From the President: AHERF and Enterprise Risk Management
Richard L. Clarke, DHA, FHFMA
This year marks an unhappy anniversary: Ten years have passed since the largest not-for-profit healthcare bankruptcy in history.
In this issue of hfm, Lisa Goldstein, senior vice president and team leader of Moody's Investors Service, writes about the 10th anniversary of the Allegheny Health, Education, and Research Foundation (AHERF) bankruptcy and what that financial meltdown teaches us about the need for enterprise risk management. According to Goldstein, who serves on the HFMA National Board of Directors, a central lesson from this famous case is the need for strong governance oversight to ensure accountability. She also notes that disciplined growth strategies need to be supported by rigorous financial planning and analysis, effective physician integration, and effective reporting and disclosure. In essence, she makes the case for effective enterprise risk management.
In September 2004, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its integrated framework for enterprise risk management. The COSO report defines enterprise risk management as an ongoing process that is "…designed to identify potential events that may affect the entity and manage risk to be within its risk appetite [in order] to provide reasonable assurance regarding the achievement of the entity objectives." Accountability, discipline, effective relationships, robust information, and disclosure are key. Enterprise risk management provides a process for management and governance to strike an optimal balance between growth and return goals, while being cognizant of related risks to the enterprise in pursuing those goals.
And there are plenty of risks for healthcare organizations to assess. As Ken Kauffman writes in this issue of hfm, financing risks are important to assess. Those risks include interest rate variability and structure, liquidity and put risks in volatile markets, basis risk related to hedging strategies, and underlying credit risks of credit enhancers. He notes many governing boards were surprised by the level of risk incurred by the use of fairly common synthetic debt approaches. Kaufman's article also clearly demonstrates the need for effective enterprise risk management.
The fundamental concepts in the COSO report deal with risks and opportunities. According to the report, enterprise risk management should:
- Be an ongoing enterprisewide process
- Be applied in strategy setting at every level in the enterprise
- Identify potential external and internal event risks (such as a terrorist attack, natural disaster, rapid inflation, or sudden market downturn)
- Define potential responses that avoid, accept, reduce, or share the risks incurred as a result of the event or decisions and control points to ensure actions are taken
- Ensure effective information about risk potential and impact, and communicate that risk to key decision makers, including the governing board
- Provide for monitoring of the risks identified and adjusting operations in relation to risks as they develop
The AHERF bankruptcy and the current turmoil in the credit markets demonstrate that healthcare organizations need to embrace enterprise risk management so that they will not find themselves marking their own unhappy anniversary.
Publication Date: Friday, August 01, 2008