A Healthy Appetite for Risk
Helping a large academic medical center to confidently address potential risksDOWNLOAD
The challenges of providing excellent care to the community while maintaining financial stability is a very difficult endeavor. With the changes facing healthcare today, this challenge has reached a critical stage.
The leadership at a large academic medical center recognized the need to assess their current business, operational and regulatory risks and rethink how they did business. What, if any, changes should they make to their overall business strategy? What about operations? Did the organization have the infrastructure required to react and execute effectively amid changing requirements and expectations?
This uncertainty highlighted the need to revisit the risks the organization faced in various functional and operational areas. The leaders recognized the need to obtain a broader and deeper view of the organization’s risks – one that would help them proactively identify, prioritize, mitigate and monitor the risks they were facing and give them more confidence that they were aware of key risks facing the organization.
Prior to the vast changes of the past few years, executives had felt comfortable that their own enterprise risk assessment efforts (mainly self-assessments) were acceptable. However, given the growing uncertainty in the industry, they now felt that they needed to engage more of their own practitioners and outside specialists to truly gain a clear understanding of their risks and how those risks could impact the organizations. They turned to Deloitte for help in conducting a broad enterprise risk assessment that would both cover the full spectrum of the organization’s most critical activities, and dig deeper into specific risk areas that executives suspected held as-yet-unrecognized risks.
A team of Deloitte professionals with both risk management experience and deep functional and industry knowledge worked closely with the client’s executive team, and their internal experts to develop a broad risk universe encompassing financial, strategic, operational, regulatory and reputational risks. The team then identified the organization’s 25 most significant risks to guide a deeper assessment and mitigation process, and created a robust, prioritized action plan to assist the organization in managing and mitigating these risks.
Specific areas that were identified as potential high risk areas were labor and human resources, technology, revenue cycle, supply chain and adherence to regulatory requirements. In these areas, Deloitte’s functional and industry specialists conducted interviews with key risk owners so that the organization could dig deeper into the root causes of the risk and develop clear action plans.
Deloitte professionals also evaluated the overall effectiveness of the organization’s compliance function, reviewing compliance documentation and conducting interviews with selected compliance personnel to help determine the compliance function’s maturity. The data gathered from the document reviews and interviews were compared with the eight U.S. Federal Sentencing Guidelines compliance program assessment areas, guidance from the Office of the Inspector General and other applicable regulatory and industry leading practices. The results were aligned with the organization’s 2010 strategic priorities and operational imperatives so that management could better understand which areas of the compliance function should be prioritized for improvement.
As a result of this effort, executives now have more confidence that they understand the range of risks facing the organization and how to address them. The organization is more effectively positioned to address the risks it faces, as well as to develop an effective strategy going forward to continue to monitor and mitigate these risks.