Risk Management Process and

Enterprise Risk Management

(ERM)

Dr Arjaty Daud MARS



_{Proses Manajemen risiko}



_{Definisi Enterprise Risk Management}

(ERM)



_{Frame work ERM}



_{Elemen penting dalam ERM}



_{Domain risiko}



_{Area untuk di ases}

Risk Management Process

1. Risk Identification and Analysis

2. Risk Treatment

• Risk Control

• _{Risk Financing}

3. Evaluation of Risk Treatment

Structure Of The Risk Management Process

Loss Prevention (frequency)

Net Income Liability Personnel

Contractual Transfer + Loss Frequency:

How likely is it that a loss will happen?

+ Loss Severity: How serious will the

loss be? _Insurer

A carrier + Identify the loss

Segregation

Loss Reduction (severity)

Transfer

Risk Financing

Retention

Treat the Exposure Through RM Techniques Identify/Analyze Exposure

The Five Steps In The Risk

Management Process

1. Identify loss exposures

2. Examine potential risk management technique(s)

3. Select risk management technique(s) 4. Implement technique(s)

Why

a centralized approach to risk

management?

• globalization of fnancial and business markets, / globalisasi keuangan & bisnis

• continued integration of the insurance industry, /integrasi industri asuransi

• increased regulation,

/meningkatnya regulasi

• greater focus on corporate

governance. / lebih fokus pada tata kelola korporasi

• context of clinical governance and patient safety / clinical governance & keselamatan pasien

Definisi Enterprise Risk Management

(ERM) :

Suatu Proses yg dilakukan oleh BOD

dan manajemen di semua level unit

yang dirancang dalam suatu strategi

Institusi untuk mengidentifikasi

kejadian potensial yang dapat

ERM menggunakan

pendekatan fungsi silang

untuk ases, evaluasi, dan

mengukur semua risiko

institusi, tidak hanya

yang terkait dengan

risiko yang bisa

ditransfer seperti

The traditional six-step risk management process :

1. risk identifcation, 2. risk analysis,

3. development of alternative techniques to treat risks, 4. selection of best risk-treatment techniques,

5. implementation of selected techniques,

6. monitoring and evaluation of efectiveness of the chosen risk management techniques and strategies.

ERM expands the process to more fully integrate

risk management into the organization’ s structure. / lebih mengintegrasikan manajemen risiko kedalam struktur organisasi

This entails an interactive approach to risk

The ERM Framework KATEGORI

Achievement of Objectives

Within the context of an entity’s established mission or vision,

management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise./ Dalam

konteks menetapkan misi atau visi korporasi, manajemen menetapkan tujuan strategi, memilih strategi, dan menentukan tujuan yang sejalan dengan korporasi

Framework ERM diarahkan untuk mencapai tujuan korporasi :

EMPAT KATEGORI

1.Strategic – high-level goals, aligned with and supporting its mission / tujuan kedepan sesuai dengan misi

•Operations – effective and efficient use of its resources •Reporting – reliability of reporting

Components of Enterprise Risk Management Enterprise risk management consists of eight interrelated

components. These are derived from the way management runs an enterprise and are integrated with the management process. / ERM terdiri dari DELAPAN KOMPONEN saling terkait yang diperoleh dari cara manajemen mengelola korporasi dan integrasikan

dengan proses manajemen

DELAPAN KOMPONEN ERM :

1.Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is

viewed and addressed by an entity’s people, including risk

management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. / Lingkungan internal meliputi “Tone” organisasi, dan menetapkan dasar

2. Objective Setting – Objectives must exist before management can identify potential events afecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen

objectives support and align with the entity’ s mission and are consistent with its risk appetite. / tujuan harus ada

sebelum manajemen bisa identifkasi event yang

mempengaruhi pencapaian mereka. ERM memastikan bahwa manajemen berjalan utnuk menentukan tujuan sejalan dengan misi

3. Event Identification – Internal and external events afecting achievement of an entity’ s objectives must be identifed, distinguishing between risks and opportunities.

Opportunities are channeled back to management’ s

4. Risk Assessment – Risks are analyzed, considering

likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent

and a residual basis./ Risiko dianalisa, dihitung peluang

dan dampak, sebagai dasar menentukan mengelola risiko

5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk –

developing a set of actions to align risks with the entity’s

risk tolerances and risk appetite./ manajemen memilih

respon – tolak, terima, reduksi, atau transfer- buat aksi untuk menangani riisko sesuai toleransi & risk appetite

6. Control Activities – Policies and procedures are

established and implemented to help ensure the risk

responses are effectively carried out./ kebijakan &

7. Information and Communication – Relevant information is identifed, captured, and communicated in a form and timeframe that enable people to carry out their

responsibilities. Efective communication also occurs in a broader sense, fowing down, across, and up the entity./

informasi yang relevan diidentifkasi, dikomunikasikan dalam bentuk & jnagkawaktu yang membuat individu melaksanakan tanggungjawabnya. Komunikasi efektif juga terjadi sangat luas diseluruh korporasi

8. Monitoring – The entirety of enterprise risk management is monitored and modifcations made as necessary.

Monitoring is accomplished through ongoing

management activities, separate evaluations, or both./

ERM dimonitor & dimodifkasi jika diperlukan.

ERM considers activities at all

levels of the organization:

THREE LEVEL :

1. Enterprise-level

2. Division

3. Subsidiary

Risk Strategy •What is your organization’s

ERM strategy?

•How is the ERM strategy

communicated and executed throughout the company?

Risk Ownership •How does each division / unit team contribute to meeting the goals of the ERM strategy?

•How are teams/individuals

held accountable for success?

Risk Identification • What is your organization’s

definition of risk?

Risk Ranking •What are the estimated probability, time to impact and severi

dimensions for the top five risks? • What are the financial

consequences to you company? • Which risks are material?

• How should the identified risks be prioritized?  

Risk Treatment •How are these risk currently managed?

•Is the approach effective?

Risk Solutions •What risk management processes are appropriate based upon the findings of the above elements? •What action plans should be in place?

Areas to Assess

Risiko tidak terjadi secara terisolasi (silos) namun diidentiifkasi secara kelompok dan dikategorikan dlm Domain Risiko :

1. Operational 2. Financial

3. Human Capital 4. Strategic

DOMAIN RISIKO :

1.Risiko operasional. timbul dari praktik bisnis utama organisasi. Dalam organisasi kesehatan, risiko operasional terkait dengan pelayanan

kesehatan.

2.Risiko keuangan. berhubungan dengan

kemampuan organisasi untuk meningkatkan dan mempertahankan akses ke modal, masalah

kontrak, biaya risiko, dan evaluasi dukungan

pemasok. Domain ini termasuk risiko memenuhi syarat untuk risiko pembiayaan, seperti

3. Risiko modal manusia. kemampuan

organisasi untuk memperoleh, mengelola, dan mempertahankan pekerja. Kompensasi

pekerja, pekerjaan dan lingkungan bahaya, omset, absensi, kekerasan di tempat kerja, pelecehan, dan diskriminasi masuk dalam domain ini

4. Risiko strategis. Risiko yang berdampak

5. Hukum dan peraturan risiko. termasuk risiko yang terkait dengan aturan yang diamanatkan, peraturan, UU dan standar. Dalam pelayanan kesehatan, peraturan dan standar2 ini banyak dan rumit. Contoh akreditasi dan privasi dan peraturan keamanan.

6. Risiko teknologi. berhubungan dengan

teknologi baru. Ini adalah domain resiko yang tumbuh dalam pelayanan kesehatan dan

termasuk perangkat biomedis, telemedicine, obat elektronik, sistem informasi manajemen risiko

Areas to Assess

1. Operational risks 2. Financial

3. Human capital 4. Strategic

Enterprise Risk Management

Operational

Operational

Strategic

Strategic Financial_Financial Human Capital_{Human Capital}

Legal/

Regulatory

Legal/

Regulatory

ASHRM Handbook

ASHRM Handbook

Technology

Assessment Model

PATIENT /

ORGANIZATION

Operational

Legal/Regulatory

Enterprise Risk Management

Assessment

Areas To Assess:

Operational

 Quality initiatives

 Risk management

Areas To Assess:

A Board’s Legal Risks

 _{Duty to}

supervise/manage  _{Select competent}

physicians

 _{Conflict of interests}  _{Provide adequate}

facilities and equipment

 _{Provide adequate}

 _{Provide satisfactory} patient care

 _{Select competent} administrator

 _{Require competitive} bidding

 _{Provide safe} environment

Areas To Assess:

Operational

 _{Credentialing and staffing}

– Initial appointment

– Reappointment

Areas To Assess:

Operational

● _Clinical

– Patient communication

– Patient care records

– _{Confidentiality}

– _{Informed decision making} – _{Telephone protocols}

– Tracking diagnostic information

Areas To Assess:

Operational

● _Clinical

– Patient satisfaction/complaints

– Referrals and consultations

– _{Coverage issues} – _{Infection control} – _{Medication safety}

– Emergency response

Areas To Assess:

Operational

 _{General Liability Assessment Topics}

– Safety program

– Security program

– _{Facility management}

 _{Parking (lighting, location, security)}

Assessment Model

PATIENT /

ORGANIZATION

Operational

Human Capital

Legal/Regulatory

Enterprise Risk Management

Assessment

Financial

Areas To Assess:

Financial

 _{Risk Financing Treatments}

– Insurance

– Self-insurance

 _{Ability to raise capital}  _{Reimbursement}

Areas To Assess:

Financial

 _{Contract Administration}

– Scope of service and method of payment /

ruanglingkup layanan dan metode pembayaran

– Professional services provided / layanan profesional

– Quality expectations / ekspektasi mutu

– Contractual terms

– Termination provisions

– Risk-sharing agreements

– Apparent agency liability

– Hold harmless and indemnity agreements

Assessment Model

PATIENT /

ORGANIZATION

Operational

Legal/Regulatory

Enterprise Risk Management

Assessment

Areas To Assess:

Human Capital

 _{Employment Practices/ Human} Resources Topics

– Workers’ compensation

– Harassment

– Negligent firing

– Discrimination

– _Testing

– Background checks

– Grievance procedures

Areas To Assess:

Human Capital

 _{Employment Practices/Human Resources Topics}

– _Education

 orientation

 continuing education

 CPR

– Employee health  _exposures

– Employee assistance programs (EAPs)

Areas To Assess:

Human Capital

 _{Environmental issues related to} employees

– Safety

– Security

Assessment Model

PATIENT /

ORGANIZATION

Operational

Legal/Regulatory

Enterprise Risk Management

Assessment

Areas To Assess:

Strategic

 _{Strategic plan and mission}

– Immediate goals vs. long range goals  _{Business ventures}

– Mergers

– Acquisitions and divestitures

– Joint ventures

 _{Competition’s status}  _{Advertising liability}  _{Reputational risks}

– Patient and community relations

– Media relations

Areas To Assess:

Strategic

 _{New Projects and Services Topics}

– “Fit” with existing organization structure

– Identification of insurance needs

– Staff requirements

– Contract needs

– Competitive impacts

– Process development  Policies/procedures

Areas To Assess:

Strategic

 _{Construction/Renovation}

–Licenses/permits

–Contracts

–_{Disruption of services} –_Hazards

 _{Air quality}

 Interim and design safety

–Communication issues

Assessment Model

PATIENT /

ORGANIZATION

Operational

Legal/Regulatory

Enterprise Risk Management

Assessment

Areas To Assess:

Legal and Regulatory

 _{Statutes, standards and regulations}

– Federal, state and local impacts  _Licensure

Areas To Assess:

Legal and Regulatory

 _{Corporate Compliance Program/Interface}

– Identification of related compliance factors / identifikasi faktor terkait kepatuhan

– Compliance assessment results / hasil asesmen kepatuhan

– _{Program components - education,}

reporting, data maintenance, review, monitoring

Assessment Model

PATIENT /

ORGANIZATION

Operational

Human Capital Legal/Regulatory

Enterprise Risk Management

Assessment

Financial

Strategic

Areas To Assess:

Technology

 _{Information systems}  _Telemedicine

 _Equipment

Areas To Assess

 _{Setting priorities for program development /} buat prioritas untuk pengembangan program

– Utilize information from external and

internal assessment sources / gunakan informasi dari sumber ekstrenal & internal

– _{Goals should be:}

 Flexible

 Short and long term

– _{Priorities should be:}