Risk Management Process and Enterprise Risk Management ERM

Risk Management Process and Enterprise Risk Management (ERM) Dr Arjaty Daud MARS Disampaikan pada Kuliah Program Magister Administrasi RS Univ Esa Unggul Semsester 2 - 2016

Pembahasan Proses Manajemen risiko Definisi Enterprise Risk Management (ERM) Frame work ERM Elemen penting dalam ERM Domain risiko Area untuk di ases Arjaty Daud/Esa Unggul 2016 2

Risk Management Process 1. Risk Identification and Analysis 2. Risk Treatment • Risk Control • Risk Financing 3. Evaluation of Risk Treatment Strategies Arjaty Daud/Esa Unggul 2016 3

Structure Of The Risk Management Process Arjaty Daud/Esa Unggul 2016 4

The Five Steps In The Risk Management Process 1. Identify loss exposures 2. Examine potential risk management technique(s) 3. Select risk management technique(s) 4. Implement technique(s) 5. Monitor results (ARM) Arjaty Daud/Esa Unggul 2016 5

RISK MANAGEMNT PROCESS (Standard Australia / New Zealand / AS/NZS) Arjaty Daud/Esa Unggul 2016 6

Arjaty Daud/Esa Unggul 2016 7

Why a centralized approach to risk management? • globalization of financial and business markets, / globalisasi keuangan & bisnis • continued integration of the insurance industry, /integrasi industri asuransi • increased regulation, /meningkatnya regulasi • greater focus on corporate governance. / lebih fokus pada tata kelola korporasi • context of clinical governance and patient safety / clinical governance & Arjaty Daud/Esa Unggul 2016 keselamatan pasien

Definisi Enterprise Risk Management (ERM) : Suatu Proses yg dilakukan oleh BOD dan manajemen di semua level unit yang dirancang dalam suatu strategi Institusi untuk mengidentifikasi kejadian potensial yang dapat mempengaruhi Institusi dan mengelola risiko tersebut untuk pencapaian tujuan institusi Arjaty Daud/Esa Unggul 2016 9

ERM menggunakan pendekatan fungsi silang untuk ases, evaluasi, dan mengukur semua risiko institusi, tidak hanya yang terkait dengan risiko yang bisa ditransfer seperti keuangan & risiko hazard Arjaty Daud/Esa Unggul 2016 10

The traditional six-step risk management process : 1. risk identification, 2. risk analysis, 3. development of alternative techniques to treat risks, 4. selection of best risk-treatment techniques, 5. implementation of selected techniques, 6. monitoring and evaluation of effectiveness of the chosen risk management techniques and strategies. ERM expands the process to more fully integrate risk management into the organization’s structure. / lebih mengintegrasikan manajemen risiko kedalam struktur organisasi This entails an interactive approach to risk identification, analysis, and treatment through an entrenchment of risk management principles into corporate operations and strategic planning. / pendekatan interaktif untuk identifikasi risiko, analisa & kelola melalui prinsip Arjaty Daud/Esa Unggul 2016 manajemen riisko kedalam operasional korporasi & 11

The ERM Framework KATEGORI KOMPONENi Arjaty Daud/Esa Unggul 2016 12

Achievement of Objectives Within the context of an entity’s established mission or vision, management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise. / Dalam konteks menetapkan misi atau visi korporasi, manajemen menetapkan tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan dengan korporasi Framework ERM diarahkan untuk mencapai tujuan korporasi : EMPAT KATEGORI 1. Strategic – high-level goals, aligned with and supporting its mission / tujuan kedepan sesuai dengan misi • Operations – effective and efficient use of its resources • Reporting – reliability of reporting • Compliance – compliance with applicable laws & regulations . Arjaty Daud/Esa Unggul 2016 13

Components of Enterprise Risk Management Enterprise risk management consists of eight interrelated components. These are derived from the way management runs an enterprise and are integrated with the management process. / ERM terdiri dari DELAPAN KOMPONEN saling terkait yang diperoleh dari cara manajemen mengelola korporasi dan integrasikan dengan proses manajemen DELAPAN KOMPONEN ERM : 1. Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. / Lingkungan internal meliputi “Tone” organisasi, dan menetapkan dasar bagaimana risiko dipandang dan ditangani oleh orang 2 dlm Institusi, termasuk filosofi manajemen risiko dan risk appetite, integritas dan nilai 2 etika, dan lingkungan di mana mereka bekerja Arjaty Daud/Esa Unggul 2016 14

2. Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite. / tujuan harus ada sebelum manajemen bisa identifikasi event yang mempengaruhi pencapaian mereka. ERM memastikan bahwa manajemen berjalan utnuk menentukan tujuan sejalan dengan misi 3. Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes. / event internal & eksternal mempengaruhi pencapaian tujuan korporasi harus diidentifikasi, bedakan antara risiko dan peluang. Peluang merupakan alat untuk Arjaty Daud/Esa Unggul 2016 15 kembali ke strategi atau proses untuk menentukan

4. Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. / Risiko dianalisa, dihitung peluang dan dampak, sebagai dasar menentukan mengelola risiko 5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. / manajemen memilih respon – tolak, terima, reduksi, atau transfer- buat aksi untuk menangani riisko sesuai toleransi & risk appetite 6. Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. / kebijakan & prosedur ditetapkan & diimplementasi utnuk memastikan respon riisko dilaksanakan dengan efektif Arjaty Daud/Esa Unggul 2016 16

7. Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. / informasi yang relevan diidentifikasi, dikomunikasikan dalam bentuk & jnagkawaktu yang membuat individu melaksanakan tanggungjawabnya. Komunikasi efektif juga terjadi sangat luas diseluruh korporasi 8. Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both. / ERM dimonitor & dimodifikasi 17 jika diperlukan. Arjaty Daud/Esa Unggul 2016 Monitoring dicapai melalui aktiiftas

ERM considers activities at all levels of the organization: THREE LEVEL : 1. Enterprise-level 2. Division 3. Subsidiary 4. Business unit processes Arjaty Daud/Esa Unggul 2016 18

KEY ELEMENTS OF ERM Risk Strategy • What is your organization’s ERM strategy? • How is the ERM strategy communicated and executed throughout the company? Risk Ownership • How does each division / unit team contribute to meeting the goals of the ERM strategy? • How are teams/individuals held accountable for success? Risk Identification • What is your organization’s definition of risk? • What are your organization’s top five risks? 19 Arjaty Daud/Esa Unggul 2016

Risk Ranking • What are the estimated probability, time to impact and severi dimensions for the top five risks? • What are the financial consequences to you company? • Which risks are material? • How should the identified risks be prioritized? Risk Treatment • How are these risk currently managed? • Is the approach effective? Risk Solutions • What risk management processes are appropriate based upon the findings of the above elements? • What action plans should be in place? • How are risks monitored? Arjaty Daud/Esa Unggul 2016

Areas to Assess Risiko tidak terjadi secara terisolasi (silos) namun diidentiifkasi secara kelompok dan dikategorikan dlm Domain Risiko : 1. Operational 2. Financial 3. Human Capital 4. Strategic 5. Legal/Regulatory 6. Technology Arjaty Daud/Esa Unggul 2016 21

DOMAIN RISIKO : 1. Risiko operasional. timbul dari praktik bisnis utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan kesehatan. 2. Risiko keuangan. berhubungan dengan kemampuan organisasi untuk meningkatkan dan mempertahankan akses ke modal, masalah kontrak, biaya risiko, dan evaluasi dukungan pemasok. Domain ini termasuk risiko memenuhi syarat untuk risiko pembiayaan, seperti asuransi. Arjaty Daud/Esa Unggul 2016 22

3. Risiko modal manusia. kemampuan organisasi untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi pekerja, pekerjaan dan lingkungan bahaya, omset, absensi, kekerasan di tempat kerja, pelecehan, dan diskriminasi masuk dalam domain ini 4. Risiko strategis. Risiko yang berdampak pada pertumbuhan organisasi. Risiko strategis termasuk merger, akuisisi, usaha patungan, dan kewajiban iklan. Selain itu, domain risiko strategis meliputi risiko reputasi yang terkait dengan hubungan masyarakat dan ekspektasi kinerja bagi organisasi oleh pasien dan 23 pembayar. Arjaty Daud/Esa Unggul 2016

5. Hukum dan peraturan risiko. termasuk risiko yang terkait dengan aturan yang diamanatkan, peraturan, UU dan standar. Dalam pelayanan kesehatan, peraturan dan standar 2 ini banyak dan rumit. Contoh akreditasi dan privasi dan peraturan keamanan. 6. Risiko teknologi. berhubungan dengan teknologi baru. Ini adalah domain resiko yang tumbuh dalam pelayanan kesehatan dan termasuk perangkat biomedis, telemedicine, obat elektronik, sistem informasi manajemen risiko dan teknologi informasi lainnya, dan peralatan usang Arjaty Daud/Esa Unggul 2016 24

Areas to Assess 1. 2. 3. 4. 5. 6. Operational risks Financial Human capital Strategic Legal/regulatory Technology Arjaty Daud/Esa Unggul 2016 25

Enterprise Risk Management Operational Strategic ASHRM Handbook Financial Legal/ Regulatory Human Capital Technology Arjaty Daud/Esa Unggul 2016 26

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 27

Areas To Assess: Operational Quality initiatives Risk management Adverse event management Board governance Arjaty Daud/Esa Unggul 2016 28

Areas To Assess: A Board’s Legal Risks Duty to supervise/manage Select competent physicians Conflict of interests Provide adequate facilities and equipment Provide adequate insurance Provide satisfactory patient care Select competent administrator Require competitive bidding Provide safe environment Regulatory and JCAHO compliance Arjaty Daud/Esa Unggul 2016 29

Areas To Assess: Operational Credentialing and staffing – Initial appointment – Reappointment – Affiliated staff Arjaty Daud/Esa Unggul 2016 30

Areas To Assess: Operational ● Clinical – Patient communication – Patient care records – Confidentiality – Informed decision making – Telephone protocols – Tracking diagnostic information – Primary care screening and monitoring – Supervision Arjaty Daud/Esa Unggul 2016 31

Areas To Assess: Operational ● Clinical – Patient satisfaction/complaints – Referrals and consultations – Coverage issues – Infection control – Medication safety – Emergency response – Patient and staff education Arjaty Daud/Esa Unggul 2016 32

Areas To Assess: Operational General Liability Assessment Topics – Safety program – Security program – Facility management Parking (lighting, location, security) – Visitor control procedures – Valuables Arjaty Daud/Esa Unggul 2016 33

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 34

Areas To Assess: Financial Risk Financing Treatments – Insurance – Self-insurance Ability to raise capital Reimbursement Billing and collection Arjaty Daud/Esa Unggul 2016 35

Areas To Assess: Financial Contract Administration – Scope of service and method of payment / ruanglingkup layanan dan metode pembayaran – Professional services provided / layanan profesional – Quality expectations / ekspektasi mutu – Contractual terms – Termination provisions – Risk-sharing agreements – Apparent agency liability – Hold harmless and indemnity agreements – Remedies for breach Arjaty Daud/Esa Unggul 2016 36

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 37

Areas To Assess: Human Capital Employment Practices/ Human Resources Topics – Workers’ compensation – Harassment – Negligent firing – Discrimination – Testing – Background checks – Grievance procedures – Confidentiality Arjaty Daud/Esa Unggul 2016 38

Areas To Assess: Human Capital Employment Practices/Human Resources Topics – Education § orientation § continuing education § CPR – Employee health § exposures – Employee assistance programs (EAPs) – Benefits – Staff rights and staff competency Arjaty Daud/Esa Unggul 2016 39

Areas To Assess: Human Capital Environmental issues related to employees – Safety – Security – Occupational hazards – Environmental hazards Arjaty Daud/Esa Unggul 2016 40

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 41

Areas To Assess: Strategic plan and mission – Immediate goals vs. long range goals Business ventures – Mergers – Acquisitions and divestitures – Joint ventures Competition’s status Advertising liability Reputational risks – Patient and community relations – Media relations – Marketing and sales Arjaty Daud/Esa Unggul 2016 42

Areas To Assess: Strategic New Projects and Services Topics – “Fit” with existing organization structure – Identification of insurance needs – Staff requirements – Contract needs – Competitive impacts – Process development § Policies/procedures – Implementation schedules Arjaty Daud/Esa Unggul 2016 43

Areas To Assess: Strategic Construction/Renovation – Licenses/permits – Contracts – Disruption of services – Hazards § Air quality § Interim and design safety – Communication issues – Approvals Arjaty Daud/Esa Unggul 2016 44

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 45

Areas To Assess: Legal and Regulatory Statutes, standards and regulations – Federal, state and local impacts Licensure Accreditation Arjaty Daud/Esa Unggul 2016 46

Areas To Assess: Legal and Regulatory Corporate Compliance Program/Interface – Identification of related compliance factors / identifikasi faktor terkait kepatuhan – Compliance assessment results / hasil asesmen kepatuhan – Program components - education, reporting, data maintenance, review, monitoring – Relationships Arjaty Daud/Esa Unggul 2016 47

Enterprise Risk Management Assessment Model Operational Technology Financial Legal/Regulatory PATIENT / ORGANIZATION Strategic Arjaty Daud/Esa Unggul 2016 Human Capital 48

Areas To Assess: Technology Information systems Telemedicine Equipment New technologies Inventory control Arjaty Daud/Esa Unggul 2016 49

Areas To Assess Setting priorities for program development / buat prioritas untuk pengembangan program – Utilize information from external and internal assessment sources / gunakan informasi dari sumber ekstrenal & internal – Goals should be: § Flexible § Short and long term – Priorities should be: § Politically correct § Financially correct § Ethically correct Arjaty Daud/Esa Unggul 2016 50