HealthManagement, Volume 17 - Issue 4, 2017

Helping healthcare face up to enterprise risk management

share Share

The Institute of Risk Management is bringing together best international and cross-sector risk management practices to help improve healthcare efficiency and enhance patient outcomes.


The Institute of Risk Management (IRM) has formed a new Health and Care Special Interest Group to help the healthcare sector deal more effectively with risk and opportunities. The Institute is doing this through professional qualifications, specialised training, publications and symposiums. Chaired by Patrick Keady, a risk veteran who has worked in healthcare risk management for 26 years in director and risk consultant roles, the group has held two specialist risk management events for members since its launch. The next event focuses on NHS Board Assurance Frameworks and a series of other sessions are planned in 2018. These events are available free-ofcharge to all professionals working in the healthcare and care sectors. Distilling best risk practices from other sectors, the group is already making an impact on healthcare. spoke to Keady about the critical issues facing risk management in healthcare and how the IR M Health and Care Special Interest Group is helping healthcare tackle these.


What led the IRM to set up a sector interest group in health and care?


We are all going to die at some point. In the meantime, what we are all looking for, is increased quality of life, increased life expectancy, improved healthcare outcomes and healthcare that offers good value for money too.


Life expectancy in the UK stands at 81.4 years and OE CD figures show that UK healthcare (public and private) costs $3,971 per person per annum. Publically- funded healthcare in the UK consumes about 19% of all the taxes collected. In total, 15% of the population opts for private healthcare and this costs about £25bn extra annually. UK life expectancy is 2.6 years higher than in the US and at the same time, UK healthcare costs only 43% per person compared to costs in the US. However, there is more to do. UK life-expectancy is considerably worse than in Japan, where life-expectancy is 2.3 years more and healthcare costs just 5% more per person. Life in the UK is good. But it could be much better.


The UK’s Office of National Statistics suggests that 23% of all deaths in the UK are avoidable. In other words, of the 501,000 people that will die this year, 116,000 do not necessarily need to die. 35% of them will die from cancers and non-cancerous tumour tissue growths. The answer to preventing most of the 116,000 deaths rests with the Social Determinants of Health - other than healthcare – determinants such as early childhood development, income, education, job security, working conditions, housing, social inclusion and so on.


The IRM has been around for 30 years, and it was the first to run a professional diploma in enterprise risk management – mostly for the finance and insurance sectors. Graduates progress to become Certified Members (CMIRM) and Certified Fellows (CFIRM)

of the Institute of Risk Management.


With, a workforce of about 1.3 million, the NHS employs less than a dozen are CMIR Ms and CFIR Ms. This is one of the reasons why the IR M is now focusing on healthcare so that the sector can start to reap the rewards from enhanced enterprise risk management, including better patient outcomes and a better reputation for healthcare organisations too.


You might also like: Healthcare's Risk Management Challenges



What are you hoping to achieve with this group for the health and care sectors?


Our aim is to help health and care providers around the world deliver better care. The UK National Health Service (NHS) issues too much guidance and the NHS is often in the headlines for the wrong reasons. Staffing vacancies continue to grow, NHS doctors are migrating to Australia, temporary staff are being reduced and there seems to be no plan to replace the 65,000 EU-National staff who might be leaving the UK after Brexit kicks-in in March 2019. If the NHS is to continue losing staff, how is it going to deliver good healthcare with fewer personnel?


The NHS does not have a clear agreed vision. Instead, successive governments temporarily fill the gap with their own visions, and with mixed results. While there is no clear agreed vision, there are seven principles. Five of these are absolute, such as making a comprehensive service available to all, patients being at the heart of the NHS , working across organisational boundaries, the NHS being accountable to the public and patients, and access based on clinical need. However, the remaining two principles are not absolute – that the NHS aspires to best standards and it is committed to best value. As things stand, these two principles are seen as nice-to-do, rather than absolute requirements. This leaves most NHS Trusts in a quandary - they do not have clear agreed visions either. There are some success stories of course. For instance, ten years ago, Salford Royal Hospital NHS Foundation Trust had one of the worst poor patient safety records in England. From this low starting point, they adopted a new bold vision - to be the safest Trust in the NHS . They have achieved and sustained their bold vision in the intervening years. Not every NHS Trust can be the safest in England and this is why NHS Trusts need to review their strengths and weaknesses before adopting a vision that suits the populations they serve and the people they employ.


Vision is very important for staff. It is essential to give workers a concrete picture of why they should get out of bed everyday and what they are aiming to achieve at work. Many NHS Trusts have done a mediocre job on vision and this is where enterprise risk management can help.


Risk management is about preventing downside risks and maximising opportunities. For the other risks, it is about managing them effectively. The aim of the IRM Health and Care Special Interest Group is to help healthcare providers around the world deliver better care.


For example, referring to the Wannacry ransomware that hit organisations around the world in May this year, 34 NHS trusts were affected. I looked at the Strategic Risk Registers from all 34 trusts. These documents should have included information on top strategic (downside) risks, opportunities and mitigations. It turned out that only one of the 34 NHS Trusts affected by the Wannacry ransomware had identified cyber risk as a threat. There are lots of questions to be asked. Therefore the IR M has launched a review of the NHS Board Assurance Frameworks taking into account best practice in other sectors and how this can help healthcare. We have found that current guidance could do much better. We will be publishing our review later in 2017.


In which areas do you think health and care need to implement key risk management strategies?


We have picked up on different ways healthcare deals with risk. Prevention is the best way to deal with risk. The second option might sound counter-intuitive in the health and care contexts. That is not having to rely on people to do the right thing. Other controls include introducing policies and training, detecting the risk as it materialises and, finally, dealing with predictable risks. Detecting risk and dealing with predictable risks are still the two most common approaches to managing risk in healthcare. I want to see this change.


Most healthcare organisations are reactive rather than proactive. In order to mitigate risk, the CEO and executive team need to have a grip on what the risks and opportunities are, specialists need to be up to date with patient safety, compliance and legal matters, the boardroom needs to be satisfied that there are robust processes in place to deliver timely reliable information on current residual risk. Internal audit can then be helpful in giving assurances on the reliability of risk management processes.


What sorts of interest have you been attracting and from what types of organisations? What are the main concerns?


We have had a lot of interest from the UK and Ireland, Africa, Europe, India and Australia.


While patient safety is having an impact on healthcare, we are hearing about silos and the challenges of sharing what is happening in one silo with other workers, specialties and organisations.


Cyber security is a big area to focus on and the Institute has developed a training programme aimed at managing cybersecurity risks as well as budget management. Financial cuts can be necessary but they really do need to be intelligent too. This is not always the case. Information is key to making good decisions and, right now that information is not always available to the key decision-makers.


Increased spending is one of the often repeated mantra’s for dealing with risk in healthcare but in my view, throwing more money at risks is not always the answer. Instead, h ealthcare n eeds to h ave a clear vision about how it will help to prevent, minimise and treat ill-health. It then needs to coach its workers to deliver the vision.


I am very excited about the impact the IRM Health and Care special interest group can have on vision and enterprise risk management in healthcare.


Key Points


  • Life Expectancy in the UK stands at 81.4 years. This is 2.5 years more than in the United States and 2.3 years less than in Japan.
  • Public and private healthcare costs $3,971 per person per annum in the UK. This is 57% cheaper than in the US and 5% less than in Japan
  • With a workforce of about 1.3 million, the NHS employs less than a dozen Certified Risk Professionals.
  • Therefore The Institute of Risk Management is actively looking to help healthcare insurers and providers deliver better services. The Institute's health and care special interest group events are available free-of-charge to all professionals working in the healthcare and care sectors.      

Related Articles

Major hospital project aims to rejuvenate state’s health service   A leading Australian health architecture firm has... Read more

Shaping the minds of organisations   Professor Werner Leodolter speaks to about managing the technology-induced... Read more

A r o u n d - u p o f o u r m o st c o ll a bo r a t i v e , i m p r... Read more

Related IssueArticles

Outlines the frequency of adverse effects, prevention and management, and focuses on acute reactions which may occur after... Read more

For better team cooperation and project success, ‘collaborative thinking’ could be the way to go.   Two heads are... Read more

A reminder about who is at the centre of the complex healthcare hierarchy and industry – the patient.   In May I... Read more

Institute, risk, management, IRM, healthcare The Institute of Risk Management on why healthcare needs to put risk top of the agenda.

No comment

Please login to leave a comment...

Highlighted Products