Taming Uncertainty Risk Management in the 21 st
- Slides: 30
Taming Uncertainty: Risk Management in the 21 st Century David T. Wilber Chief Operating Officer / CARF Surveyor
What is RISK? s s o p e s a V x E s e lu o t d o L
Definition of Risk Management The act of controlling any threats to the organization’s: Goodwill People Property Income Ability to accomplish goals
The Difference Between Incident Analysis and Risk Assessment Incident Analysis: Risk Assessment: Establishes a cause for an incident that has already happened. Focuses on identification of potential exposures to prevent incidents from happening. Focuses on analyzing the reasons for the incident and development of strategies to prevent future incidents. Breaks business decisions down into bite sized pieces to enable preplanning for loss control and mitigation strategies. The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing. JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003
Goals of Risk Management For the organization to: Protect physical and financial assets Protect intangible assets (e. g. , goodwill and reputation) Prepare for operational crisis (Tolerate Uncertainty) Provide a safe environment for all employees, persons receiving services and visitors Promote a “healthy” risk culture – It’s safe to talk about risk. Open and transparent. Develop a common and consistent approach to risk across the organization. Not intuition-based.
Goals of Risk Management Things will happen…they always do…! Survival: Not going under due to unforeseen circumstances. Continuity of operations: Avoiding Business interruption-shutdowns Sustainability and profitability: Maintaining your mission
Low Risk Organizations will have these factors in place. Risk management plan Continuity of Operations plan Technology Plan Risk Management Team Staff Training and competency testing Corporate Compliance program Ethical Code of Conduct that includes witnessing of documents etc. Social Media Policies Accreditation: CARF-The Rehabilitation Accreditation Commission
Process of Risk Management A Simple Framework Step 1 Establish Objectives Step 2 Identify Risks & Controls Step 3 Assess Risks & Controls Step 4 Evaluate & Take Action Communicate, learn, improve Step 5 Monitor & Report
Categorizing Risk – Comprehensive 1. Political Risk 2. Financial Risk 3. Service Delivery or Operational Risk 4. People / HR Risk 5. Information/Knowledge Risk 6. Strategic / Policy Risk 7. Stakeholder Satisfaction / Public Perception Risk 8. Legal / Compliance Risk 9. Technology Risk 10. Governance / Organizational Risk 11. Privacy Risk 12. Security Risk 13. Equity Risk 14. Safety NEW Slide 9
Perils Causing Loss Natural Perils: Human Perils: Economic Perils:
Social Media Risk
From Philadelphia Insurance:
From Philadelphia Insurance:
You still have to assess those “other risks”
Risk rating …Combining impact and likelihood A Risk Prioritization Matrix can be helpful in prioritizing risks Plot of event probability versus impact Note that the zones are not symmetrical across the matrix Slide 15 High impact low probability events much more important than likely low impact events
Pick the High value Targets!
Polling Question What is the average # of accidents that go unreported for every one reported accident? q 1. 29 q 2. 48 q 4. 71 q 6. 26 Accident under-reporting among employees: Testing the moderating influence of psychological safety climate and supervisor enforcement of safety practices Tahira M. Probst & Armando X. Estrada, Department of Psychology, Washington State University, June 2009
The Approach-Your toolkit – education, job aids, templates Incorporates risk information into the strategic direction-setting, making decisions that consider established risk tolerance levels. Takes a systems approach to managing risk at the strategic, operational and project levels which is continuous, proactive and systematic. Fosters a working culture that values learning, innovation, responsible risk-taking and continuous improvement. Add value not work. We developed forms and templates. Develop and deliver educational sessions – usually attended by all leadership members at a minimum. Include risk 101 and time for them to discuss how to apply concepts to their specific worksite. Develop teams in actual risk assessments.
Process of Risk Management Identify available techniques for reducing or eliminating loss exposures
What are Loss Prevention/ Risk Control Methods? Avoidance – There’s a great deal of risk. You don’t want to assume the risk and it can’t be transferred, so you avoid the risk altogether Loss Prevention – Reduces the frequency or likelihood of a “particular” loss. Examples include: Improve security measures to reduce the possibility of arson or theft. Improve maintenance of facilities to reduce the possibility of a tripping hazard. Loss Reduction – Reduces the severity or cost of a “particular” loss. Examples include: Require the use of hearing protection to reduce the chance of a hearing loss. Reduce the cost of workers’ compensation claims through the use of return to work programs. Segregate Losses – Arrange your agency’s activities and assets to prevent one event from causing loss to the whole. Contractually transfer the risk.
Process of Risk Management Select and implement desired loss reduction techniques Personal protective equipment. Housekeeping, repair, and maintenance. Inspections. Tools and equipment. Supervision. Policies, procedures, and process. Contract management and administration.
Effective Risk Management
Monitoring and Control Continually monitor risks to identify any change in the status, or if they turn into an issue. Hold regular risk reviews To identify actions outstanding, risk probability and impact Remove risks that have passed Identify new risks
The Risk Management Plan should specify the risks, risk responses, and mechanisms used to control the process Need to continuously monitor for risk triggers Potential risk events should be identified early in a project and monitoring for such events immediately commence Each risk is assigned to a specific position Has the expertise & authority to identify & response to an event Need environment where problems are readily reported, embraced & solved
Process of Risk Management Annual Report results of loss reduction techniques Include results in performance improvement activities
Exposure Risk Control Mechanism Maltreatment of Individuals Fines, loss of licenses, loss of Individuals Maintain current knowledge of Human Rights (DBHDS) Annual training of all direct support staff in Human Rights (DBHDS) Incident Report Process Internal Investigation process Director of Program and Quality Annually Services, Senior Leadership Team, Management Team Change in population Diversity Loss of Individuals Develop new and innovative programs to meet the changing needs Program evaluation and satisfaction surveys Follow trends Senior Leadership Team, Management Team Responsibility Review Date Annually Legislative/ Rule Changes Increased costs without increased funding Not implementing rule changes correctly Loss of funding Actively monitor legislative activities Management Team through trade associations – va. ACCSES, VNPP, VAAPSE, Arc. VA Annually Wage and Hour Issues Wage and Hour Audit Maintain current knowledge of wage and hour rules and regulations Provide staff with wage and hour training Management Team Annually Monitor marketing capabilities Develop aggressive marketing plan Plan for alternative activities Management Team, Director of Annually Business Development Loss of work Loss of income Loss of Individuals Downturn in economy Loss of community jobs Implement volunteer Loss of facility based jobs opportunities and alternative Loss of income activities Diversify program options throughout agency Accounting staff Management Team Annually
29 Questions?
Thank you You don’t know what you don’t know… Better to know…. David T. Wilber Chief Operating Officer / CARF Surveyor dwilber@Vers. Ability. org