Entrpris Risk Managmnt Framwrk Nrth Simc Muskka LHIN Jun 2010 Prpard by Tim Brry, MBA,CMA Snir Dirctr Financ and Risk Managmnt
NSM LHIN Risk Managmnt Framwrk Th lightr sid f risk managmnt ERM Framwrk Jun 2010 2
NSM LHIN Risk Managmnt Framwrk Tabl f Cntnts Excutiv Summary... 4 Risk Ovrsight... 5 Risk Dfinitins... 6 Rls and Rspnsibilitis... 8 Principls f Risk Managmnt... 11 Risk Managmnt Prcss... 12 NSM LHIN Risk Managmnt... 21 Exhibit A Risk Rgistr LHIN Opratins... 24 Exhibit B Risk Rgistr LHIN Halth Systm... 25 Matrial Surcs... 26 ERM Framwrk Jun 2010 3
NSM LHIN Risk Managmnt Framwrk Excutiv Summary Th Nrth Simc Muskka Lcal Halth Intgratin Ntwrk (NSM LHIN) is cmmittd t prviding high quality halth car and srvics, nhancing th safty f clints, staff, familis, vluntrs and prsrving its rputatinal and financial intgrity in rdr t cntinu its missin. Currntly, risk managmnt with th NSM LHIN has bn addrssd thrugh a varity f prcsss including: Quartrly rprting f financial risks t th Ministry f Halth and Lng-Trm Car Quartrly rprting f variancs rlatd t prfrmanc rquirmnts in th Ministry- LHIN accuntability agrmnt Varying dgrs f risk lvatin basd n issu idntificatin by staff What s missing is an assssmnt f risk n an rganizatin r ntrpris-wid basis. Th stablishmnt f an Entrpris Risk Managmnt (ERM) systm is fundd n th philsphy that ladrship sts th tn and dircts ffrts acrss th rganizatin t fstr a cultur that valus larning, innvatin, rspnsibl risk taking, cntinuus imprvmnt and cmmitmnt t addrss th undrlying systm factrs that cntribut t risk. An ERM systm shuld satisfy th fllwing bjctivs at th NSM LHIN: 1. t stablish an ERM systm as a critical cmpnnt in achiving quality and safty gals and financial prfrmanc targts, plus prtcting and nhancing NSM LHIN s rputatin. 2. t stablish all frms f risk that th rganizatin may fac and t utlin risk idntificatin stratgis, risk mitigatin prcsss and mnitring and rprting t achiv ffctiv ERM. 3. t stablish a structurd analytical prcss that fcuss n idntifying and liminating risks that will impact n achivmnt f bjctivs. Th bnfits f an ERM systm t th NSM LHIN ar: 1. Practiv rathr than ractiv managmnt f risk rsulting in mr succsss, fwr stbacks, and mr ffctiv pratins and cntrls. 2. Mr ffctiv and structurd apprach t pprtunitis and thrats by managing th assciatd risks in ffctiv and fficint ways. 3. Imprvd stakhldr trust and cnfidnc in th rganizatin. 4. Bttr crprat gvrnanc thrugh imprvd undrstanding f risks, thir cntrl and gnral rsilinc and rbustnss f th rganizatin. ERM Framwrk Jun 2010 4
NSM LHIN Risk Managmnt Framwrk Risk Ovrsight In its rprt n th Currnt Stat f Entrpris Risk Managmnt Ovrsight, th Amrican Institut f Crtifid Public Accuntants (AICPA) nts that th intns fcus n bard vrsight f risk managmnt prcss cntinus in 2010. A Dcmbr 2009 survy f vr 700 xcutivs rprsnting rganizatins f varius sizs and industris cnductd by th AICPA shws sm intrsting trnds rlativ t ntrpris risk vrsight. Ovr 63% f rspndnts bliv that th vlum and cmplxity f risks hav changd Extnsivly r A Grat Dal in th past fiv yars. 49% f rspndnts dscribd th sphisticatin f thir risk vrsight prcsss as immatur t minimally matur. Almst 70% ntd that managmnt ds nt rprt th ntity s tp risk xpsurs t th bard f dirctrs. Almst 57% f rspndnts hav n frmal ntrpris-wid apprach t risk vrsight. Only a small numbr (11%) f rspndnts bliv thy hav a frmal ntrpris-wid risk managmnt prcss in plac. 53% f rspndnts currntly d n frmal assssmnt f stratgic, markt, r industry risks, and 51% ntd that thy d nt maintain any risk invntris n a frmal basis. Dscriptin f th Stat f ERM Currntly in Plac Prcntag f Rspndnts N ntrpris-wid managmnt prcss in plac 40.1% Currntly invstigating cncpt f ntrpris-wid risk managmnt, but hav mad n dcisin yt 16.7% N frmal ntrpris-wid risk managmnt prcss in plac, but hav plans t implmnt 10.2% Partial ntrpris-wid risk managmnt prcss in plac (i.., sm, but nt all, risk aras addrssd) 22.0% Cmplt frmal ntrpris-wid risk managmnt prcss in plac 11.0% Dspit th grwing dmand fr mr ffctiv risk vrsight, th lvl f ntrpris-wid risk vrsight acrss a wid spctrum f rganizatins rmains fairly immatur. Many crprat gvrnanc rfrm xprts hav calld fr th mbrac f ERM, a tp-dwn, hlistic viw f th invntry f ky risk xpsurs ptntially affcting an ntrpris s ability t achiv its bjctivs. ERM Framwrk Jun 2010 5
NSM LHIN Risk Managmnt Framwrk Risk Dfinitins Entrpris risk managmnt can b viwd as a natural vlutin f th prcss f risk managmnt. Thr ar many variatins f th dfinitin f risk managmnt. Th Cmmitt f Spnsring Organizatins (COSO), cnsidrd a wrld ladr in risk managmnt, dfins ntrpris risk managmnt as: a prcss, ffctd by th ntity s bard f dirctrs, managmnt and thr prsnnl, applid in stratgy stting and acrss th ntrpris, dsignd t idntify ptntial vnts that may affct th ntity, and manag risk t b within its risk apptit, t prvid rasnabl assuranc rgarding th achivmnt f ntity bjctivs. Othr dfinitins includ: a cmprhnsiv, systmatic prcss that assists dcisin-makrs in idntifying, analyzing, valuating and trating all typs f risks, bth intrnal and xtrnal t th rganizatin. managing th unaccptabl variatin frm th xpctd f bth psitiv and ngativ cnsquncs f activitis. It is imprtant that a hlistic apprach b takn t ERM. Oftn rganizatins addrss risk in sils, with th managmnt f varius dpartmnts ach cnductd as narrwly fcusd and fragmntd activitis. Undr ERM, all risk aras wuld functin as parts f an intgratd, stratgic, and ntrpris-wid systm. Whil risk managmnt is crdinatd with snir-lvl vrsight, mplys at all lvls f th rganizatin using ERM ar ncuragd t viw risk managmnt as an intgral and nging part f thir jbs. Entrpris Risk Managmnt (ERM) is a systmatic prcss f idntifying, analyzing and rspnding t risk. Th what f risk is anything f variabl uncrtainty and significanc that intrfrs with th achivmnt f businss stratgis and bjctivs. It invlvs dvlping flxibl stratgis aimd at prvnting any ngativ vnt frm ccurring r t minimiz any ptntial harm and prvid rasnabl assuranc rgarding th achivmnt f th rganizatin s bjctivs. Risk rfrs t th uncrtainty in achiving rganizatin bjctivs r th uncrtainty that surrunds futur vnts and utcms. Th uncrtaintis includ: th liklihd f th vnt ccurring th xpctd frquncy f th vnt ccurring th svrity f th utcm if th vnt ccurs. Th fundamntal natur and cnsquncs f risk apply qually t fr-prfit and nt-fr-prfit rganizatins. In nt-fr-prfit rganizatins, risk is usually frmalizd as uncrtainty in ERM Framwrk Jun 2010 6
NSM LHIN Risk Managmnt Framwrk achiving th rganizatin s statd qualitativ bjctivs fr xampl, a prvincial halth ministry may hav th bjctiv f imprving sm masur f th ppulatin s halth, and risk rlats t uncrtainty in achiving that targt. Opratinal accuntability dmands that all agncis including th LHINs, halth srvic prvidrs, and th MOHLTC, must dmnstrat accuntability thrugh risk managmnt by rcgnizing, rviwing and analyzing ky risk cncpts and cnsidratins. Majr risk catgris includ: 1. Opratinal Risk: Th risk f dirct r indirct lss r inability t prvid cr srvics, spcially t stakhldrs, rsulting frm inadquat r faild intrnal prcsss, ppl and systms r frm xtrnal vnts. Opratinal risks invlvs factrs such as tchnical r quipmnt malfunctins and human rrr, lack f priritizatin, managmnt supprt r xprtis, tc. This cms frm th dsign and implmntatin f masurs and prcsss that supprt accuntability and vrsight, bing abl t attract talnt with xprinc in transfrmatin and chang managmnt and addrssing bradr systm-wid prssurs fr halth car rsurcs. 2. Financial Risk: Th risk f financial lss t th rganizatin s ability t arn, rais r accss capital as wll as csts assciatd with its transfr f risk. This includs ffctivnss f financial prcsss fr rprting, budgting, funding allcatin and fiscal stwardship as wll as mnitring f full financial rprting f th halth srvic prvidrs by th LHINs. 3. Rputatinal Risk: Th risk f significant ngativ public pinin that rsults in a critical lss f cnfidnc (patint, staff, physician, family, public). Th risk may invlv actins that crat a lasting ngativ imag f, r lss f cnfidnc in, th vrall pratins f th LHIN. 4. Stratgic Risk: Th risk assciatd with th rganizatin s initial stratgy slctin, xcutin r mdificatin vr tim, rsulting in a lack f achivmnt f th rganizatin s vrall bjctivs. Prcsss and cntrls must b sustainabl, dfnsibl and mak sns in th cntxt f an rganizatin s risk and pratinal priritis. ERM Framwrk Jun 2010 7
Rls and Rspnsibilitis 1. LHIN Bard NSM LHIN Risk Managmnt Framwrk Fundamntally, th rl f th bard is t nsur that th risk managmnt prcsss dsignd and implmntd by th LHIN snir managmnt act in cncrt with th LHIN s stratgic visin. Th bard must xrcis apprpriat vrsight t b cnfidnt that risk managmnt prcsss ar functining as dsignd and that adquat attntin is paid t th dvlpmnt f a cultur f risk-awar dcisin making thrughut th rganizatin. Excutd prprly, an ERM systm can and shuld bcm an intgral cmpnnt f th LHIN s stratgy, cultur, and valu-cratin prcss. Th LHIN s ERM systm shuld bring t th bard s attntin th LHIN s mst significant risks and allw th bard t undrstand and valuat hw ths risks may b crrlatd, th mannr in which thy may affct th LHIN s mitigatin r rspns stratgis. Fr bard purpss it is usful t discuss rganizatin risk within th cntxt f th classic cntrl cycl (Dming paradigm) f plan, d, chck and act (PDCA, Figur 1). It is snir managmnt s rspnsibility t plan, implmnt, mnitr, and rvis majr stratgic initiativs, all f which simultanusly crat and affct rganizatinal risk. This mans that th bard must nsur that th LHIN s stratgic plans ar adquatly basd n apprpriat, rliabl, and cmplt infrmatin which, in turn, rquirs th bard t undrtak an assssmnt f th LHIN s stratgic plan. Figur 1 ERM Framwrk Jun 2010 8
NSM LHIN Risk Managmnt Framwrk Th bard must vrify that managmnt has put in plac cntrl systms t nsur that its majr initiativs hav bn implmntd as plannd and that thr ar ffctiv systms t mnitr and valuat th succssful achivmnt f bjctivs. Th LHIN Bard s rspnsibility is t nsur: a) th LHIN stratgic plan is basd n apprpriat, rliabl, and cmplt infrmatin b) cntrl systms ar in plac t nsur that majr LHIN initiativs hav bn implmntd as plannd and that mitigatin stratgis ar in plac c) cntrl systms ar in plac t mnitr and valuat th succssful achivmnt f bjctivs d) managmnt rgularly cmpars plannd and actual rsults, and apprpriatly rvaluats stratgy n that basis 2. LHIN Snir Managmnt An ERM apprach t risk managmnt rquirs a tp-dwn viw f risks fac by th rganizatin. Visibl ladrship frm and mbracd by th LHIN snir managmnt tam is a critical cmpnnt t an ffctiv ERM systm. Ths rganizatins that hav startd dwn th ERM path attst t th rality that th adptin f a hlistic viw f risks, which rquirs that risk infrmatin b shard transparntly acrss th rganizatin, rquirs a mindst r cultur whr risk managmnt prmats all lvls f th rganizatin Th LHIN CEO has vrall rspnsibility fr risk managmnt and will nsur th ffctiv xcutin f th LHIN ERM systm. Th LHIN CEO will nsur that all risk managmnt activitis ar crdinatd and n significant risk is vrlkd. Th LHIN Snir Dirctr Financ and Risk Managmnt is rspnsibl fr: a) th dvlpmnt, implmntatin, and rviw f th ERM systm including th rviw f risk managmnt plicis, prcdurs and plans b) th dvlpmnt f prcsss t idntify risks acrss th NSM LHIN c) th dvlpmnt f a standardizd risk analysis framwrk including lvls f svrity f impact and lvls f liklihd f th risk ccurring d) assssmnt and analysis f critical incidnts ) th prvisin f analytical rprts and rcmmndatins rgarding risk fr th LHIN ladrship tam, th bard and th bard audit and financ cmmitt f) ngaging managmnt and snir ladrship in discussins rgarding vnts r dvlpmnts that culd xps th LHIN t ptntial risks/lsss. ERM Framwrk Jun 2010 9
NSM LHIN Risk Managmnt Framwrk 3. LHIN Staff As mntind prviusly, it is imprtant that a hlistic apprach b takn t ERM. Whil risk managmnt is crdinatd with snir-lvl vrsight, mplys at all lvls f th rganizatin using ERM ar ncuragd t viw risk managmnt as an intgral and nging part f thir jbs. Accrdingly, staff has an inhrnt rspnsibility t idntify risks in thir rspctiv prgrams/prjcts in rdr t assist in dvlping and implmnting risk managmnt stratgis. ERM Framwrk Jun 2010 10
Principls f Risk Managmnt NSM LHIN Risk Managmnt Framwrk Th Intrnatinal Standards Organizatin (ISO) ffrs a framwrk fr Risk Managmnt in its publishd guid, ISO 31000 Risk Managmnt Principls and Guidlins. It incrprats bst practic frm a numbr f lading intrnatinal risk managmnt standards. Th vrarching cncpt f th ISO ERM framwrk is that th risk managmnt in an rganizatin is fully intgratd int th managmnt and dirctin f th rganizatin. Risk managmnt is just n aspct f managmnt and is just n mr tl availabl t managrs bsids tls fr: pratins, financ, planning, human rsurcs, and s frth. Risk managmnt is nt an add-n stp but rathr is fully intgratd and mbddd in all dcisin prcsss. Th ISO framwrk is principl-basd rathr than prscriptiv. Th vrarching ISO principl is that risk managmnt shuld hav nt valu t th rganizatin. ISO idntifid 10 principls fr risk managmnt which prvid th basic attributs fr ERM: 1. Crats valus fr bjctivs f halth, rputatin, prfits, cmplianc and s n, lss th csts f risk managmnt. 2. Is an intgral part f rganizatinal prcsss including prjct managmnt, stratgic planning, auditing, and all thr prcsss. 3. Is part f dcisin making thrugh analysis and valuatin t undrstand risk and dtrmin its accptability as tratd. 4. Explicitly addrsss uncrtainty and hw it can b mdifid. 5. Is systmatic, structurd and timly and prducs rpatabl and vrifiabl utcms and dcisins. 6. Is basd n th bst availabl infrmatin including histrical data, xprt pinin, stakhldr cncrns, and s frth, tmprd with th quality and availability f th infrmatin. 7. Is tailrd t th rganizatin, its bjctivs, its risks, and its capabilitis. 8. Taks human and cultural factrs int accunt in additin t tchnical and thr hard factrs that impact th liklihd f cnsquncs. 9. Is transparnt and inclusiv s that cmmunicatins and cnsultatin with stakhldrs and thrs kps th risk managmnt and risk critria currnt and rlvant. 10. Is dynamic, itrativ and rspnsiv within a cntinuus imprvmnt nvirnmnt that rspnds t changs in cntxt, trnds, risk factrs and thr intrnal and xtrnal factrs. ERM Framwrk Jun 2010 11
Risk Managmnt Prcss NSM LHIN Risk Managmnt Framwrk Th Risk Managmnt Prcss is fundamntally a fiv-stp prcss: 1) Risk Idntificatin 2) Risk Analysis 3) Risk Evaluatin 4) Risk Tratmnt 5) Mnitring and Rviw Outlind blw ar tw tmplats which dpict th Risk Managmnt Prcss. Ths tmplats ar nt flw charts but rlatinal diagrams and can b tailrd t th NSM LHIN. A tailrd apprach is dsignd t nsur that risk managmnt is bth practical and alignd with th LHIN s structurs, prcsss, and bjctivs. Risk Managmnt Prcss Exampl 1 This tmplat illustrats th tactical prcss f Risk Managmnt vrlaid by th stratgic prcss: ERM Framwrk Jun 2010 12
Risk Managmnt Prcss Exampl 2 NSM LHIN Risk Managmnt Framwrk What is at risk and why? CONTEXT Businss and prjct bjctivs Prjcts in th cntxt f th businss Businss and prjct bundaris What (and whr) ar th risks? RISK IDENTIFICATION Surcs f risk What ar th risks? Hw d thy aris? Grupings and assciatins Maintain databas Cmmunicat and xplain What is knwn abut thm? RISK ANALYSIS Charactristics Classificatin Estimats f liklihd Ptntial cnsquncs Mnitr ffctivnss f prcss Rviw bjctivs, dcisins and assumptins Hw imprtant ar thy? Scndary risks RISK EVALUATION St critria Dcid ranking Slct priritis Updat plans What shuld b dn abut thm? RISK TREATMENT Idntify ptins Evaluat ptins Plan tratmnt masurs Assss scndary risks Allcat rspnsibilitis Implmnt tratmnt ERM Framwrk Jun 2010 13
NSM LHIN Risk Managmnt Framwrk Risk Managmnt Prcss Risk Assssmnt Risk Assssmnt invlvs thr tasks: 1) Risk Idntificatin 2) Risk Analysis 3) Risk Evaluatin 1.0 Risk Idntificatin Risk idntificatin is th prcss thrugh which th rganizatin bcms awar f risks that cnstitut ptntial lss xpsurs. Th primary prcss f risk idntificatin is t idntify risks t th rganizatin which wuld rduc r rmv liklihd f th rganizatin raching its stratgic bjctivs. Th Ontari Public Srvic uss 13 catgris fr risk: 1) Cmplianc/Lgal 2) Equity 3) Financial 4) Gvrnanc/Organizatinal 5) Infrmatin/Knwldg 6) Opratinal r Srvic Dlivry 7) Ppl/Human Rsurcs 8) Plitical 9) Privacy 10) Scurity 11) Stakhldr/Public Prcptin 12) Stratgic/Plicy 13) Tchnlgy Risks assciatd with any dcisin must b idntifid and placd in a risk rgistr r risk lg bfr thy can b tratd, vn if it is latr dtrmind that th risk lvls with xisting cntrls ar accptabl. It is assumd that nt all risks will b idntifid and s thr nds t b a prvisin fr mnitring and rviw t add risks t th rgistr. In many cass risks can b dscribd in aggrgat trms rprsnting dzns r mr sub-risks. Risk idntificatin can mply numrus mthds r tchniqus including: Brainstrming Intrviws and slf-assssmnt Facilitatd wrkshps Qustinnairs and risk survys Scnari analysis ERM Framwrk Jun 2010 14
NSM LHIN Risk Managmnt Framwrk 2.0 Risk Analysis Th purps f risk analysis is t prvid th dcisin makr with sufficint undrstanding f th risk, that thy ar satisfid thy hav th apprpriat lvl f knwldg abut th risk t mak dcisins n risk tratmnt and accptanc. Risk analysis may b rganizd int stimats f liklihd f vnts, stimats f cnsqunc f vnts and stimats f th cmbind ffct f liklihd and cnsquncs accrding t th risk critria. Th stps in risk analysis includ: 1) Assign th Svrity/Impact/Cnsqunc f th risk (i.., Minr, Mdrat, Majr, Svr). 2) Assign th Liklihd/Frquncy f th risk ccurring (i.., Rar, Unlikly, Likly, Almst Crtain). 3) Scr Risk Impact using a Risk Matrix (i.., Minr, Mdrat, Majr, Svr). 4) Priritiz actin. A risk map (smtims calld a hat map) is n f th mst cmmnly usd mthds t dpict th largst risks facing an rganizatin. It is visually appaling, and asy t undrstand and dscrib. It typically cnsists f tw axs: th vrtical axis shwing th ptntial impact f th risk and th hrizntal axis shwing th stimatd liklihd f th risk ccurring - bth usually masurd n a scal f 1 (lw) t 5 (high). A gnric xampl f a risk map is as fllws: LIKELIHOOD IMPACT 1 2 3 4 5 5 Mdrat Extrm Extrm Extrm Extrm 4 Lw Mdrat High Extrm Extrm 3 Lw Lw Mdrat High High 2 Lw Lw Lw Lw Mdrat 1 ERM Framwrk Jun 2010 15
Exampls f tw Risk Maps: NSM LHIN Risk Managmnt Framwrk Rug Vally Halth Systm (Scarbrugh) IMPACT LIKELIHOOD Insignificant Minr Mdrat Majr Extrm Almst Crtain Mdrat Mdrat High Risk Critical Risk Critical Risk Risk Risk Likly Lw Risk Mdrat High Risk Critical Risk Critical Risk Risk Pssibl Lw Risk Mdrat Mdrat High Risk High Risk Risk Risk Unlikly Lw Risk Lw Risk Mdrat Mdrat High Risk Risk Risk Rar Lw Risk Lw Risk Lw Risk Mdrat Risk Mdrat Risk Albrta Halth Srvics LIKELIHOOD CONSEQUENCE/ IMPACT Rar Unlikly Pssibl Likly Almst Crtain Catastrphic Mdrat Extrm Extrm Extrm Extrm Majr Lw Mdrat High Extrm Extrm Mdrat Lw Lw Mdrat High High Minr Lw Lw Lw Lw Mdrat ERM Framwrk Jun 2010 16
Risk Evaluatin/Scring Scal/Matrix NSM LHIN Risk Managmnt Framwrk Th Ontari Public Srvic Risk (OPS) uss th fllwing rating scal: Valu Liklihd Impact Prximity Scal 1 Unlikly t ccur Ngligibl Impact Mr than 36 mnths Vry lw 2 May ccur ccasinally Minr impact n tim, cst r quality 12-24 mnths Lw 3 Is as likly as nt t ccur Ntabl impact n tim, cst r quality 6-12 mnths Mdium 4 Is likly t ccur Substantial impact n tim, cst r Lss than 6 mnths High quality 5 Is almst crtain t ccur Thratns th succss f th prjct Nw Vry High 3.0 Risk Evaluatin An imprtant lmnt f risk valuatin is risk tlranc. Risk tlranc is ky t achiving ffctiv ERM and it must b cnsidrd bfr dtrmining hw risks can b addrssd. Risk tlranc is th risk xpsur an rganizatin dtrmins apprpriat t tak r avid taking. It s an imprtant cmpnnt f risk managmnt in that it clarifis what risk xpsurs ar accptabl t tak and what xpsurs ar t b avidd. Th cncpt may b lkd at in diffrnt ways dpnding n whthr th risk bing cnsidrd is an pprtunity r a thrat. Sm risk may nt b within th ability f th LHIN t cmpltly manag it rsulting in risk xpsur r rsidual risk. Dtrmining risk tlranc invlvs applying judgmnt - giving carful cnsidratin t th fllwing ky factrs: 1) NSM LHIN s attitud twards risk. 2) NSM LHIN s gals 3) NSM LHIN s capability t manag risk 4) NSM LHIN s capacity t absrb th impact f ptntial lss rlatd t taking th risk. 5) Th cst/bnfit f managing th risk. Each factr must b cnsidrd individually and cllctivly rflcting ultimatly that th NSM LHIN must b in a psitin t dmnstrat that it is apprpriatly managing th risks t which it is xpsd in pursing its gals. ERM Framwrk Jun 2010 17
NSM LHIN Risk Managmnt Framwrk An imprtant part f frmalizing and cmmunicating risk tlranc is thrugh plicis. Whr th bard f dirctrs has dlgatd dcisin-making rspnsibility t managmnt, plicis shuld b writtn which clarify: Th risk tlranc (i.. paramtrs) within which th bard xpcts managmnt t manag risk. Th infrmatin that managmnt shuld prvid t th bard abut th managmnt f th risk, s that th bard can carry ut its vrsight rspnsibilitis. Givn th cmplx natur f th LHIN and its halth srvic prvidrs varianc f dlivry mdls, risk must b assssd at multipl lvls. Frm an ntrpris-wid prspctiv, risk tlranc is dtrmind frm th risk bundaris th bard and snir managmnt ar willing t tlrat. At a mr granular lvl, thr may b pratinal initiativs which rquir spcific statmnts f risk tlranc. Risk Tratmnt (Rspnding t Risk - Plan and tak Actin) Th risk assssmnt xrcis will dtrmin th actin plan with rspct t th mitigatin f th risk. It is hr whr cntrl r mitigatin stratgis ar idntifid r frmulatd and implmntd. Th fcus/pririty shuld b n ths risks that ar th mst likly t ccur and which hav th mst impact n a prjct, th rganizatin r th halth systm as a whl. Cnsidr th Risk Map xampls idntifid arlir. Rgardlss f th frmat r styl chsn in th dvlpmnt f a Risk Map, th fundamntal fcus nds t b n th uppr right ara as this is whr th mst svr risks ar scrd. Figur 2 dpicts th ara f primary fcus High Impact/ High Liklihd. Figur 2 4 3 High Impact Lw Liklihd High Impact High Liklihd Impact f Risk 2 1 Lw Impact Lw Liklihd Lw Impact High Liklihd 1 2 3 4 Liklihd f risk ccurring ERM Framwrk Jun 2010 18
NSM LHIN Risk Managmnt Framwrk Anthr, but similar way t lk at whr th rganizatin nds t fcus its risk mitigatin ffrts is rprsntd in Figur 3, which maps risks ut in trms f Impact n Stratgic Objctivs. Figur 3 Mdium High Critical Impact n Stratgic Objctiv Critical Majr Managabl Lw Mdium High Lw Lw Mdium Rmt (<10%) Pssibl (10%-50%) Liklihd Likly (>50%) Th ky cncpts fr th valuatin, slctin and dsign f an ffctiv prgram f risk tratmnts ar: Dtrmin if risk xpsur is within tlranc lvls. If nt, adjust risk rspns activitis. T dtrmin hw bst t manag a risk, yu nd t undrstand hw it ariss. Thr ar tw typs f risk tratmnts: Prvntin activitis aimd at rducing th liklihd f ccurrnc f th risk vnt and Mitigatin activitis aimd at rducing magnitud f th impact shuld th risk vnt ccur. Managmnt f mst risks cnsists f a cmbinatin f prvntin and mitigatin masurs. Th fcus shuld b n prvntin as it is typically mr cst-ffctiv hwvr, bcaus n prvntin rgimn is prfct it is prudnt t put in plac strng mitigatin activitis. T mitigat a risk is t mdrat r allviat a risk t lssn it in sm way. It is cmmn in risk managmnt circls t think f a chic amng fur basic altrnativs fr managing a givn risk: 1) Avid: W can chs t nt tak actin that wuld crat an xpsur f sm kind. 2) Rduc: Th managr gs ahad with th invstmnt r thr ndavurs that has sm risks, but taks stps t lssn thm. ERM Framwrk Jun 2010 19
NSM LHIN Risk Managmnt Framwrk 3) Transfr r Shar: Risks can b transfrrd t smn ls. Insuranc is th bst xampl f this as is th transfr f risk thrugh cntractual mthds. 4) Accpt: This is th dfault chic fr any risk managmnt. Yu simply accpt th risk as is. Mnitring and Rviwing Mnitring and rviw ar ky t th cntinuus imprvmnt f risk managmnt. Fr xampl, mst apprachs t risk maturity xamin hw mnitring and rviw lads t actins and thn t bsrvabl imprvmnts. Evry aspct f th Risk Managmnt Prcss nds t b mnitrd and rviwd with th fllwing in mind: Has th risk changd in charactr du t trnds? Ar thr nw risks vlving r mrging? Has th cntxt fr th risk managmnt changd? Is th risk tratmnt plan bing implmntd? As plannd? Ar cntrls ffctiv? What is th apprpriat frquncy f mnitring? Basd n actual utcms fr bjctivs, was th risk assssmnt accurat? Can mnitring b imprvd by idntifying bttr ky prfrmanc indicatrs? ERM Framwrk Jun 2010 20
NSM LHIN Risk Managmnt Prcss Risk Idntificatin NSM LHIN Risk Managmnt Framwrk NSM LHIN Risk can b sparatd int tw majr aras: 1. LHIN Opratins 2. Halth Systm/Halth Srvic Prvidrs Within ach ara f risk thr ar svral catgris f risk. A cnsrtium f fur LHINs, ld by th Cntral East LHIN, dvlpd a list f varius risk catgris. Thy ar as fllws: LHIN Opratins Catgry Opratinal Risk Cmpnnts Privacy Lgal & Rgulatry Facility Infrmatin Tchnlgy Human Rsurcs Issus Managmnt Crprat Gvrnanc Rputatinal Risk Stratgic Risk Financial Risk Halth Systm/Halth Srvic Prvidrs Catgry Opratinal Risk (HSPs/Halth Systm) MLAA Risk Rputatinal Risk Cmpnnts Stakhldr Rlatins Lgal & Rgulatry Prfrmanc Managmnt Prgrams Prjcts Infrmatin Tchnlgy Halth Human Rsurcs Privacy & Scurity Quality Car & Safty Envirnmnts & Infrastructur Financial Risk Stratgic Risk Prfrmanc Risk ERM Framwrk Jun 2010 21
NSM LHIN Risk Managmnt Framwrk A cmmn apprach t spcific risk idntificatin is thrugh th intrviw prcss. Th NSM LHIN is rganizd arund ggraphical rgins with ach rgin having lads. In rdr t drill dwn frm th Risk Cmpnnt lvl, as idntifid in th prvius chart, t spcific risks, it maks sns thn t ngag th ggraphic lads. Risk Analysis 1. Assign th Liklihd/Frquncy f th risk ccurring 2. Assign th Svrity/Impact/Cnsqunc f th risk Valu Liklihd Valu Impact 1 Rar 1 Insignificant 2 Unlikly 2 Minr 3 Pssibl 3 Mdrat 4 Likly 4 Majr 5 Almst Crtain 5 Extrm 3. Assign th Svrity/Impact/Cnsqunc f th risk (i.., Minr, Mdrat, Majr, Extrm). NSM LHIN Risk Matrix r Hat Map LIKELIHOOD IMPACT Rar Unlikly Pssibl Likly Almst Crtain Extrm Lw Mdium High Extrm Extrm Majr Lw Mdium High High Extrm Mdrat Lw Mdium Mdium High High Minr Lw Lw Mdium Mdium High Insignificant Lw Lw Lw Lw Lw Risk Rating Liklihd X s Rating Impact Scr LOW 0-5 MEDIUM 6-11 HIGH 12-19 EXTREME > 20 Risk Rgistr Clur Cd ERM Framwrk Jun 2010 22
NSM LHIN Risk Managmnt Framwrk Risks assciatd with any dcisin must b idntifid and placd in a risk rgistr r risk lg bfr thy can b tratd, vn if it is latr dtrmind that th risk lvls with xisting cntrls ar accptabl. Thr ar many xampls f a risk rgistr. Th rcmmndd rgistr fr th NSM LHIN is a variatin f th risk rgistr currntly usd by th Vancuvr Island Halth Authrity. Tw risk rgistrs wuld b stablishd, n fr LHIN Opratins, th thr fr th Halth Systm. Each risk rgistr wuld thn cntain a furthr brakdwn f rlatd risk catgris: Risk Rgistrs - LHIN Opratins Rgistr and Halth Systm Rgistr Risk Cmpnnt (i.., human rsurcs, crprat gvrnanc, infrmatin tchnlgy) Dscriptin f Risk Inhrnt Risk Rating Which is th prduct f Risk Liklihd and Risk Cnsqunc Th rsults f th multiplicatin f Risk Liklihd and Risk Cnsqunc will crrspnd t a clur cdd rating as dscribd in th chart abv. Impact/Cnsqunc Rating f 1-5 fr ach catgry Mitigatin Stratgy Rsidual Risk rating Th risk rating aftr th implmntatin f th mitigatin stratgy Chang status (i.., incrasd, dcrasd, sam) Exhibit A, Nrth Simc Muskka LHIN Risk Rgistr, rprsnts an xampl f a prpsd Risk Rgistr fr th catgry f LHIN Opratins. Exhibit B, Nrth Simc Muskka LHIN Risk Rgistr, rprsnts an xampl f a prpsd risk Rgistr fr th catgry f Halth Systm. ERM Framwrk Jun 2010 23
NSM LHIN Risk Managmnt Framwrk Exhibit A Risk Catgry Risk Cmpnnt Opratinal Risk Human Rsurcs Risk Ownr EMC Dscriptin f Risk Spac shrtag at LHIN ffics mans unabl t staff t sufficint lvls - Largr ffic spac puts prssur t stay within prating budgt L i k l i h d Nrth Simc Muskka LHIN C n s q u n c Risk Rgistr - LHIN Opratins T t a l Inhrnt Risk Rating Q u a r t r s n 4 4 16 HIGH 2 R g i s t r Impact/Cnsqunc Mitigatin Stratgy Csts vrruns and inability t srvic stakhldrs Rdisgn ffic spac t incras ability t add staff. Expand n virtual ffic practic L i k l i h d C n s q u n c T t a l Rsidual Risk Rating Incrasd Dcrasd N Chang 2 2 4 LOW Dcrasd Opratinal Risk Privacy EMC Lss f ky talnt Infrmatin Brach f cnfidntiality du t staff Opratinal Risk Tchnlgy practics Infrmatin Opratinal Risk Tchnlgy Opratinal Risk Facilitis Opratinal Risk Lgal & Rgulatry Opratinal Risk Privacy Rputatinal Risk Human Rsurcs Stratgic Risk Lgal & Rgulatry 2 4 8 MEDIUM 3 1 4 4 Businss cntinuity Succssin planning, crss functinal rls LOW Dcrasd Rputatin damag, csts Dvlp plicis arund apprpriat 5 3 15 HIGH 1 1 3 3 (lgal) prtctin & tchnlgy standards LOW Dcrasd 3 5 15 HIGH 1 3 4 12 HIGH Dcrasd 3 5 15 HIGH 0 3 5 15 HIGH Sam 2 3 6 MEDIUM 0 2 3 6 MEDIUM incrasd 4 3 12 HIGH 0 4 3 12 HIGH Sam 1 5 5 LOW 0 3 5 15 HIGH Sam 4 4 16 HIGH 0 3 4 12 HIGH incrasd Financial Risk Facilitis 4 5 20 EXTREME 0 5 5 25 EXTREME Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam ERM Framwrk Jun 2010 24
Risk Catgry Risk Cmpnnt Risk Ownr Dscriptin f Risk Clinical Prgrams ABC Hspital ABC hspital in a significant dficit psitin L i k l i h d C n s q u n c T t a l Exhibit B Nrth Simc Muskka LHIN Risk Rgistr - Halth Systm Inhrnt Risk Rating Q u a r t r s n 5 5 25 EXTREME 3 R g i s t r Impact/Cnsqunc Mitigatin Stratgy Inability t prvid ffctiv srvics Dirctd an pratinal audit - Dficit rcvry plan submittd- Establishd a cmmunicatin stratgy with th MOHLTC, NSM LHIN & ABC Hspital L i k l i h d C n s q u n c T t a l Rsidual Risk Rating Incrasd Dcrasd N Chang 3 5 15 HIGH Dcrasd Clinical Prgrams XYZ Hspital Clinical Prgrams EMC Clinical Prgrams TTT Hspital Clinical Quality Car & Safty HHH Hspital Infrmatin Opratinal Risk Tchnlgy Halth Human Opratinal Risk Rsurcs Opratinal Risk Opratinal Risk Privacy & Scurity Quality Car & Safty XYZ hspital prjcting a small dficit psitin DEF Agncy xpands srvics t a nw ppulatin which is utsid f thir mandat Vlums nt mt in fiscal yar fr incrmntal funding fr Hip & Kn rplacmnt Cst vrruns and inapprpriat quality f car du t wrng patint placmnt 1 4 4 LOW 2 Inability t prvid ffctiv srvics 4 3 12 HIGH 4 3 4 12 HIGH 1 4 5 20 EXTREME 2 Inability t prvid ffctiv srvics fr mandatd activitis Funding is clawd back and impacts n futur srvics Prssur t balanc budgt. Inability t dlivr apprpriat car path Submissin f Dficit Rcvry Plan Utiliz M-SAA t stp this activity 1 4 4 LOW Sam 1 3 3 LOW Dcrasd Rquirs bth rganizatins t crdinat surgical schduls t achivd th cmbind 1 4 4 LOW targt Timly assssmnt & patint transfr t apprpriat stting Dcrasd 2 5 10 MEDIUM Sam 2 3 6 MEDIUM 0 2 3 6 MEDIUM incrasd 4 3 12 HIGH 0 4 3 12 HIGH Sam 1 5 5 LOW 0 3 5 15 HIGH Sam 4 4 16 HIGH 0 3 4 12 HIGH incrasd MLAA Risk MLAA Risk MLAA Risk Financial Risk Stratgic Risk (Car Cnnct) Prfrmanc Risk 4 5 20 EXTREME 0 5 5 25 EXTREME Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam 0 0 0 LOW 0 0 0 0 LOW Sam ERM Framwrk Jun 2010 25
Matrial Surcs 1. Entrpris Risk Managmnt, Tday s Lading Rsarch and Bst Practics fr Tmrrw s Excutivs Frasr & Simkins Jhn Wily. 2. Cntral East LHIN Entrpris Risk Managmnt plicy - snt t LHIN CEO s March 22, 2010. 3. CMA Canada Managmnt Magazin A Dirctr s guid t Risk and its Managmnt Nvmbr, 2004. 4. Risk Managmnt Tl Kit fr nn-fr-prfit xcutivs P. Vintt and S. Hartly Canadian Scity f Assciatin Excutivs. 5. Entrpris Risk Managmnt Framwrk papr prpard by Shazia Khkar. 6. Basic Framwrks fr Risk Managmnt March, 2003 J. Shrtrrd, J. Hicks, L. Craig Ntwrk fr Envirnmntal Risk Assssmnt and Managmnt. 7. Rprt n th Currnt f Entrpris Risk Ovrsight: 2 nd ditin 2010 Amrican Institut f Crtifid Public Accuntants. 8. Albrta Halth Srvics Risk Analysis and Evaluatin Guid. 9. Vancuvr Island Halth Authrity Risk Rgistr. 10. Harvard Businss Rviw Managing Risk in th Nw Wrld Octbr, 2009. ERM Framwrk Jun 2010 26