Your Risk Management Magazine
Risk management in practice: ERM in health care

Font size : + -

email print

Health care is arguably one of the most risky business sectors in Australia. Anne Maddock explains how an integrated approach to ERM has helped the Royal District Nursing Service of South Australia get on top of its risks

Enterprise Wide Risk Management (EWRM) has been adopted worldwide for its integrated approach to assess, evaluate, measure, and monitor a complex array of risks confronting an organisation. The underlying premise of EWRM is that an organisation exists to provide value to its customers (COSO 2004) which is congruent with the mission of health care organisations.

EWRM is a process that quantifies risks to determine significance, groups them into components or “domains” looking for interrelation across organisational units, professional and portfolio areas and devises strategies to manage each. This approach is congruent with the clinical risks confronting health care organisations that are “often multifactorial and cross the boundaries of corporate and clinical risk” and are often system wide. Importantly for the safety and quality of health care and the consumers which receive that care – organisations that manage risk effectively and efficiently through a whole of organisational approach and integrate risk profiles into decision making processes are more likely to achieve safe and effective care and do so at lower overall cost.

The Royal District Nursing Service of South Australia (RDNSSA) has successfully employed an ERWM across the whole organisation. This approach has evolved over a period of five years, with the success of implementation acknowledged by five separate external reviews over the past three years. For example, in 2005 and 2006, RDNS was awarded leading edge status for its risk management approach in the organisation from external review of the organisation and awarded RMIA Risk Manager of the Year 2005 for innovation in risk management.

There is no ‘one size fits all’ framework for managing enterprise wide risk. Risks that affect an organisation vary from industry to industry and organisation to organisation. Each organisation must understand its specific risk profile and develop a strategy to manage that, according to Van Eeden. Thus the importance of formulating a balanced framework

to examine the profile of risks and opportunities confronting your organisation, encapsulating operational and strategic functions and performance and the interrelationships and interdependencies.

The Royal District Nursing Service of South Australia developed a risk domain framework based on an extensive review of the literature. This framework as depicted in diagram one and described as follows could easily be applied in any organisation.

The risk domain framework

At the core of the risk domain framework is the mission, vision, values and strategy of the health care organisation which provides the focus of existence and future of the organisation, the internal tone and how the organisation is viewed from outside.

Four elements encapsulate the core of the framework including:

• Clinical and corporate governance

• The internal and external environment

• Internal and external audit and review

• Continuous improvement.

The interrelated components of the framework include:

• Customers (Clients, stakeholders, funders)

• Financial

• Employee participation, learning and growth

• Internal Operations Capabilities (all core business processes)

• Organisational innovation, learning and growth

This acts as a frame of reference for ensuring a balanced approach to identifying, measuring and monitoring risks and opportunities in the organisation.

Proactive approaches to dealing with uncertainty

and enhancing capacity

Health care providers and health services provide a commendable service to the community that in most instances is safe and of high quality. However, health care is a risky business and full of uncertainty, ambiguities and complexities. Despite years of investing large sums of dollars into safety and quality in Australia, it is claimed that “about 10 per cent of patients experience some type of adverse event in hospital, while two per cent of patients suffer serious consequences”.

The costs of these preventable adverse events in hospitals could be as high as $2

billion per year.

So why is health care so risky? There is a culture of workarounds despite sound policies and guidelines in place and a culture of blame and secrecy in areas where health care providers are blamed for error when in fact research indicates that in 85 per cent of cases the root cause is system related, not human behaviour. Professional territorialism and ambiguities between roles and functions lead to error by omission. Increasing customer expectations and complexity of their health and illness necessitates health professionals to make rapid treatment decisions in a context where they are drowning in evidence-based information and starving for knowledge to be at the top of their decision making fingers.Additionally, multiple services need to meet customer care needs. Their contexts and modes of operation vary significantly due to multiple funding methods, processes and regulations and governance interfaces. Health care organisations in Australia are slowly turning to strategic and integrated risk management approaches to unpack these complexities with the aim to improve the safety and quality of health services and the environment in which health care providers work. The processes of identifying the root cause and effective solutions to these occurrences is not easy and requires a comprehensive risk assessment and analysis process that includes consideration of all risk domains and their interdependencies.

Balancing growth and cross-enterprise risks

The risk context described is often compounded by balancing and grasping opportunities for business growth in a competitive market with the added potential risks to current business processes, organisational reputation and safety and quality outcomes. It is important that, rather than focusing on a silo approach within individual units and/or program outcomes, health care organisations take an integrated and whole-system approach, utilising their risk domain framework, to comprehensively consider risks and opportunities to determine the path forward. Without this process of managing risk across functions, many risks may fall through the cracks. To facilitate this process organisations need to map risks across core business functions, share risk control knowledge systematically across functions and departments and evaluate the organisation’s overall risk position.

Health care organisations are adopting many risk management approaches to understanding complexity from other industries as depicted in diagram three. It is important, however, that these risk analysis processes adopt an EWRM approach as described above and throughout this paper in order to identify the crux of the problem and put in place effective and sustainable mitigation strategies.

Building and sustaining the risk culture

Experts suggest that the most significant critical success factor for effective risk management is the one most often lacking – an appropriate and mature risk culture. There is widespread belief that organisational culture shapes many aspects of performance, including safety. So how do you do it? Corporate and clinical governance provides the capacity for a whole of organisation integrated response to the identification and management of risk and reduction of harm. The scope of responsibility and accountability for clinical governance is deemed to be everyone’s business – all professionals and all levels of staff. The commitment of all staff to the organisation’s risk management approach is essential for the success of their risk management strategy. Rowe and Ridding indicate that “all organisations need to cultivate a risk culture” and “the transition towards a risk aware culture is of course a lengthy journey of perhaps two or even five years”.

Others go further and say that “integrating the work of risk into organisational and managerial culture and making it an explicit step in the decision making process is critical to successful management of corporate health risk.” Building risk management as ‘an explicit step in the decision making process’ requires integration of risk management into a broad range of business processes such as:

• planning

• project management

• budget setting

• policy

• risk management tools

• contractual arrangements

• business continuity and disaster planning

• human resource processes such as selection,

position descriptions and performance review

• data and information analysis system solutions

• training and development programs for all staff

An integrated approach

Staff participation in the organisation’s risk management strategy will also be facilitated by:

• The leadership demonstrated by the board, executive

and managers; and

• Employing supportive change management

strategies including:

• risk management champions or experts providing advice and constructive feedback on staff interpretations of risk, risk assessments and controls

• staff working in teams across functions and departments to explore risks, risk options and profiles of risk

A review in 2005 indicated that RDNSSA has a generative risk culture which shapes the organisation’s response to problems. A generative culture is described as one that fosters high cooperation among staff, risks are shared, inquiry is fostered, there is a focus on the organisation’s mission, the organisation works across department lines, there is a sense of ownership, staff care about the outcome, there are conscious efforts of working as teams to solve problems and staff are empowered to participate. The qualities of a generative culture are therefore congruent with an EWRM and integrated governance approach to addressing the risks to safety and quality described in this paper.

Building and sustaining a healthier health system

Improving the safety and quality of health care through an EWRM and integrated governance approach is required at local, state and national level in order to significantly improve the safety and quality of health care and reduce risks. State and Commonwealth governments need to demonstrate accountability and responsibility in developing an EWRM safety and quality framework and strategy that improves the regulatory and funding environment in which the health care system operates and guide health care organisations to adequately address the complexity in which they operate.

There is no ‘one size fits all’ interpretation and application of EWRM and integrated governance. Instead, health care organisations need to interpret EWRM within their context and apply it accordingly for sustainable outcomes. Enterprise Wide Risk Management needs to be seen as a continuous process – a journey, not a destination.

Anne Maddock is director, quality systems at the Royal District Nursing Service

of South Australia. In 2005 she was named RMIA Risk Manager of the Year

This article originally appears in Risk Management magazine's September edition. To suscribe and read the whole article, click here

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.