On April 8, 2014, Draffin & Tucker partner Cindy DuPree spoke to participants of the Georgia HFMA Revenue Cycle and Accounting and Auditing Summit in Tifton, Ga., on “Helping Your Finance Committee with an Internal Risk Assessment.” She advised seminar participants that managing risk is everyone’s job, but to “keep it simple” by using a four-step process: identify, assess, prioritize and schedule.

Organizations must first be able to identify risks relevant to them. These risks may be governmental, financial or reputational. One of the best sources to identify an organization’s risks is by asking employees directly. When assessing risks, healthcare organizations need to evaluate and estimate the relative importance of the issues.

Next step is to prioritize—which issues are the most risky? This can be determined by listing all of the risk areas identified by participants, determining the likelihood of each event potentially happening, the cost for the organization should the event occur, whether the issue is on the government’s radar, if there is a reputational risk for the organization, and if there are any controls in place to prevent the event from happening.

Finally, once the risks are prioritized, the organization is ready to develop the plan or schedule how to address the risks. The plan includes the statement of each risk, defined actions, project owners, and timeframe.

For more information on developing an internal risk assessment for your healthcare organization, please contact Cindy DuPree at cdupree@draffin-tucker.com or (404) 220-8494.