Selected Podcast
The Essential Support of Governance and Culture in Enterprise Risk Management
Support and comprehension of the principles of Enterprise Risk Management (ERM) by the Board (board or directors/trustees) is essential to the success of an Enterprise Risk Management program in any healthcare organization. The Board oversees the organization’s strategic plan and establishes a risk-aware culture by creating expectations of acceptable attitudes, behaviors and characteristics that are consistent with the organization’s core values. This podcast, the first in a series of five covering the 5 components of the COSO Framework, will provide suggestions and ideas to assist the risk manager in guiding and assisting the Board to identify, prioritize and address risks using the ERM process.
Featuring:
Sheila Hagg-Rickert recently retired following a career in healthcare risk and enterprise risk management. She has held positions as the senior corporate risk management executive for both for-profit and not-for-profit acute care and long-term care health systems, as an academic medicine enterprise risk management executive, insurance broker and risk management consultant. She served on the board of directors for the American Society for Healthcare Risk Management (ASHRM) and has presented and written extensively on health care risk management and enterprise risk management topics. She has served as team lead and faculty for the ASHRM’s HRM 3 educational module and as leader and faculty for ASHRM’s Enterprise Risk Management Certificate Program. She is a contributing author for the Risk Management for Health Care Organizations, 1st-6th editions and 1st and 2nd editions of The Enterprise Risk Management Handbook for Healthcare Attorneys published by the American Health Lawyers Association (AHLA) and served and Editor-in-Chief for the 3rd and upcoming 4th editions. Sheila served on boards of directors of both captive and commercial insurance companies and of the Texas Association for Patient Access (TAPA) and is a member of ASHRM’s ERM Task Force. Sheila holds a J.D. from the University of Iowa and Masters of Business Administration and Masters of Healthcare Administration degrees from Georgia State University and has completed the Graduate Certificate in Healthcare Corporate Compliance Program at George Washington University. She has earned Chartered Property and Casualty Underwriter (CPCU) and Certified Professional in Healthcare Risk Management (CPHRM) designations and is a Distinguished Fellow of the American Society of Healthcare Risk Management (DFASHRM).
Faye Sheppard, RN MSN JD CPHRM DFASHRM | Sheila Hagg-Rickert, JD, MHA, MBA, CPHRM, DFASHRM, CPCU
Faye Sheppard, RN MSN has over 30 years of experience in patient safety and risk management. She served as legal counsel for over 15 years in a pediatric healthcare system and for 10 years as the System Director of Risk Management in a large acute care health system. Currently, she is providing risk management and patient safety services for Patient Safety Resources and serves as vice-chairman of the hospital trustees in her community hospital. Faye has been active in the American Society of Healthcare Risk Management (ASHRM) for many years. She has been chairman of the Patient Safety Task Force and led the effort to create ASHRM’s “Patient Safety Risk Management Playbook” and the RCA facilitator and member guides. She served on ASHRM’s Board of Directors for 6 years and was ASHRM’s 2018 president. Currently, she serves as a member of ASHRM’s ERM faculty, the Leadership Task Force and Advocacy Committee. From 2013-2017, Faye was a member of the Board of Advisors for the National Patient Safety Foundation and served as a subject matter expert for its publication “RCA2 : Improving Root Cause Analyses and Action to Prevent Harm.” She is a frequent speaker and writer on risk management and patient safety topics.Sheila Hagg-Rickert recently retired following a career in healthcare risk and enterprise risk management. She has held positions as the senior corporate risk management executive for both for-profit and not-for-profit acute care and long-term care health systems, as an academic medicine enterprise risk management executive, insurance broker and risk management consultant. She served on the board of directors for the American Society for Healthcare Risk Management (ASHRM) and has presented and written extensively on health care risk management and enterprise risk management topics. She has served as team lead and faculty for the ASHRM’s HRM 3 educational module and as leader and faculty for ASHRM’s Enterprise Risk Management Certificate Program. She is a contributing author for the Risk Management for Health Care Organizations, 1st-6th editions and 1st and 2nd editions of The Enterprise Risk Management Handbook for Healthcare Attorneys published by the American Health Lawyers Association (AHLA) and served and Editor-in-Chief for the 3rd and upcoming 4th editions. Sheila served on boards of directors of both captive and commercial insurance companies and of the Texas Association for Patient Access (TAPA) and is a member of ASHRM’s ERM Task Force. Sheila holds a J.D. from the University of Iowa and Masters of Business Administration and Masters of Healthcare Administration degrees from Georgia State University and has completed the Graduate Certificate in Healthcare Corporate Compliance Program at George Washington University. She has earned Chartered Property and Casualty Underwriter (CPCU) and Certified Professional in Healthcare Risk Management (CPHRM) designations and is a Distinguished Fellow of the American Society of Healthcare Risk Management (DFASHRM).
Transcription:
Bill Klaproth:Welcome to the ASHRM Podcast, made possible by the American Society for Healthcare Risk Management to support efforts to advance safe and trusted healthcare through enterprise risk management. You can visit ASHRM, that's A-S-H-R-M.org/membership to learn more and to become an ASHRM member. I'm Bill Klaproth.
In this podcast, we're going to talk about boards, how to educate a board on ERM, how they should engage in the ERM process and what can a board do to promote a risk aware culture, as we talk about the essential support of governance and culture in enterprise risk management.
With me is Sheila Hagg-Rickert. She has held positions as the senior corporate risk management executive for both for-profit and not-for-profit acute care and long-term care health systems as an academic medicine enterprise risk management executive, insurance broker, and risk management consultant; and Faye Sheppard, risk management and patient safety services for patient safety resources. She is also the vice chairman of the board of trustees for Cuero Regional Hospital. Sheila and Faye, thank you so much for your time. I appreciate it.
So let's jump into this. Faye. Let me start with you. What are some educational resources that can be utilized to educate the board on ERM?
Faye Sheppard:Well, ASHRM really has quite a few resources that can be utilized. There's a specific white paper that addresses ERM with boards. And in fact, it's called Implementing ERM for Boards and Trustees, Leveraging the Value. And that's brief paper that can actually be downloaded from the ASHRM website. And I always tell people, go to ASHRM ERM resources, just Google it, and there'll be several things that come up. But I would say that's the top thing for boards of trustees, just to introduce them to ERM. And one of the things that I do is I encourage that that paper be distributed annually to remind the board about the importance of ERM and why we do some of the things that we do.
There's also other items out on the ASHRM website. There is readiness assessment and there's a quick reference tool that includes the ASHRM framework and the domains. So those are out there and, of course, ASHRM's playbook on ERM, which is probably more than what you would want to share with your board in total, but you might be able to take a few things out of that playbook that would be helpful to the board. And I would think that would give them a really good foundation for participating in ERM discussions.
Bill Klaproth:Faye, this sounds similar to what someone would go through on an onboarding process. Is that fair to say?
Faye Sheppard:Oh, I think so. And boards, you have to work with them. Some board members function at different levels. So you have some board members who may have enterprise risk management experience in their day-to-day jobs. You know, they may have been in finance, that's a very common enterprise risk management environment. So they may work for a bank and they know enterprise risk management backward and forward. Then, you may have somebody else who has never even been exposed to it. So everybody needs to have a foundation so they can contribute appropriately and really make an impact to the organization.
Bill Klaproth:So Sheila, it sounds like the next step then would be to have the board members engage in the ERM process. How should they do that?
Sheila Hagg-Rickert: Well, I think engaging board members in the process would definitely be the next step. When you're starting an ERM program, it's really important to have support from the top, both so that they can understand the concept of enterprise risk management and utilize it as they go through the strategic planning process for the organization, but also so that they can provide the resources and supports that the risk manager or whatever other executives from the organization is responsible for leading ERM. They need to provide whatever resources that individual needs in order to make the program come alive and be organized correctly.
Bill Klaproth: Right. And then, Faye, what types of risks might a board encounter as they make strategic business decisions using ERM?
Faye Sheppard: Well, there's all kinds of things that boards need to be looking at. And, you know, one of the things that we do with enterprise risk management is look at a SWOT analysis. And I think it's very helpful for a board in the strategic planning process to actually do that. And boards need to look at threats to their organization, which might be mergers or acquisitions of competitors and other individuals in the healthcare arena in the area in which they're trying to do their business. And then we also need to look at opportunities perhaps to expand or to reach out or to do more as a healthcare organization. So there may be growth opportunities.
And sometimes we think about risk as being just negative things, but there can be risks that come from our failure to take advantage of opportunities and things that might be available to us. So being aware and knowing what we need to do from a business perspective is so important. So, doing that SWOT analysis, looking at our strengths, what can we do well, what are our weaknesses and perhaps trying to improve from that or staying in a different area or a different direction, because we're not as strong as we might like to be there. And then again, looking at those threats, trying to deal with those and then the opportunities, and that's all part of the SWOT analysis, and that would help us identify those risks that we need to address as a board and everybody should be on the same page with senior management, the board. And I would say just as well that the physician should be part of that total picture for the organization, from the board perspective.
Bill Klaproth: Yeah. Using a SWOT analysis, that seems to make sense. It sounds like you would encourage all boards participating in ERM to do that. Is that right?
Faye Sheppard: Absolutely. I think every strategic planning process should include a SWOT analysis, because we need to consciously look at those things that are contained in a SWOT analysis. What are our strengths? What are weaknesses? What opportunities we have? And what threats do we need to address? So all of that's very important and should be part of the strategic planning process. And as I said, the strategic planning process should include not only the board, but senior leadership, and I would suggest physicians as well. So everybody needs to be on the same page. We need to break down those silos and everybody needs to be working together to get the optimal benefits from enterprise risk management.
Bill Klaproth: Yeah. And then Sheila, so what can a board do then to promote a risk-aware culture as many organizations take their cues from the board? How can they do that? How can they promote that risk-aware culture?
Sheila Hagg-Rickert: Taking cues from the board, as you just mentioned, is probably key, because they lead by example. If the board uses an ERM strategy in their decision-making, that shows to the senior leadership team that ERM is important and that will filter down to the department managers and other decision makers in the organization. In a nutshell, what ERM really entails is when you start looking at your strategic objectives, your plans for the future, where the organization is going to be going, you do it with your eyes wide open. So rather than just talking about all the wonderful return on investment and service to the community and growth potential in the things that you want to pursue, you also look at what are the downsides, what are the things that we might have to deal with because we aren't that strong in a certain area, or maybe we don't have quite enough staff or our financial resources make this a little precarious for us. It's not that you don't go ahead and do things, because we obviously all have to go pursue new ventures and grow in order to stay in business. But when you do so, you do it with an assessment of risks as part of that analysis. So that when things happen that maybe you wouldn't want to happen, maybe unfortunate events or things just don't pan out quite like you expected or hoped, you're at least aware that that was a possibility and you have a contingency plan for that. And if you start operating as a board in that manner, other people in your organization see that as an expectation for how your organization works and it carries on into other areas of the organization.
Bill Klaproth: Sheila, in your career, you've seen and probably worked with a lot of boards. Do you think boards generally get that or understand that?
Sheila Hagg-Rickert: I think it depends. Most boards have at least one or two individuals who get it. Sometimes they come from different business perspectives. If you're fortunate enough to have someone particularly from the financial services industry, a banker or a stockbroker or someone else who's been in financial services in some way, they've been doing ERM for a long time, that's really where the concept really took flight and grew. So those folks are awesomely the prime movers in the organization, trying to get everybody else on board with ERM. And they can have a tremendous influence on your other board members who might not be quite so sophisticated in the ERM space, because when they start talking the talk and bringing that ERM perspective to the board's decision-making, the other people tend to get it. They might not understand the concepts at first. It sounds a little vague sometimes when people start trying to learn the new lingo that goes with ERM. But when they start seeing some of the board members putting it into practice, it becomes just part of how the board operates. That's really what you're going for.
Bill Klaproth: Yeah, I could see that would be the end result, that you're certainly striving to achieve. Well, this has been a great discussion. I want to thank you both. And one last question for each of you, same question to both. Faye, let me start with you. Is there anything else you want to add about this when we're talking about boards and ERM, any final thoughts?
Faye Sheppard: One thing I might suggest is that the board needs to consciously establish the risk appetite for the organization. How much risk do we really want to take? And that needs to be developed with senior leadership and then communicated to the whole organization. How much risk do we really want to take on? I would suggest we also want to look at our risk tolerance. How much risk can we accept in setting our goals and objectives and putting our strategic plan together? So a risk appetite and risk tolerance is also very important as we look at our strategic plan. And I will suggest also, as we do our budgeting each year, what are our risks priorities, and what kind of things do we need to keep in mind as we look at risks throughout our organization?
Bill Klaproth: Yeah. So, what is our risk appetite, what is our risk tolerance, and then we absolutely have to look at those things as well? And then Sheila, let me wrap up with you. Same thing. Anything else you want to add as we talk about the essential support of governance and culture in ERM?
Sheila Hagg-Rickert: Well, just coming off of Faye's answer to the question, I think the risk appetite and tolerance are so important. Because often when boards are making decisions about strategy or business objectives, they tend to look at things in silos. You look at one project, you look at the pros and cons. You may look at the risks of that project, then you go onto the next project. And they fail to take sort of a portfolio of risk because risk is really additive. You may take on risk in one area,but then you have to add that to the risk you're taking on in the secondary and the third area and the fourth area, and you can't look at everything like separate towers. And I think by establishing a risk appetite as a conscious effort, as a specific statement of risk appetite, you're able to kind of capture that cumulative feeling about risk. So you really look at risk holistically for the whole organization and all of your projects and endeavors, not just single item lines on your budget or on your strategic plan.
Bill Klaproth: So you're saying it's all interconnected then, woven together basically?
Sheila Hagg-Rickert: Very much so. I think that holistic view, portfolio view of risk as it's called, is a very key element of ERM for board members to consider.
Bill Klaproth: Absolutely. Well, Sheila and Faye, this has been a great discussion. Very interesting and informative. I want to thank you both for your time. Thank you so much.
Faye Sheppard: My pleasure.
Sheila Hagg-Rickert: Thank you.
Bill Klaproth: And once again, that's Sheila Hagg-Rickert and Faye Sheppard. And the next offerings for ASHRM's ERM Certificate Program will be July 13th and 14th at the ASHRM Express and September 9th and 10th at the ASHRM pre-conference program. To learn more, please visit ASHRM, that's A-S-H-R-M, ASHRM.org/education/ermcertificate.
The ASHRM Podcast was made possible by the American Society for Healthcare Risk Management to support efforts to advance safe and trusted healthcare through enterprise risk management. You can visit ASHRM.org/membership to learn more and to become an ASHRM member. And if you found this podcast helpful, please share it on your social channels and check out the full podcast library for topics of interest to you. I'm Bill Klaproth. Thanks for listening.
Bill Klaproth:Welcome to the ASHRM Podcast, made possible by the American Society for Healthcare Risk Management to support efforts to advance safe and trusted healthcare through enterprise risk management. You can visit ASHRM, that's A-S-H-R-M.org/membership to learn more and to become an ASHRM member. I'm Bill Klaproth.
In this podcast, we're going to talk about boards, how to educate a board on ERM, how they should engage in the ERM process and what can a board do to promote a risk aware culture, as we talk about the essential support of governance and culture in enterprise risk management.
With me is Sheila Hagg-Rickert. She has held positions as the senior corporate risk management executive for both for-profit and not-for-profit acute care and long-term care health systems as an academic medicine enterprise risk management executive, insurance broker, and risk management consultant; and Faye Sheppard, risk management and patient safety services for patient safety resources. She is also the vice chairman of the board of trustees for Cuero Regional Hospital. Sheila and Faye, thank you so much for your time. I appreciate it.
So let's jump into this. Faye. Let me start with you. What are some educational resources that can be utilized to educate the board on ERM?
Faye Sheppard:Well, ASHRM really has quite a few resources that can be utilized. There's a specific white paper that addresses ERM with boards. And in fact, it's called Implementing ERM for Boards and Trustees, Leveraging the Value. And that's brief paper that can actually be downloaded from the ASHRM website. And I always tell people, go to ASHRM ERM resources, just Google it, and there'll be several things that come up. But I would say that's the top thing for boards of trustees, just to introduce them to ERM. And one of the things that I do is I encourage that that paper be distributed annually to remind the board about the importance of ERM and why we do some of the things that we do.
There's also other items out on the ASHRM website. There is readiness assessment and there's a quick reference tool that includes the ASHRM framework and the domains. So those are out there and, of course, ASHRM's playbook on ERM, which is probably more than what you would want to share with your board in total, but you might be able to take a few things out of that playbook that would be helpful to the board. And I would think that would give them a really good foundation for participating in ERM discussions.
Bill Klaproth:Faye, this sounds similar to what someone would go through on an onboarding process. Is that fair to say?
Faye Sheppard:Oh, I think so. And boards, you have to work with them. Some board members function at different levels. So you have some board members who may have enterprise risk management experience in their day-to-day jobs. You know, they may have been in finance, that's a very common enterprise risk management environment. So they may work for a bank and they know enterprise risk management backward and forward. Then, you may have somebody else who has never even been exposed to it. So everybody needs to have a foundation so they can contribute appropriately and really make an impact to the organization.
Bill Klaproth:So Sheila, it sounds like the next step then would be to have the board members engage in the ERM process. How should they do that?
Sheila Hagg-Rickert: Well, I think engaging board members in the process would definitely be the next step. When you're starting an ERM program, it's really important to have support from the top, both so that they can understand the concept of enterprise risk management and utilize it as they go through the strategic planning process for the organization, but also so that they can provide the resources and supports that the risk manager or whatever other executives from the organization is responsible for leading ERM. They need to provide whatever resources that individual needs in order to make the program come alive and be organized correctly.
Bill Klaproth: Right. And then, Faye, what types of risks might a board encounter as they make strategic business decisions using ERM?
Faye Sheppard: Well, there's all kinds of things that boards need to be looking at. And, you know, one of the things that we do with enterprise risk management is look at a SWOT analysis. And I think it's very helpful for a board in the strategic planning process to actually do that. And boards need to look at threats to their organization, which might be mergers or acquisitions of competitors and other individuals in the healthcare arena in the area in which they're trying to do their business. And then we also need to look at opportunities perhaps to expand or to reach out or to do more as a healthcare organization. So there may be growth opportunities.
And sometimes we think about risk as being just negative things, but there can be risks that come from our failure to take advantage of opportunities and things that might be available to us. So being aware and knowing what we need to do from a business perspective is so important. So, doing that SWOT analysis, looking at our strengths, what can we do well, what are our weaknesses and perhaps trying to improve from that or staying in a different area or a different direction, because we're not as strong as we might like to be there. And then again, looking at those threats, trying to deal with those and then the opportunities, and that's all part of the SWOT analysis, and that would help us identify those risks that we need to address as a board and everybody should be on the same page with senior management, the board. And I would say just as well that the physician should be part of that total picture for the organization, from the board perspective.
Bill Klaproth: Yeah. Using a SWOT analysis, that seems to make sense. It sounds like you would encourage all boards participating in ERM to do that. Is that right?
Faye Sheppard: Absolutely. I think every strategic planning process should include a SWOT analysis, because we need to consciously look at those things that are contained in a SWOT analysis. What are our strengths? What are weaknesses? What opportunities we have? And what threats do we need to address? So all of that's very important and should be part of the strategic planning process. And as I said, the strategic planning process should include not only the board, but senior leadership, and I would suggest physicians as well. So everybody needs to be on the same page. We need to break down those silos and everybody needs to be working together to get the optimal benefits from enterprise risk management.
Bill Klaproth: Yeah. And then Sheila, so what can a board do then to promote a risk-aware culture as many organizations take their cues from the board? How can they do that? How can they promote that risk-aware culture?
Sheila Hagg-Rickert: Taking cues from the board, as you just mentioned, is probably key, because they lead by example. If the board uses an ERM strategy in their decision-making, that shows to the senior leadership team that ERM is important and that will filter down to the department managers and other decision makers in the organization. In a nutshell, what ERM really entails is when you start looking at your strategic objectives, your plans for the future, where the organization is going to be going, you do it with your eyes wide open. So rather than just talking about all the wonderful return on investment and service to the community and growth potential in the things that you want to pursue, you also look at what are the downsides, what are the things that we might have to deal with because we aren't that strong in a certain area, or maybe we don't have quite enough staff or our financial resources make this a little precarious for us. It's not that you don't go ahead and do things, because we obviously all have to go pursue new ventures and grow in order to stay in business. But when you do so, you do it with an assessment of risks as part of that analysis. So that when things happen that maybe you wouldn't want to happen, maybe unfortunate events or things just don't pan out quite like you expected or hoped, you're at least aware that that was a possibility and you have a contingency plan for that. And if you start operating as a board in that manner, other people in your organization see that as an expectation for how your organization works and it carries on into other areas of the organization.
Bill Klaproth: Sheila, in your career, you've seen and probably worked with a lot of boards. Do you think boards generally get that or understand that?
Sheila Hagg-Rickert: I think it depends. Most boards have at least one or two individuals who get it. Sometimes they come from different business perspectives. If you're fortunate enough to have someone particularly from the financial services industry, a banker or a stockbroker or someone else who's been in financial services in some way, they've been doing ERM for a long time, that's really where the concept really took flight and grew. So those folks are awesomely the prime movers in the organization, trying to get everybody else on board with ERM. And they can have a tremendous influence on your other board members who might not be quite so sophisticated in the ERM space, because when they start talking the talk and bringing that ERM perspective to the board's decision-making, the other people tend to get it. They might not understand the concepts at first. It sounds a little vague sometimes when people start trying to learn the new lingo that goes with ERM. But when they start seeing some of the board members putting it into practice, it becomes just part of how the board operates. That's really what you're going for.
Bill Klaproth: Yeah, I could see that would be the end result, that you're certainly striving to achieve. Well, this has been a great discussion. I want to thank you both. And one last question for each of you, same question to both. Faye, let me start with you. Is there anything else you want to add about this when we're talking about boards and ERM, any final thoughts?
Faye Sheppard: One thing I might suggest is that the board needs to consciously establish the risk appetite for the organization. How much risk do we really want to take? And that needs to be developed with senior leadership and then communicated to the whole organization. How much risk do we really want to take on? I would suggest we also want to look at our risk tolerance. How much risk can we accept in setting our goals and objectives and putting our strategic plan together? So a risk appetite and risk tolerance is also very important as we look at our strategic plan. And I will suggest also, as we do our budgeting each year, what are our risks priorities, and what kind of things do we need to keep in mind as we look at risks throughout our organization?
Bill Klaproth: Yeah. So, what is our risk appetite, what is our risk tolerance, and then we absolutely have to look at those things as well? And then Sheila, let me wrap up with you. Same thing. Anything else you want to add as we talk about the essential support of governance and culture in ERM?
Sheila Hagg-Rickert: Well, just coming off of Faye's answer to the question, I think the risk appetite and tolerance are so important. Because often when boards are making decisions about strategy or business objectives, they tend to look at things in silos. You look at one project, you look at the pros and cons. You may look at the risks of that project, then you go onto the next project. And they fail to take sort of a portfolio of risk because risk is really additive. You may take on risk in one area,but then you have to add that to the risk you're taking on in the secondary and the third area and the fourth area, and you can't look at everything like separate towers. And I think by establishing a risk appetite as a conscious effort, as a specific statement of risk appetite, you're able to kind of capture that cumulative feeling about risk. So you really look at risk holistically for the whole organization and all of your projects and endeavors, not just single item lines on your budget or on your strategic plan.
Bill Klaproth: So you're saying it's all interconnected then, woven together basically?
Sheila Hagg-Rickert: Very much so. I think that holistic view, portfolio view of risk as it's called, is a very key element of ERM for board members to consider.
Bill Klaproth: Absolutely. Well, Sheila and Faye, this has been a great discussion. Very interesting and informative. I want to thank you both for your time. Thank you so much.
Faye Sheppard: My pleasure.
Sheila Hagg-Rickert: Thank you.
Bill Klaproth: And once again, that's Sheila Hagg-Rickert and Faye Sheppard. And the next offerings for ASHRM's ERM Certificate Program will be July 13th and 14th at the ASHRM Express and September 9th and 10th at the ASHRM pre-conference program. To learn more, please visit ASHRM, that's A-S-H-R-M, ASHRM.org/education/ermcertificate.
The ASHRM Podcast was made possible by the American Society for Healthcare Risk Management to support efforts to advance safe and trusted healthcare through enterprise risk management. You can visit ASHRM.org/membership to learn more and to become an ASHRM member. And if you found this podcast helpful, please share it on your social channels and check out the full podcast library for topics of interest to you. I'm Bill Klaproth. Thanks for listening.