1

Grand River Hospital Grand River Hospital

2010 Enterprise Risk Assessment 2010 Enterprise Risk Assessment

“Who’s Vote Wins?”“Who’s Vote Wins?”

Julie Nicholls, Director Risk ManagementJulie Nicholls, Director Risk Management

2

Presentation objectives

1. Background• Explain the model used at GRH• Share learning's from previous ERM assessments

2. 2010 ERM process

3

Grand River Hospital; Who are we?

♦ Large community hospital; 500 beds across 2 sites & 5 satellites.

♦ Regional cancer centre, dialysis provider & mental health services provider (doubling in 2010).

♦ 4000 births annually♦ 65,000 ED visits annually♦ 10,000 surgeries♦ 3000 staff♦ 300 physicians

4

Risk Management at GRH

♦ Loss control!♦ A process to identify, mitigate and prevent harm.

ENTERPRISE risk management (ERM);

A corporate process to develop a consolidated understanding of where GRH could be exposed to harm; financial harm, physical harm, inability to provide appropriate patient care…

5Background

♦ 2006/07 - Identified that there was no method of broadly understanding what risks may affect GRH, i.e., an enterprise risk management (ERM) process.

♦ Environmental scan resulted in the adoption of the Winnipeg Regional Health Authority ERM model.

♦ 2007 new CEO created a GRH model.

6Board Risk Management Policy

7

LIKELIHOODIMPACT

Insignificant Minor Moderate Major Extreme

Almost Certain 1. ER crowding

2. Form 1 in ER

3. Nursing recruitment

Likely

Possible

Unlikely

Rare

Example of End Result: Heat Map from 2007

8

2007 Process

Positive:♦ CEO & Board chair buy-in♦ Awareness of ERM concept at management

level

Negative:♦ Information too detailed/operational/granular♦ Process was not built into our planning

processes The results did not influence ongoing & future

decisions

9

1. Background• Explain the model used at GRH• Share learning's from previous ERM assessments

2. 2010 ERM process

Presentation objectives

10

Changes in ERM 09/10

1. New program structures and leadership across the hospital.

2. Consolidation of risks into broader themes3. Concept of an Internal Audit function

introduced in 2010.

11Enterprise Risk Management Assessment (ERMA) Process

Identify Risks

Analyze and

Quantify Risks

Integrate Risks into

Current Activities

Prioritize Risks

Mitigate Risks

Monitor identified risksand

review emerging risks

12

ERMA Timelines

Dec Jan Feb Mar Apr May June

Identify Risks (from external review sources)

Identify Risks (from internal reviews)

Analyze and quantify risks

Prioritize risks

Mitigate risks/Create action plans

Board presentations and integration into operating plan

13

ERMA Inputs

1. Winnipeg Assessment tool2. Results from Patient Safety Walkabouts/Tracers3. External review sources

HIROC RMSAM, Accreditation Canada, ISMP

4. QCIPA Rounds results5. Incident reporting trends6. Analysis of litigations & patient complaints7. Best practice opportunities (AHRQ 11 practices,

leapfrog group, JHACO)

14

ERMA Inputs

8. Public Reporting Requirements (Funding opportunities)

9. Operational plans- GRH, LHIN, MOH.

10. Employee safety concerns- ie ministry of labour, WSIB trends

11. Employee & physician recruitment trends

12. Assessment tools through for High risk areas;

Obstetrics

Emergency Services

Surgical Services

Anaesthesia

Psychiatric Services

Radiology Services

13. Employee, Management & Board Feedback

15

ERMA Goal

To learn from management:“What are the critical issues that worry you or even keep

you up at night?” The important issues that you feel are not addressed OR not

addressed adequately

Clinical Operations

Over 60 identified risks.

16Enterprise Risk Management Assessment (ERMA) Process

Identify Risks

Analyze and

Quantify Risks

Integrate Risks into

Current Activities

Prioritize Risks

Mitigate Risks

Monitor identified risksand

review emerging risks

17

Analysis

GRH Criteria:♦ Mitigating strategies can be developed for the risk♦ The risk is currently unmitigated or incompletely

mitigated♦ The risk has a serious impact outside of ‘expected’

business failures

**Filtered out extremely low probability occurrences even if there was potential to be high impact**

♦ Narrowed the risks to 22 high level risks.

18Enterprise Risk Management Assessment (ERMA) Process

Identify Risks

Analyze and

Quantify Risks

Integrate Risks into

Current Activities

Prioritize Risks

Mitigate Risks

Monitor identified risksand

review emerging risks

19

Senior Leadership Survey

Task 1: Add any risks you feel were left out to the list.

Task 2: Rank likelihood & significance of the risks.

1____________________5_________________________9 low likelihood highly likely to occur in 3 years low significance highly significant impact

Risk likelihood assesses the probability that the underlying risk event will occur, over a 3-year timeframe, assuming the current specific risk management activities are in place to manage the risk.

The measurement of risk significance assumes that the underlying risk event has occurred and the intention is to assess the impact it would have on the Grand River’s ability to execute its strategies and achieve its objectives.

20

Prioritization

♦ Surveyed executive team members Individually ranked 22 risks for significance & probability of the

risk occurring on a scale of one to nine.

♦ Averaged scores to assign ranking.♦ Determined the standard deviation in responses.

♦ Those with a high deviation in responses were brought forward for group discussions with the executive team.

21

Who’s vote wins?

Average Sum

DeviationMax-Min

Likelihood Significance

Likelihood Significance

Min. Ave. Max. Min. Ave. Max.Total

(L&S)

5 7.14 8 6 7.14 9 14.29 1.07 1.07

5 6.43 8 5 6.79 8 13.21 0.98 0.99

3 5.57 7 5 7.29 9 12.86 1.62 1.50

3 5.83 7 5 7.00 9 12.83 1.60 1.26

4 5.67 8 5 7.00 9 12.67 1.63 1.67

3 5.07 7.5 3 6.57 9 11.64 2.09 1.81

3 5.57 7 3 6.00 8 11.57 1.40 1.63

2 4.33 7 5 6.67 9 11.00 1.97 1.51

1 4.00 7 5 7.00 9 11.00 2.55 1.41

4 5.17 7 4 5.67 8 10.83 1.33 1.37

22

Prioritization

♦ Five hours of Senior Leadership discussions to; Understand the perspectives of those who ranked

the risk differently Adjust and refine the risk definitions

23

Prioritization

♦ Results: ‘heat map’ of eight highest risks♦ High priority risk actions put forward for board approval

in the hospital operating plan in June 2010.

Life goes on…♦ Two risks that were in the top 22 become more

concerning due to information discoveries. ♦ Two are added and become the ‘top ten’.

24

Risks that may relate to the delivery of health care that include internal and

external factors impacting on the operations of the organization

Risks related to the resources used by the organization to accomplish its objectives

Risks that originate from the requirement to comply with a regulatory framework,

policies, directives or legal agreements

Quality Care & Patient Safety Human Resources & Staff Relations Environment, Health & Safety

Infection controlMedication safetyPatient assessmentSpecialty physician access

Human Resources availability & SkillsLabour relationsCompetency & professional practice

Policies Financial Legal & Regulatory

Clinical & administrative policies & procedures Capital & Operating fundingCompensation & benefitsInternal Controls

Contracts & Agreements management processes

Operations & Business Support Information Systems/Technology Corporate Governance

Security ServicesRegionalized / Centralized functionsParkingInsuranceAcute Inpatient Capacity

Clinical documentation / Information management strategyDisaster recoveryHuman Resources Information Systems "HRIS" risks

Leadership development & workforce managementOrganizational structure and cultural shifts

Standards Physical Assets Reputation & Public Image

Aging infrastructure & facility management

Underlined risks are the top 10 risks

GRH Updated Risk Framework – 22 risks

25Enterprise Risk Management Assessment (ERMA) Process

Identify Risks

Analyze and

Quantify Risks

Integrate Risks into

Current Activities

Prioritize Risks

Mitigate Risks

Monitor identified risksand

review emerging risks

26

High Risk – 1: Capital & Operating FundingThe risk that insufficient access to funds threatens the hospital capacity to

achieve its mission, objectives and financial obligations.

Mitigating strategy: Seek out opportunities to reduce operational costs and explore potential revenue streams including shared or integrated service delivery.

Owner(s): CEO & CFO

Action #1: Creation of a ‘business development’ position to increase revenue.

Progress: Results:

Action #2: Build capacity in finance and decision support to understand and report on HBAM model

Progress: Results:

Action #3: Investigate and develop partnership(s) and/or shared services aiming to reduce hospital operational expenses.

Progress: Results:

Action #4: Work with foundation to maximize donation revenues.

Progress: Results:

Business Risk Resource Risk Compliance Risk

27

Ongoing Process

♦ Current focus; broad education on the 2010 assessment.

♦ Develop understanding that this is an ongoing process

♦ Begin external analysis again! HIROC’s Risk Management Self Assessment Module

(RMSAM) ISMP self-assessment

28

Lessons learned 2010

♦ Full ERMA takes 6 months♦ Cross sectional core group results in better outcome♦ Buy-in from senior leaders important♦ Keep detailed notes on information, source and data on

each identified risk for future reference♦ Engrain results into overall hospital planning processes

(ie capital approval processes, operating plans)