As is the case in many industries today, corporate governance

Similar documents
July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

Beyond risk identification Evolving provider ERM programs

ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT

The Rising Tide of Pharmacy Benefit Cost and Complexity: A health plans roadmap to optimizing pharmacy services relationships

Taking A Proactive Approach To Loyalty & Retention

How To Use Predictive Analytics To Improve Health Care

The Implications of Reform on the US Health Insurance Industry

The healthcare industry is changing more rapidly than ever, creating new opportunities for those who stand ready to seize them. Who are we?

ALTARUM. Modernizing Health Care: Leveraging Our Regional Extension Centers

How To Use Social Media To Improve Your Business

WHITE PAPER APRIL Leading an Implementation Campaign to Address the Convergence of Healthcare Reform Initiatives

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

Change is happening: Is your workforce ready? Many power and utilities companies are not, according to a recent PwC survey

Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice

Top 10 Issues for Health Plans - Strategic & Operational Priorities

TRANSFORMING HEALTHCARE

Healthcare Internal Audit: In a Time of Transition

The Financial Case for EHR/RCM Integration. White Paper. The Power of Clinically Driven Revenue Cycle Management. Presented by

Module 6 Essentials of Enterprise Architecture Tools

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Blending Corporate Governance with. Information Security

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

The Importance of Pay For Performance in Healthcare Transformation

The Business Case for Using Big Data in Healthcare

GE Healthcare. Financial Management Solutions

Joseph Naughton-Travers, Ed.M., Senior Associate, OPEN MINDS The 2014 OPEN MINDS Planning & Innovation Institute June 3, :45am 11:00am

Customer effectiveness

Managing Risk at Bank of America Corporation. Overview

The new revenue cycle imperative: A data-driven approach to minimizing risk and optimizing performance

The Promise of Regional Data Aggregation

Accenture Risk Management. Industry Report. Life Sciences

Management Update: The Eight Building Blocks of CRM

The heart of your business*

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY

Operational Success: Targeting Performance

risk management & crisis response Building a Proactive Risk Management Program

fs viewpoint

SUSTAINING COMPETITIVE DIFFERENTIATION

Clintegrity 360 QualityAnalytics

Framework for Enterprise Risk Management

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

Driving Business Value. A closer look at ERP consolidations and upgrades

Executive Dashboards:

Physician Enterprise The Importance of Charge Capture, Business Intelligence and Being a Data Driven Organization

Enterprise Risk Management in Colleges and Universities

Strategic Plan. Valid as of January 1, 2015

Board Matters Quarterly Critical insights for today s audit committee

Enabling HR service delivery

Special report Healthcare

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

Make information work to your advantage. Help reduce operating costs, respond to competitive pressures, and improve collaboration.

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

TD Bank N.A. s Enterprise-Wide PMO Monitors Projects and Maintains Focus on Strategic Goals

Kea Influencer Relations and Marketing for High-Tech & Technology Providers

WHITE PAPER. QualityAnalytics. Bridging Clinical Documentation and Quality of Care

INSERT COMPANY LOGO HERE. Product Leadership Award

ENTERPRISE RISK MANAGEMENT FRAMEWORK

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Integrated Risk Management:

The Essential Guide to: Risk Post IPO

Global Headquarters: 5 Speen Street Framingham, MA USA P F

The 5 Questions You Need to Ask Before Selecting a Business Intelligence Vendor. Share With Us!

Managing Risk Beyond a Plan's Direct Control: Improving Oversight of a Health Plan's First Tier, Downstream, and Related (FDR) Entities

Post-Acute/Long- Term Care Planning for Accountable Care Organizations

Setting smar ter sales per formance management goals

An Executive Primer To Customer Success Management

Physician Discovery Services Provide a Full Range of Physician Practice Solutions

Operational Excellence, Data Driven Transformation Now Available at American Hospitals

The IBM data governance blueprint: Leveraging best practices and proven technologies

Work Smarter, Not Harder: Leveraging IT Analytics to Simplify Operations and Improve the Customer Experience

BUSINESS ANALYTICS: Understand How Your Organization Works.

Convercent Predictive Analytics

Analytics for Healthcare

Big Data, Big Business Opportunities

Global Payroll? A Few Planning Considerations. Human Resources Globalization

The Financial Services Industry: Sales Trends and Strategic Initiatives

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Agile Analytics: A Faster, Less Risky Approach To Tackling Big Data

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

The Cornerstones of Accountable Care ACO

Why you should adopt the NIST Cybersecurity Framework

I D C M a r k e t S c a p e : W o r l d w i d e F i n a n c i a l S e r v i c e s C o n s u l t i n g V e n d o r A n a l y s i s

ASAE s Job Task Analysis Strategic Level Competencies

OCCUPIER INSIGHT DEVELOPING THE RIGHT CRE ORGANIZATIONAL STRUCTURE. A Corporate Occupier & Investor Services Publication

Business Development. MarketDiscovery A Complete Healthcare Business Development Solution

New Business and Investment Opportunities Emerging from Population Health Management (PHM)

Accountable Care: Clinical Integration is the Foundation

Introduction. By Santhosh Patil, Infogix Inc.

Patient Relationship Management

Business Intelligence of the Future. kpmg.com

Consumer Goods and Services

Helping You Achieve Better Clinical and Financial Health

Risk Management A Strategy for Success

Managed Services. Business Intelligence Solutions

Transcription:

How Health Care Organizations Risk and Compliance Executives Can Become Strategic Board Advisors Terry Puchley, Partner, PwC, terry.puchley@us.pwc.com Mitchel Harris, Director, PwC, mitchel.s.harris@us.pwc.com Aysha Long, Director, PwC, aysha.g.long@us.pwc.com As is the case in many industries today, corporate governance is rapidly changing in the health care sector, and providers, payers, and life sciences companies are adjusting their business models accordingly. Subject to increasingly proactive regulatory oversight, these health care organizations are adapting to new rules and regulations as they work to gain market advantage. As a result, their boards of directors are rethinking the roles of their risk and compliance functions in everyday decisionmaking. Leading health care companies and their boards are gaining new appreciation for the market advantage they can realize by integrating risk and compliance insights into their overall corporate strategy. In some ways, this is not news. A vast majority of board directors across all sectors 95 percent, according to the 2013 PwC Corporate Directors Survey believe their boards have at least a moderate understanding of the company s risk appetite. Many boards have increased their focus on risk issues, with 44 percent of survey respondents saying their time commitment to risk management increased in the past 12 months. Sixty percent say they want to spend even more time focusing on risk in the coming year. The time investment seems to have paid off, as onethird of board members say their effectiveness in overseeing risk improved during the past year. 1 Board directors of health care organizations in particular are recognizing that in addition to focusing on traditional areas of concern such as strategic growth and changing business portfolios they must also take into account risk and compliance issues when making strategic decisions. Today s provider, payer, and life sciences boards are growing progressively aware that they need to be armed with concise, relevant information and focused, real-time data on risk and compliance issues to succeed in an increasingly competitive health care marketplace in which new entrants appear each day. But the rapidity and complexities of change in the health care industry can make it difficult for a board to make timely, informed decisions based on its brief interactions with the organization s executive management. To gain a deeper understanding of the challenges facing their organizations, board members are looking to audit compliance committees, general counsel, chief compliance officers (CCOs), and internal audit executives to provide analysis and insight into the operational performance and regulatory risks that affect their businesses. A growing presence in the boardroom Both the American Health Lawyers Association (AHLA) and PwC have been at the forefront of helping risk and compliance functions understand how they can better support the evolving expectations of their boards of directors. 1 Boards confront an evolving landscape: PwC s Annual Corporate Directors Survey, 2013. http://www.pwc.com/us/en/corporate-governance/annualcorporate-directors-survey/assets/pdf/pwc-annual-corporate-directors-survey-full-report.pdf

In 2003, the AHLA and the Office of the Inspector General of the US Department of Health and Human Services began publishing a three-part series that outlined the evolving responsibilities of corporate compliance executives to their boards of directors. Each publication in the series suggested questions for board members to ask the executive leadership of their organizations regarding the function and performance of risk and compliance. These publications, released in 2003, 2004, and 2007, respectively, addressed the obligations of health care boards to stay apprised of industry risk and compliance issues. While Sarbanes- Oxley was top of mind when the 2003 publication appeared, the 2007 report concerned itself with the evolving risks arising from the proliferation of new financial relationships in the industry, such as pay-for-performance programs, gainsharing, and outcomes management arrangements. State and federal laws closely regulate many of these arrangements, and boards rely on their organizations risk and compliance functions to mitigate the potential legal risks of participating in them. Risk and compliance executives subsequently found themselves having to adapt to changes in the industry that would ultimately push them toward increased engagement with the business. Today, seven years after the last AHLA/OIG corporate responsibility report, health care reform has spawned a growing number of health care delivery models that entail risk and compliance issues not seen before. This shift has made risk and compliance executives even more vital to companies, to the extent that many of these executives now find themselves in the role of strategic decision-maker, participating in their companies planning processes. In this capacity, risk and compliance functions can better educate boards about regulatory developments that could have a tremendous effect on their business. Being on the front end of strategy-setting allows risk and compliance officers to proactively engage leadership rather than being brought in on the back end to change or remediate the fallout of unadvised decisions. Like the AHLA, PwC has also focused on helping risk and compliance executives take on larger roles to navigate an evolving industry landscape. Research from our 2014 State of Compliance Survey reveals that across all industries, compliance executives are being asked to manage an increasingly complex variety of risks. In fact, compliance functions have seen their resources increase 40 percent in the past year to address increasingly nuanced risk issues. However, with little to no increase in their budgets, compliance executives are also being pressured to keep internal spending at a minimum. 2 Today s health care organizations expect their investment in risk management and compliance to not only respond to regulatory and enforcement priorities, but to also support growth by introducing new ways to control costs and allocate resources. Whereas an organization s investment in compliance was once considered a necessary expense, now compliance, legal, and risk management departments have the opportunity to use their broad capabilities to influence and potentially improve the bottom line. Translating broad exposure into actionable insight Unlike business units that focus solely on daily operational tasks, compliance and risk functions engage regularly with a range of departments, which equips them with broad insight into a company s operations. This breadth of exposure, combined with the technical auditing and monitoring skills they bring to the table, positions risk and compliance executives to offer valuable observations to board members as they make business decisions. But translating their observations into strategic board support can be challenging for many risk and compliance departments. For one thing, they must be able to effectively translate the wealth of compliance, operational, and quality-related data they collect on a daily basis into actionable information. Then they must convey that information to board members to help them make informed business decisions about service offerings, new industry competitors, and patient care. Risk and compliance executives who succeed in doing this will be thought of as resources who can help guide a company s strategic direction. This transition can happen in many ways. For example, by segmenting an organization s patient population and compiling patient and physician profiles, risk and compliance functions can help boards better understand and address unexpected declines in patient volume or enrollment. Risk and compliance can then partner with operations to determine opportunities to recapture patients and regain lost revenue. Similarly, risk and compliance intelligence can help a board contemplating an acquisition to determine whether the specialties of an organization s provider network align with the population health of the targeted expansion area. Risk and compliance can also determine the risk profile of the portfolios of businesses under merger consideration. Gauging an organization s risk appetite The strategic role of risk and compliance is increasingly vital as the movement away from fee-for-service to value-based care fundamentally changes the health care marketplace. In the evolving health care economy, organizations are considering the risks and benefits of adopting new capabilities, merging with or acquiring other entities, and integrating complementary organizations. Although the movement toward diversification is spreading across multiple industries, health care organizations are diversifying faster than businesses in other sectors. In PwC s 17th Annual Global CEO Survey, more than half of the health care CEOs we interviewed said they had entered into a joint venture or strategic alliance in the past 12 months (versus one-third of the total survey sample), and a full 69 percent said they plan to do so in the coming 12 months (versus 44 percent of the total survey sample). 3 2 What it means to be a chief compliance officer: Today s challenges, tomorrow s opportunities, PwC s 2014 State of Compliance Survey. http://www.pwc.com/ us/en/risk-management/state-of-compliance-survey/assets/pwc-state-of-compliance-2014-survey.pdf 3 Fit for the future, PwC s 17th Annual Global CEO Survey. http://www.pwc.com/gx/en/ceo-survey/

The megatrends that are driving the future of health care PwC has identified five global megatrends that are transforming the business world and the health care industry in particular. As these trends develop, they could revolutionize risk and compliance management in the industry as we know it: Demographic changes: Growing populations across the world are driving demand for health care services, often in regions traditionally cut off from modern healthcare delivery. Shifts in economic power: As consumers bear more of the costs for health care services, they are seeking more accessible and affordable ways to better address their health care needs. Accelerating urbanization: As the global population increasingly moves to urban centers, health care organizations will have to work to understand the needs of a new demographic of consumers. Climate change and resource scarcity: As global climate change and the need for scientific expertise in the health sciences increase, the health care industry will have to use resources from multiple countries and industries. Technological breakthroughs: Evolving technologies brought about by the proliferation of mobile devices, sophisticated data analytics, and cloud computing will require new health care delivery business models. These trends have the potential to introduce entirely new industries and investment opportunities aimed at improved health care delivery. They are influencing the way companies think about their products and services, marketing tactics, and customers. As companies make strategic decisions to respond to these global changes, their risk profiles will also change. Without flexible risk and compliance programs capable of identifying and monitoring the new risks that will emerge from a health care economy changing in fundamental ways, companies will likely face significant challenges. Risk and compliance functions understand that the full consequences of industry trends are yet to be felt, and they are taking proactive measures to prepare themselves for the future or multiple future scenarios. Health care reform is further encouraging this diversification. Payers and providers are evaluating their options as they examine the benefits and drawbacks of participating in the new public and private insurance exchanges. Many payers that decide to offer coverage through the exchanges as well as the providers that choose to participate in specific care networks are struggling to accurately gauge the risk profiles and manage the health of a new wave of patients. As providers and payers attempt to forecast and develop strategies for growth and expansion in the new health economy, strategic support from risk and compliance may help them make informed decisions such as whether they should they invest in Medicare and Medicaid expansion or develop integrated delivery networks and accountable care organizations. Whether or not organizations make these changes largely hinges on their risk tolerance. Risk appetite varies significantly among industry players. For example, a disruptor, or new market entrant, is generally more likely than a long-established organization to embrace risk. Conversely, a provider operating under a corporate integrity agreement may be more risk-averse because of the intense scrutiny it faces. Another important consideration is the degree of risk sharing and risk absorption across an organization s business units. Are the risk-and compliance-related efforts of a company s business units coordinated and in sync? If so, are they effective in avoiding fraud, waste, and abuse? Or are they redundant, unwieldy, and duplicative? To confront these and other challenges, the boards of many health care organizations rely on enterprise governance risk compliance (egrc) strategies to provide a lens through which to view and understand risks in their daily operations, ongoing initiatives, and projected commitments. When an organization appropriately leverages its egrc strategies, it can obtain a panoramic view of the company s risk profile by bringing enterprisewide compliance and risk management under one aegis. But once this is accomplished, the board must still distill and prioritize an often-overwhelming itemized list of risks into meaningful, relevant, and actionable items. This is where an organization s risk and compliance resources can prove most valuable. Changing what you say Offering boards reams of data that detail compliance activities gives little insight into how such activities may practically influence business outcomes. Because most boards meet relatively infrequently, it can be challenging for board members to consistently keep track of all of the moving parts of an organization.

We re running our health care businesses on technology, so we need to use technology to be proactive, stay ahead of the risks and focus on variations to plan. -Member of the Board of Directors at a large health plan With this in mind, the importance of the manner in which information is presented to the board becomes clear. Such information should be succinct, meaningful, actionable, timely, and even visually engaging to effectively focus board members attention and consideration on the highest risks and priorities. Traditional compliance data, such as training completion rates, hotline calls resolved, and number of complaints resolved, can be informative, but not actionable for a board. Without the context of business processes that lend meaning to this information, deriving practical use from it can be difficult. In their attempt to share information with boards in formats that are familiar, compliance executives may inadvertently separate compliance and risk concerns from larger business considerations. Without a connection to business operations, boards may be inclined to pass over the risk and compliance report to focus on other priorities. Many current operational monitoring reports rely on simple binary systems to indicate problems (for example, less than 28 days indicates compliance, and more than 28 days indicates noncompliance). Because this reactive and reductive mode of reporting does not anticipate or forecast issues, these methods provide limited diagnostic insight regarding factors that may be contributing to noncompliance. To avoid this, compliance officers should focus on identifying and monitoring internal and emerging trends rather than solely reporting metrics. A focus on analysis and recommendations is likely to command considerably more attention and will help the board focus on the areas that pose the most risk to the organization. and how you say it Proactive analysis uses the same available data, but organizes it into predetermined measurement bands and identifies notable trends across relevant time frames. Using this method, risk and compliance executives can rapidly detect trends that may indicate the potential for noncompliance and then present their findings to boards before issues escalate. By anchoring their observations and recommendations in data analytics and operational compliance performance monitoring, risk and compliance officers can increase their value to their organizations by focusing operational resources, reducing risk and preventing waste. An effective visual dashboard report can provide a real-time picture of an organization s compliance activities and their relevance to business operations as a whole. Ideally, these dashboards offer meaningful recommendations that proactively elicit feedback. They are grounded in key performance indicators and data analytics to provide a visual overview of Figure 1 This illustrative example of a compliance dashboard provides an overview of key enterprise risk and compliance issues of concern for board members

Case study: Risk and compliance audit rescues company from operational failures Risk and compliance functions that take a proactive role in their organizations operations can add significant value to the business as a whole. For example, when one large healthcare organization implemented system-wide adjustments to accommodate changes in the business s operating model, the organization s compliance function was an integral part of the project team. By having a seat at the table, compliance was able to use the deep technical audit skill of its internal audit department to monitor project progress and impact across the enterprise. The compliance team introduced and conducted performance audits to help determine whether the organization s performance declined, improved, or remained the same after the operational changes took effect. Ultimately, one of the audits uncovered an operational adjustment that, if left in place, would have unleashed significant compliance failures, negatively affected patients, and placed the organization at regulatory risk. Risk and compliance staff confirmed the audit results and collaborated with operational leaders on how best to present findings and an action plan to the company s board and CEO. The inclusion of risk and compliance from the beginning of the implementation allowed the company to proactively assess performance and uncover potential risks during the implementation. As a result, the company was able to correct course before any negative fallout could occur. compliance metrics and potential risks that should be top of mind for board members. These include organizational risk profile and tolerance, degree of risk sharing and risk absorption across business units, and enumeration of current and anticipated internal, regulatory, and emergent risk issues such as First Tier, Downstream and Related (FDR) entity monitoring and CMS audits. The ideal executive dashboard enables the consumption of a range of metrics at one glance. (See Figure 1.) New data analytics and visualization tools are enabling this kind of panoramic vision and are changing the nature of reporting by providing dynamic, drill-down capabilities that foster a more interactive relationship with data. As a result, today s data visualization tools are allowing risk and compliance departments to become more strategically relevant. Final thoughts Organizations now expect their risk management and compliance functions to not only respond to regulatory and enforcement priorities, but also introduce new ways to control costs and drive growth. Risk and compliance officers are privy to information that boards of directors can use to make informed business and strategic decisions about operational challenges and opportunities, strategic growth and expansion, and technology adoption and implementation. How well payers, providers, and life sciences companies calibrate their compliance spending to support growth, control costs, and manage risks will have a significant effect on how those companies fare in the future health economy. By identifying and prioritizing key issues, proactive risk and compliance functions can give their boards of directors an informed view of the opportunities and threats they may encounter in the marketplace. Tactically arming their boards with the information they need, risk and compliance functions can help measure the effectiveness of core processes and monitor progress toward meeting stakeholder expectations. u

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information