Table of Contents
Werribee Mercy Health risk management framework.
Risk ownership and governance.
Risk Management process.
Business planning and risk management
Risk Management Policy.
Risk Management Strategy.
Conclusions and recommendations.
The concept of risk management has been used in banking and insurance services since the early 1970’s. Risk management has been an accepted practice in industries in the western countries since the 1900s and in many healthcare facilities since the mid-1970s (Ahmed & Manab, 2016).
Every business and organization face the risk of unexpected, harmful events that can cost the company money or cause it to permanently close. Risk management allows organizations to attempt to prepare for the unexpected by minimizing risks and extra costs before they happen.
Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings (Ahmed & Manab, 2016). These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.
Risk management encompasses the identification, analysis, and response to risk factors that form part of the life of a business. Effective risk management means attempting to control, as much as possible, future outcomes by acting proactively rather than reactively (Callahan & Soileau, 2017). Therefore, effective risk management offers the potential to reduce both the possibility of a risk occurring and its potential impact.
Thus, to protect an organization from the potential risks, organizations employ and follow a pre-determined risk management framework. A risk management framework (RMF) is the structured process used to identify potential threats to an organisation and to define the strategy for eliminating or minimising the impact of these risks, as well as the mechanisms to effectively monitor and evaluate this strategy. Risk management frameworks are tailored to do more than just point out existing risks (Shad et.al., 2019). The Risk Management Framework (RMF) is a set of criteria that help to monitor and prevent risk. A good risk management structure should also calculate the uncertainties and predict their influence on a business. Consequently, the result is a choice between accepting risks or rejecting them. Acceptance or rejection of risks is dependent on the tolerance levels that a business has already defined for itself.
Risk management process helps in planning, organization, cost control, and budgeting. Having an effective risk management in place, the business will not usually experience many surprises, because the focus is on proactive risk management (Callahan & Soileau, 2017). Response to risks usually takes one of the following forms:
When creating contingencies, a business needs to engage in a problem-solving approach. The result is a well-detailed plan that can be executed as soon as the need arises. Such a plan will enable a business organization to handle barriers or blockage to its success, because it can deal with risks as soon as they arise.
By implementing a risk management plan and considering the various potential risks or events before they occur, an organization can save money and protect their future. This is because a robust risk management plan will help a company establish procedures to avoid potential threats, minimize their impact should they occur and cope with the results. This ability to understand and control risk enables organizations to be more confident in their business decisions. Furthermore, strong corporate governance principles that focus specifically on risk management can help a company reach their goals.
Other important benefits of risk management include (Callahan & Soileau, 2017):
Werribee Mercy Health provides a diverse range of services in the south western region of Melbourne. The hospital provides emergency, surgical, medical sub-acute, mental health, palliative, maternity and newborn care, as well as renal dialysis (Mercy Health, 2020). Werribee Mercy is required to plan for and manage growth and change, deliver on its objectives within the context of significant population, climate and urban change as well as increased legislative and regulatory compliance obligations and financial accountability. It is essential on Mercy Health to understand the internal and external risks that may impact the delivery of its organisational goals and have processes in place to identify, mitigate, manage and monitor those risks to ensure the best outcome for staff and consumers; protecting assets; building upon their reputation; and ensuring financial responsibility (Mercy Health, 2020).
Effective risk management is key to the successful achievement of organisational objectives. Apart from delivering on strategic and business objectives, good risk management can prove to be helpful by:
As such the Mercy Health Board and Senior Leadership is committed to maintaining effective risk management practices, and to reinforcing behaviours of a positive risk culture. In delivering this commitment, it is necessary that a proactive and consistent approach to managing risk be adopted by management, staff, service providers and volunteers in all areas of the Mercy Health operation.
As such the Werribee Mercy Health and its management constantly tries and is committed to maintaining effective risk management practices, and to establish positive risk culture behaviours. In fulfilling this objective, it is necessary that a proactive and consistent approach is designed and employed in order to manage risk and be adopted by management, employees, service providers and volunteers in all areas of the Mercy Health facility and operation (Mercy Health, 2020).
The Mercy Health Risk Management Framework (RMF) articulates the key components to the organisational risk management approach. This includes the design, implementation, review and the continual improvement of Organisational Risk Management practices. The purpose of the RMF is to inform all staff of the structure and approach designed to achieve effective and consistent Risk Management practices across all operations. It is the responsibility of all the management, directors, all staff employees, service providers, and the volunteers Mercy health to comply and follow the risk management framework (Mercy Health, 2020).
An effective risk management framework considers the elements of risk governance, the process of risk management, and the resources (Choi, Ye, Lu & Luo, 2016). Through this report an analysis of the of Mercy Health’s risk governance is undertaken considering the following aspects of risk management system:
For the purpose of this review the Australian/New Zealand Standard ISO3100:2018 Risk Management and Principle Guideline will be used. This standard has been used to analyse Mercy Health’s Risk Management because ISO 31000:2018 provides guidelines on managing risk faced by any organizations. The application of these guidelines can be according to any organization.
ISO 31000:2018 is an appropriate guideline which can be used here as it provides a common approach to managing any type of risk and is not industry or sector specific (AS/NZS ISO 31000:2018 Risk Management Standard). ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels (AS/NZS ISO 31000:2018 Risk Management Standard). The AS/NZS ISO 31000 is a generic guideline only, and not intended to promote uniformity of risk management across all organisations.
The basic methodology of this review involves aligning the current Mercy Health Risk Governance Structure and the AS/NZS Standard ISO31000:2018 Risk Management and Principles Guideline.
Risk governance refers to the culture and arrangements developed by an organisation to manage the uncertainties to achieving its objectives. It includes the leadership, accountabilities and oversight that builds and improves the risk management approach (Choi, Ye, Lu & Luo, 2016). One of the essential components of good governance includes alignment the risk management framework with an organizations corporate planning and objective.
For this purpose, many organizations adopt a three lines defence model. Three lines-of-defence is most effective when there is active support and guidance from the governing body and senior management. Each of these three lines has a distinct role in a risk management governance and its implementation. The governing body, committees and senior managers are considered the primary stakeholders. This means they are in a position to ensure that the three lines of defence are reflected, enacted and reviewed as part of the organizations risk management control processes.
Accordingly, primary responsibility for managing risk at Mercy Health lies with the Mercy Health Board, senior management and all employees including contractors and volunteers. Mercy Health has also adopted a “three line of defence” model with respect to identifying, assessing and controlling risk (Mercy Health, 2020). The model provides for a cascading level of monitoring and assurance as risks are reviewed and assessed by each of the three key functions which can be explained as follows:
Risk owners can be described as individuals accountable for managing and coordinating all aspects of a risk, ensuring that relevant information is available and assessed, and that appropriate individuals are aware of the risk, and involved in the decision-making.
The risk management process at Mercy health consist of the following seven steps:
Mercy Health uses an objective-based model to identify risk owners. The model explicitly reflects the business planning process (Mercy Health, 2020). A risk owner is appointed according to the relevant strategic or operational business objective impacted; i.e. the Executive Director, Program / National Director, or Manager who is accountable for achieving the objective. At a local level, risks are managed in day to day operations, with direct line managers providing governance and oversight.
Business planning refers to the annual planning an agency undertakes at all levels to determine its objectives and develop supporting plans. Risk management must be aligned with corporate and business planning processes as a mandatory requirement. Incorporating risk management provides value to decision makers as it will:
Failure of including risk management in business planning explains that decisions made have not considered what is uncertain and the possible resulting effects, implications and dependencies.
A risk management policy outlines the intent of the agency with respect to risk management and describes the governance arrangements and expectations. It provides guidance and is fundamental to establishing a positive risk culture in an agency by clarifying expectations regarding the attitude, awareness and accountabilities related to risk management (Shad et.al., 2019).
A risk management strategy describes an agency’s future vision, direction and objectives for risk management. It incorporates key activities designed to achieve these objectives and the plan to build risk management capability and maturity. The risk management strategy ensures the agency’s governing body and management have a common and clear view of the purpose of risk management, the activities to be pursued to enhance the framework and the capability building requirements to achieve this. An effective risk management strategy ensures the risk management framework is suitable to the context of the organization. It enables an and helps the organizations to achieve the following goals:
Risk culture refers to the behaviours and environment that influence a person’s thinking and managing risk. Risk culture is a component of the overall culture of an agency. An effective risk management framework must support the development of a positive risk culture within the agency (Oliva, 2016). A positive risk culture is one where all staff see risk management as a core responsibility, actively engage in risk discussions and make appropriate risk-based decisions.
The governing body and the executive are responsible for developing a positive culture. It is a strong leadership who reinforce a consistent set of expected behaviours and model appropriate accountability, risk awareness and attitudes. They play a key role in influencing and articulating the desired risk culture. Developing a positive risk culture is essential to developing risk maturity and building capability, and is essential to:
The Mercy Health Board and senior management or leadership are clear intend to promote an integrated Risk Management approach and a culture that aims to be risk aware rather than risk averse. A key activity to achieve this is the frequent review and use of the organisational Risk Profiles, which accounts for both current risks and those that are emerging. This multidirectional focus of risk i.e. learning from the past, understanding our current landscape and focussing on the future will helps build organisational resilience and agility. The continuous evaluation and improvement of the organisational risk culture forms part of annual risk management continuous improvement plan.
Risk appetite refers to the type and amount of risk that an agency is prepared to accept or avoid. It encourages the consideration of risk in strategic and tactical decisions by asking: “Is this course of action compatible with our risk appetite?” In the case of Government an agency’s risk appetite statement is the shared view of the Responsible Body and executive management on the nature and amount of risk it will retain or accept to achieve its strategic objectives (Oliva, 2016). The risk appetite statement influences and guides decision making, clarifies strategic intent and ensures choices align with the capacities and capabilities of the agency. Defining risk strategy assists in understanding:
Due to globalization the business dynamics and market environment are changing rapidly. With the increasing volatility or uncertainty in the market, the organizations are at continuous risk and this risk is evitable. Thus, it is essential for organizations to have structures and framework in place to protect itself and its stakeholders for the potential risk. Risk management has become an integral part of all the organizations operating across the globe. Risk management is the systematic process of identifying, evaluating, and addressing potential and actual risk. In simpler terms, risk management can be explained as the process to protect the assets and minimize financial loss to the organization. It is the process of taking action to reduce the frequency and severity of unexpected incidents, reduce the impact of legal claims, and promote high reliability performance, system design. Management of risk is essentially the proactive function of any organization. Risk management should be an important objective that should be communicated to all the employees of the organization and these employees should participate proactively in managing risk. It is important for the organizations to align their corporate objectives with risk management strategy. It is recommended that each employee and volunteer should be charged with risk management.
Mercy Health does not currently have a formalised Risk Appetite statement (Mercy Health, 2020). However, the business monitors a set of key performance indicators that are frequently reported through the governance committee structure. e.g. Quality and Safety Indicators; Work Health and Safety indicators; Complaints Management targets; Mandatory Competencies etc.
The following recommendations can help Mercy Health to have a more efficient risk management strategy. To develop a risk management policy an agency should consider how it will:
To develop a positive risk culture an agency should:
Risks management is an important process because it empowers a business with the necessary tools so that it can adequately identify and deal with potential risks. Once a risk’s been identified, it is then easy to mitigate it. In addition, risk management provides a business with a basis upon which it can undertake sound decision-making. For a business, assessment and management of risks is the best way to prepare for eventualities that may come in the way of progress and growth. When a business evaluates its plan for handling potential threats and then develops structures to address them, it improves its odds of becoming a successful entity.
Ahmed, I. & Manab, A.N. (2016). Influence of enterprise risk management framework implementation and board equity ownership on firm performance in Nigerian financial sector: An initial finding. Journal of Business and Management, 18(1), 61-68.
AS/NZS ISO 31000:2018 Risk Management Standard (n.d). Retrieved from: https://www.iso.org/standard/65694.html
Callahan, C. & Soileau, J. (2017). Does Enterprise risk management enhance operating performance? Advances in Accounting Journal, 37, 122-139.
Choi, Y., Ye, X., Lu, Z. & Luo, C.A. (2016). Optimizing enterprise risk management: a literature review and critical analysis of the work of Wu and Olson. Annals of operation research journal, 237., 281-300.
Mercy Health (2020). Mercy Health risk management framework. Retrieved from: https://www.mercyhealth.com.au/wp-content/uploads/sites/
Oliva, F.L. (2016). A maturity model for enterprise risk management. International Journal of Production Economics, 173, 66-79.
Integrating sustainability reporting into enterprise risk management and its relationship with business performance: A conceptual framework. Journal of Cleaner Production, 208, 415-425.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Management Assignment Help
Proofreading and Editing$9.00Per Page
Consultation with Expert$35.00Per Hour
Live Session 1-on-1$40.00Per 30 min.
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....