Risk Assessment in Residential Care Home
PART A
The group selected the COSO ERM programme to be used as the basis for making the policies and processes of the Kindly Residential Care Rest Home. The following are the main risk drivers for a healthcare business.
STRATEGIC RISKS
Risk is always included when talking about health care organizations. The organizations should have a well-defined risk management to mitigate and monitor critical threats to the health of clients; also to understand and identify the causes of the risks. Risk can be external or internal based, these can become major setbacks for the organization that can affect the attainment of objectives.
[1]
Strategic risks are those risks that can derail organizations which make the strategic plans useless. Some examples are competition, market changes, availability of capital, disasters, reputation issues, trends on regulations and technology.
Variables like market or economic condition, corporate governance and stakeholders are strategic risks relating to the long-term performance of the organisation. The economic situation of a country can change suddenly, as well as the market. Corporate governance risk relates to the reputation of the organisation. And stakeholder risk refers to the risk associated with the shareholders, business partners, customers and suppliers. Shareholder decisions can change quickly if dividends fall. These things surely will affect the organization as a whole if anything happens.
[2]
Strategic risks should be handled by an approach which emphasizes on the overall health of the organization. There are two ways to keep the healthcare organization on track. The first one is to lessen uncertainty by identifying possible strategic risks then increasing the knowledge of the whole organization. And the second is the utilisation of performance enhancement tools to make adjustment of the strategies.
FINANCIAL RISK
Financial Risk relates to budget, cash flow, tax obligations, credit and debt management, remuneration and the organisation capital structure. There are two areas of financial risk that must be considered. Charges relating to non-fulfillment of duties and responsibilities of Directors: The shareholders or other stake holders like creditors may file suit against the BOD under Companies Act for inappropriate conduct in the fulfillment of directors and officers duties. Also, the entity itself may be sued by shareholders or by creditors
Therefore it is important for risk management professional to be knowledgeable of the organization structure, the requirements imposed by the charter, bylaws or other documents. And he/she should discover the chances to transfer such risk through insurance policies to protect the assets of the organization.
A situation in which the financial risk will arise is when the organisation use debt to finance for risk reduction eventually increasing the possibility of financial distress and the variability of the return to shareholders. The organisation must be very careful in considering the decisions regarding capital structure and the development of strategic planning objectives that will lessen the risk.
There are four strategic planning goals to avoid increase in financial risk. First is to analyse and improve management information systems to make sure that enough information is available. Second is to involve administrators and support staff to make them understand the process of care and the outcomes of care. Third is to assess the cost benefit of shifting operations risk to another organisation. And lastly, to analyse the effect of changes in tax policy on the business risk of the health care organization.
[3]
OPERATIONAL RISK
The risk associated with the operation includes breaches of patient privacy, diagnostic, medical, surgical or medication errors and other harmful situations. The responsibility of the manager is to identify risk by making a review of past incidents, reports as well as losses. Also, monitoring the activities of the staff in the work place is important to make sure the compliance to the policies and procedures.
The manager should report any findings, issues and solutions regarding the problems. Also, he/she observes the management program to aid in developing improvement in the procedures and help department managers to educate other staff about the policies and procedures.
HEALTH AND SAFETY RISK
Risk relating to health and safety always exist in a workplace even in a healthcare organization. This includes physical, biological and chemical agents. Things that can affect the health and safety in the workplace are ventilation, temperature and humidity, positioning of equipment and work area, lighting, space and cleanliness of work area. Safety measures to be utilised involves regular maintenance, safe route for people, control of hazardous like chemical and biological agents, and stress.
HAZARD RISKS
A hazard is any source of possible damage or adverse health effects on someone under certain circumstances at work. In some instances, it is considered as the actual harm or the health effect it caused rather than the hazard. The hazards in a workplace come from various sources. It can be any substance, material or practice that can cause harm or adverse health effect to a person.
INFORMATION RISKS
As the technology progresses, many organisations nowadays are utilising innovations especially on information technology. Business entities heavily rely on information systems using networks and computers, exposing them to threats such as viruses, hardware and software failure, suspicious electronic mails, incorrect data processing, and accessing infected mails. Criminal IT threats are also risk that relates to hackers who enter the systems illegally, alter data, accessing password, and do online attacks to prevent access of authorised users. And natural disaster such as fire, flood, damages to buildings and computer hardware are also a threat in information which can result in loss or corruption of customer records
[4]
HEALTHCARE BUSINESS AREAS WHICH ARE HIGH RISK
Operational risk is one of the high risk areas of a healthcare business. Rest homes operate everyday dealing with residents including their health and safety. A singular error can lead to negative effects for the organisation. And another area is the information matters, the occurrence of health information security breaches, fraud, and privacy violations can affect the balance of the organisation.
POTENTIAL IMPACT OF DIFFERENT TYPES OF RISK ON THE HEALTHCARE BUSINESS ORGANISATION’S OBJECTIVES
The potential impact of the various risks on the healthcare business can be positive and negative for the organisation. If these identified risks are managed effectively and efficiently, the well-being of the facility will be good and can bring more clients and opportunities; and lessen the exposure to losses. However, if these factors are neglected, the organisation will face the consequences.
PART B
RISK MITIGATION MANAGEMENT PLAN AND STRATEGIES
EMPLOYMENT PRACTICES
A professional work environment is essential between the manager and employees. Managers need to have a good understanding of the laws and regulations regarding employment and shall comply with it to lessen claims. And policies are needed to maintain order in the workplace.
The healthcare organization needs a clear written policy and process when hiring new employees, the policies and procedures should be implemented consistently, performance management tools to evaluate employees, trainings for both the employees and managers and considering retention of valuable staff.
The aforementioned practices will decrease the exposure of the healthcare organization to employment liability claims eventually mitigating risks.
FRAUD PREVENTION MEASURES
A fraud is untruthful representation of a substance of fact; it can be by words, by conduct or misleading allegations. This kind of event can affect a healthcare organization that can lead to misunderstanding and conflicts.
The following are measures to avoid fraud in a business. The facility must have a checklist of suggestions for best practices to lessen the possibility for fraudulent activity. Next is operational control to be implemented such as setting limit to employee transaction and access to administrator, and making policy and procedure to disable access for the employee who is no longer employed in the organization. Then putting a management policy and procedure will come next to update network services, security software and operating system. And last is establishing policy listing acceptable use regarding uses of mail, web browsing and social networking to make sure that the employees are aware of the hazards or risk in opening attachments or clicking unknown links.
HEALTH AND SAFETY POLICY
The law relating to health and safety is the Health and Safety in Employment Act 1992 (HSE Act). Under this Act, organizations are legally required to make sure are not hurt in their workplace. Therefore, this Act requires the Kindly Residential Home Care to make sure their staff and employees have a safe place of work and that no visitors are harmed in the workplace. Included within the Act is the eliminating, isolating or minimizing workplace hazards for the facility. The healthcare organization should record all the incidents, and training and supervision the staff had to prove to a Health and Safety Inspector in case of an incident.
PROTECTION OF PHYSICAL ASSETS
The physical assets of an organisation are utilised to achieve the business goals and objectives. These assets should be protected and used in compliance with the policy of the company. Physical assets include office facilities, equipment, supplies, furniture, information systems and technology assets.
In a healthcare organization, where high value equipment is being used, management of these things is significant. The equipment must be tracked down across the facilities with the right procedures. The assets should have routine maintenance schedule to make sure they are operating well. And of course, the organization needs a great security procedure in place and accountability as well.
The above activities will lessen the costs for a healthcare facility by providing an up to date inventory of equipment and meet the financial and security audit requirements. Also, these solutions uplift the accountability of equipment, sharing of high cost equipment and enhance the maintenance of the critical assets.
DISASTER MANAGEMENT
Disaster has classification depending on its onset. Some are slow or creeping such as drought and HIV/AIDS. Others are sudden or rapid like earthquakes, floods, tornadoes, fire and strikes. In relation to healthcare facilities however, disasters can be internal and/or external. Internal includes those relating to structural such as building damage, oxygen leakage, and faulty electrical systems. Also is functional disaster such as strike action, or surge of patients. External are those relating to floods, mass casualty incidents, natural and human induced disasters.
The people in charge of healthcare facility must keep in mind that disaster preparedness planning is a continuous process. Written preparedness plans must be vigorous in order to be effective. Training must be done on regular basis.
The disaster preparedness planning process involves the development of an emergency plan within the healthcare facility by the authority. Then establish planning committee to call representative from significant department and services. Next is conduct hazard risk assessment such as internal and external hazards, detailed vulnerability analysis to determine the scope and priorities. Set planning objectives based from the results of analysis and determine the disaster management strategies. The next step is determining of responsibilities among the departments and personnel of the organization. Followed by, analysing of the resources of the facility. The planning committee must point out the sources of personnel and equipment which can be utilised speedily. Development of systems and procedures is next. Strategies for prevention, preparedness, response and recovery must be identified. This includes communication systems, public information, education, relations and resource management systems.
Writing the plan is the next step of the process. It must be relayed to all concerned individuals. It must be simple and straight to the point. Then, the facility will train the personnel, test the plans and procedures. Lastly, plans must be tested, reviewed and amended if needed regularly. Remember, planning is a continuous process.
PART C
VULNERABILITY FACTORS AND IMPACTS ON KINDLY RESIDENTIAL CARE REST HOME
BUSINESS CONTINUITY PLANNING
A sudden incident can interrupt a business and affect the whole operation that can lead to revenue loss, increase costs and decrease in productivity. Being prepared is significant for the organisation to keep things running again as quickly as possible. The business continuity planning will aid in the recovery of the business.
Business continuity planning (BCP) is the process and procedure that are carried out by a business or organization to make sure that critical functions continue to operate during and after a disaster. It should include procedures for protecting the employees as well as protecting the business.
BCP usually cover most of the critical business processes and operations of an organisation such as emergency contact details, communication strategies, HR policies, alternate premises, strategies to lessen the impact of an incident, alternate hardware, information back-up and the implementing procedures during an incident.
These are some benefits of BCP in the healthcare facility; protect patients, initiate continual improvement, increase commissioner confidence, reduce risk of financial loss and protect the reputation.
IMPACT AND CRISES ASSESSMENT
The Kindly Residential Rest Home needs to assess regularly their capability to withstand a disaster. The buildings should be checked on regular basis; the protection of equipment is also a priority; supplies, medicines and food should be assessed as well in order to lessen the impact and possibility of crisis if a disaster happens. One important thing is providing training for the staff to response effectively during a disaster. Guidelines should be assessed; it is important in order to save lives.
THREAT ASSESSMENT SCENARIO DEFINITION
Threat-based vulnerability assessment emphasizes on the different kinds of threats a healthcare facility security encounters. The threats include those low frequency, high impact like patient abduction and wide emergencies like typhoons, fire or earthquakes.
The threat-based assessment estimates vulnerability through the ways a patient may be abducted, how the healthcare facility is prepared if the materials and supply are cut off for a period of time or how any interruption of utilities will affect the patient care.
The assessment team must be knowledgeable and has a good understanding of historical events of the facility especially the conceptual threats. Although history is a primary indicator, not all future threats can be anticipated based from the past. Scenario-based assessments are advantageous because they are better in assessing high value assets and high consequence threats. Unfortunately, this advantage also creates a problem whereby lesser threats may be ignored and security measures not implemented.
RECOVERY SOLUTION DESIGN
The disaster recovery plan is intended to make sure that the crucial business processes is continuous if any disaster happens. The plan will give a real solution that can be utilised to recover all the vital processes inside a time frame.
In a residential care rest home, the major concern is getting the people to safety when a disaster occurs considering that the clients are all elderly. It is a huge challenge because the residents will have hard time to get to a safe location. The disaster plan should be in place and the staff can use it to ensure the safety of the residents when there is a disaster.
First step in disaster plan is the assessment of possible risk of a disaster such as fire, earthquake, flood, typhoon or landslide. Each type of disaster involves different procedures. For instance, in an earthquake, there is a need of evaluation of the building for damage and utility interruptions before moving the residents. However, in a fire incident, speedy evacuation is required due to the nature of the event. Equipment should be checked in order to secure the safety of residents as well staff.
Next is planning such as making arrangements beforehand to transfer residents to the evacuation place with a transportation company. In case of fire, flood or damaged buildings, there must be an alternative facility ready for the patients. Also, the transfer of important files and records, and medications should be made. Supply of food and water must be enough to last for one week for both the residents and staff. Detailed evacuation maps are important during disasters highlighting the possible routes. And provide a section for communicating with families of residents and staff who are off-duty.
IMPLEMENTATION AND COMMUNICATION
Specific procedures should be developed to notify staff to implement the disaster plan. The manager must describe the hierarchy of the decision makers in the facility. For a weather-related disaster, train staff that will monitor conditions and start preparing to perform their roles and responsibilities during a disaster. And assign a staff to contact important agencies to alert them of the situation and express the actions of the facility.
TESTING
It is important to rehearse and test the business continuity plans; exercises should be conducted at set intervals and top management should be involved. There must be a clearly defined objective for each exercise. Scenarios should take into account both internal and external incidents and supply chains. All work streams should be tested through a programmed approach; exercises should include trigger points, escalation procedures, communications and plan execution.
MAINTENANCE AND UPDATE
After the testing of the procedures, make a report specifying the upside and downside to make improvements. An action plan appointing responsibility for each action should be developed, including timescales.
REFERENCE
http://www.business.qld.gov.au/business/running/risk-management/information-technology-risk-
http://www.dnv.com/binaries/BCP%20Top%2010%20Steps_tcm4-575649.pdf
http://www.smallbusiness.wa.gov.au/risk-management/
http://www.smallbusiness.wa.gov.au/insurance-risk-management-plan/#step1
Paterson M. A., & Wendel J. 1996.
Managing risk in a changing health care system.
Retrieved from
http://www.aspenpublishers.com/books/kongstvedt/Readings/Chapter 28/JHCF 22-3.p15-22.pdf
Roberts, A., Wallace, W., & McClure, N. 2003.
Strategic risk management
. Retrieved from
http://www.ebsglobal.net/documents/course-tasters/english/pdf/h17rk-bk-taster.pdf
Stephen, B. 2007.
Understanding strategic risks
. Retrieved from
http://www.wipfli.com/resources/images/5023.pdf
[1]
Stephen, B. 2007.
Understanding strategic risks
. Retrieved from
http://www.wipfli.com/resources/images/5023.pdf
[2]
Roberts, A., Wallace, W., & McClure, N. 2003.
Strategic risk management
. Retrieved from
http://www.ebsglobal.net/documents/course-tasters/english/pdf/h17rk-bk-taster.pdf
[3]
Paterson M. A., & Wendel J. 1996.
Managing risk in a changing health care system.
Retrieved from
http://www.aspenpublishers.com/books/kongstvedt/Readings/Chapter 28/JHCF 22-3.p15-22.pdf
[4]
http://www.business.qld.gov.au/business/running/risk-management/information-technology-risk-
management/information-technology-risk
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper
Get Answer Over WhatsApp Order Paper Now