Strategic Risk Framework Reporting A Case Study: Ballarat Health - - PowerPoint PPT Presentation

Strategic Risk Framework Reporting

A Case Study: Ballarat Health Services

Trudy Shortal, Risk Manager Sue Gervasoni, Exec Director Residential Serv’s & Clinical Governance Keren Day, Director Governance & Risk Management

October, 2015

A timely reminder

• Role of the Board

– to set the agenda, develop the direction, monitor achievement, hold the executive accountable for progress

• Quality Manager/team’s role

– to provide innovation, improvement and quality (risk) management infrastructure, reporting, co-

• rdination and technical support. Advise on

compliance

– Adapted from C Balding – 'Leading a Strategic Quality Governance System‘, Quality Works

The Board needs to know 3 things

• What are the risks of the organisation?
• How are we managing those risks?
• How do we know we are managing the risks?
• We were only partially meeting the needs of
• ur Board…..but we didn’t know it at the time

A story of risk maturity

• First VMIA Risk Workshop with Executives in

2006

• First Enterprise Wide Risk Manager role in

2007

• Risk fairly well embedded
• Pretty good engagement across the
• rganisation
• Doing OK…….or so we thought!
• How do we know?

VMIA Risk Framework Quality Review

• Independent review of

RMF maturity

• 7 element maturity model
• Risk culture
• Governance &

Accountability

• Resources & Capability
• Policy and Plan
• Risk Management Process
• Validation & Assurance
• Inter-agency Risk

Management

• Developing  Integrating

 Effective  Advanced

• Informed by the Victorian

Government Risk Management Framework and the AS/NZS ISO 31000:2009.

RFQR @ BHS

• 2011

– “Effective” – Action plan for improvement

• 2014

– Doing better – or so we thought – “Integrating”

• 2014 in Summary:

– Management of clinical is firmly embedded – Not clearly aligned to strategic objectives. – Compliance driven and largely clinical risks. – Long term risks that require further assessment and possible archiving

• Risk generation – bottom up
• Huge risk register
• Reporting Ground Hog Day
• Risk reports answered the first two questions,

but not the third…how do we know?

– It was self evident in risks that were reduced quickly (they disappeared from the RR) – but what about the risks that were there forever?

• Too much risk reporting- monthly, voluminous

On our way, but not yet arrived

• Our development had been unidimensional

– Great management of clinical risks

• Where were our gaps?

– No strategic risks

• what was the difference?
• what does a strategic risk register look like?

– Not through lack of asking or searching for examples

• Had attempted to ‘theme’ our operational risks

– No way generating strategic risks in our approach

Reflection

• The RFQR process was also different this time
• Simply inter-rater differences? Possibly not….

– Post VAGO review of Public Sector Risk Mgt – The landscape had changed…the bar was raised

• The Vic Gov Risk Management Framework

(updated 2015)

• “The Victorian Government needs its public sector to be

productive, innovative and efficient and tackling the risk- related issues that affect its ability to deliver the services needed”.

p.2 VMIA Vic Gov Risk Mgt Framework Practice Guide

Reflection

• It’s one thing to have a risk management

process, it’s another to have a strategic risk management framework

• If not strategic, it is transactional, focused on

processes and tasks, an end in itself, not driving towards the goal

– Busy, reporting, compliance …. Important, but…

• If strategic – can be transformational &

purposeful

Adapted from C Balding – 'Leading a Strategic Quality Governance System‘, Quality Works

Reflection

Reactive V’s Proactive

• Strategic risk

– Risks of failing to achieve strategic objectives – Why starting from the bottom didn’t cut it – Responsibility of the board

• Operational risk

– Risks derived from the provision of the service provided by the business – What is happening on the ground

• Top Down V’s Bottom Up
• Both/And

Back to Basics

• So we stopped – quality & risk brains trust
• Had the “aha” moment about what is a strategic risk v’s

and operational risk and their relationship

• Took a good hard look at ourselves in terms
• f Risk Reporting …took a plan to Exec
• Started from the top….With VMIA support
• Strategic Risk Workshop

– Worked with Exec and Board Rep to identify our strategic risks

Moving Forward

• Identified strategic risks from strategic goals
• Assessed these and formed mitigation plans
• Established Risk KPIs

– Presenting trends – In way easy to understand for BOM – Used the data to tell the story? Are we reducing the risk? Could the BOM see if the patient experience is safer?

• Differentiated Contributing (operational) risks

– Developed Risk KPIs for these as well

Moving Forward

• Reviewed (re-thought) our Risk Reporting

Templates

• Made sure the link between and

responsibilities strategic risk and contributing risks were clear

– Strategic – BOM – Contributing – Management team

• Reviewed our Risk Reporting Schedule

– As often as needed and no more

Moving Forward

• After almost a year of hard work by the Risk

Manager, rethinking and designing, checking, various iterations, feedback ………….

Results?

• Focused data rather than volume
• BOM love it – not overwhelmed, know where

to look

• A BOM more assured (not looking for

reassurance any more) and so can now use the data ask questions to support and drive improvement

– Don’t get contributing risks, but have access to them if needed

• Engagement of each Exec Director

Results…..

• Annual strategic risk workshop/KPI review
• Inter-agency risk

– Was on our radar…now mandatory

• Further development and evaluation

– The value of the Risk KPIs to be determined as a facilitator of monitoring – Still working out if the KPIs are right – Are the KPIs allowing us to quickly and easily know if we are managing the risk – Is it supporting the board and the ESC as they make decisions?

Moving Forward

• Thanks to our Risk Manager – who has dug

deep and driven the work

• Thanks to Executive Director – who leads and

champions risk management at the ESC table

• Trying not to feel too comfortable….there is

always something to learn

• Like all things in risk management….the proof

will be in the pudding….do we achieve our goals?

Moving Forward…. but always improving

• Thank you for listening
• We hope that sharing our story

may help your story