7 Steps to Integrated Risk Management

Lori Borovoy
Lori Borovoy, Senior Healthcare Risk Management Specialist

January 7, 2019

Step 1: Exploration & Decision

The terms integrated risk management (IRM) and enterprise risk management (ERM) are seen as synonymous. The first step is all about exploring your options and determining what type of IRM program best fits your organization.

There are a number of HIROC resources on IRM to help in this process. Examples include:

  • What is IRM (video)
  • IRM Program Overview
  • IRM Risk Note - Concepts and Misconceptions
  • IRM for Healthcare Organizations (guide)

Step 2: Risk Register Sign-On

Making the decision to move forward with HIROC’s IRM program means getting started with the Risk Register application. The Risk Register is complementary for subscribers and will help organize, compare, and keep track of risks.

To set subscribers up for success, HIROC has multiple tools and resources to support your IRM journey. Our staff can also demo the Risk Register program to subscribers interested in signing on, or to those who have recently signed on.

For more information, or to get started with the Risk Register application, contact riskapplications@hiroc.com.

Step 3: Ownership & Coordination

This step involves developing a fluid organizational process to promote an integrated risk management approach. Executive team engagement and accountability is important. This could mean asking a few questions, such as:

  • What is your overall vision for IRM and what does it mean to your organization?
  • What is the process for ownership and accountability of the program and of individual risks?
  • Will risk targets be used to help track progress in mitigating risks?
  • How knowledgeable are your senior leaders and board members about integrated risk management?

HIROC’s Integrated Risk Management Policy Template can help lead the discussion around policy, ownership, and strategic objectives.

21 Questions is a great resource to help educate your board on organizational risks.

Step 4: Risk Identification

This step is about developing a list of your high-level risks. We encourage you to keep it simple and start with 5-10 risks. Risk identification begins with a clear understanding of what your organization is trying to achieve – the key organizational objectives. Most healthcare organizational risks are already well known so leadership teams do not need to start from scratch. Rather, build a list of key risks using the wealth of information available from internal and external sources such as aggregated incident reports, claims, Risk Assessment Checklist results, accreditation reports and published literature.

Also consider different types of risks across your organization to help you create a concise summary of the most significant risks and mitigation strategies.

For example, consider risks that may pertain to the following:

  • Care
  • Human resources
  • Finance
  • Leadership
  • Information management and technology

HIROC’s Taxonomy of Healthcare Organizational Risks can help with this step.

Step 5: Risk Register Validation

In this step, we recommend discussing risks with the executive team to confirm that the Risk Register reflects, the most significant organizational risks, at that time.

Step 6: Sustainability & Review Process

This is your ongoing operations step. At this point it’s helpful to review your IRM program to ensure it is fluid. Consider reviewing risks quarterly, or aligning with board committee reporting cycles.

Also consider:

  • How often are you reviewing risks with the senior team?
  • How are risks prioritized?
  • How do you bring in new risks and retire those that should no longer be on the Risk Register?

Step 7: Risk Register IRM Ongoing Development & Knowledge Sharing

This step is about sharing the knowledge with your teams and looking at what other organizations are experiencing when it comes to IRM.

HIROC hosts IRM Risk Register Clinics for subscribers to share knowledge and advance their IRM program. Risk Profiles contain information gleaned in the Risk Register from HIROC subscribers with the aim of sharing leading practices and knowledge amongst healthcare organizations.

HIROC also produces an annual Top Healthcare Risks report which brings together data from over 100 organizations using the Risk Register application. The report offers subscribers a unique opportunity to benchmark their top risks against what others are experiencing.

For more information on HIROC’s IRM program, contact riskapplications@hiroc.com.

Lori Borovoy is Senior Healthcare Risk Management Specialist, HIROC