Risk Management and Liability
Q 1. Explain how enterprise risk management is or is not different from basic risk management
A risk is an event that may deter a business from achieving its objectives. The ISO 3100 defines risk as to the effect of uncertainty on objectives (ISO STANDRADRS p.1). The consequences of the impact of risks in a business are manifested in terms of economic results and professional reputation. Therefore, the organization needs to manage risks effectively to perform and achieve business goals in an environment of full uncertainty. Risk management, according to the ISO 3100, can be assessed as an architectural ensemble that includes principles, framework, and management process. In other words, risk management is a coordinated set of activities and methods, which an organization uses to reduce or avoid the impact of an uncertain event, which may avert in achieving business goals. Basic risk management categorizes pays attention to risks individually while enterprise risk management encompasses all risks, both pure and speculative, across the enterprise in one basket (Clear Risk). Brannan and Taylor (2006) explain that basic risk management identifies risks in separate risk areas. For example, in health care industries the insurance department handles insurance risks; the sales or marketing department handles market risks; the occupational safety department handles employee injury risk, and the quality department handles patient safety. However, an adverse effect from risk does not cause harm to one single department, but the whole enterprise. Today's competitive business environment requires a proactive risk assessment method while basic risk management uses a reactive method. Basic risk management does not consider the issue of the amount of risk an entity is willing to accept for expected returns, as well as management of emergent risks while enterprise risk management framework considers these issues extending the enterprise significant flexibility. The discussion mentioned above shows that enterprise risk management is entirely different from basic risk management by character and method of implementation.
Q 2. Explain figure 5 on page 9 of the Brannan and Taylor paper on ERM
Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a non-profit independent organization of the United States that accredits and certifies health care organizations in the country (The Joint Commission). JCAHO, to evaluate the safety and the quality of medical care, has established certain patient-serving parameters for the health care organizations. These parameters for a health care organization are called National Patient Safety Goals (NPSG). The goals stipulate proper identifications of patients, timely basis communication in getting test results, use of medication properly, implementation of evidence-based practice for preventing infections, and prevention of patients from falling (Massachusetts Department of Higher Education). One of the important goals of the healthcare organization is to maintain JCAHO accreditation by following NPSG. ERM proposes a fusion model that incorporates specific process within the healthcare organization that ensures continued readiness for a JCAHO survey (Brannan & Taylor, 2006). Figure 5 represents the ERM fusion model, which proactively takes care of JCAHOs requirement on NPSG. The ERM fusion model is nothing but a framework in averting the risk of losing the JCAHO accreditation. The framework envisages necessary management to avoid NPSG risks. For example, a proactive measure of insufficient or non-existent documentation eliminates the risk of proper identification of patients; a proactive measure in the use of non-calibrated and non-verified equipment eliminates the risk associated with patients infections, etc. The framework outlines 10 items associated with a proactive risk management strategy that relates to the entire organization. Figure 5 on page 9 of the Brannan and Taylor paper on ERM, in fact, is a vivid example of how ERM strategy can reduce or eliminate business risk. The presented fusion model at the same time incorporates some of the COSO recommended eight elements that encompass the ERM framework. These elements are education and internal environment, objective setting, risk assessment, control activities, and monitoring (Brannon & Taylor, 2006).
Q 3. Explain Figure 2 Risk Heat Map- on page 6 of the University of Regina document
It has been established that some events and trends are considered as risk factors, which adversely affect the enterprises in achieving the business goals. A risk heat map is a two-dimensional pictorial form that displays risk management actions against events and trends associated with risks (University of Regina, 2006). The concept of the heat map is graphically presented here; in this case, it is a 3 x 3 matrix that displays risk management activities. Of course, the risk management action matrix can be expanded if an entity can develop more likelihood and impact attributes. The principle idea of the map is based on the concept of ERM, which emphasizes that certain risk factors require actions and effort while others may be accepted for the greater benefit.