Although traditional risk management within healthcare was conceived to protect doctors and hospitals from the drastic increase in professional liability and malpractice suits in the 1970s and 1980s, ERM is considered more holistic. It accounts for multiple hot-button issues in a single run, surveying departments at financial, strategic, and operational risks, besides anticipation of unexpected one-off risks.
TRADITIONAL AND ENTERPRISE RISK MANAGEMENT DIFFERENCES
Every individual in an organization is involved in risk management in various forms daily, from the CEO to the janitor. For example, the janitor puts up a “caution” sign after cleaning the floors or at the building’s entrance on rainy days (Williams, 2019).
Insurable versus Non-insurable
Traditionally, risk management frameworks in organizations only look at insurable things. For instance, in the example about the wet floor, the sign was only put out by the janitor to warn people because the company is liable to compensate visitors and employees in the case that someone slips and gets injured. Another example may be the pursuit of insurance for all company equipment and vehicles (Williams, 2019). On the other hand, enterprise risk management (ERM) ventures beyond insurable hazards to include nontransferable insurance risks. For example, in the event of a data breach, a company with insurance gets help to offset the response costs for addressing the problem. However, the organization’s reputation, which is not insurable, may be damaged after a data breach. Thus, the company takes proactive measures to secure its information from malware, misuse, and hackers to reduce the likelihood of such occurrences (Williams, 2019).
One Dimensional Assessment versus Multi-dimensional Assessment
Although traditional risk management only looks at issues from a perspective of loss prevention, it also only considers the effects or extent of certain issues at a particular time. Emphasis on issues because in various cases, traditional risk management only looks at events that have already occurred and are bound to occur again instead of the possibility of risk (Williams, 2019). With the wet floor example in mind, a facility director or a company safety officer typically only considers what occurs in the event someone trips and falls and takes necessary action to reduce the liability insurance on this risk and safety improvements. They informally evaluate events that are certain to happen. Occasionally, traditional risk management activities also consider certain issues or risk probability that affect the organization. Though ERM also perceives impact and probability, it digs deeper to better understand potential risks and their relations to organizational mission, strategic plan, or a particular operation (Williams, 2019). In addition to impact, ERM definitely considers probability consistently instead of sporadically evaluating it, which adds the organization tremendous value.
Manages risks one-by-one vs. Analyzes material risks and how they relate
In familiar silo environments, risk management occurs on a personal basis as required. Departments only highlight risks within their own areas without communicating with other company departments (Williams, 2019). This sort of approach of risk management possibly exposes a company to much more significant risks at worst and costs the company opportunities of achieving or surpassing strategic goals. ERM employs various tools for interdependencies examination, comprehension of triggers between cumulative risk impacts risks, the risks, and more. For example, the risk tolerance and appetite tool compare risks to applicable tolerance to decide the most suitable response (Williams, 2019). During such analyses, organizations realize some over-managed risks that are below their tolerance levels.
BENEFITS OF RISK MANAGEMENT
ERM programs have often been found by organizations to provide a combination of quantitative and qualitative benefits (Kreiser, 2013). Some of the benefits of ERM include:
Creating for the Organization a More Risk Focused Culture
Organizations that enforce ERM note that focusing more on senior-level risks results in more risk discussions at every level. The resultant shift in culture allows a more open consideration of risks and silo breakdowns with respect to the risk management method (Kreiser, 2013). Discussing and communicating risks is recognized as both processes that provide the senior management with information and but a way of sharing risk information all through the company and allows better risk-related insights and decisions at all levels (Kreiser, 2013).
Standardized Risk Reporting
ERM supports better analysis, structure, and reporting of risks. Enterprise risks tracked by standardized reports can improve executives’ and directors’ focus by availing information that facilitates better risk-reducing decisions (Kreiser, 2013). The data variety (mitigation strategies, critical risk indicator status, and new risk) helps company leadership understand the most critical areas of risk.
Improved Perspective and Focus on Risks
ERM creates leading indicators to aid the detection of potential risk events and issue early warnings (Kreiser, 2013). Key risk measurements and metrics further increase analysis and reporting value and facilitate the ability to track possible changes in risk vulnerability, possibly drawing the organization’s attention to their risk profile changes (Kreiser, 2013).
DRIVERS OF EFFECTIVE ENTERPRISE RISK MANAGEMENT
Risk Management Strategies
Before employing leading concepts for risk management in identifying, analyzing, mitigating, monitoring, and reporting risks, the company should first settle on risk management priorities, approach, objectives, and risk governance format founded on its size, complexity, and model (RSM, 2018). A strategy for risk management should involve assessing the necessary competencies and roles in the management of the risk, compliance functions, reporting lines, and their positions in the organization’s structure (RSM, 2018).
Risk Ownership
The person responsible for risk response execution is often tasked with risk ownership. This allocation of accountability is inappropriate (RSM, 2018). The roles of the head of risk management functions should be communication, coordination, and administration of the risk management policies of the organization and ensuring the appropriate risk owners identify and mitigate material risks (RSM, 2018). The risk owner should also be the individual responsible for the monitoring of risk response’s effectiveness.
Competency of Risk Management
Considering risk management, employees within a firm can be divided into four groups: those in charge of risk management, those responsible for risk response execution, and those that monitor and report on risk response effectiveness (RSM, 2018). They are supposed to possess the vital skill sets, training, and experience to comprehend and effectively execute their responsibilities.
APPLICATION OF KEY DRIVERS
Healthcare firms have a chance to sooner improve to a better-integrated healthcare ERM program meaning they could achieve better benefits faster (Riskonnect, 2017). Healthcare firms can draw the following lessons from industries that employ ERM:
ERM Surpasses Compliance
Compliance should be an ERM benefit instead of its single role. Solely, compliance management accounts for risk hazards rather than the possible upsides that could boost the business value or hand them a competitive advantage (Riskonnect, 2017). To formulate a standard program that will minimize uncertainty and maximize value, look across the eight risk domains.
Risk Cultures Start at the Top
Rather than being a one-time process, ERM is a continuous program whose sustainability depends on engraining in the culture of an organization and support from the administration (Riskonnect, 2017). If the leadership is not pushing for ERM implementation, someone should push them. It is not enough to simply rely on the benefits of ERM. The pro-ERM message should be catered to the roles and interests of the administration whose support you require (Riskonnect, 2017).
Formalize Risk Management
Support and engagement of the leadership in ERM are not adequate. All leaders should be accountable and should have ERM-related responsibilities and roles assigned to them. They should be able to execute within whatever framework of ERM selected for implementation by the organization (Riskonnect, 2017). The coordination of activities around risk management is vital, and so is the adherence to workflows and processes that have been settled on.
References
Kreiser, J. (2013). Five Benefits of Enterprise Risk Management. Retrieved 2 December 2021, from https://www.claconnect.com/resources/articles/five-benefits-of-enterprise-risk-management
riskonnect.com. (2017). 5 Ways Integrated ERM Creates Value for Healthcare Organizations. Retrieved 2 December 2021, from https://riskonnect.com/healthcare/5-ways-integrated-erm-creates-value-healthcare-organizations/
rsm.global. (2018). Eight drivers of an effective enterprise risk management system. Retrieved 2 December 2021, from https://www.rsm.global/singapore/insights/our-expert-insights/eight-drivers-effective-enterprise-risk-management-system
Williams, C. (2019). 8 Ways Enterprise Risk Management is Different (…and Better) than Traditional Risk Management. Retrieved 2 December 2021, from https://www.erminsightsbycarol.com/traditional-risk-management-erm-differences/
Leave a Reply