As the business world changes, it’s important for organizations to keep up with the risks associated with doing business so they can achieve their goals and objectives. Not only are these risks substantial, but they can have a profound impact on the overall success of the business, its future opportunities, and the way it is perceived by stakeholders. Understanding what risks are being discussed in board rooms and executive suites can help prepare businesses for the risks they will face in 2019.
According to a research report provided by Protiviti and North Carolina State University’s ERM Initiative, there are three specific types of risks that can occur:
- Macroeconomic, which affect growth opportunities for the organization, such as opening additional locations
- Strategic risks, which affect the validity of the organization’s strategy in pursuing growth opportunities, requiring a re-evaluation of the strategy
- Operational risks, which affect how a strategy is carried out, and may require adjusting the application of the strategy
When executives and members of the board understand the type of risks they are facing, they can gain a better understanding of how to approach them in order to protect the interests of the organization and its stakeholders. Within those three categories, here are the specific risks being faced by organizations.
In healthcare, new research leads to new policies and regulations in order to provide the highest quality care for patients. As a result, organizations must face the risks that come with regulatory changes and scrutiny. Specifically, according to the aforementioned ERM Initiative, regulatory scrutiny becomes more stringent in order to ensure organizations adhere to regulations while simultaneously reducing costs and occurrences of fraud. These regulations require compliance, particularly within the framework of the Affordable Care Act, which requires specific guidelines be followed for reimbursement. These risks can be interpreted as strategic and operational risks.
Privacy management and information security
As more health organizations shift to digital records and technology, protecting patient data and information may become more challenging. New regulations are being implemented in an effort to keep up with data security in the context of digital records and electronic transmission of information. In order to protect data, health organizations must not only keep up with technology advancements, but also implement strong authentication protocols in such a way as to not limit access of information when needed. This, as stated in the Protiviti paper, requires a delicate balance between allowing and restricting access. These risks can be interpreted as strategic and operational risks.
Meeting performance expectations
Along with meeting standard performance expectations, organizations are in a position to compete against “born digital” firms. These are firms that have existed since the Internet Age. They don’t have the same learning curve to keep up with advancing technology that other organizations do, which means they are at risk of falling behind in performance expectations. In addition, they must make changes and advancements to keep up with competitors that operate primarily digitally, which keeps the organization competitive so that it is more likely to achieve its goals and objectives. These risks can be interpreted as macroeconomic and operational.
Recruiting and retaining talent
When organizations participate in succession planning, recruiting and retaining talent is a key concern. This is especially true in healthcare, where there is a shortage of qualified physicians and advanced practice nurses. As a result, organizations must adopt clear and successful recruitment and retention programs, which include transparency in compensation, flexible work arrangements, and mentoring, to meet talents’ needs. These elements can help assure talent that they will be taken care of successfully throughout their careers, which can encourage them to remain with the organization.
Finally, as technology becomes more integrated in health care organizations, cyber threats become a greater risk. It is for this reason that data and identity privacy, and data security, are an important priority. As a result, organizations must develop policies and security measures that continue to meet the advancement of cyber threats. This will not only help protect data, but keep operations running smoothly when patient data access requires the Internet or other digital components. These risks can be interpreted as macroeconomic and operational risks.
While it may be impossible for health organizations to avoid these risks, understanding why they are occurring and their potential impact can equip decision-makers with the foundation they need to combat them successfully. Within that context, health organizations can stay competitive and successful while managing risks to the advantage of the bottom line of the organization itself.
How are you addressing these risks concerns? I have only highlighted the high-level trends but the tactical side to implement the solutions to combat these risks are definitely not an easy task, and at times are multi-year implementations.