If you have not yet embraced enterprise risk management, be prepared to do so in the very near future. ASHRM’s 2014 president Jacque Mitchell tells HRMR why the society is putting so much effort into educating risk managers about this proactive and strategic approach.
Enterprise risk management—ERM—has been a buzzword in healthcare for several years and is fast becoming essential to the work of risk managers. In fact, many risk managers are already using an ERM approach without realizing it.
ERM requires risk managers to take a broader view of risk within their organizations, looking both within and beyond the clinical setting to identify potential issues that could harm the organization and managing those risks.
It is an ongoing, structured and analytical process that can and should involve everyone within the organization, at every level and within every unit. Rather than responding to risks after they cause problems, or simply avoiding risks, ERM is about identifying risks and pre-empting any problems they may cause.
It also ventures one step further: by viewing risks as either sources of capital or potential for losses, it recognizes that there are upside possibilities inherent in some risks, and that these can be exploited.
It’s a subject close to the American Society for Healthcare Risk Management’s (ASHRM’s) heart. As far back as 2006, the society had laid out its commitment to ERM in its monograph Enterprise Risk Management: Defining the Concept, Recognizing its Value.
“ERM provides a new approach to identifying and treating risks and to gaining advantage in the healthcare delivery marketplace through management of risks found across the organization,” it stated. “These risks go beyond the traditional focus of medical liability or safety issues. Indeed, these risks are as diverse and fundamental as the business operations of the healthcare organization itself.
“They are every bit as hazardous as unmanaged clinical risk. However, when risks are successfully recognized, managed and mitigated through a well-orchestrated ERM approach, they become key elements in a strategic plan and offer forward-thinking organizations a tool for achieving business success.”
As part of its mission to promote ERM, the society has defined ERM for its members and has broken it into eight domains, which include operational, financial, human and strategic risks.
“Education, including a large part of our annual conference, shared successful models and devoted task forces with experts in other fields of risk are just some of the ways that ERM is being introduced into healthcare risk management,” says 2014 ASHRM president Jacque Mitchell. “In the future, the risk management professional will look back and wonder how one did risk management without the ERM framework.”
A broad framework
Asked to describe the approach in a nutshell, Mitchell defines ERM as a broad, comprehensive framework of activities that risk management professionals use to identify and manage risks across the entire healthcare organization.
“This applies to a stand-alone clinic or an entire healthcare system. It allows value protection—preventing loss and harm—but also includes value creation, such as attaining new products and services,” she says. She describes the uptake of ERM in the US as an ongoing journey.
“Some risk management professionals are further along than others. Some are doing ERM—but they aren’t formally calling it ERM.”
In Mitchell’s view the switch to ERM is a logical response to the diverse challenges that US healthcare is facing at present, including an increase in technology, clinical integration, supply chain complexity and healthcare reform.
The new approach is markedly different from traditional risk management, which takes a clinical approach and examines risks individually. This model defines risks in terms of the probability that adverse events will occur and result in financial losses. The risk manager’s responsibility under such a model is focused on protecting the assets of the organization.
“Traditionally, the risk manager is trained and educated at looking at risks in the clinical environment. Now they are taking their skills and using them in strategic and financial planning, operations, technology development and human capital,” says Mitchell.
In its 2006 monograph ASHRM criticized the old approach to risk management for failing to appreciate relationships among risks and lacking the optimization of collective risk evaluation and management achieved through an enterprise-wide approach.
“It also lacks a common definition of risk and universal measurements to gauge the effectiveness of risk management efforts,” it stated.
Instead of handling risk in functional silos where measurements of success are variable, ERM strives to use common metrics across risk domains to determine the effectiveness of risk management approaches.
“With an integrated, enterprise-wide view of risk, the risk manager has a much more strategic position, focusing on opportunities as well as risks,” it stated.
The opportunities are not only financial. Mitchell says that everyone benefits from the ERM approach, including patients, caregivers, the community and the healthcare system.
“The challenges are great—but not insurmountable,” she says. “Risk managers will have to break down the silos and lead the ERM process. We know we cannot do it alone. They will be working in partnership with other members of the organization.”
ASHRM has embraced ERM as the future of healthcare risk management, says Mitchell.
“We need to transfer our rigor in clinical risk and apply it to all areas of the healthcare organization. A successful organization manages its risks.”
ASHRM has incorporated the development of ERM into its four strategic goals for the next two years, and has devoted many resources to develop education around ERM, reaching out to other industries and communicating the value of ERM to its members, who it is determined to help on their ERM journeys.
“In the future risk management professionals will be considered the experts in all risks,” says Mitchell. “They will be sought after for their skills and expertise in making risk management decisions which maximize value protection and creation by managing risk and uncertainty and their connection to total value.
“The business of healthcare will be ‘healthier’ because of the work of risk managers, and ERM will help provide even better care for patients—the ultimate goal of all healthcare providers.”
Jacque Mitchell, ASHRM, ERM, US