Risk Management and Liability
Q 1. Explain how enterprise risk management is or is not different from basic risk management
Risk is an event that may deter a business achieving its objectives. The ISO 3100 defines risk as the effect of uncertainty on objectives (ISO STANDRADRS p.1). The consequences of the impact of risks in a business are manifested in terms economic results and professional reputation. Therefore, organization needs to manage risks effectively in order to perform and achieve business goals in the environment of full uncertainty. Risk management, according to the ISO 3100, can be assessed as an architectural ensemble that includes principles, framework, and management process. In other words, risk management is a coordinated as a set of activities and methods, which an organization uses to reduce, or avoid the impact of an uncertain event, which may avert in achieving business goals. Basic risk management categorizes pays attention to risks individually while enterprise risk management encompasses all risks, both pure and speculative, across the enterprise in one basket (Clear Risk). Brannan and Taylor (2006) explain that basic risk management identifies risks in separate risk areas. For example, in health care industries the insurance department handles insurance risks; sales or marketing department handles market risks; occupational safety department handles employee injury risk, and the quality department handles patient safety. However, an adverse effect from a risk does not cause harms to one single department, but to the whole enterprise. Todays competitive business environment requires proactive risk assessment method while basic risk management uses reactive method. Basic risk management does not consider the issue of the amount of risk an entity is willing to accept for expected returns, as well as management of emergent risks while enterprise risk management framework considers these issues extending the enterprise significant flexibility. The discussion mentioned above shows that enterprise risk management is entirely different from the basis risk management by character and method of implementation.
Q 2. Explain figure 5 on page 9 of the Brannan and Taylor paper on ERM
Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a non-profit independent organization of the United States that accredits and certifies health care organization in the country (The Joint Commission). JCAHO, in order to evaluate the safety and the quality of the medical care has established certain patient serving parameters for the health care organizations. These parameters for a health care organization are called National Patient Safety Goals (NPSG). The goals stipulate proper identifications of patient, timely basis communication in getting test results, use of medication properly, implementation of evidence based practice for preventing infections, and prevention of patients from falling (Massachusetts Department of Higher Education). One of the important goals of the healthcare organization is to maintain JCAHO accreditation by following NPSG. ERM proposes a fusion model that incorporates specific process within the healthcare organization that ensures continued readiness for a JCAHO survey (Brannan & Taylor, 2006). The figure 5 represents the ERM fusion model, which proactively takes care of JCAHOs requirement on NPSG. The ERM fusion model is nothing but a framework in averting risk of losing the JCAHO accreditation. The framework envisages necessary management to avoid NPSG risks. For example, proactive measure of insufficient or non-existent documentation eliminates risk of proper identification of patient; proactive measure in the use of non-calibrated and non-verified equipment eliminates the risk associated with patients infections etc. The framework outlines 10 items associated with proactive risk management strategy that relates to the entire organization. The figure 5 on page 9 of the Brannan and Taylor paper on ERM, in fact, is a vivid example about how ERM strategy can reduce or entirely eliminate business risk. The presented fusion model at the same time incorporates some of the COSO recommended eight elements that encompass the ERM framework. These elements are education and internal environment, objective setting, risk assessment, control activities, and monitoring (Brannon & Taylor, 2006).
Q 3. Explain Figure 2 Risk Heat Map- on page 6 of the University of Regina document
It has been established that some events and trends are considered as risk factors, which adversely affect the enterprises in achieving the business goals. Risk heat map is a two-dimensional pictorial form that displays risk management actions against events and trends associated with risks (University of Regina, 2006). The concept of the heat map is graphically presented here; in this case it is a 3 x 3 matrix that displays risk management activities. Of course, the risk management action matrix can be expanded if an entity can develop more likelihood and impact attributes. The principle idea of the map is based on the concept of ERM, which emphasizes that certain risk factors require actions and effort while other may be accepted for the greater benefit.