Blog

Three trends from the 2020 Origami Risk User Conference

Origami Risk users gathered in San Antonio from January 12-16 for our 2020 User Conference. The fifth such event hosted by Origami, this iteration of the conference was the largest to date, with more than 500 people representing organizations from across the risk and insurance industry in attendance.

Collaborative, hands-on learning opportunities led by members of the Origami service team ranged from “boot camps”—introductions to the system for newer users—to instruction on setting up dashboards and reports to more advanced topics such as system administration. Attendees also had the opportunity to meet with an Origami expert for one-on-one sessions for a closer look at specific features or areas of the system they wanted to know more about.

Client co-presenters led sessions covering a wide range of topics including GRC, underwriting, safety, audits, and claims administration, to name just a few. As in previous years, the delivery of actual use cases and the opportunity for those attending sessions to ask questions about the ways in which Origami Risk is being used to address “real world” challenges provided a unique opportunity for peer-to-peer learning. read more

Why the California Consumer Privacy Act (CCPA) may be the tip of the regulatory iceberg for compliance

On January 1, 2020, a new California regulation went into effect that may push many unsuspecting enterprises doing business in the state into costly noncompliance while also introducing reputational risk and threatening their brands. The California Consumer Privacy Act (CCPA) grants new consumer rights related to data storage, use, and protection. Companies failing to comply with these rules can be fined up to $7,500 for each violation. Despite the potential impacts, a recent survey by the IT security firm ESET shows how ill-prepared most enterprises are regarding this new compliance obligation:

  • Nearly half of all respondents had never heard of CCPA
  • More than 8 in 10 respondents did not know if the law even applied to their business
  • A third of executives were unsure if their organizations needed to change how consumer data was stored/processed
  • Nearly 1 in 4 respondents “didn’t care” about becoming compliant
  • More than half had not performed a risk assessment on cybersecurity within the past year

Given the stakes involved, this broad lack of urgency is concerning but not all that surprising. A DataGrail survey indicated that despite investing thousands of hours and being given a two-year head start, only half of the companies reported achieving compliance with the General Data Protection Regulation (GDPR), a similar data privacy regulation in Europe. Additionally, 70% of enterprises admitted the systems they were currently using to comply would not scale. When the pace of regulatory change is accelerating so rapidly, most enterprises are being caught flat-footed.

read more

The Importance of GRC as a Risk Initiative: Q&A with Mary Upshaw

Origami Risk has expanded its operations in the UK, Europe, and Middle East due to rapid growth in the region. Mary Upshaw, Head of Professional Service – EMEA at Origami, discusses the current risk landscape, expected trends, and the role technology plays in an effective GRC programme.

From the perspective of a client executive who is working very closely with UK and EMEA-based organisations, what are the most pressing issues risk managers face in regards to GRC?

There are a few that come to mind. The first is dealing with regulatory change. How do organisations stay on top of risk associated with regulatory compliance when the landscape is constantly changing, the jurisdictions that companies reside in are growing, and laws around privacy are growing?

The second is getting different groups and departments within an organisation to work together toward a shared GRC approach. For example, there might be an internal controls team that rolls up through the CFO; an enterprise risk management (ERM) team that works for the CRO; a business continuity management (BCM) unit that flows through a CTO; and a compliance group that reports to the general counsel’s office. Risk managers need to set a tone that conveys that all of these groups must work together in order to reap the benefits of GRC.

read more

The power of portals: How public entities are improving reporting and delivering next-level services

Female worker in front of van with mobile device

Failure to report incidents and safety hazards can have wide-ranging ramifications, impacting employees and their families, public agencies, and the community as a whole. Making work, and workplaces, safer requires the cooperation of everyone—staff, employees, and citizens.

User-friendly and easily accessible tools such as custom risk portals and mobile forms can streamline any project that requires the capture of data—from exposure values and certificates of insurance (COI) details to driver certification information and more. Made available to employees and members of the public for the reporting of incidents, hazards, and near misses, portals and mobile forms help simplify and standardize what is often an arduous and inefficient process. This not only makes reporting these types of events more likely, but also for a more efficient and accurate reporting process.

Making it easier for employees and members of the public to report accidents, damage, and potential hazards has numerous benefits. Among them, a reduction in administrative overhead and decreased lags in reporting, as well as improved transparency and trust. Perhaps most importantly, access to this data can help risk managers and safety professionals identify trends and take proactive, strategic action to reduce future losses or eliminate them altogether.

read more

Create a High-Reliability Hospital with Healthcare Risk Management Software

Hospitals and healthcare systems looking to prioritize patient and employee safety often phrase their initiative as a way to reduce adverse events. The word “reduce” implies that the number of adverse events can be lowered but not eliminated entirely. It implies that some adverse events are simply unavoidable.

But what if organizations changed their mindset? What if the end goal was, in fact, to eliminate adverse events? A hospital without patient safety events may seem like an impossibility, but as more and more organizations are learning, zero harm doesn’t have to be a miracle scenario.

“Many hospitals are embracing the values of high-reliability organizations and occupations like air traffic control towers, nuclear power plants, wildlife fire fighters and astronauts,” states the article 5 Traits of High Reliability Organizations: How to Hardwire Each in Your Organization. “The paradigm works remarkably well in the promotion of patient safety and efficient healthcare delivery.”

High reliability organizations are organizations that operate in complex, high-hazard domains for extended periods without serious accidents or catastrophic failures…High reliability organizations cultivate resilience by relentlessly prioritizing safety over other performance pressures. – Patient Safety Network’s Patient Safety Primer

Where to Start

According to Anne Marie Benedicto, vice president of the Joint Commission Center for Transformation Healthcare, although hospital and healthcare staff may desire to become a high-reliability organization, they often don’t know how to begin. “Transforming to high reliability is a multiyear process,” she said in a Q&A with Becker’s Hospital Review. “And it is probably the biggest change initiative any healthcare organization can undertake right now.”

read more

ERM Done Differently

Those in the risk management field have heard plenty about the benefits of establishing an enterprise risk management (ERM) program. In some cases, they’ve likely heard too much. Lost in debates about frameworks or which acronym to employ (ERM vs. IRM vs. GRC) is the answer to the question, “How do I actually establish an ERM program that produces tangible, measurable results?”

An ERM program doesn’t have to be overly complicated. (Really!) Neither does it have to be an academic exercise that takes you away from critical daily tasks. When ERM is done right, it’s tied directly to your organization’s central strategic goal and consists of clearly laid-out, doable steps.

You can launch a manageable and sustainable ERM program. You can get everyone on board with the process. You can find success without losing your mind.

You can do ERM differently.

Focus on execution

ERM isn’t a magical, all-knowing tool into which issues are input and solutions spit out. ERM is a considered process that forces you to ask the right questions—questions that lead to the right preventative measures. So when embarking on the creation of an ERM program, your focus should be on execution: What actions am I not taking today that I should be taking in order to get out in front of risks?
read more

Don’t Miss the Digital Transformation

Heracleitus says, you know, that all things move and nothing remains still, and he likens the universe to the current of a river, saying that you cannot step twice into the same stream. — Plato, Cratylus

Regardless of industry or company size, an evolving risk environment necessitates an approach to managing risk that is both strategic and dynamic. In order to successfully implement a risk management program that accounts for this reality, you’ll need the right risk management technology—and the appropriate level of support behind it.

Is your RMIS capable of keeping up?

Platform flexibility allows organizations to tailor workflows that adapt to changes in risk and safety processes, rather than the other way around. And although it’s not uncommon to have concerns about changing systems, the move to a more configurable RMIS typically contributes to significant leaps forward in data collection, analysis, compliance, and day-to-day efficiency.

A case study featuring DHL, the world’s leading postal and logistics company, details the benefits that can come from making a switch to a more configurable RMIS. Following a change to Origami Risk from the legacy system previously used to centralize its loss and risk information, DHL saw rapid improvements in accident reporting, the handling of claims data, policy management, and document management. The DHL risk management team was also able to take advantage of Origami’s flexibility to set up an integration with daily video feeds from delivery vehicle dash-cams.

read more

Are you and your RMIS ready for change?

Heracleitus says, you know, that all things move and nothing remains still, and he likens the universe to the current of a river, saying that you cannot step twice into the same stream. — Plato, Cratylus

Regardless of industry or company size, an evolving risk environment necessitates an approach to managing risk that is both strategic and dynamic. In order to successfully implement a risk management program that accounts for this reality, you’ll need the right risk management technology—and the appropriate level of support behind it.

Is your RMIS capable of keeping up?

Platform flexibility allows organizations to tailor workflows that adapt to changes in risk and safety processes, rather than the other way around. And although it’s not uncommon to have concerns about changing systems, the move to a more configurable RMIS typically contributes to significant leaps forward in data collection, analysis, compliance, and day-to-day efficiency.

A case study featuring DHL, the world’s leading postal and logistics company, details the benefits that can come from making a switch to a more configurable RMIS. Following a change to Origami Risk from the legacy system previously used to centralize its loss and risk information, DHL saw rapid improvements in accident reporting, the handling of claims data, policy management, and document management. The DHL risk management team was also able to take advantage of Origami’s flexibility to set up an integration with daily video feeds from delivery vehicle dash-cams.

read more

4 Areas of Focus for Improving the Patient Experience

In an age where customer experience reigns supreme, the healthcare industry is beginning to view processes and outcomes through a similar lens. Hospitals and healthcare systems are businesses. Patients are customers. And customers must have a positive experience in order to continue using the services of a business. Patient experience is a term often applied broadly to initiatives such as reducing hospital stay length and readmission rates, cutting down incidences of patient safety events, and ensuring patients feel seen and heard.

In an effort to get a hold of this new way of thinking, hospitals are adding patient experience leaders to their staff and also considering the myriad sources that impact the patient experience. Risk managers and patient safety professionals have a unique opportunity to champion patient experience efforts for their organizations. Here are four areas of focus for improving the patient experience with the help of risk management best practices.

1. Get the whole organization involved and invested

With a far-reaching goal like improving patient experience, healthcare organizations will see greater success when they establish a targeted strategy and communicate that strategy clearly across all departments. In many cases, it may make sense to establish an enterprise risk management (ERM) program to make headway. As mentioned in GRC: Where to start? Productive healthcare ERM tools, “Healthcare ERM establishes a standardized framework for identifying risk across an organization, encourages cross-departmental collaboration, and shifts hospitals from a reactive clinical risk program to a proactive holistic risk management program.”

read more

How to get leadership buy-in for ERM

Before organizations can begin implementing an enterprise risk management (ERM) program, they must get buy-in from leadership. But in order for leadership to feel comfortable buying into a program, they must have sufficient evidence that it will make a difference for the organization’s overall goals.

There’s a solution to this catch-22. By having the right conversations and showing results from smaller-scale initiatives, organizations can demonstrate the value of an ERM program to leadership—and do so without the same time, effort, and resources required for a full-scale ERM operation.

Start the old-fashioned way

The right technology can be instrumental in demonstrating ERM program successes. However, before using technology to prove the benefits of an ERM program, risk managers can begin influencing leadership through small, in-person conversations.

“One of the biggest buy-in methods for a successful strategy is talk,” writes Darius Delon, AVP of risk services for Mount Royal University, in the article Putting Strategy into Risk Management. “One person at a time, one hour at a time, one advocate at a time. People will not buy-in to ERM just because they read something you put in front of them or heard at a large forum. Talk to them, work with them, get small wins…”

read more