Time for Structured Risk Management in Healthcare
R Venkatakrishnan, FCA DISA (ICAI), Partner, RVKS and Associates, Chartered Accountants
The macro-economic conditions are getting more difficult by the date. VUCA is the new normal, where Volatility, Uncertainty, Complexity and Ambiguity are huge drivers that are hurting all industries and healthcare cannot choose to believe that it is not going impact it in a big way. Given such a situation it is not going to be long before the weak, unprepared and underprepared are going to drop by the wayside! The weakness of an organization is not going to be determined by its size or financial muscle but it ability to be agile to risks both macro and micro. The agility will only come from being conscious of the different type of risks that it is exposed to and having an appropriate risk mitigation plan to counter it!
Risk management may sound a very complicated term but if we look at the same smaller modules and processes it would be easier handle the same with far greater ease. Some very common areas where many companies choose to ignore are discussed under.
Let us take the simple case of where does the revenue or sales come from? The normal thumb rule is that it would not be prudent for anorganization to have its revenue dependent from any single source. It could be from a single area, person, equipment. It is possible that the concentration may be inevitable, in which case it is even more critical and important that organization protects itself. With healthcare delivery getting localized the risk associated such exposure is even more pronounced. Imagine a case where a large source of patients is from anarea and a competitor sensing the opportunity decides to put up facility in that place. We have seen similar situation wherein significant portion of revenues/profits are derived from an equipment and that breaks down frequently or for prolonged periods of time. These cannot be corrected overnight but then organizations should make a conscious effort to reduce the risk over a period! In India ITC did manage this risk very well. When most of their revenues and profits were coming in from sale of tobacco products they made a conscious effort to change their revenue mix. Over the years it has brought down the revenues to less than 50% but profits may take a little longer! The key issue is that is to ensure that take the right path to reduce the risk of excessive reliance on product group or customer!
There is hardly a day when you are not middle of an intense discussion on the impact of disruptive technology. Technological obsolescence is the order of the day and critical that organization don’t get saddled with white elephants that turns out to be a noose around the neck. Healthcare facilities may do well in finding alternative methods, like operating leases, to get access to equipment albeit at marginally higher per unit cost price.
Regulatory & Policy Risks
Healthcare has for too long been outside the purview any serious regulatory or policy controls. This is set to change as public opinion, thanks to a very (hyper)active social media. This is bound to increase in the times to come with increasing public awareness, very active and sometimes even investigative press, use of Right to Information Act even by competitors and judicial pronouncements. Policy makers tend to step in to ensure that governments in power are not subject to great embarrassment. This was evident when policy controls were brought in on pricing of medical devices and even some pharma products. Such abrupt changes could potentially send revenue/business models into a toss and could spell serious trouble. Changes to and stricter implementation of laws like the Clinical Establishment Regulation Act, Accreditations will subject healthcare facilities not only to higher level of scrutiny but in some cases, may find some costs going up in the short term.
Risk Assessment & Review Mechanism
The list could go on and this is only illustrative. It is for each organization to determine the nature of risks it is exposed to. The risks could both internal and external. A logical approach to assessing these and then reviewing it periodical intervals! The review mechanism should also facilitate a mechanism to prioritize the risk and find options to mitigate the same. Prioritization should be based on the probability of occurrence, frequency, impact and ability to detect in time to take actions. The objective of the exercise should be to ensure organization is proactive rather being reactive to the event.
Many a times we are excellent fire fighters because we invariably are also responsible for the fire. Risk management is like insurance, the need for it is never appreciated till the event happens. Unfortunately the contrary we tend to crib and complain about the costs associated with it. Risk management should be viewed more as an investment rather than cost!