RISK MANAGEMENT FRAMEWORK
Company-Wide Objectives
The Board has established an organisational structure with
clearly defined lines of accountability and responsibility to
support the ideal control environment. The Audit Committee’s
responsibilities have been expanded to include the assessment
of risks that the Group faces in its operations.
The Group subscribes to the “Australian/New Zealand Standard
4360:1999 Risk Management” to guide its risk management
activities and adopted the “Australian/New Zealand Standard
HB228:2001 Guidelines for Managing Risk in Healthcare” as its
base framework in managing its business risks, comprising as
follows:-
• Patient Care;
• Clinical Staff;
• Employee;
• Property;
• Financial;
• Corporate Governance; and
• Others.
The Group focuses its Risk Management activities on
identifying and assessing business risks through a risk
reporting & escalation mechanism called Incident Reporting &
Root Cause Analysis. This is to ensure that all risk incidents
are documented, investigated and root causes are identified to
prevent future recurrence and ensure patient safety is given
top priority.
Enterprise-Wide Risk Management has been implemented
across the Group through Risk Coordinators, appointed at each
hospital to co-ordinate and monitor the implementation of risk
management activities. All hospitals and other subsidiaries are
required to identify and mitigate relevant risks that may affect
the achievement of the Group’s objectives and report to their
respective Board.
As a healthcare provider, clinical risk forms the biggest risk
class the Group faces. Therefore, the Board has entrusted the
Clinical Risk Management Committee to review and oversee
the effectiveness of the clinical risk management framework
for patient and clinical staff safety. The minutes and decisions
of this committee are presented to the Audit Committee which
has oversight authority on all risk management and internal
control issues of the Group.
CONTROL ACTIVITIES
Policies and Procedures
Policies and procedures are documented comprehensively,
which are updated regularly to ensure relevance and
compliance with the current and applicable laws and
regulations. These policies and procedures help to ensure that
appropriate authority limits are in place, business activities are
carried out according to set standards and necessary actions
are taken to address and minimise risks and ensure the
orderliness and continuity of business functions.
Segregation of Duties
The delegation of responsibilities by the Board to the
Management and Operating Units are clearly defined and
authority limits are strictly enforced and reviewed regularly.
Different authority limits are set for different categories of
managers for the procurement of capital expenditure,
donations and approval of general and operational expenses.
Similarly, cheque signatories and authority limits are clearly
defined and enforced.
INFORMATION AND COMMUNICATION
Information Technology
Information technology continues to be the backbone of the
hospital operations whereby the Group has a strong dedicated
team of IT professionals to deliver and manage its in-house
developed integrated systems comprising of Hospital
Information Technology System (“HITS”) and KPJ Clinical
Information System (“KCIS”).
171
KPJ Healthcare Berhad annual report
2014
