The document discusses enterprise risk management (ERM) in healthcare organizations. It begins by explaining how ERM has evolved from a traditional reactive approach focused on patient safety to a comprehensive proactive framework. ERM takes a holistic view of risk across the entire organization, including clinical, operational, financial, strategic, and other risk domains. It aims to maximize both value protection and creation by managing risk and uncertainty in an integrated manner. The document then examines the key steps in implementing an ERM program, such as risk identification, analysis, evaluation, and continuous monitoring. It emphasizes that managing risk requires a cooperative effort across the entire organization.

1. Enterprise Risk Management in HealthcareOrganisations
“Going Beyond PatientSafety”
Hossam Elamir
MSc.HCM, TQMD, MBBCh, CPHQ, CPHRM

3.  “A ship in harbor is safe,
but that is not what ships are
built for”
John Augustus Shedd (1859 – 1928)

4.  "any uncertainty that, if it occurs, could have a positive or
negative effect on achievement of one or more
organizational aims and objectives and is assessed through
the combination of magnitude of potential injury (impact)
and the probability (likelihood) that the uncertainty will
occur".
Hillson, D. (2005). When is a risk not a risk? International Project Management Association.
Central Board of Accreditation for Healthcare Institutions. (2011). Hospital Standards (2nd ed.).
Jeddah, Saudi Arabia: CBAHI Accreditation Dept.

5.  “Any uncertainty which can affect achievement of
objectives either positively or negatively”
 Key point: Link risks to organisational objectives…
Objectives Uncertainty
versus
What must happen What might happen
Hillson, D. (2005).When is a risk not a risk? International Project Management Association.

7. “The only alternative to risk
management is crisis management
JAMES LAM
Enterprise Risk Management: From Incentives to Controls, 2003
--- and crisis management is much
more expensive, time consuming
and embarrassing”

8. Delivering safe care of high quality is the
professional, legal and ethical duty of all healthcare
professionals

9.  Accreditation Requirement: Organizations must have a
documented risk management plan

10.  “The whole process of initiation, risk identification,
evaluation, response development, implementation,
continuous monitoring & review to reduce the risk of
injury to patients, staff and visitors and the risk of loss to
the organization itself".
Feeney, L. & Murphy D. (2013), CBAHI guide to risk management. Jeddah, Saudi Arabia: CBAHI
Accreditation Dept.
Its is an anticipatory (proactive) process

11.  TheTraditional Risk Management (TRM) was established
in the early 70s focusing on the acute care settings, these
programs stayed reactive and generated in response to
incidents that were ultimately patient safety-centred.
 The process was fragemented into silos of resposiblities
and accountabilities with no overlap or relationship
between different business units.

12. ERM in healthcare promotes a
Comprehensive framework for making
risk management decisions which maximize
value protection and creation by managing risk and
uncertainty and their connections to total value.
ASHRM ERM Pearl, p.7

13. Managing UncertaintyValue CreationValue
Protection
Comprehensive
Framework
•Reduce risks
•Eliminate loss
•Promote standardization
•Use evidence-based
practice
•Decrease variability
•View the impact of risk
holistically not in silos
(eliminate silo mentality)
•Understand chaos theory
•Eliminate/minimize lost
opportunities
•Captures the positive or
upside
•Increased market
share
•Competitive edge
•Financial strength
•Improved ROI
•Increased margins
•Enhanced
reputation
•Improved
satisfaction scores
•Quality outcomes
•Credible
•Respected
•Reduce
uncertainty
•Reduce
variability
•Duplication
•Separation
•Shield assets
•Efficient use
of resources
•Quality
outcomes
•Safe
practices
•Organizationwide
•Holistic
•Broad perspective
•Synergistic effect
•Comprehensive
•Strategic
•Thorough
•Robust
•Structured

14.  ERM: A framework of activities that helps an organization
identify and manage risk holistically by considering all forms of
risk across the organization.
 An integrated approach to risk management that connects silos
so that the organization understands all risks facing the
organization and enables the organization to be more strategic
 Process that supports concept that risks do not exist or behave
in “isolation” but can be identified, grouped and catalogued in
risk domains
v. 1 pp. 7-8; ASHRM ERM Pearl, pp. 7-8

15. ContrastingTraditional RM with Enterprise RM
ERMTRM
ProactiveFocusReactive
Value creationOutcomeAsset preservation
Organizational-wideBreadth/ DepthDepartmental/silos
Risk preventionActivitiesRisk mitigation
Clinician/staffEngagementBoard/C-Suite

16. Source: J. Conway, F. Federico, K. Stewart and M. Campbell, Respectful Management of Serious
Clinical Adverse Events, Institute for Healthcare Improvement (IHI), IHI Innovation Series White
Paper, Cambridge, MA, 2010, citing N. Augustine, “Managing the CrisisYouTried to Prevent,”
Harvard Business Review, Vol. 73, No. 6, 1995, pp. 147-158.

17.  Medicine used to be simple,
ineffective & relatively safe…
now it is complex, effective &
potentially dangerous!
Chantler, C. (1999),The role and education of doctors in
the delivery of healthcare, Lancet, 53(9159), 1178–1181.
 Medicine used to be simple,
ineffective & relatively safe…
Chantler, C. (1999),The role and education of doctors in
the delivery of healthcare, Lancet, 53(9159), 1178–1181.

18.  Change in patient demographics
 Enhanced expectations by variety of stakeholders
 Increased use of internet
 Movement towards a paperless environment
 Changing line of authority
 Market share competition
 Variability in clinical care
 Changing reimbursement methodologies
Enterprise Risk Management For Health Care Entities, 3rd Edition, PP 23

19. Operational
Patient
Safety
Holistic Approach Value Protection andValue
Creation

20. Clinical
Operational
Patient
Safety
Holistic Approach Value Protection andValue
Creation

21. Strategic
Clinical
Operational
Patient
Safety
Holistic Approach Value Protection andValue
Creation

22. Financial
Strategic
Clinical
Operational
Patient
Safety
Holistic Approach Value Protection andValue
Creation

23. Financial
Human
Capital
Strategic
Clinical
Operational
Patient
Safety
Holistic Approach Value Protection andValue
Creation

24. Financial
Human
Capital
Strategic
Clinical
Operational
Legal/
Regulatory
Patient
Safety
Holistic Approach Value Protection andValue
Creation

25. Financial
Human
Capital
Strategic
Clinical
Operational
Legal/
Regulatory
Technology
Patient
Safety
Holistic Approach Value Protection andValue
Creation

26. Financial
Human
Capital
Strategic
Clinical
Operational
Legal/
Regulatory
Technology
Hazard
Patient
Safety
Holistic Approach Value Protection andValue
Creation

29. v. 1 pp. 108, 223, ASHRM ERM Pearl, pp. 19-27
Identifying and analyzing loss exposures
Identification Analysis
Types of
exposures
Mothods
of
identifying
exposures
Organizational
objectives
Significance

30. v. 1 pp. 108, 223, ASHRM ERM Pearl, pp. 19-27
Examining feasibility of alternative techniques
Risk control to
stop losses
Risk financing to
pay for losses
Retention Transfer

31. v. 1 pp. 108, 223, ASHRM ERM Pearl, pp. 19-27
Selecting apparently best techniques
Choosing selection
criteria
Decision rules
applying criteria

32. v. 1 pp. 108, 223, ASHRM ERM Pearl, pp. 19-27
Implementing the selected risk techniques

33. v. 1 pp. 108, 223, ASHRM ERM Pearl, pp. 19-27
Monitoring & improving the RM program
Purposes Control program

34. v. 1 p. 223
The Risk
Management
Process
Identification and
Analysis of
Exposures
Treatment of
Exposures
Risk Control Risk Financing
Retention Transfer

35. Risk Ranking Overview
 Provide an initial means of prioritizing assessed risks
based upon assessments of Impact and Likelihood.
▪ Risks were assessed assuming the effectiveness of
existing risk management activities.
 Used to identify a risk’s position on a Risk Map.
Risk Ranking Calculation Steps
 Multiply the Impact assessment and the Likelihood
assessment for each risk.
 Reference the product against a range of values.
 Assign one of four risk rankings (very high, high,
medium or low) based upon referenced range.
RangeRank
Greater than 17.0Very high
Greater than 10.0, but less than 17.0High
Greater than 5, but less than 10.0Medium
Less than 5.0Low
Risk Ranking Matrix
Critical
Impact
InsignificantModerate
Potential LikelyUnlikely
Likelihood
RiskRanking

36. Risk
=
Likelihood of risk occurring
(Frequency)
x
Impact of risk occurring
(Severity, Consequences)

37. Likelihood x Impact = Risk Score
(a value 1 to 5)(a value 1 to 5)
1 x 1 = 1 (lowest possible score)
5 x 5 = 25 (highest possible score)
(Likelihood + Velocity) x Impact = Risk Score
(a value 1 to 5) (a value 1 to 3) (a value 1 to 5)
(1 + 1) x 1 = 2 (lowest possible score)
(5 + 3) x 5 = 40 (highest possible score)

38. Threats
(negative)
Opportunities
(positive)
Proactive control
Prevent
Reduce
Accept
Contingency
Transfer
Share
Exploit
Enhance
Reject

39. Risk ID Description of Risk
Risk Assessment
Risk
Rating
(I x L)Impact (I)
Likelihood
(L)

43. Provide the right level of detail to facilitate
understanding and risk based decision making,
without oversimplifying.
The right level of details depends on your goal.

44. 1979
1988
90’s
00’s

45. Fault tree Event tree

46. Fault tree Event tree

48. Oil & Gas
Aviation
Energy
Chemical
Mining
Medical
Financial
Government
Construction
Cyber risk

51. Barrier Name
Apply wristband upon admission to the ward
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong patient // (Br.) Apply wristband upon admission to the ward Apply wristband upon admission to the
ward
At admission on the ward: Check the patient's identity by nurse together with patient through open questions
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong patient // (Br.) At admission on the ward: Check the patient's identity by nurse
together with patient through open questions
At admission on the ward: Check the
patient's identity by nurse together with
patient through open questions
At preoperative screening: Check the anethesia tecnique by anesthesiologist together with patient in accordance with the planned procedure
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong anethesia technique // (Br.) At preoperative screening: Check the anethesia
tecnique by anesthesiologist together with patient in accordance with the planned procedure
At preoperative screening: Check the
anethesia tecnique by anesthesiologist
together with patient in accordance with
the planned procedure
At preoperative screening: Check the diagnosis and procedure by anesthesiologist together with patient twith electronic medical record
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong procedure // (Br.) At preoperative screening: Check the diagnosis and procedure by
anesthesiologist together with patient twith electronic medical record
At preoperative screening: Check the
diagnosis and procedure by
anesthesiologist together with patient
twith electronic medical record
At preoperative screening: Check the operating site and side by anesthesiologist together with patient twith electronic medical record
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong site /side // (Br.) At preoperative screening: Check the operating site and side by
anesthesiologist together with patient twith electronic medical record
At preoperative screening: Check the
operating site and side by
anesthesiologist together with patient
twith electronic medical record
At preoperative screening: Check the patient's identity by anesthesiologist together with patient through open questions
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong patient // (Br.) At preoperative screening: Check the patient's identity by
anesthesiologist together with patient through open questions
At preoperative screening: Check the
patient's identity by anesthesiologist
together with patient through open
questions
At surgery preparation room, check perioperative marking and completeness elecronic medical record by nurse and staff member with awake patient
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong procedure // (Br.) At surgery preparation room, check perioperative marking and
completeness elecronic medical record by nurse and staff member with awake patient
At surgery preparation room, check
perioperative marking and
completeness elecronic medical record
by nurse and staff member with awake
patient
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong site /side // (Br.) At surgery preparation room, check perioperative marking and
completeness elecronic medical record by nurse and staff member with awake patient
At surgery preparation room, check
perioperative marking and
completeness elecronic medical record
by nurse and staff member with awake
patient
At surgery preparation room, check the patient's identity by anesthesiologist and staff member with awake patient through open questions
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong patient // (Br.) At surgery preparation room, check the patient's identity by
anesthesiologist and staff member with awake patient through open questions
At surgery preparation room, check the
patient's identity by anesthesiologist
and staff member with awake patient
through open questions
At surgery preparation room, check the patient's identity by nurse and staff member with awake patient through open questions
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong patient // (Br.) At surgery preparation room, check the patient's identity by nurse and
staff member with awake patient through open questions
At surgery preparation room, check the
patient's identity by nurse and staff
member with awake patient through
open questions
At the start of the surgey the surgeon, anaesthesiologist, operating assistant and nurse anesthetist and awake patient - check on the basis of the electronic medical
record / - whether it is the: right patient; right site and side; appropriate intervention; adequate supplies
(Haz.) Operating a patient / Applying incorrect procedure // (Tht.) Wrong anethesia technique // (Br.) At the start of the surgey the surgeon, anaesthesiologist,
operating assistant and nurse anesthetist and awake patient - check on the basis of the electronic medical record / - whether it is the: right patient; right site and
side; appropriate intervention; adequate supplies
At the start of the surgey the surgeon,
anaesthesiologist, operating assistant
and nurse anesthetist and awake patient
- check on the basis of the electronic
medical record / - whether it is the: right
patient; right site and side; appropriate
intervention; adequate supplies

52. !
2
Do you have enough barriers to be (enough) in control?

53. 3
! ! !
What if the Engineering Manager is fatigued? Or when you have a power blackout?

55. The barrier functioned as planned and stopped the next event in
the incident scenario.
e.g.: High level trip operated correctly stopped the overfill
The barrier stopped the incident sequence, but there is uncertain if
it will do so in the future.
e.g.: High level trip stopped the overfill but there is evidence that it
is left in defeated state at times
The barrier functioned as intended by its design, but was unable to
stop the sequence of events.
e.g. High level trip operated but inflow was via another route
that could not be shutoff, i.e. no trip valve
The barrier was implemented, but did not function according to its
intended design.
e.g. High level trip did not operate as its was broken/defeated etc.
The barrier was described in the organization’s SMS or was
considered an industry standard, but it was not successfully
implemented.
e.g. High level trip is required, but was not installed.

57. The success of the risk management
program depends on the cooperation of all
employees.

58. Dr. Hossam Elamir
dr_hossam_elamir@hotmail.com
67767083