Tag Archives: RIMS

Seven Qualities of an Impactful Risk Register

Posted on by

You might have resolved to tidy up some processes and press the “reset” button on your risk register in the new year. Whether you’ve started a new position, want to improve your company’s operations or just overhaul your existing register, the basic foundations are out there.

Demonstrating their altruistic nature, many RIMS members have been offering their insight to those seeking suggestions – even going so far as to send their Excel sheet registers. Here are some criteria for your X and Y axes, culled from the OPIS network and existing resources on Risk Knowledge. While they are by no means a finite list, they can act as building blocks for your new template or register.

buy keflex online desiredsmiles.com/wp-content/uploads/2023/10/keflex.html no prescription pharmacy

  1. Exposure. Define the imminent or possible risk event.
    buy lipitor online desiredsmiles.com/wp-content/uploads/2023/10/lipitor.html no prescription pharmacy

    Examples could be a data breach or earthquake.

  2. Risk Category. Itemize by who or what was affected by the exposure. Employees, property, locations, and systems are some examples.
    buy trazodone online desiredsmiles.com/wp-content/uploads/2023/10/trazodone.html no prescription pharmacy

    If the exposure was public-facing, be sure to include your customers and shareholders.

  3. Cause of Loss. In addition to simply entering the risk origin, also detail whether it was on the radar or completely unforeseen. You might choose to add subcategory (or row) if necessary to document the specifics.
  4. Consequences (Primary and secondary). While many exposures impact the bottom line, it might also include damages to systems, infrastructure, and absences. There are other consequences that are tougher to quantify, such as reputation and employee morale. Subcategories for secondary (and tertiary, and possibly beyond) might be necessary.
  5. Target Risk Level. Driven by each company’s risk appetite level, the target risk level should be the mitigated level. “For example, risk appetite for strategic can be 4 (out of 5), operations 3 and safety 2,” wrote one member on an OPIS thread. “Therefore, any risk should be mitigated to the acceptable risk appetite level within each risk category – hence, a safety risk of 4 needs to be mitigated to a 2 level.”
  6. Expected Losses and Gains. Establish value to the projected outcome. There is certainly a downside risk to natural disasters, particularly where injuries, casualties, and property damage are concerned. But not all risks will be negative; selecting a new cybersecurity system, for example, may have costs but also estimated savings.
  7. Assignee. Just because you are the risk manager does not mean you are responsible for solving all the problems or having all the answers to each risk. A data breach would typically be assigned to the IT leader. However, depending on the size and structure of your organization, you might be the de facto authority on certain exposures, such as emergency preparedness and natural disasters. In those cases, enter your own name and get ready to act.

As stated earlier, these qualities are just starting points as you build your register – you should customize it to your organization and personal preferences.

When reflecting upon the makings of the risk register, one member said that the most critical issue was not the format, but rather “the dialogue that surrounds the register,” adding that “the discovery and discussions were what made that part of the ERM activity useful. Of course, having a nice means of communicating it makes it easier to focus the dialogue.”

RIMS also offers suggestions for ERM programs. Visit the OPIS network to get feedback from members and Risk Knowledge for resources such as the ERM Starter Risk Log Template.

Risk Manager of the Year: Q&A with Rebecca Cady

Posted on by

Rebecca Cady, vice president and chief risk officer of Children’s National Medical Center (CNMC) in Washington, D.C. was named the RIMS 2018 Risk Manager of the Year today. CNMC is the largest freestanding pediatric academic medical center and health system in the greater D.C. area., with annual revenues of nearly $1.2 billion.

She was praised by her peers for her success in elevating CNMC’s culture of safety, addressing risk on an enterprise basis and lowering the system’s total cost of risk. Under her leadership, programs continually seek to benefit the system’s 6,000-plus employees, and ultimately, the services they provide to children and their families. Cady spoke with Risk Management Monitor about her journey to the profession and the combination of challenges she faces as a health care risk manager.

Risk Management Monitor: Your professional career began as a labor and delivery nurse. How did you make your way into risk management?

Rebecca Cady: I was a staff nurse at a small, rural hospital in Kingsville, Texas. During a shift, several co-workers were gathered at the nurse’s station, discussing a lawsuit that many senior nurses were anxious about having to take part in.

They didn’t understand what was going on. I remember thinking: ‘What if lawyers knew what it was like to be a health care provider or practice medicine and nursing?’ It would help them do a better job of guiding the nurses and doctors through the legal process. I thought, ‘I could go to law school.’ And I did. It turned out to be a great idea because it has made for a fulfilling and interesting career.

RMM: After becoming a lawyer—and eventually partner—at a law firm, what drew you to CNMC?

RC: I saw this as an opportunity to get in the practice of avoiding litigation in the first place. I was attracted to the idea of working more closely with providers and in a hospital environment where I felt I could have a greater impact on the organization and manage its risk.

RMM: What is one of CNMC’s top challenges?

RC: Recruitment is up there. Pediatric neurosurgeons are not working at Starbucks while they’re looking for a job.

online pharmacy ciprodex with best prices today in the USA

In some of the specialties, there are very few qualified people. Being able to recruit and hire the best and the brightest, which we think our kids deserve, is hard because we’re competing with pediatric hospitals that are part of other systems.

RMM: In 2014, you updated the reporting systems to include reporting from mobile phones. What inspired that change?

RC: Being able to report an incident and have it instantly make its way up the chains of command was more of a way to cut past the tediousness of logging a report on paper, or even on a computer. I’m not a techie but I recognize that technology has the ability to make us more efficient and effective. We really do believe that more reports are better, because knowing about the low-level events that don’t reach patients or cause immediate problems can still be useful. You can then identify latent issues that need correcting and prevent something serious. Plus, it was embraced by our employees.

RMM: You are widely regarded by peers and co-workers as a relationship-builder and a strong communicator. What is your management style?

RC: My office is in the hospital and I make it a point to be visible. I go to meetings wherever possible and am present wherever possible, I administer our calls and speak at staff meetings as well and to the new residents and nurses as they come on board. The whole risk team is also out and about among the organization constantly, because having relationships builds trust and makes your job easier.

We’re not the department of ‘No.’ We’re the department of ‘Yes, If…’ Helping folks solve their problems – even if they seem small to you – is huge for them. And once they stop seeing you as the policeman, they see you as a business partner.

online pharmacy fluoxetine with best prices today in the USA

Then they’ll start to call you earlier in the game when they are strategizing. That applies no matter what industry you’re in.

online pharmacy flomax with best prices today in the USA

Insurance Industry Responds to House Approval of NFIP Renewal

Posted on by

Insurance industry trade groups lauded the U.S. House of Representatives’ vote on Nov.

buy lariam online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/lariam.html no prescription pharmacy

14, reauthorizing the National Flood Insurance Program (NFIP). The 21st Century Flood Reform Act (H.R. 2874) would reauthorize the program for five years and enact operational changes.

buy tobradex online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

Advocates from RIMS, the risk management society, the Property Casualty Insurers Association of America, and SmarterSafer.org also asked that the Senate waste no time in passing its version of the measure before its expiration on Dec. 8.

On Sept. 8, President Trump signed legislation passed by both houses to extend NFIP authorization until Dec. 8, which previously had been set to expire Sept. 30.

Dow Jones reports that the act’s reforms include:

  • Authorizing $1 billion to elevate, buy out or mitigate high-risk properties
  • Capping flood insurance premiums at $10,000 per year for homeowners
  • Removing hurdles to the private flood insurance market, which often offers better coverage at lower cost than the NFIP
  • Providing for community flood maps and a homeowner’s ability to appeal their flood designation
  • Better aligning NFIP rates to match a property’s true risk, particularly for in-land and lower-value properties
  • Improving the claims process for flood victims
  • Addressing repeatedly flooded properties, which account for 2% of NFIP policies but 25% of claim payments

While it applauded the U.S. House of Representatives for deciding to reauthorize the NFIP, RIMS, the risk management society, also urged the Senate to quickly follow-up before the program’s Dec. 8 expiration. Allowing the NFIP to expire would have “significant repercussions, impacting both corporate and residential property owners,” said RIMS Vice President Robert Cartwright Jr.

“Nearly five million American consumers rely on the NFIP to protect their homes, properties, and businesses,” said Nat Wienecke, senior vice president of federal government relations at the Property Casualty Insurers Association of America (PCI). “A long-term reauthorization is needed to provide consumers and markets with reliability and stability when it comes to flood insurance coverage.

buy paxil online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/paxil.html no prescription pharmacy

SmarterSafer.org, a coalition of taxpayer advocates, environmental groups, insurance interests, housing organizations and mitigation advocates, said in a statement that this year’s “historic hurricane season has pushed the nation’s debt-ridden flood insurance program past the point of bankruptcy once again, so we applaud the House for passing a legislative package that reforms the NFIP to ensure the program is financially sustainable for the future.” The organization also lauded the House for investing in recommended measures including “mapping and mitigation, addressing affordability and providing consumer choice in the flood insurance marketplace.”

The NFIP was created more than 50 years ago to provide affordable flood insurance as private insurers pulled out of the market. The program’s large debt led Congress to cancel $16 billion of its debt last month. NFIP now has about $6 billion to pay claims and $10 billion left that it can borrow from the Treasury Department, according to the Federal Emergency Management Agency, which manages the program.

High Performance Risk Management

Posted on by

LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” said Chris Mandel, senior vice president of strategic solutions at Sedgwick, at the RIMS ERM Conference 2017.

During the session “The Trouble with ERM,” he noted that risk managers now need to alter their focus. “The question for risk managers now is, how do we get our organizations to focus on long-term success and recognize the link between strategy and risk?” he said.

Erin Sedor, president at Black Fox Strategy, said that personal experience taught her the importance of connecting with the CEO and aligning with the company’s strategy when setting up a program. “You need to know what they are talking about and understand strategy,” she said.

Unable to find a satisfactory definition of strategy for ERM, Sedor came up with her own: A set of decisions made at a given point in time, based on business intelligence, that when successfully executed, support the purpose, growth & survival of the organization.

She added that, unfortunately, enterprise risk is not a term that resonates with the C-suite, but strategy is.

She identified three major problems with ERM that can dampen its prospects:

  1. A limited view of the organization’s mission, growth and survival.
  2. Silos. Breaking through them is a nonstop process, no matter how a company tries to improve the situation—especially in the areas of risk management, continuity planning and strategy, which typically happen in very different parts of the company. “It is important to link risk management and continuity planning in the strategic planning process, because that will get some attention and get the program where it needs to be,” she said.
  3. Size. Because ERM programs are notoriously huge, she said, “the thought is that ERM will cost too much money, take too many resources and take too long to implement. And that by the time it’s finished, everything will have changed anyway.”

Starting the process by “saying you’re going to focus on mission-critical,” however, can help get the conversation moving. “Because as you focus on that, the lines between risk management, continuity planning and strategic planning begin to blur,” she said.

Sedor described mission-critical as any activity, asset, resource, service or system that materially impacts (positively or negatively) the organization’s ability to successfully achieve its strategic goals and objectives.

She said to find out what mission-critical means to the organization, what is the company’s appetite and tolerance for mission-critical, and the impacts of mission-critical exposures on the organization. “Risk managers will often ask this question first, but you have to come to grips with the fact that not every risk is a mission-critical risk,” she said. “And not everything in a risk management program is mission-critical.” Using that context helps in gaining perspective, she added.

When viewing risk management, continuity planning and strategic planning from a traditional perspective, strategic planning is about capturing opportunity and mitigating threats; risk management is the identification, assessment and mitigation of risk; and business continuity planning is about planning for and mitigating catastrophic threats.

Looking at them from a different vantage, however, strategic planning is planning for growth; risk management allows you to eliminate weaknesses that will impede growth, which is why it’s important; and continuity planning will identify and mitigate the threats that impact sustainability. “That is how they work together,” she said, adding, “you are also looking at weaknesses that, when coupled with a threat, will take you out. Those are your high-priority weaknesses. Using a mission-critical context makes it all manageable.”

At this point, if a risk manager can gain enough leverage to talk to executives throughout the organization about what mission-critical means to the company, its impact, and then about tolerances and creating a more integrated program, “all of a sudden, you’ve talked about ERM and they didn’t even know it,” she said. “They thought you were talking about strategy.”