Tag: ERM

What Risk Managers Can Learn from the Coronavirus Crisis

The alarming spread of the new coronavirus and its potential effect on the global business environment can be seen in recent financial market adjustments. The hyper-quick emergence of this risk is likely to spur a number of questions for risk managers whose organizations have international reach:

  • What happens if the coronavirus expands and becomes a pan-Asia crisis?
  • What do we do if our supply chain in large parts of Asia is threatened?
  • Does potential market upheaval have the potential to threaten critical capital projects?
  • Will this disrupt R&D that relies on technical research taking place in the region?

As troubling as these questions are, there is a wider view that is potentially even more unsettling.

The curse of living in interesting times

“May you live in interesting times” is a proverb that was supposedly intended as a curse upon enemy states. Recent events demonstrate why that should not be considered a blessing. Houston endured a 500-year flood three years in a row. Preemptive power shutdowns last year in Northern California illustrate the effects of colliding risks (wildfires from extended droughts and inadequate energy infrastructure) on the business environment. Geopolitical risks with far-reaching ramifications (from the unknowns of Brexit to the escalating tensions between the U.S. and Iran) are mushrooming.

Applying a traditional approach to enterprise risk management in such turbulent times could lead to disastrous results. Fortunately, the coronavirus crisis offers three valuable lessons that could help all organizations be much better prepared to face similar challenges.

read more

Three trends from the 2020 Origami Risk User Conference

Origami Risk users gathered in San Antonio from January 12-16 for our 2020 User Conference. The fifth such event hosted by Origami, this iteration of the conference was the largest to date, with more than 500 people representing organizations from across the risk and insurance industry in attendance.

Collaborative, hands-on learning opportunities led by members of the Origami service team ranged from “boot camps”—introductions to the system for newer users—to instruction on setting up dashboards and reports to more advanced topics such as system administration. Attendees also had the opportunity to meet with an Origami expert for one-on-one sessions for a closer look at specific features or areas of the system they wanted to know more about.

Client co-presenters led sessions covering a wide range of topics including GRC, underwriting, safety, audits, and claims administration, to name just a few. As in previous years, the delivery of actual use cases and the opportunity for those attending sessions to ask questions about the ways in which Origami Risk is being used to address “real world” challenges provided a unique opportunity for peer-to-peer learning. read more

Hospital staff burnout, part 2: How healthcare ERM can prevent burnout

As the hospital burnout crisis continues to make headlines, healthcare organizations are in need not only of solutions that address the consequences of burnout, but also strategies for preventing burnout in the first place. As discussed in part 1 of this series, the right healthcare risk management technology can play a role in efforts to ensure physicians are more fully engaged. Physicians who feel connected to the core purpose of their work are less likely to burn out, and more likely provide quality patient care.

Another approach to addressing clinician burnout is the establishment of an organization-wide plan to monitor, analyze, and, ultimately, prevent the condition from occurring. Efforts to mitigate burnout will likely come from many directions within an organization, but to streamline the process and get everyone on the same page, a logical but perhaps unexpected place to start is with the hospital risk management team. Healthcare risk managers can play a crucial role in successfully preventing burnout by viewing burnout like the other risks they manage, developing a healthcare enterprise risk management (ERM) framework, and leveraging the technology they already work with on a daily basis.

read more

ERM – Moving beyond enterprise risk assessments and risk heat maps

Enterprise risk assessment and risk heat map in the risk management process

Risk assessments and heat maps remain central components in most enterprise risk management (ERM) programs. Yet there is considerable debate about their effectiveness and both tools have no shortage of critics. In 2011 Howard Sklar, a Forbes contributor, outlined one of the most popular criticisms regarding companies that viewed risk assessments as a document instead of a risk management process. He noted, “Companies that fail in this way are often trying to check the risk-assessment box on their program. That’s fine, as far as it goes. At first glance, a risk assessment seems like a low-ROI effort. You put in time and potentially money, and you get back a piece of paper laying out what you already know.

Similarly, others deride heat maps as nothing more than “colorful guesses.” Brian Priezkalns, in the not-too-subtly titled article, Why I hate Heat Maps, says “Heat maps are just a terrible terrible terrible way to understand, communicate about, and decide how to respond to risks. They either mess up what you already knew, or they hide the fact you are too ignorant to make a rational decision. Everything that can be done with heat maps would be done better with actual numbers.”

If the risk assessment and risk heat map have such fierce critics, then why are they still central to most ERM programs? In this article, we’ll examine what drives the limitations, and the key missing ingredient that turns them into powerful assets. read more

GRC: Where to start? Productive healthcare ERM tools

Coordinated care in hospitals starts with the right GRC tools and ERM framework.

In November 2018, Baylor St. Luke’s Medical Center in Houston made two medical errors, the second of which lead to the death of a 75-year-old patient. After an investigation by the Houston Chronicle and ProPublica, the Centers for Medicare and Medicaid Services issued a report in early 2019 that outlined a pattern of blood labeling errors at the hospital. A ProPublica article on the report states:

Dr. Ashish Jha, an expert in hospital quality, reviewed the government’s findings and said it appeared St. Luke’s was struggling to meet basic care standards. The labeling mistakes, he said, seemed indicative of ‘a broader systemic problem.’… St. Luke’s appeared to miss warning signs in the months prior to the deadly mistake, according to the government report.

The “broader systemic problem” Dr. Jha mentions is, unfortunately, not unique to St. Luke’s. Many hospitals and healthcare systems face organization-wide, process-related issues, especially in a modern healthcare landscape that’s rife with change. Mergers, multiple technology platforms, and changing healthcare policies, to name just a few, contribute to widespread miscommunication and a lack of transparency. This, in turn, jeopardizes the overall quality of care within these organizations.

Hospitals can stem the scope of these issues by implementing a healthcare enterprise risk management (ERM) program. Healthcare ERM establishes a standardized framework for identifying risk across an organization, encourages cross-departmental collaboration, and shifts hospitals from a reactive clinical risk program to a proactive holistic risk management program. A straightforward process, along with the right technology that leverages healthcare analytics, can help to make this shift effective.

read more

Facing the challenge of reputation management in higher education

Reputational risk in higher ed needs proactive reputation management

The Operation Varsity Blues scandal has heightened reputation management concerns across the higher education community. Seeing how quickly any college or university can suffer reputational damage, and how lasting that damage can be, underscores how valuable an institution’s reputation is, and how critical it is to safeguard it.

The book Reputation management: The key to successful public relations and corporate communication by New York University professors John Doorley and Helio Fred Garcia opens with a quote from Warren Buffet who addressed a group of Salomon Brothers managers in 1991 after the firm became mired in a high-profile trading scandal: “If you lose dollars for the firm by bad decisions, I will be very understanding. If you lose reputation for the firm, I will be ruthless.”

Although numerous surveys show that many leaders of higher education institutions place the same value on reputation as Buffet does, effectively managing these risks remains elusive. In fact, most cannot even define what reputation is.

Defining Reputational Risk

In the article How to Manage Reputation Risk, Nir Kossovsky addresses the definitional ambiguity directly. “From your boardroom and C-suite to the SEC and Office of the Comptroller of the Currency, everyone agrees reputation risk exists, yet few can describe it. However, this isn’t as difficult as it seems.” Kossovsky defines reputation as the expectation of behavior that is set by stakeholders. “Customers have expectations when they buy products or services, employees have them when they accept jobs, vendors have them when they partner, creditors and investors have them, and even regulators have them.” For colleges and universities, this extends to the communities that house them, the potential pool of students and parents considering attendance, research partners, and the other organizations that interact with them.

read more

How ERM technology helps financial institutions address Matters Requiring Attention (MRAs)

Complying with Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulations is a major challenge for financial institutions. Those found with deficient practices are subject to receive a Matter Requiring Attention (MRA) notification. The Office of the Comptroller of the Currency (OCC) states, “MRAs communicate specific supervisory concerns identified during examinations in writing to boards and management teams of regulated institutions. MRAs must receive timely and effective corrective action by bank management and follow-up by OCC examiners.”

This combined requirement of timeliness and proof of effectiveness makes delivering an acceptable response particularly challenging. Unfortunately, MRAs are not uncommon. The article Get to Know the “5 Cs” — BSA Matters Requiring Attention notes, “Most banks receive some sort of finding or ‘Matter Requiring Attention’ (MRA) or ‘Matter Requiring Immediate Attention’ (MRIA) regarding their BSA Program during a BSA exam.” Given the likelihood of receiving an MRA, and the burden associated with the response, developing a robust process to handle them is essential.

This post will examine how the right Enterprise Risk Management (ERM) system is uniquely suited to not only help efficiently and effectively respond to the challenges associated with MRAs, but also (when properly configured) help minimize them.

To understand how this is possible it is useful to “learn from the mistakes of others.”

read more

Looking to launch an ERM program? Borrow ideas from startups

Implementing an enterprise risk management (ERM) program can be a daunting, intimidating project. Trying to introduce new frameworks and controls across the organization, roll up risk reporting from the unit to enterprise level, and initiate discussions with the board that lead to action can be overwhelming. Using techniques proven to work with startups, however, can make the process far more manageable and increase the odds for success.

Startup incubators often promote a few common themes:

  • Let customers/market dictate the product
  • Scale it down – start small and go live fast
  • Do the research and learn about the market
  • Get feedback as quickly as possible
  • Fail silently – incorporate lessons learned without dragging the whole effort down

These techniques suggest that the traditional high-profile, enterprise-wide rollout of a new ERM program may not always be the best way to launch. Instead, focusing on the smallest scale project—one with the potential to yield meaningful results—and relying on a customer-driven approach may be the key to creating a sustainable, effective ERM program.

read more

Partner with legal when selecting RMIS and GRC technology

The responses to a recent Deloitte-commissioned survey of 300 in-house legal executives contain good news for those working closely with in-house legal departments on risk management and compliance-related issues. An executive summary of survey results, Going beyond risk and compliance: Enabling the Legal function to embrace digital transformation, indicates that a majority of respondents feel that in-house legal departments are aware of and open to the use of technology in efforts to make risk management and compliance more efficient and cost-effective.

While there is a willingness to move forward with the use of technology to automate repetitive tasks, improve collaboration, and proactively contribute to the overall strategy of their organizations, there is still work to be done. “Despite encouraging levels of awareness and signs of adaptability, survey respondents have revealed that there is still progress needed before the Legal function fully embraces digital opportunities,” write the study authors. “When they do this, Legal will be able to revamp its approach to risk management and compliance, thus becoming more agile, more integrated and more value-driven, playing an integral role in the delivery of corporate strategy.”

read more

Looking back at 2018 — Five RMIS trends

The risk management industry certainly had an eventful 2018. As the calendar closes out another year, we’ve picked five prominent trends that may impact your organization in the upcoming year.

1. Increasing Damage from Natural Disasters and Extreme Weather

The 2018 list of major natural disasters is notable for its scope and intensity. From Japan’s flooding and mudslides to California’s wildfires to an unprecedented global heatwave, records for severity and damage were shattered throughout the year. One article noted that, “Nationwide, 8.5 million acres, an area larger than Maryland, have burned this year to date.” Unfortunately, extreme weather and increased natural disasters are becoming more commonplace.

In the article Step up your disaster preparedness, don’t wait for the news report, we discussed how to combine audit technology with weather alerts to develop a preparedness solution that works in real-time and ensures your organization is tested and ready when the next emergency hits.

2. Telematics Emerging in Fleet Management

Consumer adoption of telematics continued at a strong pace, particularly with drivers in the youngest age range, where some studies estimate four in five drivers have telematic-based policies. While the use of telematics to enhance fleet management programs has been underway for some time, the value of this data is becoming more clear.

read more