1 grand river hospital 2010 enterprise risk assessment “who’s vote wins?” julie nicholls,...
TRANSCRIPT
1
Grand River Hospital Grand River Hospital
2010 Enterprise Risk Assessment 2010 Enterprise Risk Assessment
“Who’s Vote Wins?”“Who’s Vote Wins?”
Julie Nicholls, Director Risk ManagementJulie Nicholls, Director Risk Management
2
Presentation objectives
1. Background• Explain the model used at GRH• Share learning's from previous ERM assessments
2. 2010 ERM process
3
Grand River Hospital; Who are we?
♦ Large community hospital; 500 beds across 2 sites & 5 satellites.
♦ Regional cancer centre, dialysis provider & mental health services provider (doubling in 2010).
♦ 4000 births annually♦ 65,000 ED visits annually♦ 10,000 surgeries♦ 3000 staff♦ 300 physicians
4
Risk Management at GRH
♦ Loss control!♦ A process to identify, mitigate and prevent harm.
ENTERPRISE risk management (ERM);
A corporate process to develop a consolidated understanding of where GRH could be exposed to harm; financial harm, physical harm, inability to provide appropriate patient care…
5Background
♦ 2006/07 - Identified that there was no method of broadly understanding what risks may affect GRH, i.e., an enterprise risk management (ERM) process.
♦ Environmental scan resulted in the adoption of the Winnipeg Regional Health Authority ERM model.
♦ 2007 new CEO created a GRH model.
6Board Risk Management Policy
7
LIKELIHOODIMPACT
Insignificant Minor Moderate Major Extreme
Almost Certain 1. ER crowding
2. Form 1 in ER
3. Nursing recruitment
Likely
Possible
Unlikely
Rare
Example of End Result: Heat Map from 2007
8
2007 Process
Positive:♦ CEO & Board chair buy-in♦ Awareness of ERM concept at management
level
Negative:♦ Information too detailed/operational/granular♦ Process was not built into our planning
processes The results did not influence ongoing & future
decisions
9
1. Background• Explain the model used at GRH• Share learning's from previous ERM assessments
2. 2010 ERM process
Presentation objectives
10
Changes in ERM 09/10
1. New program structures and leadership across the hospital.
2. Consolidation of risks into broader themes3. Concept of an Internal Audit function
introduced in 2010.
11Enterprise Risk Management Assessment (ERMA) Process
Identify Risks
Analyze and
Quantify Risks
Integrate Risks into
Current Activities
Prioritize Risks
Mitigate Risks
Monitor identified risksand
review emerging risks
12
ERMA Timelines
Dec Jan Feb Mar Apr May June
Identify Risks (from external review sources)
Identify Risks (from internal reviews)
Analyze and quantify risks
Prioritize risks
Mitigate risks/Create action plans
Board presentations and integration into operating plan
13
ERMA Inputs
1. Winnipeg Assessment tool2. Results from Patient Safety Walkabouts/Tracers3. External review sources
HIROC RMSAM, Accreditation Canada, ISMP
4. QCIPA Rounds results5. Incident reporting trends6. Analysis of litigations & patient complaints7. Best practice opportunities (AHRQ 11 practices,
leapfrog group, JHACO)
14
ERMA Inputs
8. Public Reporting Requirements (Funding opportunities)
9. Operational plans- GRH, LHIN, MOH.
10. Employee safety concerns- ie ministry of labour, WSIB trends
11. Employee & physician recruitment trends
12. Assessment tools through for High risk areas;
Obstetrics
Emergency Services
Surgical Services
Anaesthesia
Psychiatric Services
Radiology Services
13. Employee, Management & Board Feedback
15
ERMA Goal
To learn from management:“What are the critical issues that worry you or even keep
you up at night?” The important issues that you feel are not addressed OR not
addressed adequately
Clinical Operations
Over 60 identified risks.
16Enterprise Risk Management Assessment (ERMA) Process
Identify Risks
Analyze and
Quantify Risks
Integrate Risks into
Current Activities
Prioritize Risks
Mitigate Risks
Monitor identified risksand
review emerging risks
17
Analysis
GRH Criteria:♦ Mitigating strategies can be developed for the risk♦ The risk is currently unmitigated or incompletely
mitigated♦ The risk has a serious impact outside of ‘expected’
business failures
**Filtered out extremely low probability occurrences even if there was potential to be high impact**
♦ Narrowed the risks to 22 high level risks.
18Enterprise Risk Management Assessment (ERMA) Process
Identify Risks
Analyze and
Quantify Risks
Integrate Risks into
Current Activities
Prioritize Risks
Mitigate Risks
Monitor identified risksand
review emerging risks
19
Senior Leadership Survey
Task 1: Add any risks you feel were left out to the list.
Task 2: Rank likelihood & significance of the risks.
1____________________5_________________________9 low likelihood highly likely to occur in 3 years low significance highly significant impact
Risk likelihood assesses the probability that the underlying risk event will occur, over a 3-year timeframe, assuming the current specific risk management activities are in place to manage the risk.
The measurement of risk significance assumes that the underlying risk event has occurred and the intention is to assess the impact it would have on the Grand River’s ability to execute its strategies and achieve its objectives.
20
Prioritization
♦ Surveyed executive team members Individually ranked 22 risks for significance & probability of the
risk occurring on a scale of one to nine.
♦ Averaged scores to assign ranking.♦ Determined the standard deviation in responses.
♦ Those with a high deviation in responses were brought forward for group discussions with the executive team.
21
Who’s vote wins?
Average Sum
DeviationMax-Min
Likelihood Significance
Likelihood Significance
Min. Ave. Max. Min. Ave. Max.Total
(L&S)
5 7.14 8 6 7.14 9 14.29 1.07 1.07
5 6.43 8 5 6.79 8 13.21 0.98 0.99
3 5.57 7 5 7.29 9 12.86 1.62 1.50
3 5.83 7 5 7.00 9 12.83 1.60 1.26
4 5.67 8 5 7.00 9 12.67 1.63 1.67
3 5.07 7.5 3 6.57 9 11.64 2.09 1.81
3 5.57 7 3 6.00 8 11.57 1.40 1.63
2 4.33 7 5 6.67 9 11.00 1.97 1.51
1 4.00 7 5 7.00 9 11.00 2.55 1.41
4 5.17 7 4 5.67 8 10.83 1.33 1.37
22
Prioritization
♦ Five hours of Senior Leadership discussions to; Understand the perspectives of those who ranked
the risk differently Adjust and refine the risk definitions
23
Prioritization
♦ Results: ‘heat map’ of eight highest risks♦ High priority risk actions put forward for board approval
in the hospital operating plan in June 2010.
Life goes on…♦ Two risks that were in the top 22 become more
concerning due to information discoveries. ♦ Two are added and become the ‘top ten’.
24
Risks that may relate to the delivery of health care that include internal and
external factors impacting on the operations of the organization
Risks related to the resources used by the organization to accomplish its objectives
Risks that originate from the requirement to comply with a regulatory framework,
policies, directives or legal agreements
Quality Care & Patient Safety Human Resources & Staff Relations Environment, Health & Safety
Infection controlMedication safetyPatient assessmentSpecialty physician access
Human Resources availability & SkillsLabour relationsCompetency & professional practice
Policies Financial Legal & Regulatory
Clinical & administrative policies & procedures Capital & Operating fundingCompensation & benefitsInternal Controls
Contracts & Agreements management processes
Operations & Business Support Information Systems/Technology Corporate Governance
Security ServicesRegionalized / Centralized functionsParkingInsuranceAcute Inpatient Capacity
Clinical documentation / Information management strategyDisaster recoveryHuman Resources Information Systems "HRIS" risks
Leadership development & workforce managementOrganizational structure and cultural shifts
Standards Physical Assets Reputation & Public Image
Aging infrastructure & facility management
Underlined risks are the top 10 risks
GRH Updated Risk Framework – 22 risks
25Enterprise Risk Management Assessment (ERMA) Process
Identify Risks
Analyze and
Quantify Risks
Integrate Risks into
Current Activities
Prioritize Risks
Mitigate Risks
Monitor identified risksand
review emerging risks
26
High Risk – 1: Capital & Operating FundingThe risk that insufficient access to funds threatens the hospital capacity to
achieve its mission, objectives and financial obligations.
Mitigating strategy: Seek out opportunities to reduce operational costs and explore potential revenue streams including shared or integrated service delivery.
Owner(s): CEO & CFO
Action #1: Creation of a ‘business development’ position to increase revenue.
Progress: Results:
Action #2: Build capacity in finance and decision support to understand and report on HBAM model
Progress: Results:
Action #3: Investigate and develop partnership(s) and/or shared services aiming to reduce hospital operational expenses.
Progress: Results:
Action #4: Work with foundation to maximize donation revenues.
Progress: Results:
Business Risk Resource Risk Compliance Risk
27
Ongoing Process
♦ Current focus; broad education on the 2010 assessment.
♦ Develop understanding that this is an ongoing process
♦ Begin external analysis again! HIROC’s Risk Management Self Assessment Module
(RMSAM) ISMP self-assessment
28
Lessons learned 2010
♦ Full ERMA takes 6 months♦ Cross sectional core group results in better outcome♦ Buy-in from senior leaders important♦ Keep detailed notes on information, source and data on
each identified risk for future reference♦ Engrain results into overall hospital planning processes
(ie capital approval processes, operating plans)