Enterprise Risk Management

July 30, 2003

Discussion Document

“Meeting objectives, with consistency”

Perspective on ERM

Conceptual framework

ERM issues in the health industry

Overview of methodology and process

Turning risk to advantage

ERM conceptual framework

What is Enterprise Risk Management?

ERM is a rigorous approach to assessing and addressing the risks from all sources that: Threaten the achievement of key enterprise objectives (I.e., financial,

market penetration, customer service) Present opportunities to exploit for competitive advantage

Improving capitalefficiency

Supporting strategic

decision-making

Providing an objective basis for allocating resources

Reducing expenditures on immaterial risks

Exploiting natural hedges and portfolio effects

Uncovering areas of high potential adverse impact on the drivers of stakeholder value

Identifying and exploiting areas of “risk-based advantage”

Building enterprise-owner

confidence

Establishing a process to help stabilize results

Demonstrating proactive risk stewardship

Objective: Enhance enterprise value by...

Minimizing earnings volatility has a significant impact on enterprise value

The effect of earnings volatility can be seen clearly by first stratifying the industry according to return and growth, thereby normalizing those effects

Low Earnings Growth Companies

High Earnings Growth Companies

High Return

Companies

Low Return

Companies

4.905.94

0

2

4

6

8

10

12

High LowEarnings Volatility

Mark

et

Valu

e A

dded

1.39

3.62

0

2

4

6

8

10

12

High LowEarnings Volatility

Mark

et

Valu

e A

dded

6.26

10.14

0

2

4

6

8

10

12

High LowEarnings Volatility

Mark

et

Valu

e A

dded

1.43

4.48

0

2

4

6

8

10

12

High LowEarnings Volatility

Mark

et

Valu

e A

dded

Source: Tillinghast – Towers Perrin analysis of 1989-1998 performance of 86 publicly traded companies in the financial services industry, based on data from Compustat and ValueLine. Details available on request.

ERM issues in the health industry

The risks are real

There are several current and significant sources of unmanaged risk

Court rulings

Consumerism

State and Federal political environment

Compliance with regulations and statutes BBA Medicare HIPPA State regulations

Unmanaged risk and litigation damages MCOs

ReputationReputation Financial Results

Financial Results RelationshipsRelationships SalesSales

Core Business FoundationCore Business Foundation

More than short-term financial impact, this environment strikes at the heart of managedcare, and threatens an MCO’s core business

QualityCare

QualityCare

Overview of methodology and process

Assessment of Organization Capabilities provides focus and priorities for a comprehensive ERM initiative

ILLUSTRATIVE EXAMPLE: PHARMACEUTICAL ORGANIZATION

Better ThanCompetitors

Alignment

Equal tocompetitors

Worse ThanCompetitors

NeededTo Play

NeededTo Compete

NeededTo Win

Perf

orm

an

ce

Importance

Surpluses

Gaps

Budget andOperationsPlanning

ProductConsistency

Technical and ProductSupport

Speed-to-Market

Managed Care Marketing

Cost Leadership

Global Supply/Distribution

Manage Industry Cycles

CustomerResponsiveness

Influence RegulatoryProcess

SustainCustomer

Relationships

Identify risk factors

Prioritize risk factors

Classify high priority risk factors

Quantify impacts

Mitigate

Finance

Analyze opportunities

Develop plan

Implement

Monitor change:- Risk factors- Environment- Organization

Re-enter prior steps as necessary

I. Assess Risk

II. Shape Risk

III. Exploit Risk

IV. Keep Ahead

The ERM approach to risk is straightforward

A more detailed view of risk assessment and shaping

Identify Risk

Factors

Prioritize Risk

Factors

Classify High- Priority Risk Factors

Model and

Quantify Mitigate

Strategic Risk

Factors

Manageable Risk

Factors

Strategic Risk

Factors

Manageable Risk

Factors

Risk Factors

That Can Be

MitigatedResidual

Risk Factors

Finance

Phase II - Shape Risk

Phase I - Assess Risk

When identifying risk factors...

…start with the business, not a checklist of risks

Business

Physical

Legal

PoliticalFinancial

RISKS THE BUSINESS

Market Capital

Infrastructure Capital

Human Capital

Financial

Capital

Business Processe

s

When prioritizing risk factors...

…qualitative scoring is appropriate at this stage

H

H

A. STRATEGY1. Informal planning, process and communications allow surprises 2. Market share and earning objectives are not aligned..

Likelihood

B. GROWTH1. Infrastructure is increasingly strained; will be difficult to retain culture and values with the changes that growth demands

2. Increased size creates more opportunity for mistakes..

C. COMPANY REPUTATION1. Pressure to make numbers may prompt behavior that will impair company’s credibility with financial markets 2. Adverse publicity (e.g., business practices, ethics) can affect image across multiple brands

D. HUMAN RESOURCES... J. SYSTEMS..

SeverityRisk Factors Controls

“NPV” Scale 1 - Low5 - High

H

L

4.5

3.0

L

L

H

M

H

L

4.5

2.0

L

M

M

L

H

H

H

H

3.5

2.5

Known environment

Capabilities and resources on hand to address

Fell between the cracks?

Just get on with it

Unfamiliar territory

Capabilities or resources may not be in place

Major change in market or business

Requires allocation of capital or shift in strategic direction

“Manageable” Risk Factors “Strategic” Risk Factors

…use a scheme that implies action

When classifying risk factors...

When modeling/quantifying risk factors...

Underwriting Risk Financial Risk Distribution Channel Competitor Risk

Business & risk management strategies

Invest Income

Medical & Admin. Expenses

Price

Taxes

Cumulative Policyholder Equity

Net Income

Underwriting G/L

Premium Revenues

Members

Bonds/stocks Subsidiaries

…link to relevantfinancial measures

…strike the appropriate balance

When mitigating risk factors...

Total

Little

Weak StrongRisk CultureRisk Culture

Stifling(excessive control)

Stifling(excessive control)

Gambling(excessive delegation)

Gambling(excessive delegation)

VulnerableVulnerable

Balancedrisk

program

Balancedrisk

program

Strategic RiskAdvantage

Strategic RiskAdvantage

ConventionalRisk Controls

…exploit the “portfolio effect”

When financing risk...

$ LOSS

PR

OB

AB

ILIT

Y

Risk A

Risk A+B

Risk B

If you understand risk, it can be a competitive advantage

Can we manage the risk better than competitors?

Is the risk more dangerous to competitors?

Impact?

High

Low

LowHigh

Predictability?

Have the capabilities to handle it?

No

Yes

NoYes

Understand the risk?

US

THEM

THEM

THEM

US

THEM

THEM

THEM

Two strategic questions:

Turning risk to advantage

Applying ERM to Health Plans

Where does risk reside?

Organization and strategy

Marketing, sales and customer service

Medical/Clinical

People andPerformanceManagement

Operations Finance

Cases to date have focused on these four areas Cases to date have focused on these four areas

While each MCO is unique, the basic business functions create a framework for mapping actionable risks

Risk management happens through leadership and peopleRisk management happens through leadership and people

Risk Types

Point-of-Sale(Misleading Sales Practices)

Point-of-Sale(Misleading Sales Practices)

Financial incentives Undisclosed care management

decision (doctors, vs. nurses and other)

Discrimination Unfair trade practices

Financial incentives Undisclosed care management

decision (doctors, vs. nurses and other)

Discrimination Unfair trade practices

Point-of-Service(Quality of Service)

Point-of-Service(Quality of Service)

Adverse medical outcomes due to negligence (medical malpractice)

Inflated reimbursements recoveries

Discrimination in peer review/ratings of doctors

Adverse medical outcomes due to negligence (medical malpractice)

Inflated reimbursements recoveries

Discrimination in peer review/ratings of doctors

Managed Care(Quantity of Service)

Managed Care(Quantity of Service)

Harmful cost saving protocols Breach of fiduciary responsibility

(economic gain) Application of inconsistent

protocols Improper denial of benefits

Harmful cost saving protocols Breach of fiduciary responsibility

(economic gain) Application of inconsistent

protocols Improper denial of benefits

Physician LawsuitsPhysician Lawsuits

Financial ruin due to “fraudulent” representations of financial risk

Interference with care Slow pay Discrimination/exclusion from

panel

Financial ruin due to “fraudulent” representations of financial risk

Interference with care Slow pay Discrimination/exclusion from

panel

Summons

The risk is compounded by the tension created when mitigating one risk potentially exacerbates another

Lack of direction Lack of clarity Lack of consensus and

consistency

Whistleblower Discrimination Consistency

An illustrative risk map

Appropriateness of capitation models

Business Function

Summons

Point-of-Sale Point-of-Service Managed Care Physician Litigation

Accuracy of provider membership information

Accuracy of policy/ coverage documents

Consistent application of policy restrictions and exclusions

Effective use of data to assess quality, improve operations

Value-added administrative requirements

Operations

Fairness of pricing Regulatory compliance

Deductibles, co-pays and coordination of benefit provisions applied correctly

Fair risk pools Prompt, accurate

reimbursement

Finance

Accuracy of disclosures

Fairness of sales practices

Quality of customer service responsiveness

Fair/Equitable exclusion from network

Access to emergency care

Access to specialists

Quality of network management

Data-driven utilization management

Fair application of profiling tools

Effective peer review Fair network

contracting and management

Non-interference in effective care delivery

MedicalManagement

Sufficiency of disclosures about physician relations and incentives

The assessment identifies and then prioritizes the risks, based on the size of risk, and its “impactability”

Sufficiency of disclosures about care management processes

Marketing, Salesand CustomerService

Organization and Strategy

People and Performance Management

Internal audit HR

Assessment

An illustrative action plan

Broad oversight External

assessment

Structure appropriate stop loss or reinsurance

Create captive to fund defense and losses

Business Function

Summons

Point-of-Sale Point-of-Service Managed Care Physician Litigation

Avoid risk by outsourcing data management

Train/monitor nurse lines

Audit claims processing, coding and compliance

Effectively manage network and credentialty process

Operations

Test equity and compliance of pricing

Transfer risk by outsourcing benefit payments

Provide insurance to help physicians finance risk

Audit credit worthiness of practices

Finance

Have disclosures reviewed by legal counsel

Improve training of sales force

Transfer risk by outsourcing customer service

Ensure admission rules are appropriate

Eliminate unnecessary emergency care restrictions

Develop measures of quality network management

Re-consider delegated medical management tactics

MedicalManagement

Avoid risk by eliminating utilization management

Mitigate through improved sales communication training

Marketing, Salesand CustomerService

Organization and Strategy

People and Performance Management

Representative Case Studies

Case Study #1

Client Profile: $2 billion Health Plan in the Northeast

Issue/Context: they lost $90 million in the prior year; heavy turnover of senior staff; long-term viability questions by public, Board

Scope of Service: review all factors regarding financial results and projections; evaluation of risks and likelihood of achieving projections; interviews with Board, insurance executives and insurance commission

Recommendations/Outcomes: provide report as to financial impact of changes on organization for two-year period; recommend additional actions to enhance financials and public image; report was accepted; $20 million surplus in the next year; PR was positive

Case Study #2

Client Profile: Publicly traded healthcare provider that owns/manages integrated health systems in most of the 50 states

Issue/Context: Company successfully emerged from bankruptcy court protection, re-organized and overcame significant regulatory, financial and public relations issues. Organizational structure and leadership processes that served well during the “crisis days” were now getting in the way of executing new business strategy

Scope of Service: engaged by CEO to assess risks in existing organization structure,

management team and processes worked with CEO and each direct report conducted a series of management off-sites to work through outcomes

of assessment

Recommendations/Outcomes: simplified organization structure clarified and reached consensus on business strategy analyzed management decision making process provided CEO and direct reports individual feedback and coaching on

their management style and effectiveness

Case Study #3

Client Profile: $4 billion market-leading manufacturer and distributor of prestige consumer products with 40-year track record of uninterrupted growth and profitability

Issue/Context: Client desired a comprehensive, enterprise-wide risk review, driven by their expansion into new areas, increasing business complexity, recent IPO and corporate philosophy of anticipating problems before they arise

Scope of Service: Development of key performance measures and risk thresholds Rank-ordering of risks from all sources (hazard, financial, political,

regulatory, operational, etc.) and cross-validation Development of strategies for risk factor mitigation and financing Creation of “Business Risk Self-assessment Toolkit”

Recommendations/Outcomes: Product diversification underway Domestic and International operations have begun consolidation Formal succession planning undertaken Business contingency planning underway at key facilities Senior Risk Oversight Committee not yet established due to

management turnover