Introduction to Risk Management

Questions and Answers

Which of the following best describes the concept of risk, as defined in risk management?

• The probability of an outcome having a negative effect on people, systems, or assets. (correct)
• The certainty of loss in a given situation.
• The potential for profit in a business venture.
• The guarantee that an accident will occur.

In risk management, what differentiates a 'definite' expense from a risk?

• A definite expense cannot be insured, while risk can
• A definite expense involves uncertainty, while risk is planned in advanced.
• A definite expense is a certain cost that is planned for, while risk involves uncertainty about a potential loss. (correct)
• A definite expense only applies to individuals, while risk applies to businesses.

How does the availability of malpractice insurance affect the medical profession, according to the content?

• It may cause some physicians to refuse to practice medicine if it is not available. (correct)
• It is irrelevant to most physicians' decisions to practice medicine.
• It increases the cost of medical services without improving quality.
• It encourages unnecessary medical procedures to increase profits.

What does an entity's 'cost of risk' encompass?

Expenses of strategies to finance potential losses, unreimbursed losses, risk reduction outlays, and opportunity costs due to risk considerations. (D)

What is the primary difference between pure risk and speculative risk?

Pure risk involves uncertainty with potential for loss only, while speculative risk involves uncertainty with potential for either profit or loss. (B)

What is the key difference between subjective and objective risk?

Objective risk is precisely observable and measurable, while subjective risk is an individual's mental state of doubt or worry. (A)

Which situation is an example of a 'property risk' source of risk?

A building being damaged by a tornado. (B)

What is the potential outcome of liability risks for organizations or individuals?

Legal judgments resulting in payments to compensate injured parties. (B)

Which of the following falls under the category of financial risks?

Risks that include credit, foreign exchange, product, and interest rate risks. (D)

In the context of risk measurement, what does the term 'peril' refer to?

A specific contingency that may cause a loss. (C)

What is the definition of 'hazard' in the context of risk management?

Conditions that increase the likelihood or severity of a loss. (D)

How is 'moral hazard' defined in risk management?

Intentional actions designed either to cause a loss or to increase its severity, or a change in attitude that can occur when insurance is available to pay for loss. (A)

What does integrated risk management aim to achieve in a firm?

Managing all forms of risk, regardless of their type. (D)

In the context of a firm's risk management activities, what is the role of a 'risk manager'?

To oversee the firm's risk exposures, and to manage risk. (A)

According to Joint Commission International, what activities are undertaken by organizations to manage risk?

Clinical and administrative activities to identify, evaluate, and reduce risks to patients, staff and visitors and risk of loss to the company. (D)

What does a 'defined scope of activities' in a risk management program include?

Ongoing efforts to identify and reduce risk and to respond to errors ranging from 'no harm' to sentinel events. (B)

Why is it important to ensure that all applicable functions of an organization are integrated into a risk management program?

To ensure collective participation and a comprehensive approach to risk reduction. (B)

What is the primary objective of a risk management program related to payments of claims?

To reduce and control the number and size of payments of claims. (D)

Which of the following best describes the 'authority' attribute of a risk management program?

The Risk Manager has the power and respect to enact the change in practice, and deals with highly sensitive and confidential information that directly affects the hospital public image and financial status. (B)

How does 'visibility' contribute to the effectiveness of a risk management program?

Through representation in committees, participation in educational activities, and daily interaction with the staff. (C)

Why is 'communication' important in risk management?

To advise leadership on risk management implications of major decisions and to be informed about proposed mergers, acquisitions and joint ventures to participate in the due diligence process. (D)

What does 'coordination' entail in the context of risk management?

Maintaining relationships with other departments and functions like the CEO, nursing, and education officer. (D)

What is the significance of 'accountability' in a risk management program?

Preparing reports to senior management and the governing body on claims, insurance, and risk management activities and documents the progress made towards strategic objectives. (C)

Which of the following is a primary function of a risk management program?

Prevention of undesirable patient safety occurrences through the identification and reduction of risks. (D)

Which of the following activities is a successful risk manager expected to perform?

Identify and apply appropriate risk financing techniques. (C)

Which role does the risk manager play in relation to the board of an organization?

Educating the board on significant claims, trends, and issues and cost of risk, annual report of the scope, goals and effectiveness of the risk management program. (A)

Which of the following positions is typically a member of a risk management committee?

CEO, Patient Safety and Risk Manager, Chief Medical Officer. (A)

What is the purpose of a Risk Assessment?

To evaluate risk but also help in measuring and reviewing the risk; assessment of risk identify also the nature of risk associated. (A)

What does Risk Evaluation involve?

Working out the likelihood of threats and assessing their impact, which gives you a value for the risk. (C)

Why is it important to choose cost effective approaches when managing risks?

Because there is no point in spending more to eliminating a risk than the cost of the event if it occurs. (B)

What are the potential characteristics of regular reviews in risk management?

Testing systems and plans appropriately. (D)

What is the overarching goal of a contingency plan?

To create recovery/response entry, and define the roles and responsibilities of key employees. (D)

What are examples of 'natural disasters', in the context of disaster classification?

Natural disasters-These disasters include flood, fire, earthquake, tornado, and pollution. (C)

What is the definition of a 'disaster recovery plan'?

A plan that Provides detailed step-by-step procedures for the recovery and operation of mission critical systems. (B)

What is one aspect of a contingency plan?

Your plans also must identify key individuals responsible for implementing recovery actions specify actions and sequences required to allow essential functions to continue; and identify procedures for restoring services to the original processing sites. (A)

What is the purpose of including a database with contact information in a crisis management plan?

A database with the names, phone/page/fax/cellular numbers, e-mail and postal addresses of everyone on the team. (B)

What actions facilitate the rapid response during a crisis?

Determining the crisis' origin and scope, monitoring the crisis, and informing those affected. (D)

What does a pre-preparedness plan entail?

A pre-preparedness plan should include pre-disaster actions to protect people, business property -including data -and facilities. (D)

What should the possible incidents list include?

This list should include all possible incidents no matter how remote the likelihood of their occurrence. (D)

What is the purpose of the PROTECTION phase during disaster prevention and continuity?

Local mirrors of systems and/or data and use of disk protection technology & surge protectors. (D)

Flashcards

Risk (CCOHS Definition)

The chance or probability of harm or adverse health effect when exposed to a hazard; also applies to property/equipment loss or environmental harm.

Risk (UNDRR Definition)

The probability of an outcome having a negative effect on people, systems, or assets, influenced by hazards and vulnerabilities.

Pure Risk

Risk exists when there is uncertainty as to whether loss will occur; no possibility of gain presented, only potential for loss.

Speculative Risk

Risk exists when there is uncertainty, producing either a profit or a loss.

Subjective Risk

Refers to the mental state of an individual experiencing doubt or worry over the outcome of a given event.

Objective Risk

Differs from subjective risk: the probable variation of actual from expected experience, is more precisely observable, measurable

Property Risks

Risk that property may be damaged, destroyed, or stolen.

Liability Risks

Legal judgments may result in payments to compensate injured parties, even defence costs.

Life and Health Risks

The possibility of untimely death, illness, or injury leading to income loss.

Financial Risk

Includes credit, foreign exchange, product, & interest rate risk; needs identification & assessment to achieve firm goals.

Chance of Loss

The long-term chance of occurrence or relative frequency of loss.

Hazards

Conditions that increase the chance of a loss for a peril or make the loss more severe once it occurs.

Physical Hazard

A condition stemming from the material characteristics of an object.

Moral Hazard

Stems from an individual's mental attitude, associated with intentional actions that cause loss or increase its severity.

Risk Management

Process used to systematically manage risk exposures, intent to manage all forms of risk, regardless of type.

Risk Management Program

Clinical and administrative activities organizations undertake to identify, evaluate, and reduce the risk of injury or loss.

Scope of Activities

Ongoing proactive efforts to identify and reduce risk, responding to errors (from 'no harm' to 'sentinel'.)

Objectives of a Risk Program

Identify risks, reduce claims, decrease costs, improve methods.

Authority

Risk Manager deals with sensitive information, is member of management, reports to CEO.

Visibility

Risk Manager is in committees, shares, and interactively educates.

Communication

Advice leadership on implications

Coordination

Maintains formal relationships with other departments and functions.

Accountability

Prepares periodic reports summarizing claims, insurance and activities

Function of a Program

Identify trends in patient safety issues.

Successful Risk Manager

Identify and monitor risk management policies/procedures.

Organization Governance

Responsibilities for the risk management program.

Risk Manager's Board Role

New members' orientation, presentations, and annual reporting on scope and goals.

Hospital Support Programs

Environment focused, environmental equipment safety

Risk vs Quality Management

Component of the overall quality management umbrella.

Risk Assessment

Careful examination of potential harm to people at work, assessing precautions.

Risk Levels

High, Moderate, Low

Risk Evaluation

Calculating value of risk; estimating likelihood and cost impacts.

Managing Risk

Choosing cost-effective approaches to manage risks.

Reviews

Regular examination for improvements.

Contingency Goal Planning

Establish a communications system, create recover/response entry, roles and responsibilities of key employees

Natural Disasters

Tornadoes and earthquakes

WE Made Disasters

Walkout, interruption, damage, robbery and virus

Disaster Recovery Plan

Recovery of mission details via step-by-step, including responding and recovering.

Contingency Planning

Identifying key roles, specific actions to essential functions and backup.

Crisis Management Plan

Database with names, phone numbers, roles

Study Notes

Introduction to Risk Management

• Module 3 introduces the topic of risk management.
• The outline includes; Introduction to Risk, The Risk Management Program, Steps in Risk Management, and Contingency Planning.

Definitions of Risk

• Risk is defined as the chance or probability that a person will be harmed or experience an adverse health effect due to a hazard and it also applies to property/equipment loss or harmful effects on the environment (CCOHS).
• Risk is defined as the probability of an outcome having a negative effect on people, systems, or assets and is depicted as a function of hazards, those exposed to hazards, and vulnerability (UNDRR).

Introduction

• Risk with regards to the possibility of loss can be especially problematic.
• If there is certainty of a loss, it may be planned for and treated as a definite, known expense in advance.
• Risk becomes a problem when there is uncertainty about the occurrence of a loss.

The Burden of Risk

• Some risks involve only the possibility of loss.
• Risks surrounding potential losses create economic burdens for businesses, governments, and individuals in the form of potential losses.
• Billions of dollars are spent each year to finance potential losses, however those losses not planned for in advance can cost even more.
• Risk of loss may deprive society of services judged to be too risky.
• Without malpractice insurance, many physicians would refuse to practice medicine.

Weighing Risk

• Businesses may try to either avoid risk of loss or to reduce its negative consequences.
• An entity's cost of risk is the sum of expenses of strategies to finance potential losses, the cost of unreimbursed losses, outlays to reduce risks, and opportunity costs of activities forgone due to risk considerations.

Pure vs. Speculative Risk

• Pure risk exists when there is uncertainty as to whether loss will occur, with no possibility of gain, only the potential for loss.
• Speculative risk exists when there is uncertainty about an event that can produce either a profit or a loss.
• Both pure and speculative risks may be present in some situations.

Subjective vs. Objective Risk

• Subjective risk refers to the mental state of an individual who experiences doubt or worry as to the outcome of a given event.
• It is essentially the psychological uncertainty that arises from an individual's mental attitude or state of mind.
• Objective risk differs from subjective risk in that it is more precisely observable and measurable.
• It is the probable variation of actual from expected experience.

Sources of Risk

• Property risks: Risk that property may be damaged, destroyed, or stolen. Examples include lightning, tornadoes, hurricanes, explosions, riots, collisions, falling objects, floods, earthquakes, freezing, etc.
• Liability risks: Legal judgments may result in payments to compensate injured parties as well as to punish those responsible for the injuries.
• Even if the individual is absolved of liability, the expenses involved in the defense may be substantial.
• All individuals who own or use real property are susceptible to liability losses if others are injured on their premises.
• Life and health and loss of income risks: The possibility of the untimely death of a star salesperson, the potential death of a parent with young children and Employees who become ill or injured in accidents
• Financial risk includes credit risk, foreign exchange risk, product risk, and interest rate risk
• These risks must be identified and assessed in order for the firm to achieve its business goals.

Measurement of Risk

• Chance of loss is the long-term chance of occurrence, or relative frequency of loss. Meaningful only when applied to the chance of loss occurring among a large number of possible of events. Expressed as the ratio of the number of losses that are likely to occur compared to the larger number of possible losses in a given group
• Peril is a specific contingency that may cause a loss
• Hazards are conditions that exist which either increase the chance of a loss for a particular peril or tend to make the loss more severe once the peril has occurred

Hazards

• Physical hazard: A condition stemming from the material characteristics of an object.
• An example of physical hazard is an icy street, where it makes the occurrence of a collision more likely to occur.
• Moral hazard: Stems from an individual's mental attitude, often associated with intentional actions designed either to cause a loss or to increase its severity.
• Moral hazard can also describes the change in attitude that can occur when insurance is available to pay for loss, such as the tendency for individuals to consume more health care if the costs are covered by insurance.

Management of Risk

• Risk management: Process used to systematically manage risk exposures
• Integrated risk management and enterprise risk management are used with the intent to manage all forms of risk, regardless of type.
• Many businesses have special departments charged with overseeing the firm's risk management activities.
• The head of such a department often is called a risk manager.
• Some firms have formed risk management committees and some firms have created the position of chief risk officer to coordinate the firm's risk management activities.
• The Risk management process includes: Identifying, Assessing, Selecting and Evaluating

The Risk Management Program

• Definition: Clinical and administrative activities that organizations undertake to identify, to evaluate, and to reduce the risk of injury to patients, staff, and visitors and the risk of loss to the organization itself (Joint Commission International).

Constituents of a Risk Management Program

• A defined scope of activities, including ongoing proactive efforts to both identify and reduce risk, as well as to respond to errors (from patterns of "no harm” errors to “near misses” to sentinel events).
• A designated, qualified individual or interdisciplinary group to manage the program (typically individuals may include directors of quality/performance improvement, risk managers, safety officers, or clinical leaders).
• Mechanisms to ensure that all applicable functions of the organization are integrated into and participate in the program.
• Policies, procedures, and staff education plans to reduce and control risk to patients and employees.

Objectives of the Program

• Identify risk exposures.
• Reduce and control the number and size of payments of claims.
• Reduce the cost of risk.
• Identify the most economical approaches to risk financing.
• Improve quality and safety.

Attributes of the Program

• Authority
• Visibility
• Communication
• Coordination
• Accountability

Authority

• Risk Manager has authority and respect to enact the change in practice. Deals with highly sensitive and confidential information that directly affects the hospital public image and financial status
• Risk Manager should be a member of the management team. Reports to the CEO.

Visibility

• Risk manager should be represented in committees, participate in educational activities such as orientation and in-service education and have daily interaction with the staff

Communication

• Risk manager should be represented in committees, advise leadership on risk management implications of major decisions and should be informed about proposed mergers, acquisitions and joint ventures to participate in the due diligence process.

Coordination

• Risk manager maintains both formal and informal relationships with other departments and functions.
• The Risk manager should closely coordinate their efforts with the CEO, nursing and department managers, performance improvement program, infection control program, safety officer, patient affairs representative, employee health program, health information manager, medical director, patient accounts, education officer, and human resources manager.

Accountability

• Risk Manager should prepare periodic reports to senior management and the governing body. Reports summarize claims, insurance, and risk management activities. Documents the progress made towards strategic objectives.

Functions of the Program

• Review of all patient safety occurrences at the hospital (Inpatients & Outpatients).
• Prevention of undesirable patient safety occurrences through the identification and reduction of risks.
• Ongoing surveillance, assessment of risks by reviewing the patient care policies, procedures and practices.
• Recommendation of necessary interventions required for risk prevention and risk reduction.
• Staff education on subjects dealing with patient safety and occurrence reporting, and identification of trends and patterns in patient safety issues.

Successful Risk Manager

• Identify potential sources for loss faced by the healthcare organization.
• Assess potential economic loss identified exposures.
• Apply loss control techniques to minimize losses.
• Identify and apply appropriate risk financing techniques.
• Implement and monitor risk management policies and procedures.
• Maintain confidentiality.
• Adhere to risk management ethics.

Risk Manager and The Board

• The governance of the organization is the source of responsibilities for the risk management program.
• The Risk Manager carries out delegated authority and responsibility of the CEO.
• Risk Manager's role in educating the board includes: new members' orientation, periodic presentations, and regular reporting on significant claims, trends, issues and cost of risk, annual report of the scope, goals and effectiveness of the risk management program.

Risk Management Committee

• Chief Executive Officer (CEO).
• Patient Safety and Risk Manager (Secretary).
• Chief Medical Officer.
• Director of Nursing.
• Quality Coordinator/Manager.
• Director of Emergency Department.
• Infection Control Officer.
• Other selected members of the hospital management team.

Support Hospital Programs

• Quality Management
• Patient Safety
• Environmental Safety and Medical Equipment
• Laboratory and Radiation Safety
• Health Information (Medical Records)

Integration With Quality Management

• Risk management is a key component of the overall quality management umbrella.
• Risk management needs good outcomes, and good outcomes require good quality management.
• A comprehensive QM/RM system is designed to gather and evaluate important information on all undesirable events or trends.

Steps in Risk Management

• Identify
• Assess
• Treat
• Monitor & Report

Risk Assessment

• A risk assessment is simply a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm.
• It not only helps one to evaluate the risk but also help in measuring and reviewing the risk.
• Assessment of risk identify also the nature of risk associated

Risk Levels

• Extremely high, mission failure is hazardous
• High, degraded mission capabilities
• Moderate, expected degraded capabilities
• Low, expected losses have no impact on mission success

Risk Evaluation

• Once you have identified the threats you face, the next step is to work out the likelihood of the threat being realized and to assess its impact.
• One approach to this is to make your best estimate of the probability of the event occurring, and to multiply this by the amount it will cost you to set things right if it happens.
• This gives you a value for the risk.

Managing Risk

• Once you have worked out the value of risks you face, you can start to look at ways of managing them.
• When you are doing this, it is important to choose cost effective approaches - in most cases, there is no point in spending more to eliminating a risk than the cost of the event if it occurs.

Reviews

• Once you have carried out a risk analysis and management exercise, it may be worth carrying out regular reviews.
• These might involve formal reviews of the risk analysis or may involve testing systems and plans appropriately.

Contingency Planning

• Goal of contingency planning; is to establish a communication system, create recovery/response entry, and define the roles and responsibilities of key employees.

Disaster Calssification

• Natural disasters: Includes floods, fires, earthquakes, tornadoes, pollution, etc
• WE made disasters: Human error and intervention may be intentional or unintentional which can cause massive failures such as loss of communication and utility. These disasters include walkout, damage, robbery, virus, interruption

Common Threats

• Disease
• Natural disaster
• Fires
• Overflow
• Cyber attack
• Terrorism

Defining a Disaster Recovery Plan

• Provides detailed step-by-step procedures for the recovery and operation of mission critical systems. Also includes detailed procedures for responding to emergencies and performing post-disaster recovery efforts.

Defining Contingency Planning

• Your plans also must identify key individuals responsible for implementing recovery actions specify actions and sequences required to allow essential functions to continue; and identify procedures for restoring services to the original processing sites.
• Scenario format, to be followed when implementing backup and recovery actions.
• Contingency plan is that of an in-depth procedure manual for recovery team members to make decisions regardless of the disaster situation

Crisis Management Plan Includes

• Database with the names, phone/page/fax/cellular numbers, e-mail and postal addresses of everyone on the team
• Assigned roles and procedures for everyone on the crisis team
• Multimedia database with critical information on the organization's plants, offices, personnel, products and services that can be quickly accessed and analysed
• Commercial databases that complement proprietary databases
• Means for everyone on the team to access the databases and collaborate from remote locations globally

Facilitate The Rapid Response For

• Determining the crisis' origin and scope
• Monitoring the crisis
• Acknowledging the organization's responsibilities
• Taking prudent action to end the crisis
• Informing all those affected about how to protect themselves
• Updating those affected continuously via interactive communications and the media

Pre-Preparedness Plan

• A pre-preparedness plan should include pre-disaster actions to protect people, business property -including data -and facilities; a pre- defined emergency shutdown and evacuation procedure; and off-site storage of backed up information.
• Analyse your risk
• Create a disaster recovery plan
• Provide your staff with disaster recovery training
• Regularly audit your disaster recovery systems and procedures

Possible Incidents

• This list should include all possible incidents no matter how remote the likelihood of their occurrence.
• Against each item listed the project team or manager should note a probability rating. Each incident should also be rated for potential impact severity level, in context of the real needs of the organization.

Protection

• Local mirrors of systems and/or data and use of disk protection technology
• Surge protectors —to minimize the effect of power surges on delicate electronic equipment
• Fire preventions -alarms, fire extinguishers

Disaster Response

• Required responses to a disaster
• Determine a disaster condition
• Notify persons responsible for recovery
• Initiate the Institute's Business Continuity Plan
• Provide support services to aid recovery

The Recovery phase

• Critical Functions
• Essential Functions
• Necessary Functions
• Desirable Functions

Impact Analysis

• The impact analysis should quantify the effects of a disaster as much as possible.
• Hard dollar figures

Recovery Kit

• The crisis management command structure, and the location of a secondary work site (where necessary)
• Telecommunication architecture between primary and secondary work sites
• Data replication methodology between primary and secondary work sites
• The application and software required at the secondary work site.
• The type of physical data requirements at the secondary work site.
• Includes: Important clients and their contact details, Important vendors/suppliers and their contact details, Changes in upstream/downstream supplier routes, and business cards and brochures