« Posts

Internalizing Enterprise Risk Management

As the healthcare market expands and evolves, the inherent risks also are increasing. These risks include:

  • The shift from volume to value
  • The rise of the consumer and expansion of consumer options
  • New payment models
  • Mobile strategies
  • New entrants
  • An aging population
  • Continued political and regulatory uncertainty


Whereas hospitals/systems have traditionally done well at risk identification and assessment, analysts wrote in a new report from the Healthcare Financial Management Association that “The industry has been less proficient at prioritizing and managing risk.” To do better, healthcare providers must invest more in building effective enterprise risk management (ERM) capabilities. (“ERM: Evolving From Risk Assessment to Strategic Risk Management,” HFMA’s Healthcare Finance Strategies, April 25, 2018)


“By giving an organization insight into how to take the right risks at the right time, an effective ERM program can help the organization more successfully execute its strategic imperatives,” the analysts wrote.


Key Components


Regardless of the initial ERM maturity level in the organization, an important starting point for developing the program begins with clearly defining or reviewing the program’s purpose and value proposition for key stakeholders. This exercise will help determine whether the current program is effectively serving the organization and is well positioned to drive the level of change needed while managing risk in a dynamic and complex environment.


The organization should create a risk culture and governance in alignment with its strategic planning process and build out risk processes with the support of governance, risk and compliance (GRC) technologies.


The five key components of the program include:


Building a risk culture.  Identifying, understanding and managing risk should be a priority and responsibility of all members of the management team. Risk topics should be part and parcel of day-to-day operations discussions as well as committee meetings and executive team discussions.


“Organizational risks should be defined more broadly than simply as events that result in challenges and issues that must be avoided. It is important that all stakeholders within the hospital or health system understand both the risks and opportunities presented, and the uncertainties that need to be balanced to make an informed decision on whether to pursue the opportunity.” (“ERM: Evolving From Risk Assessment to Strategic Risk Management,” HFMA’s Healthcare Finance Strategies, April 25, 2018)


Formalizing risk governance. The board, senior management and functional management should have specific roles within the risk-management process and recognize their active roles within the risk-governance process. They should be accountable for their participation in the process, and guides and protocols should be created to clearly define when and how issues of risk are to be escalated.


Aligning ERM with strategic planning. To achieve greater alignment to the organization’s strategic planning process, organizational leaders should leverage the results of the risk assessment to promote a discussion around the implications of the risk profile. These conversations ultimately should lead to integration of the ERM processes within key functions such as planning, mergers and acquisitions, and program management for strategic initiatives.


Standardizing the risk management process. A standardized risk management process relies on data analysis to define the qualitative and quantitative impact of risk on an organization’s ability to accomplish its strategic initiatives and execute its day-to-day business decisions. Organizational leaders should review all risk scenarios to understand the implications of changing business models, industry events and trends and the interrelatedness and combined impact of risk. Using this information, as well as risk appetite, risk management professionals can incorporate the changes over time and drive further resource allocation discussions.


Leveraging GRC technology to capture and coordinate risk management activities. As the risk environment evolves, enhanced and more sophisticated tools help to support an advancing risk management process and improve coordination of core risk management activities. These tools provide greater access to shared data and information across the organization and improve resiliency. (“ERM: Evolving From Risk Assessment to Strategic Risk Management,” HFMA’s Healthcare Finance Strategies, April 25, 2018)




The Board’s Role in Leading Through Transition, iProtean, now part of Veralon’s latest advanced Governance course, now appears in your library. It features Karma Bass and Marian Jennings on issues such as dealing with uncertainty, new elements for evaluating the CEO, prudent risk-taking, critical questions, recommended practices, destination metrics and changing over time.


Coming soon: The Volume to Value Paradox featuring Nate Kaufman, Marian Jennings and Dan Grauman.



For a complete list of iProtean, now part of Veralon courses, click here.



For more information about iProtean, now part of Veralon, click here.