Renee Blomme, Corporate Risk Manager April 16, 2013 Ontario Risk and Insurance Managers Society...
-
Upload
michelle-payne -
Category
Documents
-
view
220 -
download
3
Transcript of Renee Blomme, Corporate Risk Manager April 16, 2013 Ontario Risk and Insurance Managers Society...
Renee Blomme, Corporate Risk Manager
April 16, 2013
Ontario Risk and Insurance Managers Society
North York General’s ERM Program The Good, The Bad and The Ugly
North York General
• 3 Sites: General Site – 418 Acute Care Beds Branson Site – Urgent Care, Diagnostics and Clinics
Seniors’ Health Centre – 192 Long Term Care Beds Emergency and Urgent Care Visits – 113,030 Outpatient Visits – 211,652 Inpatient Cases – 29,529 Births – 5,865
• Serving 440,000 residents within North Central Toronto and Southern York Region
• $315M Annual Operating Budget
• 3,141 Staff
• 1015 Physicians
• 900 Volunteers
In The Beginning………
Risk Management:• a clinically focused approach• examined risks individually• assumed that adverse events occurred
resulting in financial losses• focused on protecting the assets of the
organization• primarily REACTIVE not PROACTIVE
What Did This Result In?
My “Ah-Hah” Moment
ENTERPRISE
RISK
MANAGEMENT
Next Steps
• Reading
• Consultation
• Telephone calls
• Meetings
• Educational sessions
• Heated discussions
Have Realistic Expectations
Don’t expect to
boil the ocean
© NYGH
ERM Defined“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”
(Committee of Sponsoring Organizations of the Treadway Commission, 2004, p. 8).
Objectives Of ERM
To develop and implement:
•an interdisciplinary approach to risk management•a continuous, proactive process that enables the organization to make strategic decisions that contribute to the achievement of the organization’s overall objectives•a process where risk management is integrated into daily activities•a culture where risk management becomes everyone’s responsibility
Objectives Of ERM – cont’d
Provide opportunity:
•for education•to collectively identify risks•to reduce operational surprises and losses
ERM Process
• Identify the risks
• Analyze the risks
• Evaluate the risks
• Identify gaps through a gap analysis
• Mitigate the risks
• Monitor & review
Potential Risk Impact Expected Control
BUSINESS RISK – Risks that may relate to the delivery of health care that include internal & external factors impacting on the operations of the department.
QUALITY CARE & PATIENT SAFETY
1. Monitoring the quality of service is not being performed on a consistent basis.
Opportunities to improve and achieve the best possible outcomes may be missed.
The quality of services is reviewed by selecting/monitoring indicators, collecting/analyzing data, identifying areas to improve and sharing the evaluation results with primary stakeholders (CCHSA Acute Care Services Standard 3.1).
Clients, families and other organizations are involved in the evaluation of services (CCHSA Acute Care Services Standard 3.2).
A process to solicit feedback from clients exists (i.e. complaints, satisfaction surveys, and focus groups) (CCHSA Acute Care Services Standard 3.2).
Service improvements are made on the basis of service outcomes (CCHSA Acute Care Services Standard 3.3).
Potential Risk Example
Evaluate the Risk
• Likelihood & impact• Inherent risk• Residual risk
Risk Identification & Mapping
IMPACT
LIKELIHOOD Insignificant Minor Moderate Major Extreme
Almost Certain Moderate
Risk Moderate
Risk High Risk Critical Risk Critical Risk
Likely Low Risk Moderate
Risk High Risk Critical Risk Critical Risk
Possible Low Risk Moderate
Risk Moderate
Risk High Risk High Risk
Unlikely Low Risk Low Risk Moderate
Risk Moderate
Risk High Risk
Rare Low Risk Low Risk Low Risk Moderate
Risk Moderate
Risk
Critical Risk• Certain or likely to occur with major impact
• Not willing to accept risk
High Risk• Likely to occur with moderate impact
• Possible to occur but major impact
• Not willing to accept risk
Moderate Risk• Likely to occur with insignificant impact
• Unlikely to occur with minor-moderate impact
• Willing to accept some risk
Low Risk• Unlikely or rare occurrence with minor impact
• Willing to accept risk
Levels Of Risk
Risk Level Action and Level of Involvement Required
Critical Risk Inform Chief Executive Officer and Board of Directors Immediate action required
High Risk Inform Chief Executive Officer Senior Leadership Team Member involvement/attention is
essential to manage risks – provide report to Board as appropriate
Moderate Risk Inform relevant Senior Leadership Team Member Management mitigation and ongoing monitoring required
Low Risk Manage by routine procedures within the program and site Accept, but monitor risks
Communication Of Priorities
Gap Analysis
• What needs to be done?• Focus on:
– Highest risk– Easy wins
Controls
Hard Controls:• Policies• Procedures• Regulations• Laws• Checks and Balances• Direct Supervision• Organizational
Structure
Soft Controls:• Culture and ethics• Clear objectives• Strong leadership• Transparency
Mitigation Strategies
Potential Risk
Significance/ Impact
Likeli-
hood/
Impact
Control
Activities
Likeli-
hood/
Impact
Strategies to Reduce or Eliminate
the Risk
Time-
line
Respon-
sible
Individual
Management and staff are unaware of approved policies
Confusion aboutrelevant policy
Unintentionalnon-compliancewith policy
Likely
Processes are in placeto distribute approvedpolicies to NYGHmanagement and staff
Tools are establishedand used to facilitatethe communication ofapproved policies(i.e. Intranet)
Possible
Development oftemplate tools toinclude in educationand implementationguide
Standard teachingtemplate
Use of “My LearningEdge” strategies
Sept. 11
Sept. 11
Sept. 11
Susan,Paul
Amy
Andy
High Moderate
Corporate Risk Manager
Results
• Completed all domains (12)
• Board Updates – last minute scramble
• Many action items identified
• Minimal ROI
• Identification of frequency of leadership turnover
• Decision to start again
How To Get Started – The Second Time
Revised Process
1. Domains need to be reasonable size
2. Timing – think of others
3. Accountability structure – does it work?
4. Where and how to identify risks?
Current ERM Framework – 18 DomainsBusiness Risk
Risks that relate to the delivery of healthcare that include internal and
external factors impacting on the operations
Resource RiskRisks that relate to the resources used by the organization to accomplish its
objectives
Compliance RiskRisks that originate from the requirement to comply with a
regulatory framework, policies, directives or legal agreements
Quality Care And Patient Safety (7)
Human Resources And Staff Relations
Environment, Health And Safety
Informed Consent, Care Plans
Consults, Referrals
HR Planning, Competency And Staff Development, Performance Management,
Labour Relations
Hazardous Material Handling, Occupational Health And Safety, Infection
Control
Corporate Governance Financial Legal And Regulatory
Strategic Goals And Objectives, Performance Reporting, Culture, Ethics,
Org Structure, Partnerships And Alliances
Funding Allocation, Planning And Budgeting, Insurance, Financial
Management And Reporting, Fraud
Medical Staff By-laws, Legislation And Regulations, Contracts And Agreements,
Credentialing And Licensing
Operations And Business Support
Information, Systems And Technology
Policies
Quality And Risk , Supply Chain, Health Information Management, Security,
Disaster Management
E Health Strategy, Infrastructure, Access Control, Data Integrity, User Support
Clinical Policies, Administrative Policies, Internal Guidelines And External
Directives
Reputation And Public Image Physical Assets Standards
Public Relations, Media Relations, Government Relations, Pt Relations
Asset Management, Capital Construction, Equipment Acquisition, Replacement And
Maintenance
CCHSA Accreditation Standards, Professional Regulatory Bodies And
Standards Committees
ERM Accountability StructureBusiness Risk
Risks that relate to the delivery of healthcare that include internal and
external factors impacting on the operations
Resource RiskRisks that relate to the resources used by the organization to accomplish its
objectives
Compliance RiskRisks that originate from the requirement to comply with a
regulatory framework, policies, directives or legal agreements
Quality Care And Patient Safety (7)
Human Resources And Staff Relations
Environment, Health And Safety
Program Quality Committee
Quality of Care Committee
Quality Committee of the Board
Human Resource Team
HR Committee of the Board
New Team
Quality of Care Committee
Quality Committee of the Board
Corporate Governance Financial Legal And Regulatory
Senior Leadership Team
Governance Committee of the Board
Finance Team
Audit & Finance Committee of the Board
Senior Leadership Team
Quality Committee of the Board
Operations And Business Support
Information, Systems And Technology
Policies
New Team
Quality of Care Committee
Quality Committee of the Board
IS Committee
Quality of Care Committee
Quality Committee of the Board
Quality of Care Committee
Quality Committee of the Board
Reputation And Public Image Physical Assets Standards
Corporate Communications Team Quality Committee of the Board
New Team
Quality of Care Committee
Quality Committee of the Board
IPC Committee
Quality of Care Committee
Quality Committee of the Board
HR & StaffRelations
Corporate Governance
Quality Care&Patient Safety
Finance
Information, Systems & Technology
StandardsPolicies
Legal & Regulatory
Environmental,Health & Safety
Operations &Business Support
Reputation &Public Image
ERM
AccreditationCIRP
RCAFMEA
Hazard Alerts
PhysicalAssets
SLIP
Corporate Risk Manager
Results
• Completed all domains (18)
• Frequent Board Updates
• Many action items identified
• Decision to start again
How To Get Started – The Third Time
THINK AHEAD
with the end in mind.
© NYGH
Revised Process
1. Effective use of Domain Team:a) Identification of potential risksb) Review of current processc) Expert in the roomd) Development of their own document
2. Accountability structure – integrate into current reporting structure
Internal
• Reports from insurer – Risk Management Claims Analysis Report (RMCAR)
• Actual and potential medico-legal claims• Incident reporting data• Patient Experience Office data• Critical Incident Reviews• Root Cause Analysis• Failure Mode Effects Analysis
External
• Listserves• Coroner Reports• Hazard Alert & Product Recalls
• Legislative Updates:– http://www.oha.com/CurrentIssues/LegislativeAnalysis/Pages/Default.aspx
– http://www.ontla.on.ca/web/bills/bills_current.do?locale=en
– http://www.blg.com/EN/HOME/PUBLICATIONS/Pages/default.aspx
– http://www.millerthomson.com/en/publications/articles/search
Most Important Resource…
What Keeps You Up At Night?
Results
• Completed all domains (22)
• 1st time Communication of Priorities enacted
• Board Updates – combined with Program Reports
• Many action items identified
• Physician engagement
• Capacity building
However……..
Process Under Construction
Revised Process
1. Literature review
2. Visits to experts
3. Review of current domains
4. How do corporate committees fit into domains?
What Doesn’t Fit?
Build The Infrastructure
Facilitation Expertise
Commitment fromDomain Owner
Senior LevelSupport Realistic
Expectations
Technology
Attitude
Ongoing Evaluation
© NYGH
Success Factors
• Board and Senior Team Support
• Technology
• Opportunity for corporate education and learning
• Open and Transparent Process
• Consultation with Stakeholders
• Accountability Structure
• Plan for ongoing monitoring
Lessons Learned
• Allocate appropriate time
• Consider dividing large domains
• Combine documents
• Provide scripting
• Be cognizant of changes in leadership
• Appreciate competing priorities
• Collective wisdom - having the right people at the table
THANK YOU!For more information please contact:Renee [email protected]