Professional Documents
Culture Documents
Risk Identification For Business
Risk Identification For Business
SMBA 6601
Contents
Scope: ........................................................................................................................................................... 2
Risk Identification: ....................................................................................................................................... 2
Risk Identification quaqdrant: ..................................................................................................................... 5
Conclusion: ................................................................................................................................................... 5
References: ................................................................................................................................................... 6
Interviewee List: ............................................................................................................................................ 6
Appendix A .................................................................................................................................................... 7
SINGH, PRASHANT 1
SMBA 6601 Risk Identification Singh, 2019
Scope:
The health care system in Nova Scotia is facing significant challenges that require changes in how health-
related services are managed and delivered. The underlying health information systems currently
Until now, the Province’s health information systems have been procured and implemented by functional
need, which has created a complex environment of over hundreds of systems which collect information
on patients but are unable to share it across the continuum due to excessive integration cost and effort.
Systems performing similar task are implemented in different zones of Nova Scotia Health Authority. In
this report a risk identification will be completed for the fragmented systems, which will include the risks
in the governance/process of various IT systems across Nova Scotia Health authority (NSHA). The risk
identification scope will also include healthcare service, cost of maintaining the overall systems, security
Risk Identification:
In table 1: risk identification, 14 risks has been identified for the depth of the risk identification process.
We are using ISO: 9001 for the risk identification process. Each risk is measured on the scale of ‘Likelihood’
and ‘consequences’, which ultimate provides ‘risk rating’. Likelihood and consequences tables are added
in the appendix A along with risk assessment matrix. Risk assessment matrix provides us the severity of
likelihood. Using the risk assessment matrix, appropriate color coding is displayed in the risk assessment
table column ‘risk rating’. Out of 14 identified risk for the scope of this risk identification project, 10 falls
into the high risk category that needs immediate attention. Risk of not addressing this immediate risks
could lead to longer wait time for patient to get treatment, and frustration among physicians. These risks
are identified by conducting various workshops, reviewing lesson learned from provinces already
SINGH, PRASHANT 2
SMBA 6601 Risk Identification Singh, 2019
implemented such project and surveys. The process used for risk identification was iterative in nature to
define and capture all risks for the project as shown in image:1 . Patient taking legal course for their
grievances does bring bad reputation to NSHA. Such issue can be challenged in time or mitigated if proper
For this project a large sample size of employees were reached out along with patients. However, for the
scope of this course project, only 14 risks has been taken into consideration. Which doesn’t require all the
data collected for the ‘One patient, One record’ (OPOR) project. Interviews and information gathering
sessions has been done with physicians and Project leaders to understand their view regarding the
documented risks. Members of project team interviewed agree with the risk identification and its severity.
SINGH, PRASHANT 3
SMBA 6601 Risk Identification Singh, 2019
R10 Recovery of the data is not possible in case a system is non-functional/ fails. 4 E 4E
All systems are not accessed by different zones within NSHA due to various
R11 limitation such as licensing et all. 4 C 4C
R12 Systems are operational even though their lifespan has expired. 5 E 5E
R13 Security risk of patient data is high risk if data is not managed efficiently. 5 E 5E
SINGH, PRASHANT 4
SMBA 6601 Risk Identification Singh, 2019
(Customer serivce) is related to each other. Understading that the aim of this project is to identify risk
which needs to impact negatively, hence all the circles representing risks from ‘risk identification table’
are in quadrant 3 and 2. From this quadrant diagram, we can observe that fracture system is directly co-
related to the negative customer service (Patient care). Negative customer service will also include
physicians as fractured system does frustrate them and hinder their ability to deliver quality patient care
in a timely manner.
Conclusion:
In this risk identification task, a lot of information was gather that helped narrow down top 14 risks. The
risks are of high importance in the current era as systems at NSHA has not been updated over a long
period of time. There is a need of Enterprise Resource Planning (ERP) project to address these issues as
Alberta Health had done couple of years back. There will be many benefits with the ERP, however the
SINGH, PRASHANT 5
SMBA 6601 Risk Identification Singh, 2019
one benefit based on Alberta health implementation will be higher quality of service to patient, which
References:
1. Alberta, The office of the Auditor General of. 2017. "Better Healthcare for Albertans."
2. Conan, Denis. 2018. Introduction to design patterns for middleware. CCN/CSC7321. http://www-
inf.it-sudparis.eu/COURS/CSC7321/Diapos/designpatternmw-diapos.pdf.
3. Niedermann, Biesdorf and Florian. 2014. "mckinsey." mckinsey. 07. Accessed 2019.
https://www.mckinsey.com/industries/healthcare-systems-and-services/our-
insights/healthcares-digital-future.
4. Nova Scotia Health Authority (NSHA), IMIT. 2017. "One Patient One Record Project team."
Internal. Nova Scotia Health Authority.
5. How to Use a Risk Assessment Matrix [with Template]. (n.d.). Retrieved from https://i-
sight.com/resources/risk-assessment-matrix
6. ISO 9000 Introduction and Support Package:
a. Guidance on the Concept and Use of the Process
b. Approach for management systems, ISO/TC 176/SC 2/N 544R3
• ISO 9001:2008
• ISO 9001:2015
7. “Implementing the Process Approach”, Core Business Solutions, Inc., March 31, 2008.
8. The Process Approach: Adding Business Value and Minimizing Risks; David Muil, Intertek.
9. Heidi Walsh-Sampson, Enterprise Risk Management, in-class lectures(summer-2019)
10. Bajner, Jeff GoldsmithRichard. “5 Ways U.S. Hospitals Can Handle Financial Losses from
Medicare Patients.” Harvard Business Review, 11 Nov. 2017, hbr.org/2017/11/5-ways-u-s-
hospitals-can-respond-to-medicares-mounting-costs.
Interviewee List:
Walter Cobb, ICTS Manager
Forrest King, Project Manager
Vikram, NSHA Analyst
Ashish Nandal, NSHA
Shashank Singh, IBM (Patient)
James Wilson (Patient)
Arpan Patel, SAP consultant
Allura Mackay, SAP consultant
Maggie Mackay, co-op student
Few interviewee does want to be named.
SINGH, PRASHANT 6
SMBA 6601 Risk Identification Singh, 2019
Appendix A
SINGH, PRASHANT 7
SMBA 6601 Risk Identification Singh, 2019
Low risk.
Low risk. Low risk. Low risk. Medium risk.
Unlikely No
No further No further No further Further action
(1) further
action action action optional
action
Medium Medium
Low risk. Low risk. risk. risk. High risk.
Seldom
No further No further Further Further Further action
(2)
action action action action necessary
optional optional
Medium Medium High risk.
Low risk. risk. risk. Further
Occasional Extreme risk.
No further Further Further action
(3) Act now
action action action necessar
Likelihood
optional optional y
Medium
High risk.
Medium risk. risk. Extreme
Likely Further Extreme risk.
Further action Further risk.
(4) action Act now
optional action Act now
necessary
optional
High risk.
Medium risk. Extreme Extreme
Definite Further Extreme risk.
Further action risk. risk.
(5) action Act now
optional Act now Act now
necessary
Consequence
Table 3: Risk identification matrix
SINGH, PRASHANT 8
SMBA 6601 Risk Identification Singh, 2019
Survey results 1
SINGH, PRASHANT 9
SMBA 6601 Risk Identification Singh, 2019
Survey result 2
SINGH, PRASHANT 10