Risk Criteria Matrix Risk Assessment TEMP

Preparing to load PDF file. please wait...

0 of 0
100%
Risk Criteria Matrix Risk Assessment TEMP

Transcript Of Risk Criteria Matrix Risk Assessment TEMP

Score 1
2

Risk Criteria Matrix Enterprise Risk Management
Scoring Definitions

Impact to the Organization

Vulnerability

Controls

Mission/Reputation
Little or no mission risk at either System or hospital level. Back press very unlikely.

Financial

Legal

Very remote chance the loss Technical violation of law or

would exceed $________ of regulation. Little or no fine

gross revenue.

probable.

Slight mission risk. Possible Loss between $_______ bad press but no significant and $______of gross patient, physician, constituent revenue. consequences.

Civil fines and/or penalties up to $100,000 possible, but little risk of exclusion, CIA, loss of accreditation/licensure.

Likelihood of Risk
Low risk, unlikely to occur. Historical and industry experience show low likelihood of occurrence.

Detectability
Failures are likely to be detected. Process is directly supervised. Automated safeguards for identifying variations/errors.

Slight risk, historical industry experience shows some likelihood however not experienced in organization to date; simple well understood process; competency demonstrated - less likely to fail

Slight risk that failure will be detected - process failures; moderate safeguards in place; partially automated process with moderate management oversight

Controls Internal and/or automated controls proven to be highly effective in mitigating all risk'
Routinely audited and/or tested. Performance metrics are established, routinely reviewed and show little variation. Current policies and procedures exist. Employee training and competency established. Wellprepared to manage this risk appropriately based on implemented risk management plans.

Moderate mission risk.

Real possibility of loss

Civil fines and/or penalties up Moderate risk of occurrence Moderate risk that failure will Periodically audited and/or tested.

Probable bad press. Probable between $_______ and

to $1,000,000 probable.

within next 12 months;

not be detected. Limited

Corrective action plans developed and

modest physician, patient $______ of gross revenue. Modest risk of exclusion, CIA isolated to single facility

safeguards in place to identify tested for effectiveness. Limited

3 and/or constituent fallout.

possible.

failure prior to occurrence. Partially automated process

performance metrics established. Risk management plans expected to

with limited management

manage the risks appropriately.

oversight.

Significant negative press Real possibility of loss

Civil fines and/or penalties up Significant risk; likelihood of Significantly difficult to detect Management Review and approval

coverage. Significant patient, between $_______ and

to $1,000,000 probable. Loss occurrence in up to 50% of prior to failure; manual

required. Process not audited or tested

physician and/or constituent $______ of gross revenue. of business unit

facilities; complex and/or

safeguards in place to identify or infrequently audited or tested.

4

fallout.

licensure/accreditation. Exclusion possible. CIA

manual process

failures; no automated processes; periodic

Limited policy or procedure guidance. Some risk management plans or steps

probable.

management oversight

undertaken; not reasonably expected

to manage the risk appropriately or

fully.

Extensive and prolonged

Real possibility of loss

Criminal conviction and/or

High risk of occurrence. Likely Extremely hard to detect prior No formal controls in place. No risk

negative press coverage.

greater than $_________ of exclusion of hospital or

to occur in next 12 months. to failure. Highly automated management plans or steps in place

Significant sponsor/board gross revenue.

System probable. Fines,

Highly complex process with with little or no human

currently.

questions of management.

penalties and or legal

numerous hand-offs. Relies intervention, oversight or

5

Extensive patient, physician,

exposure in excess of 1% net on extensive specialized skills. control. No built-in safeguards,

and/or constituent fallout.

revenue. CIA certain.

Note: should assume

cross-checks, or other

natural/manmade disasters mechanisms to identify

are likely to occur in next year. errors/failures prior to

submission/completion.
RiskLossFailureProcessRevenue