2/7/2013
www.pwc.com
Enterprise Risk Management February 26, 2013
What you do not know will not hurt you!
Enterprise Risk Management PwC
February 26, 2013 2
1
2/7/2013
Agenda • Understand what is Enterprise Risk Management (ERM) • Discuss how to implement ERM • Understand the role of Governance in ERM • Evaluate the key value derived from ERM programs
Enterprise Risk Management PwC
February 26, 2013 3
Stages of ERM Implementation Efforts ERM implementation efforts begin with basic foundational components and progress into advanced analytics and integrated management
5.1 Integration with Management Processes including Planning and Evaluation
1.1 Awareness of Importance of Risk Management
1. Culture and Governance
2.1 Risk Identification and Risk Maps
3.1 Risk Self Assessment Tools
2.2 Risk Governance, Organization, and Policy Design
3.2 Key Risk Indicators, Measures, Controls and Dashboards
2. Risk Identification
3. Risk Measurement
4.1 Management Controls and Corrective Actions
5.2 Aligned Risk Appetite, Limits, and Budgets
4.2 Stress Testing
5.3 Risk-Adjusted Return Metrics
4.3 Internal Model to Quantify Risk and Capital
5.4 Integration with Existing Company Systems
4. Advanced Analytics
5. Integrated Management
Enterprise Risk Management
Enterprise Risk Management PwC
February 26, 2013 4
4
2
2/7/2013
Exercise
Enterprise Risk Management PwC
February 26, 2013 5
Healthcare Risk Areas • Quality/Patient Care
• IT
- Evidence-based practices
- Security/access
- Outcome measures
- Data integrity
- Patient satisfaction
- System implementation
• Revenue Cycle
• Hospital Operations
- Billing errors
- Cost reduction strategies
- CDM accuracy
- Patient safety
- Denials management
- Physician alignment
Enterprise Risk Management PwC
February 26, 2013 6
3
2/7/2013
Healthcare Risk Areas continued • Finance
• Legal
- Accounts receivable reserve
- Stark and anti-kickback
- Financial statements
- Mergers and acquisitions
- Cash management
- Physician contracts
• Compliance
• Mission
- Conflicts of interest
- Community benefits
- Joint Commission
- Canon Law/ERDs
- Policies and procedures
Enterprise Risk Management PwC
February 26, 2013 7
Exercise
Enterprise Risk Management PwC
February 26, 2013 8
4
2/7/2013
Strategic Initiative View Implementation of Electronic Health Records • System implementation • IT security and access • Financial processes (budgeting, capitalization, etc.) • Policies and procedures • Quality outcomes • Patient safety • Cash management
Enterprise Risk Management PwC
February 26, 2013 9
Strategic Initiative View continued Physician Alignment • Physician contracting • Stark and anti-kickback law • Conflict of interest • Patient safety • IT system integration • Labor/pay practices
Enterprise Risk Management PwC
February 26, 2013 10
5
2/7/2013
Where is the risk? • Patient safety or physician contracts • Financial statements or system access and security • Joint Commission matters or Stark violations • Billing errors or lost charges • Electronic health record implementation or physician alignment
Enterprise Risk Management PwC
February 26, 2013 11
Risk Management Approach Recap • Traditional Approach to Risk - Specialized silos – aligned to functional areas - Focused on limited risks - Usually in response to an occurrence • Integrated Approach to Risk - Cross-functional coverage of focused risk set - Can be either reactive or proactive - Use of performance metrics
Enterprise Risk Management PwC
February 26, 2013 12
6
2/7/2013
Risk Management Approach Recap continued
• ERM Approach to Risk - Manages the entire risk portfolio - Aligned with strategic direction and priorities - Provides informed risk-taking decisions - Systematic, well-defined approach - Provides efficient use of resources - Provides a sustainable process
Enterprise Risk Management PwC
February 26, 2013 13
Key Considerations for Implementing ERM • Executive level sponsorship • Governance alignment and reporting • Collaborative risk management process (not a project!) • Common understanding of risk with defined risk criteria • Coordinated across the organization
Enterprise Risk Management PwC
February 26, 2013 14
7
2/7/2013
ERM Implementation Process Flow Board Sets Direction
Establish ERM Structure
Strategic Assessment
Risk Assessment
Establish Priorities and Develop Work Plans
Control Activities
Monitor
Evaluate
Communicate Enterprise Risk Management PwC
February 26, 2013 15
ERM Implementation Key Steps • Board and governance committee direction • Establish ERM team and structure - Cross-functional team of senior management - Charter with defined roles and responsibilities - Workflows and timelines • Strategic assessment - Identify the key strategic and business operating priorities for the organization (importance) - What could prevent organization from achieving the priorities
Enterprise Risk Management PwC
February 26, 2013 16
8
2/7/2013
ERM Implementation Key Steps continued • Conduct Risk Assessment - Develop a common risk criteria matrix - Identify risk assessments already being conducted - Coordinate risk assessment activities - Prioritize/rank key risks • Establish Priorities and Workplans - Identify process and control gaps - Develop control activities - Monitor processes and control compliance Enterprise Risk Management PwC
February 26, 2013 17
ERM Implementation Key Steps continued • Evaluate Risk - What risk remains unmitigated - Collectively, how much risk exists - What resources are needed to reduce the risk • Communicate Results - Reporting formats and detail varies by audience • Continue - This is a process, not a one-time project Enterprise Risk Management PwC
February 26, 2013 18
9
2/7/2013
ERM Implementation Process Flow Board Sets Direction
Establish ERM Structure
Strategic Assessment
Risk Assessment
Establish Priorities and Develop Work Plans
Control Activities
Monitor
Evaluate
Communicate Enterprise Risk Management PwC
February 26, 2013 19
Governance Role in ERM • Board Responsibility - Establish strategic direction - Reduce risk - Guide executive management • Audit Committee - Understand risk management methodologies - Monitor progress - Evaluate results of monitoring functions (Compliance, Internal Audit, etc.)
Enterprise Risk Management PwC
February 26, 2013 20
10
2/7/2013
Governance Role in ERM continued • Specialty Committees - Understand the key risks impacting their area of speciality - Review risk dashboards or key performance indicators - Evaluate management remediation and control activities
Note: Some risks may need to be communicated to several committees based on the broad reach. For example, electronic health records may be reported to the committee responsible for IT and the committee responsible for quality.
Enterprise Risk Management PwC
February 26, 2013 21
Stages of ERM Implementation Efforts ERM implementation efforts begin with basic foundational components and progress into advanced analytics and integrated management
5.1 Integration with Management Processes including Planning and Evaluation
1.1 Awareness of Importance of Risk Management
1. Culture and Governance
2.1 Risk Identification and Risk Maps
3.1 Risk Self Assessment Tools
2.2 Risk Governance, Organization, and Policy Design
3.2 Key Risk Indicators, Measures, Controls and Dashboards
2. Risk Identification
3. Risk Measurement
4.1 Management Controls and Corrective Actions
5.2 Aligned Risk Appetite, Limits, and Budgets
4.2 Stress Testing
5.3 Risk-Adjusted Return Metrics
4.3 Internal Model to Quantify Risk and Capital
5.4 Integration with Existing Company Systems
4. Advanced Analytics
5. Integrated Management
Enterprise Risk Management
Enterprise Risk Management PwC
February 26, 2013 22 22
11
2/7/2013
Key Lessons Learned • Board and executive-level commitment is key • Develop an ERM leader or team - Cross-functional - Senior leaders • Coordinate efforts already in place BEFORE creating new infrastructure • Focus on the BIG picture • Establish ERM as a PROCESS not a PROJECT • Streamline reporting - Dashboard versus detail
Enterprise Risk Management PwC
February 26, 2013 23
Key Value of ERM • Enables a broader view of risk • Identifies emerging risk (proactive versus reactive) • Enables entire organization to view and evaluate risk in a consistent manor using established criteria • Assists in prioritization and usage of resources • Enables better dialogue around risk to achieving strategies and business priorities
Enterprise Risk Management PwC
February 26, 2013 24
12
2/7/2013
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
13