Top

Published in:

Open Access 01-12-2018 | Research article

Development of an enterprise risk inventory for healthcare

Authors: Ana Paula Beck da Silva Etges, Veronique Grenon, Ming Lu, Ricardo Bertoglio Cardoso, Joana Siqueira de Souza, Francisco José Kliemann Neto, Elaine Aparecida Felix

Published in: BMC Health Services Research | Issue 1/2018

Abstract

Background

The first phase of an enterprise risk management (ERM) program is the identification of risks. Accurate identification is essential to a proactive and effective ERM function. The authors identified a lack of such risk identification in the literature and in practical cases when interviewing the chief risk officers from healthcare organizations. A risk inventory specific to healthcare organizations that includes detailed risk scenarios and risk impacts currently does not exist. Thus, the objective of this research is to develop an enterprise risk inventory for healthcare organizations to create a common understanding of how each type of risk impacts a healthcare organization.

Method

ERM guidelines and data from 15 interviews with chief risk officers were analyzed to create the risk inventory. The identified risks were confirmed through a survey of risk managers from a range of global healthcare organizations during the ASHRM conference in 2017. Descriptive statistics were developed and cluster analysis was performed using the survey results.

Results

The risk inventory includes 28 risks and their specific risk scenarios. Cyberattack was ranked as the principal risk by the participants, followed by sentinel events and risks associated with human capital management (organizational culture, use of electronic medical records and physician wellness). The data analysis showed that the specific characteristics of the survey participants, such as the length of time working in risk management, the size of the organization, and the presence of a school of medicine, do not impact an individual’s opinion of the importance of the risks identified. A personal background in risk management (clinical or enterprise) was a characteristic that showed a small difference in the perceived importance of the risks from the proposed risk inventory.

Conclusions

In addition to defining specific risk scenarios, the enterprise risk inventory presented in this research can contribute to guiding the risk identification phase of an ERM program and thereby support the development of a risk culture. Patient data security in hospitals that operate with high levels of technology is fundamental to delivering high quality and safe care to patients. At the top of the risk ranking, the identification of cyberattacks reflects the importance that healthcare risk managers place on this risk by allocating time and other resources. Exploring opportunities to improve cyber risk management and evaluating the benefits of using the risk inventory at the beginning of the risk identification phase in an ERM program are suggestions for future studies.

Available only for authorised users

Damodaran A. Gestão estratégica do risco. Bookman Editora; 2008.

Aven E, Aven T. On the need for rethinking current practice that highlights goal achievement risk in an Enterprise context. Risk Anal. 2015;35:1706–16.CrossRefPubMed

Committee of Sponsoring Organizations of the Treadway Commission. COSO Enterprise Risk Management: Integrating with Strategy and Performance. 2017; June.

Woodruff JM. Consequence and likelihood in risk estimation: a matter of balance in UK health and safety risk assessment practice. Saf Sci. 2005;43:345–53.CrossRef

Card AJ, Ward JR, Clarkson PJ. Trust-level risk evaluation and risk control guidance in the NHS east of England. Risk Anal. 2014;34:1469–81.CrossRefPubMed

Purdy G. ISO 31000: 2009—setting a new standard for risk management. Risk Anal. 2010;30:881–6.CrossRefPubMed

ISO. ISO 31000:2018 Risk Management Guidelines. 2018.

COSO. Enterprise Risk Management Integrated Framework 2004.

Carroll BR. Identifying risks in the realm of enterprise risk management. J Healthc Risk Manag. 2016;35(3):24–30.CrossRefPubMed

10.

Cagliano AC, Grimaldi S, Rafele C. Choosing project risk management techniques. Theoretic Framework J Risk Res. 2015;18:232–48.CrossRef

11.

Anthony Cox L. What’s wrong with risk matrices? Risk Anal. 2008;28:497–512.CrossRef

12.

Etges APB da S, Souza JS, Kliemann Neto FJ, Felix EA. A Proposed Enterprise Risk Management Model for Health Organizations. J Risk Res 2018;21:1-19.

13.

COSO. Gerenciamento de Riscos Corporativos - Estrutura Integrada. 2007.

14.

Briner M, Kessler O, Pfeiffer Y, Wehner T, Manser T. Assessing hospitals’ clinical risk management: development of a monitoring instrument. BMC Health Serv Res. 2010;10:337. https://doi.org/10.1186/1472-6963-10-337.CrossRefPubMedPubMedCentral

15.

ASHRM. Enterprise risk management. Framework Success. 2014;6:53–73.

16.

HIROC. HIROC Integrated Risk Management ( IRM ) Initiative HIROC Integrated Risk Management ( IRM ) Initiative. 2014; October:1–7.

17.

National Patient Safety Agency (NPSA). A risk matrix for risk managers. NHS. 2008; January:1–18.

18.

AON. 2014 US Industry Report Healthcare 2014.

19.

Etges APB da S, Grenon V, Souza JS, Kliemann FJN, Felix EA. Economic Enterprise risk management innovation program in healthcare (E2RMhealthcare). Value Heal Reg Issues. 2018;17C:102–8.CrossRef

20.

Selltiz C, Wrightsman LS, Cook SW. Research methods in social relations. New York: Holt, Rinehart and Winston; 1976.

21.

Fávero LP, Belfiore P, da Silva FL, Chan BL. Análise de dados: modelagem multivariada para tomada de decisões. 2009.

22.

Bromiley P, McShane M, Nair A, Rustambekov E. Enterprise risk management: review, critique, and research directions. Long Range Plan. 2015;48:265–76. https://doi.org/10.1016/j.lrp.2014.07.005.CrossRef

23.

Celona J, Driver J, Hall E. Alue-driven ERM: making ERM an engine for simultaneous value creation and value protection. J Healthc Risk Manag. 2010;30 WINTER:15–33.

24.

Kind T, Genrich G, Sodhi A, Chretien KC. Social media policies at US medical schools. Med Educ Online. 2010;15(1):5324.

25.

Chervenak FA, McCullough LB. Responsibly managing the medical school-teaching hospital power relationship. Acad Med. 2005;80:690–3.CrossRefPubMed

26.

Oppenberg AA. Our ASHRM journey continues: ERM for our patients’ safety. J Healthc Risk Manag. 2013;33:1–1. https://doi.org/10.1002/jhrm.21119.PubMedCrossRef

27.

Aon Inpoint. Global Cyber Market Overview. 2017; June. doi: http://www.aon.com/attachments/risk-services/cyber/Cyber.pdf.

28.

O’dowd A. Major global cyber-attack hits NHS and delays treatment. BMJ Br Med J. 2017;357.

29.

Davis J. Insiders, hackers causing bulk of 2017 healthcare data breaches. Healthcare IT News. 2017. https://www.healthcareitnews.com/news/insiders-hackers-causing-bulk-2017-healthcare-data-breaches.

30.

JCI. Joint Commission International International Standards for Hospitals. 5th ed; 2014. p. 309.

31.

Valentin A, Capuzzo M, Guidet B, Moreno RP, Dolanski L, Bauer P, et al. Patient safety in intensive care: results from the multinational sentinel events evaluation (SEE) study. Intensive Care Med 2006;32:1591–1598.

32.

Kohn LT, Corrigan JM, Donaldson MS. To err is human: building a safer health system. Washington: National Academies Press; 2000.

33.

Corrigan JM. Crossing the quality chasm. Build a better Deliv Syst. 2005.

34.

Welp A, Meier LL, Manser T. The interplay between teamwork, clinicians’ emotional exhaustion, and clinician-rated patient safety: a longitudinal study. Crit Care. 2016;20:1–10. https://doi.org/10.1186/s13054-016-1282-9.

35.

Wallace JE, Lemaire JB, Ghali WA. Physician wellness: a missing quality indicator. Lancet. 2009;374:1714–21.CrossRefPubMed

36.

Troyer GT, Brashear AD, Green KJ. Managing corporate governance risks in a nonprofit health care organization. J Healthc Risk Manag. 2005;25:29–34.CrossRefPubMed

37.

Teoh SY, Cheong C. Implicit enterprise risk management: an IT healthcare adoption case study. ACIS 2008 Proceedings. 2008;8.

38.

Sodomka P, Spake MA, Rush JJ Jr. Enterprise-wide effort brings patient perspective into mix. J Healthc Manag. 2010;29(4):28-32.

39.

Haney JR, Church J, Cockerill R. Pursuing enterprise risk management: a local road map for Canadian healthcare leaders. Healthc Manag Forum. 2013;26:145–9. https://doi.org/10.1016/j.hcmf.2013.05.004.CrossRef

Title: Development of an enterprise risk inventory for healthcare
Authors: Ana Paula Beck da Silva Etges
Veronique Grenon
Ming Lu
Ricardo Bertoglio Cardoso
Joana Siqueira de Souza
Francisco José Kliemann Neto
Elaine Aparecida Felix
Publication date: 01-12-2018
Publisher: BioMed Central
Published in: BMC Health Services Research / Issue 1/2018
Electronic ISSN: 1472-6963
DOI: https://doi.org/10.1186/s12913-018-3400-7

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

Development of an enterprise risk inventory for healthcare

Abstract

Background

Method

Results

Conclusions

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

Abstract

Background

Method

Results

Conclusions

Please log in to get access to this content

Other articles of this Issue 1/2018

Anticipating the potential for positive uptake and adaptation in the implementation of a publicly funded online STBBI testing service: a qualitative analysis

Cost-effectiveness in extracorporeal life support in critically ill adults in the Netherlands

Hospital-acquired fever in oriental medical hospitals

Delay in reviewing test results prolongs hospital length of stay: a retrospective cohort study

Use of shared care and routine tests in follow-up after treatment for localised cutaneous melanoma

An integrated oral health program for rural residential aged care facilities: a mixed methods comparative study