Enterprise Risk Management. Breaking Down the Barriers at Emory



Similar documents
Enterprise Risk Management Panel Discussion

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation

04A. RISK MANAGEMENT: HOW TO MAKE IT PART OF YOUR STRATEGY. November 6 8, Shulamith Klein Chief Risk Officer Emory University Emory Healthcare

POLICY. Number: Title: Enterprise Risk Management. Authorization

Eclipx Group Limited Risk Management Policy

Analyzing Risks in Healthcare. February 12, 2014

Department of Veterans Affairs VHA DIRECTIVE Washington, DC August 2, 2013 VHA ENTERPRISE FRAMEWORK FOR QUALITY, SAFETY, AND VALUE

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Enterprise Risk Management Plan FY December 2014

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Risk Management Policy and Framework

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Professional. Compliance & Ethics. 19 The cost of unethical behavior. 33 Graduate degrees in Compliance: Training the next generation

The Lowitja Institute Risk Management Plan

University Specialty Clinics and Palmetto Health Billing Compliance Plan

Enterprise Risk Management: Taking the First Steps

ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Risk Management Policy

SUMMARY OF POSITION ROLE/RESPONSIBILITIES:

Enterprise Risk Management Program

Integrated Risk Management:

Nova Scotia EMO. Hazard Risk Vulnerability Assessment (HRVA) Model. Guidelines for Use. October, 2010

University of Rhode Island IT Governance

Introduction to Enterprise Risk Management at UVM DRAFT

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

Information Security Program CHARTER

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance

Enterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

EMERGENCY PREPAREDNESS AND CRISIS MANAGEMENT PLAN

Business Continuity Management Policy

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

RISK MANAGEMENT POLICY

Confident in our Future, Risk Management Policy Statement and Strategy

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Risk Assessment & Enterprise Risk Management

Quality and Performance Improvement Program Description 2016

identify hazards, analyze or evaluate the risk associated with that hazard, and determine appropriate ways to eliminate or control the hazard.

Enterprise Risk Management

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

University of Glasgow. Policy for. Business Continuity Management

How to Assess Legal Risk Management Practices

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

The Risk Management strategy sets out the framework that the Council has established.

Audit, Risk Management and Compliance Committee Charter

Business Continuity Management Policy

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

WFP ENTERPRISE RISK MANAGEMENT POLICY

Third Annual Study: Is Your Company Ready for a Big Data Breach?

APPENDIX 50. Enterprise risk management - Risk management overview

Bridgend County Borough Council. Corporate Risk Management Policy

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

Risk Management Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

Clarkson University Environmental Health & Safety Program Overview

CONSTITUTION COLLEGE OF ENGINEERING UNIVERSITY OF FLORIDA PREAMBLE

RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015

Enterprise Risk Management for Hospital Systems: What Counsel Needs to Know

How To Manage Risk

IT Security Incident Response Protocol McGill University

Enterprise Risk Management & Information Technology

Cypress College Strategic Plan

Large Hospitals and Health Systems Industry Immersion Session

Information and Communications Technology (ICT) Steering Committee - Information Sheet

Governance Processes and Organizational Structures for Information Management

Federal Bureau of Investigation s Integrity and Compliance Program

A Risk Management Standard

Enterprise Risk Management in Colleges and Universities

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Wellesley College Whistleblower Policy Adopted April 2009

University Hospitals. May 2010

UNIVERSITY OF MISSISSIPPI MEDICAL CENTER RISK MANAGEMENT PLAN

Policy : Enterprise Risk Management Policy

Version: 3.0. Effective From: 19/06/2014

Transcription:

Enterprise Risk Management Breaking Down the Barriers at Emory Willis Healthcare Forum Nashville, TN July 10, 2007 Shulamith Klein Senior Director Office of Risk & Insurance Services

The Emory Enterprise Teaching, research, and academic healthcare 21,000 employees 3,200 faculty members $ 2.6 billion operating budget $ 4.7 billion endowment 2

Emory Healthcare Largest healthcare system in Georgia 1,184 hospital beds 9,700 employees 954 employed physicians 2 tertiary care & geriatric hospitals Outpatient pediatric center Long term care & independent living facilities $ 1.4 billion patient services revenue $ 70.0 million charity care 3

Enterprise Risk Management A Top Down Push Board Audit Committee Chair Internal Audit EVP for Finance and Administration President is on board 4

Why ERM? ERM improves ability to identify significant risks assess vulnerability based on probability and impact determine risk appetite accept or invest resources to mitigate plan pro-active response ERM = NO SURPRISES! 5

ERM Organization at Emory ERM Executive Sponsors Committee (Reputational & Strategic Risks) President (Committee Chair) Executive VP for Finance and Administration Executive VP for Health Affairs Executive VP for Academic Affairs and Provost President and CEO, Emory Healthcare Senior VP and General Counsel Senior VP and Dean for Campus Life VP and Secretary VP of Communications Chief Audit Officer ERM Steering Committee Senior Director, Office of Risk and Insurance Services (Co-Chair) VP of Research Administration VP of Investments, Chief Investment Officer VP of Finance VP of Campus Services Director of Critical Event Preparedness & Response Deputy General Counsel (Co-Chair) Executive Associate Dean, Research VP of Human Resources Senior Vice Provost/Academic Planning and Faculty Development Director of Financial Serv. / Campus Life VP of IT, Chief Information Officer Finance and Investment Healthcare Healthcare and Research Research Information Technology Campus Safety and Physical Plant Governance and Corporate Affairs Academic and Student Affairs Human Resources 6

The Process is Key Phase 1 Sub-committees identified 555 risks Ranked by severity and frequency o What is the potential impact to the organization? o What is the likelihood of occurrence? Steering Committee reduced to 141 risks o Eliminated duplications o Consolidated similar exposures o Edited for consistency of description o Assessed rankings 7

The Process is Key Phase 2 Identified Primary Operational Leaders for top 57 o Primary operational responsibility over functional area where risk has greatest potential impact o CEO, COO, Dean, EVP, Provost, etc. Identified Risk Management Process Owners (RMPOs) o Sufficiently familiar with the risk to prepare coherent Risk Management Plan o e.g. Directors, Quality Officers, VP 8

The Process is Key Phase 3 President charged each RMPO with preparing a two-page plan within 90 days o Steps being taken to manage risk at an acceptable level o Operational response to adverse occurrence o Communication response to adverse occurrence 9

The Process is Key Phase 4 Steering Committee reviewed 57 draft plans o Need to be clear on who is responsible and accountable for specific actions o Distinguish between existing interventions and wish list RMPOs revised Risk Management Plans 57 plans submitted to Executive Committee 10

Executive Review Phase 5 Quarterly review, three-hour hour sessions Each session devoted to distinct operational area(s) Individual presentations followed by total risk overview Identify gaps between risk and response plans How are costs of mitigating risk balanced with achieving strategic goals? Identify and incorporate best practices 11

18 Months and Counting President rolls out Committee Framework Exec. charges Steering Committee with risk identification Key Risks, POLs, and Guiding Principles presented to Executive Committee President charges RMPOs with Risk Management Plans Initial Plans due Risk Committees review Plans Plans submitted to Exec. Comm. 1 st Quarterly review with Exec. Comm. March/April August November April May June August September 2006 2006 2006 2007 2007 2007 2007 2007 12

Emory University Enterprise Risk Management Guiding Principles Emory upholds an early-warning system for identification of adverse occurrences; All individuals are empowered to report problems and concerns early on, without fear of retribution; Reports of adverse occurrences are responded to promptly and thoroughly; Investigations of adverse occurrences, complaints, and concerns are conducted with integrity and continue until the fact-finding finding process is concluded; Reliable and useful information is shared promptly with leadership and other key constituencies; Communication with the Emory community and the public at large is pro-active, honest, and respectful of individual privacy; Emory maintains a framework for regularly assessing the effectiveness eness of risk management practices and a culture that fosters process improvement ent when indicated. These are the principles to which we hold ourselves, and those with w whom we partner. 13

Assessment Tool Ranking Key: Likelihood of occurring (frequency) 1-low: <10% chance of occurring in 2 years 2-medium: <25% chance of occurring in 2 years 3-high: <50% chance of occurring in 2 years 4-very high: >50% chance of occurring in 2 years or already occurring ring Potential Impact (severity) 1-minor: unlikely to have a permanent or significant effect on Emory's reputation or achievement of its strategic objectives 2-moderate: will have a significant impact on Emory but can be managed without major impact 3-serious: will have a significant effect on Emory and requires a major effort to manage and resolve the occurrence, as well as its ramifications 4-very serious: will threaten the existence of the institution if not resolved Risk factor = [(.50) x (frequency)] + (severity) 14

Lessons Learned Process itself reveals trends and opportunities for risk mitigation Facilitates discussion of entity s s risk tolerance Focus on critical risks and don t t over-engineer engineer the process Link to resource allocation Priorities change over time in response to internal and external factors Risk related material is privileged and confidential 15

Perspective Broad based management ownership + Principled action + Common sense = Success 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information