ENTERPRISE RISK MANAGEMENT

Transcription

1 ENTERPRISE RISK MANAGEMENT MICHAEL L. SOMICH EXECUTIVE DIRECTOR, OFFICE OF INTERNAL AUDITS AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois

2 Organization 2 MANAGEMENT STRUCTURE DUKE UNIVERSITY University/Campus DUMAC Duke Medicine Schools LEGAL STRUCTURE School of Medicine School of Nursing Duke University Health System DUKE UNIVERSITY University/Campus Schools School of Medicine School of Nursing DUMAC Duke University Health System

3 Health System Data 3 Number of hospitals 3 Number of beds 1,512 Number of physicians approximately 2,700 FY 13 Net Patient Service Revenues $2.4 billion

4 Enterprise Risk Management 4 Owner CEO/VP Administration i ti (Chief of Staff) Facilitator Chief Compliance Officer Process Began in 2006 Objectives Outcomes

5 ENTERPRISE RISK MANAGEMENT DAVID HUGHES AVP, ENTERPRISE RISK MANAGEMENT & BUSINESS CONTINUITY PLANNING OFFICE AHIA 32nd Annual Conference August 25-28, 2013 Chicago, Illinois

6 About HCA Holdings, Inc. Hospital Corporation of America (HCA) 6 Corporate Headquarters in Nashville, TN 162 Hospitals 112 Surgery Centers 20 states and England Public Company (3/9/11) New York Stock Exchange $28B Total Assets $33B Annual Net Revenue 204, Employees 145 Internal Auditors ERM Program started 13 years ago

7 ERM & Business Continuity Planning Office Lines of Reporting & Accountability 7 Emergency Preparedness Program Enterprise Risk Management Program Sarbanes-Oxley Program Chairman and CEO Executive Committee Chair Chief Medical Officer & President, Clinical Svcs Steering Committee Chair David Hughes AVP, ERM & BCP Office Program Leader Chairman and CEO Senior Vice President Internal Audit David Hughes AVP, Enterprise Risk Management & Business Continuity Planning Office Enterprise Risk Management Business Continuity Sarbanes-Oxley Planning Certification Process President & CFO Program Sponsor SVP, Internal Audit Steering Committee Chair VP, Internal Audit Director Enterprise Business Continuity Planning David Hughes AVP, ERM & BCP SOX Certification Director, IA SOX 404 Leader Staff Enterprise Business Continuity Planning Internal Audit Dept. Resources

8 8 ERM Environment Update HCA Enterprise Risk Management Process

9 9 Risk Assessment Scope of Interview/Survey Process Interviews Conducted: 9/21-12/12/ Surveys Received: 9/6-10/16/12 Interviewed Surveyed Interviewed Surveyed Board Members Executive Management Division Presidents and CFOs Hospit al CEOs, CFOs, COOs & CNOs Parallon Business Performance Group CEOs, CFOs & COOs Parallon Supply Chain Services SCOs/CEOs, CFOs & COOs IT&S VPs Ambulat ory Surgery Division CFOs Interview/Survey Total Combined Total

10 10 Risk Assessment Risk Identification Process We asked the following questions: What are the top three business risks (in priority order) the Company faces over the next two years that could have a significant adverse effect on the Company s ability to achieve its strategic and/or financial objectives? What are some of the things the Company is doing to help manage/mitigate g/ g each of these three risks? In your opinion, are these risk mitigation strategies effective? Interviewees top three risks were ranked on a 5, 3, 2 point scale, respectively.

11 ENTERPRISE RISK MANAGEMENT CLAIRE MEEHAN EXECUTIVE DIRECTOR ENTERPRISE RISK MANAGEMENT AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois

12 About Kaiser Permanente 12 Founded in 1945, Kaiser Permanente is one of the nation s largest not-for-profit health plans, serving more than 9 million members Serves 9 states and the District of Columbia 180,000 employees Nearly 17,000 physicians 37 hospitals 600+ medical offices $50+ billion annual revenues

13 Care we Deliver 13 In a year, we provide about 60 million prescriptions 40 million office visits 10 million e-visits 400,000 surgeries 90, babies bi delivered d

14 ERM Program 14 With executive and board level support, ERM was established as a program in 2011 and reports to Chief Strategic Planning Officer. Objectives: Provide senior management and board with understanding of enterprise risk exposure and how it is being managed Ensure sound planning, focusing on major risks Develop more integrated approach to risk management

15 ERM Framework 15 Our ERM Framework includes five components: Risk governance Risk assessment and profile Risk quantification and aggregation Risk monitoring and reporting Risk and control optimization

16 ERM Development Principles 16 ERM connects and communicates the risk management work of the organization. Principles: Flexible to adapt to the organization s needs (principles based not rules based) Develop internally, integrating with existing structures, processes, and work Complement and connect the existing risk management work of the organization Practical / common sense

17 Key Takeaways 17 Early and visible involvement of Senior Leadership One process does not fit all; look at what you have and make it work from there Take your time; it does not need to be done all at once Board support and direction are important

18 Save the Date September 21-24, rd Annual Conference Austin, Texas 18