HMC Risk Management Plan

Risk Management Plan

2025-2027

HIRA MEDICAL CENTER

Workshop road Sukkur

Revised Version -II

Revised Risk Management Plan HMC

 HMC Risk Management Plan

Contents
Introduction .........................................................................................................................................................................

What is the risk? ..................................................................................................................................................................

Strategic Plan with Risk Management .................................................................................................................................

Risk Management Framework .............................................................................................................................................

Risk Management cycle .......................................................................................................................................................

Risk Management Framework .............................................................................................................................................

Gross Risk Matrix................................................................................................................................................................

Risk Management Committee .............................................................................................................................................

Risk Monitoring and Controlling.........................................................................................................................................

Risk Categories ....................................................................................................................................................................

Risk Treatments ...................................................................................................................................................................

Risk Evaluation....................................................................................................................................................................

Glossary ...............................................................................................................................................................................

HMC Risk Registry .............................................................................................................................................................

Revised Risk Management Plan HMC

 HMC Risk Management Plan

Introduction

Risk Management has become a common trait between successful institutions, as it limits

the damage of all identified risks, allowing for additional success and continuity to the

institution. HIRA MEDICAL CENTER (HMC) understands the significance of Risk

Management and overall emergency preparedness. Having a Risk Management plan is an

important requirement to ensure the safety and wellbeing of everyone affiliated with

HMC, and for successful execution and delivery of HMC Strategic Goals.

The purpose of this manual is to provide an overview of the Risk Management processes

within the HMC and give practical guidance for the risk management within HMC.

It includes a process of identifying and assessing risks and developing strategies to manage

risks, if any. In addition, it connects the hospital governance structure and the management

structure so that the two work together to provide a combined commitment, set of

expectations, organizational and personal accountabilities and responsibilities.

Revised Risk Management Plan HMC

 HMC Risk Management Plan

What is the risk?

The risk can be defined as:

Affect the uncertainty on objectives.

A risk is evaluated using a combination of the likelihood (probability) of a perceived threat

or opportunity and the magnitude of impact that this perceived threat or opportunity would

have upon the objectives. The product value of (likelihood x Impact) give the gross risk,

which allows for easy comparison between risks.

An opportunity can be defined as:

An uncertain event that could have a positive impact upon objectives

A threat can be defined as:

An uncertain event that could have a negative impact upon objectives

It is important to note that these definitions highlight the importance of linking risks with the

objectives of a department or team, and these provide an essential starting point to understanding

and defining the risk being faced.

Revised Risk Management Plan HMC

 HMC Risk Management Plan

HMC Strategic Plan with Risk Management

Our goal is to be risk free environment through ensuring the

effective execution of HMC Strategic Plan

The strategic planning cycles provide an opportunity for all areas and staff of
HMC to undertake analysis regarding emerging or known risks that may impact on
their strategic goals.

Strategic
Plan

Risk

Revised Risk Management Plan HMC

 HMC Risk Management Plan

Risk Management Framework

The purpose of the Risk Management Framework is to:-

▪ Create and protect value by integrating risk management in the HMC strategic

planning.

▪ Set the risk management system within the HMC is part of decision making process.

▪ Explicitly address uncertainty by taking into consideration the

nature of uncertainty in the risk management. That this

uncertainty is based on the best available information.

▪ Provide a systematic, structured and timely approach to the risk

management by setting out a consistent way for controlling risks and

describing the process for escalating and reporting risks.

▪ Ensure the HMC meets its risk reporting obligations.

▪ Risk Management Framework will be detailed on the grid (Figure 1).

Revised Risk Management Plan HMC

HMC Risk Management Plan 2025 – 2027
Risk Management cycle

Identify risks

Risk is identified at all levels, including corporate, college, and professional service programs and projects. A risk registry will be maintained.

Analyze and assess risks.

The relative size of each risk is determined using a scale of 1–5 of the “likelihood” of a risk and the “impact” of the risk on a strategic goal or initiative. A
matrix will be used to determine the severity of risk and the relative need to manage it. Gross risk, net risk, and target risk will be detailed on the grid (Figure 2).

Determine how risk will be mitigated or treated.

The need to mitigate risk is determined using criteria for extreme, high, medium, or low priority levels. Risk management strategies to avoid; transfer; control,
contain, or reduce; or accept will be considered.

Monitor and review

Risk management processes and results is reviewed quarterly by senior management and on a continuous basis at lower levels of operation and Repots.

Adjust the risk management process as necessary.

Adjustments to the process occur as the need to mitigate varies (e.g., as the specific risk is minimized or increases in likelihood or impact).

Risk Management Plan 2025 – 2027 Page 7 of 27

HMC Risk Management Plan 2025

Risk Management Framework

• Context se ng • Likelihood
• Stakeholders • Impact
• Risk owners • Gross (inherent)
• Level of risk • Net (Residual)
• Sources of risk • Target
• Risk appete Identify Asses
s

Monitor
• Risk register and • Risk Treatment
• Regular reviews Report Migate • Avoid
• Key risk • Transfer
indicators
• Incident • Control,
management contain, reduce
• Audit • Accept
• Board

Figure 1:- Risk Management Framework

Page 8 of
27
 High
GROSS RISK MATRIX risk
are
a Gross
risk=
where we
Gros started
s
Net risk=
Risk where we are
now

2
Target risk=
where we

LIKELIHO
want to be

Net
Ris
k

OD
1
Targe
t
Risk

Medium
risk
area

Low 1 2 3 4
risk 5
area
IMPACT
Figure 2:- Risk assessment matrix

Page 9 of
19
Risk Management Committee

The committee formation order is approved by the BOARD OF

DIRECTORS, It is chaired by Director HR HMC with memberships of In charge
of each department of Hira Medical Center. This committee was approved on 2nd
of of February 2024 by the name HMC Emergency Preparedness Steering
Committee.

Charges of the committee

▪ Develop an emergency preparedness plan to enable HMC to

appropriately prepare for and respond to emergencies, major natural
disasters, pandemics, man-made threats to safety of patients and
personnel, and damage to hospital property.
▪ Provide contingencies for continuity of operations that include
procedures and provisions for alternate facilities to ensure the
Execution of the hospital’s mission and essential function during
and following an emergency.
▪ Develop an action plan to direct an emergency response team,
comprising key personnel, to ensure that emergency procedures are
carried out as defined in the plan, and as directed by the Director
HR or his/her designee.
▪ Define clear roles, responsibilities, and authorities for essential
emergency management, and designate key personnel for
emergency response, who shall have authority to direct personnel
under his/her supervision to carry out procedures and meet the
objectives set the disaster plan, during all or any part of an
emergency.
Risk Monitoring and Controlling

Continuous monitoring by the Risk Management Team is essential to ensures

that the new and changing risks are detected and managed and then the risk
response actions are implemented and effective. This continuous monitoring
and control keeps track of the identified risks, residual risks, and new risks. It
also monitors the execution of planned initiatives for the identified risks and
evaluates their effectiveness. During project execution, risk meetings should be
held regularly to update the status of risks in the risk register and adding new
risks if needed. This is not necessary for minor level projects and may only be
needed annually for moderate level projects. The benefits of periodic project
risk reviews would be repeating the process of identification, analysis, and
response planning. For an unanticipated risk emerges, or a risk’s impact that is
greater than expected, or the planned response not be adequate. Risk
Management Team and the risk stakeholder should perform additional responses
to control such risk.
 Risk Categories
Risk can be classified into one of the categories below which can help ensure that
any common, significant risks can be escalated and reported in an appropriate
manner.

The following risk categories used within the HIRA Medical Center:

Hospital
Risk

Technical and
Maintenance Human Risk
Risk

Health &
Other Risk
Safety Risk

Natural Risk Financial

Risk
Risk Treatments
The Level and type of treatment needed for each risk will vary depending on the level of gross risk that has been determined, and also depending on
the department for bearing the specific risk.

There are four different types of treatment for any risks:-

Action Description

Avoid the risk by deciding not to proceed or continue with the activity that gives rise to the risk.
Avoid

Transfer the risk by engaging other parties to bear or share partial or full consequence of the risk. This may be done through
Transfer insurance, contracts, partnerships or joint ventures.

Apply further treatment/s to reduce the likelihood or the impact to enhance beneficial outcomes and reduce negative
Control outcomes.

Taking or increasing the risk in order to pursue an opportunity.

Accept

Page 13 of
19
 Risk Evaluation
Risk evaluation is used to make decisions about the significance of risks to the HMC and whether each specific risk should be accepted or treated.

Gross Risk
Likelihood Impact
(Likelihood x Impact)
1 – Extremely Low – unlikely 1 – Insignificant 1–5 Very low

Less than 5% chance of occurring Consequences are very low, minor disruption. Manage within existing controls
Monitor annually.
2 – Low -Unlikely 2 – Minor 6 – 10 Low

5% - 25% chance of occurring Losses may disrupt the services for a short period. Manage within existing
Disruption to a single area of the business controls. Monitor half
yearly.
3 – Medium - Possible 3 – Moderate 11 – 15 Medium

25%-60% chance of occurring Service lost for period 1-5days. Evaluate efficiency of existing
Internal event review required. controls. Develop and implement
Moderate injury equivalent to staff requiring time < 5 additional control mechanisms.
days away from work. Adverse media coverage for 1 Monitor quarterly.
day.
4 – High - Likely 4 – Serious 16 – 20 High

60% -80% chance of occurring Service lost for exceeding 1 week. Implement mitigation plan.
Adverse media coverage for 1week. Internal Escalate/Report to senior management
investigation or by an external source/ regulator. Monitor monthly.
Staff contractor or visitor suffers serious injury.
Impact to multiple and diverse areas of the business.
Significant senior management intervention required
including external assistance
5 – Very high - Almost certain 5 – Very serious Over 20 Very high
Significant resources required to recover from

Page 14 of
19
80%-100% chance of occurring impact. Legal consequences resulting in prosecution. Implement mitigation
Staff, contractor or visitor involved in a fatal event. immediately Escalate to
Adverse media coverage for an extended period. senior management
Complete loss of service Monitor weekly.
delivery affecting all institutional critical functions.
Immediate Hospital Directorate intervention required.

Page 15 of
19
Glossary

Term Definition

Risk Affect the uncertainty on objectives.

Risk Management Coordinated activities to direct and control an organization with regard to risk.
Risk Management Set of components that provide the foundations and organizational arrangements for designing implementing, monitoring,
Framework Reviewing, and continually improving risk management throughout an organization.

Risk Management Scheme within the risk management framework specifying the approach, the management components and the resources to
Plan Be applied to the management of risk.
At the university this is the KSAU-HS Risk Management strategy.
Risk Matrix Risk Tool for ranking and displaying risks by defining ranges for consequence and likelihood.
register Risk Record of information about identified risks.
stakeholder Person or organization that can effect, be effected, or perceive themselves to be effected by a decision or activity.
Risk Description Structured statement of risk usually containing four elements: sources, events, causes and consequences.
Risk Impact The outcome of an event affecting objectives.
Risk Likelihood Probability of something happening.
Risk treatment Process to modify or mitigate risks.
Risk Control An action taken to manage risk.
Target Risk Risk remaining after risk treatment.

Page 16 of
19
Reviewed & Approved By

___________________________ _______________________________________ _________________

Page 17 of
19
Page 18 of
19