Strategic Risk Framework Reporting A Case Study: Ballarat Health - PowerPoint PPT Presentation

Strategic Risk Framework Reporting A Case Study: Ballarat Health Services Trudy Shortal, Risk Manager Sue Gervasoni, Exec Director Residential Serv’s & Clinical Governance Keren Day, Director Governance & Risk Management October, 2015

A timely reminder • Role of the Board – to set the agenda, develop the direction, monitor achievement, hold the executive accountable for progress • Quality Manager/team’s role – to provide innovation, improvement and quality (risk) management infrastructure, reporting, co- ordination and technical support. Advise on compliance – Adapted from C Balding – 'Leading a Strategic Quality Governance System‘, Quality Works

The Board needs to know 3 things • What are the risks of the organisation? • How are we managing those risks? • How do we know we are managing the risks? • We were only partially meeting the needs of our Board…..but we didn’t know it at the time

A story of risk maturity • First VMIA Risk Workshop with Executives in 2006 • First Enterprise Wide Risk Manager role in 2007 • Risk fairly well embedded • Pretty good engagement across the organisation • Doing OK…….or so we thought! • How do we know?

VMIA Risk Framework Quality Review • Independent review of • Developing  Integrating RMF maturity  Effective  Advanced • 7 element maturity model • Risk culture • Informed by the Victorian • Governance & Government Risk Accountability Management Framework • Resources & Capability and the AS/NZS ISO • Policy and Plan 31000:2009 . • Risk Management Process • Validation & Assurance • Inter-agency Risk Management

RFQR @ BHS • 2011 • 2014 in Summary: – “Effective” – Management of clinical is firmly embedded – Action plan for improvement – Not clearly aligned to strategic objectives. • 2014 – Compliance driven and – Doing better – or so we largely clinical risks. thought – Long term risks that – “Integrating” require further assessment and possible archiving

On our way, but not yet arrived • Risk generation – bottom up • Huge risk register • Reporting Ground Hog Day • Risk reports answered the first two questions, but not the third…how do we know? – It was self evident in risks that were reduced quickly (they disappeared from the RR) – but what about the risks that were there forever? • Too much risk reporting- monthly, voluminous

Reflection • Our development had been unidimensional – Great management of clinical risks • Where were our gaps? – No strategic risks • what was the difference? • what does a strategic risk register look like? – Not through lack of asking or searching for examples • Had attempted to ‘theme’ our operational risks – No way generating strategic risks in our approach

Reflection • The RFQR process was also different this time • Simply inter-rater differences? Possibly not…. – Post VAGO review of Public Sector Risk Mgt – The landscape had changed…the bar was raised • The Vic Gov Risk Management Framework (updated 2015) • “The Victorian Government needs its public sector to be productive, innovative and efficient and tackling the risk- related issues that affect its ability to deliver the services needed”. p.2 VMIA Vic Gov Risk Mgt Framework Practice Guide

Reflection Reactive V’s Proactive • It’s one thing to have a risk management process, it’s another to have a strategic risk management framework • If not strategic, it is transactional, focused on processes and tasks, an end in itself, not driving towards the goal – Busy, reporting, compliance …. Important, but… • If strategic – can be transformational & purposeful Adapted from C Balding – 'Leading a Strategic Quality Governance System‘, Quality Works

Back to Basics • Strategic risk – Risks of failing to achieve strategic objectives – Why starting from the bottom didn’t cut it – Responsibility of the board • Operational risk – Risks derived from the provision of the service provided by the business – What is happening on the ground • Top Down V’s Bottom Up • Both/And

Moving Forward • So we stopped – quality & risk brains trust • Had the “aha” moment about what is a strategic risk v’s and operational risk and their relationship • Took a good hard look at ourselves in terms of Risk Reporting …took a plan to Exec • Started from the top….With VMIA support • Strategic Risk Workshop – Worked with Exec and Board Rep to identify our strategic risks

Moving Forward • Identified strategic risks from strategic goals • Assessed these and formed mitigation plans • Established Risk KPIs – Presenting trends – In way easy to understand for BOM – Used the data to tell the story? Are we reducing the risk? Could the BOM see if the patient experience is safer? • Differentiated Contributing (operational) risks – Developed Risk KPIs for these as well

Moving Forward • Reviewed (re-thought) our Risk Reporting Templates • Made sure the link between and responsibilities strategic risk and contributing risks were clear – Strategic – BOM – Contributing – Management team • Reviewed our Risk Reporting Schedule – As often as needed and no more

Results? • After almost a year of hard work by the Risk Manager, rethinking and designing, checking, various iterations, feedback ………….

Results….. • Focused data rather than volume • BOM love it – not overwhelmed, know where to look • A BOM more assured (not looking for reassurance any more) and so can now use the data ask questions to support and drive improvement – Don’t get contributing risks, but have access to them if needed • Engagement of each Exec Director

Moving Forward • Annual strategic risk workshop/KPI review • Inter-agency risk – Was on our radar…now mandatory • Further development and evaluation – The value of the Risk KPIs to be determined as a facilitator of monitoring – Still working out if the KPIs are right – Are the KPIs allowing us to quickly and easily know if we are managing the risk – Is it supporting the board and the ESC as they make decisions?

Moving Forward…. but always improving • Thanks to our Risk Manager – who has dug deep and driven the work • Thanks to Executive Director – who leads and champions risk management at the ESC table • Trying not to feel too comfortable….there is always something to learn • Like all things in risk management….the proof will be in the pudding….do we achieve our goals?

• Thank you for listening • We hope that sharing our story may help your story