Development of an enterprise risk inventory for healthcare
- PMID: 30041651
- PMCID: PMC6057062
- DOI: 10.1186/s12913-018-3400-7
Development of an enterprise risk inventory for healthcare
Abstract
Background: The first phase of an enterprise risk management (ERM) program is the identification of risks. Accurate identification is essential to a proactive and effective ERM function. The authors identified a lack of such risk identification in the literature and in practical cases when interviewing the chief risk officers from healthcare organizations. A risk inventory specific to healthcare organizations that includes detailed risk scenarios and risk impacts currently does not exist. Thus, the objective of this research is to develop an enterprise risk inventory for healthcare organizations to create a common understanding of how each type of risk impacts a healthcare organization.
Method: ERM guidelines and data from 15 interviews with chief risk officers were analyzed to create the risk inventory. The identified risks were confirmed through a survey of risk managers from a range of global healthcare organizations during the ASHRM conference in 2017. Descriptive statistics were developed and cluster analysis was performed using the survey results.
Results: The risk inventory includes 28 risks and their specific risk scenarios. Cyberattack was ranked as the principal risk by the participants, followed by sentinel events and risks associated with human capital management (organizational culture, use of electronic medical records and physician wellness). The data analysis showed that the specific characteristics of the survey participants, such as the length of time working in risk management, the size of the organization, and the presence of a school of medicine, do not impact an individual's opinion of the importance of the risks identified. A personal background in risk management (clinical or enterprise) was a characteristic that showed a small difference in the perceived importance of the risks from the proposed risk inventory.
Conclusions: In addition to defining specific risk scenarios, the enterprise risk inventory presented in this research can contribute to guiding the risk identification phase of an ERM program and thereby support the development of a risk culture. Patient data security in hospitals that operate with high levels of technology is fundamental to delivering high quality and safe care to patients. At the top of the risk ranking, the identification of cyberattacks reflects the importance that healthcare risk managers place on this risk by allocating time and other resources. Exploring opportunities to improve cyber risk management and evaluating the benefits of using the risk inventory at the beginning of the risk identification phase in an ERM program are suggestions for future studies.
Keywords: Enterprise risk management; Healthcare; Healthcare management; Risk analysis; Risk identification; Risk inventory.
Conflict of interest statement
Authors’ information
APBSE, Msc. Eng.: is a Researcher at the National Health Technology Assessment Institute (CNPq, Brazil), is a Professor at the School of Technology of PUCRS (Brazil), and serves as a consultant in Brazil for projects focused on measuring the economic impact of risks, assessing health technologies and developing models to improve companies’ ability to make strategic decisions.
VG, Actuary: is a fully trained actuary and serves as the Managing Director of Guy Carpenter & Company, LLC.
ML, Data Scientist: serves as a Data Scientist at The Risk Authority Stanford.
RBS, Msc. Eng.: is a researcher and a PhD student in the Industrial Engineering Program at The Federal University of the South of Brazil (UFRGS).
JSS, PhD. Msc. Eng.: serves as a Professor in the Industrial Engineering Program at The Federal University of the South of Brazil (UFRGS) and also conducts research focused on enterprise risk management.
KFN PhD. Msc. Eng.: serves as a Professor in the Industrial Engineering Program at The Federal University of the South of Brazil (UFRGS) and also conducts research focused on cost management and economic analysis.
EAF PhD. Msc. MD.: serves as a Professor in the School of Medicine at The Federal University of the South of Brazil (UFRGS) and also conducts research focused on clinical and enterprise risk management.
Ethics approval and consent to participate
All interviewees (the 15 managers in the first interviews and the 53 participants) were invited to participate and agreed to have their data analyzed.
This research was conducted by the Industrial Engineering Department of the Federal University from the South of Brazil, which approved the conduct of the research.
Consent for publication
Not applicable.
Competing interests
The authors declare that they have no competing interests.
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Figures
References
-
- Damodaran A. Gestão estratégica do risco. 2008.
-
- Committee of Sponsoring Organizations of the Treadway Commission. COSO Enterprise Risk Management: Integrating with Strategy and Performance. 2017; June.
-
- Woodruff JM. Consequence and likelihood in risk estimation: a matter of balance in UK health and safety risk assessment practice. Saf Sci. 2005;43:345–353. doi: 10.1016/j.ssci.2005.07.003. - DOI
MeSH terms
LinkOut - more resources
Full Text Sources
Other Literature Sources
Medical
