Risk Management Process and
Enterprise Risk Management
(ERM)
Dr Arjaty Daud MARS
Proses Manajemen risiko
Definisi Enterprise Risk Management
(ERM)
Frame work ERM
Elemen penting dalam ERM
Domain risiko
Area untuk di ases
Risk Management Process
1. Risk Identification and Analysis
2. Risk Treatment
• Risk Control
• Risk Financing
3. Evaluation of Risk Treatment
Structure Of The Risk Management Process
Loss Prevention (frequency)
Net Income Liability Personnel
Contractual Transfer + Loss Frequency:
How likely is it that a loss will happen?
+ Loss Severity: How serious will the
loss be? Insurer
A carrier + Identify the loss
Segregation
Loss Reduction (severity)
Transfer
Risk Financing
Retention
Treat the Exposure Through RM Techniques Identify/Analyze Exposure
The Five Steps In The Risk
Management Process
1. Identify loss exposures
2. Examine potential risk management technique(s)
3. Select risk management technique(s) 4. Implement technique(s)
Why
a centralized approach to risk
management?
• globalization of fnancial and business markets, / globalisasi keuangan & bisnis
• continued integration of the insurance industry, /integrasi industri asuransi
• increased regulation,
/meningkatnya regulasi
• greater focus on corporate
governance. / lebih fokus pada tata kelola korporasi
• context of clinical governance and patient safety / clinical governance & keselamatan pasien
Definisi Enterprise Risk Management
(ERM) :
Suatu Proses yg dilakukan oleh BOD
dan manajemen di semua level unit
yang dirancang dalam suatu strategi
Institusi untuk mengidentifikasi
kejadian potensial yang dapat
ERM menggunakan
pendekatan fungsi silang
untuk ases, evaluasi, dan
mengukur semua risiko
institusi, tidak hanya
yang terkait dengan
risiko yang bisa
ditransfer seperti
The traditional six-step risk management process :
1. risk identifcation, 2. risk analysis,
3. development of alternative techniques to treat risks, 4. selection of best risk-treatment techniques,
5. implementation of selected techniques,
6. monitoring and evaluation of efectiveness of the chosen risk management techniques and strategies.
ERM expands the process to more fully integrate
risk management into the organization’ s structure. / lebih mengintegrasikan manajemen risiko kedalam struktur organisasi
This entails an interactive approach to risk
The ERM Framework KATEGORI
Achievement of Objectives
Within the context of an entity’s established mission or vision,
management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise./ Dalam
konteks menetapkan misi atau visi korporasi, manajemen menetapkan tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan dengan korporasi
Framework ERM diarahkan untuk mencapai tujuan korporasi :
EMPAT KATEGORI
1.Strategic – high-level goals, aligned with and supporting its mission / tujuan kedepan sesuai dengan misi
•Operations – effective and efficient use of its resources •Reporting – reliability of reporting
Components of Enterprise Risk Management Enterprise risk management consists of eight interrelated
components. These are derived from the way management runs an enterprise and are integrated with the management process. / ERM terdiri dari DELAPAN KOMPONEN saling terkait yang diperoleh dari cara manajemen mengelola korporasi dan integrasikan
dengan proses manajemen
DELAPAN KOMPONEN ERM :
1.Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is
viewed and addressed by an entity’s people, including risk
management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. / Lingkungan internal meliputi “Tone” organisasi, dan menetapkan dasar
2. Objective Setting – Objectives must exist before management can identify potential events afecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen
objectives support and align with the entity’ s mission and are consistent with its risk appetite. / tujuan harus ada
sebelum manajemen bisa identifkasi event yang
mempengaruhi pencapaian mereka. ERM memastikan bahwa manajemen berjalan utnuk menentukan tujuan sejalan dengan misi
3. Event Identification – Internal and external events afecting achievement of an entity’ s objectives must be identifed, distinguishing between risks and opportunities.
Opportunities are channeled back to management’ s
4. Risk Assessment – Risks are analyzed, considering
likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent
and a residual basis./ Risiko dianalisa, dihitung peluang
dan dampak, sebagai dasar menentukan mengelola risiko
5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk –
developing a set of actions to align risks with the entity’s
risk tolerances and risk appetite./ manajemen memilih
respon – tolak, terima, reduksi, atau transfer- buat aksi untuk menangani riisko sesuai toleransi & risk appetite
6. Control Activities – Policies and procedures are
established and implemented to help ensure the risk
responses are effectively carried out./ kebijakan &
7. Information and Communication – Relevant information is identifed, captured, and communicated in a form and timeframe that enable people to carry out their
responsibilities. Efective communication also occurs in a broader sense, fowing down, across, and up the entity./
informasi yang relevan diidentifkasi, dikomunikasikan dalam bentuk & jnagkawaktu yang membuat individu melaksanakan tanggungjawabnya. Komunikasi efektif juga terjadi sangat luas diseluruh korporasi
8. Monitoring – The entirety of enterprise risk management is monitored and modifcations made as necessary.
Monitoring is accomplished through ongoing
management activities, separate evaluations, or both./
ERM dimonitor & dimodifkasi jika diperlukan.
ERM considers activities at all
levels of the organization:
THREE LEVEL :
1. Enterprise-level
2. Division
3. Subsidiary
Risk Strategy •What is your organization’s
ERM strategy?
•How is the ERM strategy
communicated and executed throughout the company?
Risk Ownership •How does each division / unit team contribute to meeting the goals of the ERM strategy?
•How are teams/individuals
held accountable for success?
Risk Identification • What is your organization’s
definition of risk?
Risk Ranking •What are the estimated probability, time to impact and severi
dimensions for the top five risks? • What are the financial
consequences to you company? • Which risks are material?
• How should the identified risks be prioritized?
Risk Treatment •How are these risk currently managed?
•Is the approach effective?
Risk Solutions •What risk management processes are appropriate based upon the findings of the above elements? •What action plans should be in place?
Areas to Assess
Risiko tidak terjadi secara terisolasi (silos) namun diidentiifkasi secara kelompok dan dikategorikan dlm Domain Risiko :
1. Operational 2. Financial
3. Human Capital 4. Strategic
DOMAIN RISIKO :
1.Risiko operasional. timbul dari praktik bisnis utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan
kesehatan.
2.Risiko keuangan. berhubungan dengan
kemampuan organisasi untuk meningkatkan dan mempertahankan akses ke modal, masalah
kontrak, biaya risiko, dan evaluasi dukungan
pemasok. Domain ini termasuk risiko memenuhi syarat untuk risiko pembiayaan, seperti
3. Risiko modal manusia. kemampuan
organisasi untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi
pekerja, pekerjaan dan lingkungan bahaya, omset, absensi, kekerasan di tempat kerja, pelecehan, dan diskriminasi masuk dalam domain ini
4. Risiko strategis. Risiko yang berdampak
5. Hukum dan peraturan risiko. termasuk risiko yang terkait dengan aturan yang diamanatkan, peraturan, UU dan standar. Dalam pelayanan kesehatan, peraturan dan standar2 ini banyak dan rumit. Contoh akreditasi dan privasi dan peraturan keamanan.
6. Risiko teknologi. berhubungan dengan
teknologi baru. Ini adalah domain resiko yang tumbuh dalam pelayanan kesehatan dan
termasuk perangkat biomedis, telemedicine, obat elektronik, sistem informasi manajemen risiko
Areas to Assess
1. Operational risks 2. Financial
3. Human capital 4. Strategic
Enterprise Risk Management
Operational
Operational
Strategic
Strategic FinancialFinancial Human CapitalHuman Capital
Legal/
Regulatory
Legal/
Regulatory
ASHRM Handbook
ASHRM Handbook
Technology
Assessment Model
PATIENT /
ORGANIZATION
Operational
Legal/Regulatory
Enterprise Risk Management
Assessment
Areas To Assess:
Operational
Quality initiatives
Risk management
Areas To Assess:
A Board’s Legal Risks
Duty to
supervise/manage Select competent
physicians
Conflict of interests Provide adequate
facilities and equipment
Provide adequate
Provide satisfactory patient care
Select competent administrator
Require competitive bidding
Provide safe environment
Areas To Assess:
Operational
Credentialing and staffing
– Initial appointment
– Reappointment
Areas To Assess:
Operational
● Clinical
– Patient communication
– Patient care records
– Confidentiality
– Informed decision making – Telephone protocols
– Tracking diagnostic information
Areas To Assess:
Operational
● Clinical
– Patient satisfaction/complaints
– Referrals and consultations
– Coverage issues – Infection control – Medication safety
– Emergency response
Areas To Assess:
Operational
General Liability Assessment Topics
– Safety program
– Security program
– Facility management
Parking (lighting, location, security)
Assessment Model
PATIENT /
ORGANIZATION
Operational
Human Capital
Legal/Regulatory
Enterprise Risk Management
Assessment
Financial
Areas To Assess:
Financial
Risk Financing Treatments
– Insurance
– Self-insurance
Ability to raise capital Reimbursement
Areas To Assess:
Financial
Contract Administration
– Scope of service and method of payment /
ruanglingkup layanan dan metode pembayaran
– Professional services provided / layanan profesional
– Quality expectations / ekspektasi mutu
– Contractual terms
– Termination provisions
– Risk-sharing agreements
– Apparent agency liability
– Hold harmless and indemnity agreements
Assessment Model
PATIENT /
ORGANIZATION
Operational
Legal/Regulatory
Enterprise Risk Management
Assessment
Areas To Assess:
Human Capital
Employment Practices/ Human Resources Topics
– Workers’ compensation
– Harassment
– Negligent firing
– Discrimination
– Testing
– Background checks
– Grievance procedures
Areas To Assess:
Human Capital
Employment Practices/Human Resources Topics
– Education
orientation
continuing education
CPR
– Employee health exposures
– Employee assistance programs (EAPs)
Areas To Assess:
Human Capital
Environmental issues related to employees
– Safety
– Security
Assessment Model
PATIENT /
ORGANIZATION
Operational
Legal/Regulatory
Enterprise Risk Management
Assessment
Areas To Assess:
Strategic
Strategic plan and mission
– Immediate goals vs. long range goals Business ventures
– Mergers
– Acquisitions and divestitures
– Joint ventures
Competition’s status Advertising liability Reputational risks
– Patient and community relations
– Media relations
Areas To Assess:
Strategic
New Projects and Services Topics
– “Fit” with existing organization structure
– Identification of insurance needs
– Staff requirements
– Contract needs
– Competitive impacts
– Process development Policies/procedures
Areas To Assess:
Strategic
Construction/Renovation
–Licenses/permits
–Contracts
–Disruption of services –Hazards
Air quality
Interim and design safety
–Communication issues
Assessment Model
PATIENT /
ORGANIZATION
Operational
Legal/Regulatory
Enterprise Risk Management
Assessment
Areas To Assess:
Legal and Regulatory
Statutes, standards and regulations
– Federal, state and local impacts Licensure
Areas To Assess:
Legal and Regulatory
Corporate Compliance Program/Interface
– Identification of related compliance factors / identifikasi faktor terkait kepatuhan
– Compliance assessment results / hasil asesmen kepatuhan
– Program components - education,
reporting, data maintenance, review, monitoring
Assessment Model
PATIENT /
ORGANIZATION
Operational
Human Capital Legal/Regulatory
Enterprise Risk Management
Assessment
Financial
Strategic
Areas To Assess:
Technology
Information systems Telemedicine
Equipment
Areas To Assess
Setting priorities for program development / buat prioritas untuk pengembangan program
– Utilize information from external and
internal assessment sources / gunakan informasi dari sumber ekstrenal & internal
– Goals should be:
Flexible
Short and long term
– Priorities should be: