Aligning Key Enterprise Risk to Strategic Initiatives Using Metrics
SSF ID 218
Chrystina Howard, SVP, Willis Kenneth Felton, SVP, Willis
Learning Objectives(Ariel 44pt bold) At the end of this session, you will: (list key learning objectives and takeaways that attendees will learn) Learning Objective 1 Understand how to identify key risks that may have an
impact on the achievement of organizational goals
Learning Objective 2 Understand how to identify relevant quantitative and qualitative metrics to monitor performance against plan
Learning Objective 3 Understand how to map key relevant risks to core strategic initiatives in order to achieve enterprise objectives
Agenda
1. Outline the ERM process, benefits & output 2. Demonstrate the link between ERM success and strategic objecAves 3. Using KRIs, KPIs and strategic objecAves to opAmize achievement of
organizaAonal goals
Risk Evaluation Your presentation and handouts are due by April 10
www.rims.org/upload Once uploaded, changes are not permitted until onsite in New Orleans
Update your profile TODAY www.rims.org/myprofile
ERM Review Must Achieve the Three Es of Assessment
Economy - Controlling the cost of the assessment Efficiency - CompleAng the assessment with minimum expenditure of effort EffecAveness Achieving the results or benefits based on the stated scope and goals of the assessment
Risk IdenAficaAon: 80/20 Rule
OrganizaAons have a tendency to spend 80 percent of their Ame idenAfying risks and only 20 percent of their Ame doing something to develop risk miAgaAon strategies to reduce the impact on the organizaAon Flip the 80/20 Rule Spend 80 percent of your Ame fully arAculaAng, assessing impact and likelihood and developing risk miAgaAon strategies
Accelerated ERM Process Steps
1. Define the objecAves and Ame scale for assessment
2. Select the opAmal cross-funcAonal team for assessment acAviAes
3. Develop Universe of Risks
4. Develop broad prioriAzaAon of Universe of Risks
5. IdenAfy most relevant risks for deep analysis
6. Fully arAculate and assess risk
7. Develop Performance Improvement Plans
8. Execute Risk MiAgaAon plans
Risk Assessment
The objecAve is to idenAfy and arAculate the most relevant risks that could impact the organizaAons ability to achieve objecAves Dont Boil The Ocean How is this accomplished:
Structured interviews Internal audits of risk assessments Public domain search Comprehensive on-line risk survey with write-ins Workshops
Define Assessment ObjecAves
Defines the premise on which the assessment is based.
To assess the major risks to Memorial Hospital achieving its strategic business objecAves over the next 3 years.
Action Required!
Risk PrioriAzaAon
IniAal objecAve to grossly prioriAze the top 20-25 risks Fully ArAculate each risk Assess Impact and Likelihood
Risk Assessment
Fully arAculate the risk into component parts:
Most risk descripAons focus on triggering events EssenAal to idenAfy key drivers or exisAng characterisAcs that
make the organizaAon vulnerable List specific consequences that all stakeholders can understand IdenAfy the controls currently in place to specifically address
each risk
Risk Register
Risk Assessment for :Date: 1-May-14Business Objective(s):Risk No.
Exposure & Drivers
Triggers Consequences Current Controls Category L I Gross Risk
Performance Improvement Plans
L I Gross Risk
1 Driver 1, driver 2, driver 3
Triggering event; future potential
Reduction in revenue; increase in expenses; reputation damage
Policy ABC, protocol XYZ, committee 123
IT 4 4 16 Action 1, item 2, measure 3
3 4 12
2 Drivers 7-12; driver 4
Loss event due to outside exposures; loss event due to internal exposures
Brand damage; loss of equity; rework; loss of customers
Gold standard; BCP and trial run off site; backups
IT 3 5 15 New protocols enacted by board and carried out by senior team
3 4 12
3 Driver 3, exposure to significant dependence on suppliers
External audit, internal audit or accounting discovery of material finding(s)
Legal action; higher expenses and lower profit margin; loss of market share
Substantial framework in place; management of risk; loss control steps
Regulatory 5 3 15 Incremental improvement steps; risk owners; time scale
2 3 6
XYZ Financial Institution
Identify and assess major risks to XYZ achieving its strategic objects over the next 3 years
Likelihood and Impact RaAngs
Impact Score Impact Financial Impact
5 Major / Catastrophic Financial impact greater than $10M
4 Significant Financial impact of more than $5M but less than $10M
3 Moderate Financial impact of more than $2M but less than $5M
2 Low Financial impact of more than $1M but less than $2M
1 Negligible Financial impact of less than $1M
Likelihood Rating Likelihood Frequency
5 Expected ( Annual or 2 year to 3 year type event )
4 Probable ( 5 year to 10 year event )
3 Moderate ( 10 year to 25 year event )
2 Unusual ( 25 year to 50 year event )
1 Remote ( 50+ year event )
The consequences of the risk materializing are severe but could be managed to some extent.
The consequences of the risk materializing are less severe and can be managed to a large extent.
The consequences of the risk materializing are considered relatively unimportant.
There are no meaningful consequences if this risk materializes.
Could conceivably occur but would be extremely remote
Description
If this risk were to materialize, the company would find it almost impossible to recover financially. Reputational impact would almost certainly occur.
Description
Occurs often / is to be expected
Known to occur / would not be surprising
Could occur but infrequently
Could possibly occur but would be rare
LOW MODERATE HIGH LOW MODERATE HIGH
SEVERITYFREQUENCY
ImpactLow 1Med 2High 3
ProbabilityLow 1Med 2High 3
Risk Map
Likelihood / Impact Risk DistributionCurrent Controls After Additional Controls
N.B. - Bubble size shows how many risks intersect at that point N.B. - Bubble size shows how many risks intersect at that point
1 1
2 4 2 1
2 2 1
1
0
1
2
3
4
5
6
0 1 2 3 4 5 6Impact
Like
lihoo
d
1
1 2
1 2 4 2
1 1 2 1
0
1
2
3
4
5
6
0 1 2 3 4 5 6Impact
Like
lihoo
d
Likelihood
Expected 5 2, 3 1
Probable 4 18 10, 11, 12, 13, 14 4, 5
Possible 3 16 7, 8, 9 6
Unusual 2 17 15
Remote 1
1 2 3 4 5 ImpactNegligible Low Moderate Significant Catastrophic
Contingency Plans
Control Causes Immediate Action
Monitor
RISK LOW MOD HIGH LOW MOD HIGH
Risk 1 Risk 1Financial Risk 2 Risk 2
Research Risk 5 Risk 8 Risk 5 Risk 8Center Risk 6 Risk 6
Risk 7 Risk 7
Employment Risk 3 Risk 3Practices
Green Risk 4 Risk 4Lab Risk 9 Risk 9
Risk 10 Risk 10Risk 11 Risk 11
Patient- Risk 12 Risk 13 Risk 15 Risk 15 Risk 16 Risk 12Oriented Risk 14 Risk 16 Risk 13 Risk 17Research Risk 17 Risk 14
Commodity Risk 19 Risk 18 Risk 18Risk 19
Source of Risk
0 1 2 3 4 5
Economic
Investments
Natural events
People
Political / Social
Processes
Products / Services
Strategy and policy
Technology / Industry change
Analysis by Source of Riskand Stratified by Risk Rank
20
Performance Improvement Plan
Risk No.: 4 Risk Scores Likelihood Impact Gross Risk Risk RankBefore
Improvement 4 4 16
After Improvement
Triggers:
Consequences:
Current Controls:
Risk Number:4
Allocated to Target Date
John Completed / OngoingTom / ED Nurse Manager Ongoing
Kathy 9/1/2013
Tom / ED Nurse Manager Ongoing
Kathy 9/1/2013
Underlying Vulnerabilities:
Critical patient wait time in ED for room assignment/treatment; Excessive length of stay across hospital; CMS core measure; Appropriate and competent staffing
ER Service line / Patient flow
Risk Description: Responsible:
Decreased percent of patients leaving without being seen (LWBS)
Decreased RN and PCA turnover
Lab results delivered prior to 9:00 A.M. / Analysis of results
Re-education for appropriate assignment of patient intensity
Implement Program (including Orienting of 2.0 FTEs and Redesign patient throughput plan)
Physician extenders available (Pending approval)
Recruit and retain / Increase RN and PCA staffing ratios
Increase in Provider FTEs
Continue RN and Patient Care Associate (PCA) Staffing
Jake
Lean Six Sigma; Monitor ED Throughput; Data Transparency; Rounding
Extended stay in the ER; Overcrowding
Patient safety; Lost revenue; Clinical and patient dissatisfaction; Poor patient outcome; ED diversion; Increased costs; Damaged relationship with FD and EMS; Reputation damage
Measure of Success
Documented proof that 90% of A.M. labs by 9:00 A.M.
Reduced treat and release times
Decreased holding times (DTA to Depart)
Action
Early phlebotomy and lab results
Continue Curren
