Enterprise Risk Management for Healthcare

Assessing an effective Enterprise Risk Management (“ERM”) Program

An effective Enterprise Risk Management program provides a cross-cutting method to identify, analyze, control, mitigate and monitor an organization’s risks. A strong message of risk identification and mitigation from both the Board and an organization’s senior management allows a healthcare organization to: prepare for and effectively respond to the increasing regulatory and enforcement environment, take proactive steps to identify risk areas and institute corrective actions, discover inefficiencies in the organization’s various systems/processes, and assess opportunities for growth and collaboration/integration.


Provident’s Enterprise Risk Management program assessment methodology is designed to help identify, analyze and quantify possible risks to the organization. The Enterprise-wide Risk Assessment is the foundation of an effective Enterprise Risk Management Program.


Enterprise Risk Management for HealthcareOur approach uses two frameworks and recent COSO and S&P guidance: (1) a commonly accepted Framework from the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”); (2) Provident’s ERM methodology; (3) COSO guidance on Embracing Enterprise Risk Management and (4) Standard and Poor’s guidance issued on ERM analysis for credit ratings of non-financial companies.

Provident’s approach is designed to:

  • Assist with meeting the requirements of Board directives and charters regarding risk management
  • Build off of work completed to date by the organization’s personnel and not attempt to “re-invent the wheel”
  • Employ facilitated sessions with an organization’s personnel throughout all phases to take advantage of “on the ground” subject matter expertise as well as Provident’s experience with clients throughout the country
  • Confirm risks previously identified, potentially enhance the current risk register and reprioritize as necessary
  • Increase operational/business unit leadership’s understanding of Enterprise Risk Management
  • Assist with identification of key performance indicators to mitigate risks identified
  • Provider suggested dashboard and other reporting methodologies to senior management and Board of Directors
  • Collaborate to develop and/or enhance communication protocols of identified risks and reporting risk mitigation efforts/progress
  • Prioritize risks across Provident’s ERM mapping tool


Provident’s depth of experience in healthcare operations, compliance, data analysis, and revenue cycle makes us uniquely qualified to provide valuable analysis and guidance.

Our team members have professional backgrounds working in provider organizations, law firms, and government agencies. We have unmatched knowledge of organizations across the healthcare spectrum, from single hospitals to healthcare systems, academic medical centers, and physician practices.

Ask the Experts

Have a question? Let us know and we’ll be back to you shortly.

[contact-form-7 404 "Not Found"]

Newsletter Sign-Up