Case Study – Enterprise Risk Management in Healthcare

Enterprise Risk Management in healthcare

The Board of a $500 million, multi-national healthcare services company, within the portfolio of a large, internationally recognized hedge fund, was concerned about the lack of transparency and reporting risks, and how this situation impacted their fiduciary responsibilities. At the request of the Audit Committee, John McLaughlin was retained to perform a Business Risk Assessment of the global operation.

Common Risk Management Issues in Healthcare

Prior to the beginning of the risk assessment, the Audit Committee and Executive Management had identified several areas of specific concern including Privacy/HIPAA compliance, cybersecurity, and business continuity. However, based upon a preliminary understanding of the company, John McLaughlin believed a comprehensive business risk assessment that included all areas of the global operation would deliver greater value and return on investment for both management and the Audit Committee.

Solution & Results

As a result, John McLaughlin gathered background documentation and conducted interviews with approximately 22 individuals over a short period of time. The interviews were conducted with individuals from each functional area of the organization and covered a wide variety of topics including: the interviewee’s role and responsibilities, strategic initiatives, departmental objectives, technologies used, performance metrics reported, and perceptions of risk related to each department and the enterprise. Prior to each discussion, John disseminated a short list of questions intended to help enhance the dialog. Importantly, interviewees remained anonymous throughout the entire process. Upon completion of all interviews, John drafted a report which captured and articulated the most important risks to the company. John subsequently facilitated a session with all interviewees whereby risk response strategies were debated and refined. In addition, a Risk Committee (along with a committee charter) were developed along with a plan to monitor selected risks over a period of time.

Benefits of Enterprise Risk Management in Healthcare

  • COST REDUCTION & RE-PRIORITIZATION – a re-prioritization of internal audit and other monitoring efforts which led to an initial review that reduced cost within customer billing operations by approximately $500,000.
  • FIDUCIARY RESPONSIBILITY – the Audit Committee, which was composed of former CEOs, was able to meet their fiduciary responsibilities related to risk assessment and risk management.
  • MONITORING – the risk assessment identified greater risks to the enterprise, reducing the priority and spending associated with monitoring previously identified risks.
  • RE-ALIGNMENT – a re-alignment of several risk response strategies that incorporated the collective views of the Executive Leadership Team
  • REDUCED INSURANCE COST – a report describing the risk assessment process and key risks which was shared with the insurance underwriters contributing to a reduction in premiums paid.

Start an ERM Program for Your Healthcare Organization

Contact ERM Exchange at or 1.610.304.3856 to reproduce the results for your health services organization with a business risk assessment or enterprise risk management program. Whether starting an enterprise risk management program or refreshing an existing program, John has experience working with healthcare companies as well as many other industries to improve their enterprise risk management. His strategies range from less-invasive business risk assessments, such as this case study, to full enterprise risk management solutions. Get started today!

About the Author