look after your people & deal with resistance Technical excellence develop effective structures, processes, tools, skills Sustain it demonstrate value, share stories 19
PMI Risk Management Professional Examination Domain Risk Communication Risk Analysis Risk Response Planning Risk Governance Total Percentage of Questions 27% 30% 26% 17% 100% 20
Your turn How can risk management support project management (and vice versa)? Where do you fit into ERM in your organization? 21
Contact information Diana Del Bel Belluz, M.A.Sc., P.Eng. President Risk Wise Inc. Tel. 416.214.7598 Diana.Belluz@riskwise.ca For tips on how to implement systematic risk management, subscribe to Risk Management Made Simple, our free E- Zine / online newsletter at www.riskwise.ca 22