Lead in a more coordinated way

Most of the time, important controls are underestimated until, due to savings, one or the other operational process cannot be carried out properly. In discussions about the health care system, it is said that the increasing cost pressure leads to rationalization and qualitative cutbacks. Critics call it "overpriced healthcare industry". Nevertheless, healthcare companies are challenged in areas that can never be attributed to regulations and medical services alone.

Basic problem: Data flow
A symptomatic example of the consequences that a minimal delay in information could have in hospital operations:

"We have very heterogeneous systems. On the one hand there is paper, on the other hand people use PCs and portable devices. This can lead to situations where it is not always clear exactly what information should be used ad hoc. This knowledge fragmentation could lead to misinformation, perhaps delays in services," says Stefan Hunziker, MD, Information Chief Officer at Lucerne Cantonal Hospital.

It is possible that this example of information blockage is a safety subtopic. However, the pressure that patients could "fight out" publicly after a minor mishap is likely to lead to further problems for a regional hospital, which is now more than ever in competition for patients. Damage to image and reputation (immaterial damage) can usually only be compensated for slowly through cost-intensive marketing and quality measures.

Ultimately, the question arises as to whether the management has done what is necessary so that it is not subject to the charge of organisational culpability.

Effective management
Risk management in hospitals requires more than insurance. It is not enough for management and supervisory bodies to take out appropriate "D&O insurance" (directors and officers insurance, also board or managers' liability insurance) and evade responsibility for the company's internal processes.

Effective risk management only works through the coordination of financial, administrative and operational business processes.

For the sake of completeness, the following points or criteria would have to be controlled and ensured:

• Traceability/verifiability
• Systematic documentation
• Internal and external transparency
• Correctness in time
• Completeness
• Factual and formal correctness

In order to assert itself as successfully as possible on the market, the healthcare company should establish end-to-end security across established sectors and function holders. Only by means of coordinated interaction between the departments - remuneration sector, benefits sector, human resources sector, purchasing, tax and legal in conjunction with finance and controlling, IT and ultimately risk management - can the controls be exercised effectively.

Areas to be evaluated The following areas of the healthcare enterprise are examined and evaluated for their internal controls:

In hospital operation, the "sub-process" of system maintenance in particular should not be neglected.

• corporate governance
• Internal Audit (IR)/ Risk Management (RM)
• Taxes and law
• IT
• Finance and Controlling
• Human Resources Management (HRM)
• Medication and stock purchasing
• Power range

Another example in the context of information management:

Specialists often have a deeply fragmented level of knowledge. One could speak of a suboptimal, insufficient causal chain. Organizational measures are therefore needed to optimize the causal chain and processes. For example, anaesthetists often work in one unit, while surgeons work in another.

In the case of so-called reductions, in the case of process transitions, see also shift changes, between individual teams, the task steps would have to be defined among themselves in order to avoid misunderstandings in the case of task changes. Such an analysis and concrete process division for the purpose of interprofessionality should therefore be broken down in this way:

1. Define overarching strategy or policy
2.  Evaluate involved systems and (value or) causal chains
3. Ensure flawless IT communication
4. Identify and divide up individual processes or subtasks

In hospital operations, the "sub-process" of system maintenance in particular should not be neglected. It is also important that defined process points do not have to be constantly discussed again by employees. Furthermore, departmental managers ensure in situ and physically that devices or data cannot be manipulated or misused.

Complete ICS
Of course, only a modern control system (ICS) can meet the need for rapid information and permanent control. Such an ICS supports hospital operations not only in the actual control of sub-processes, but also in analysis and evaluation. For example, an ICS according to the COSO standard (Committee of Sponsoring Organizations of the Treadway Commission) distinguishes between the importance and urgency of a process.

Depending on the urgency of the need for action, work procedures, for example, are presented in colour-coded table units both in the ICS general overview and only in a control mode, which could be viewed via web access, for example.

Quality and reliability surveys help division managers in a further overview. Before that, however, managers would need to prioritize ICS goals through regularities such as the following:

• Adherence to laws, regulations and contracts (compliance)
• Reliability and completeness of information (regularity)
• Safeguarding of business assets, see tangible assets, know-how, HR
• Set levels of effectiveness and efficiency

The quality of internal control systems is based on the following interrelated factors and is examined (e.g. in the course of audits) as follows:

• Internal environment
• Risk analysis
• Management and control measures
• Information and communication
• System monitoring (ICS monitoring)

In order to achieve the best control and efficiency, in addition to evaluating ICS results, discussions or briefings should always be held with employees in the subdivisions. - Two key words: exchange of experience and practical relevance.

Possible improvements
What should a hospital ICS be able to do? "Information should be available regardless of the business area, the assignment, the time of day or even the device," says Stefan Hunziker, MD, Chief Information Officer, Lucerne Cantonal Hospital. Today's IT would have to meet this challenge.

An ICS is not only an obligatory means for auditors (see infobox) to exist in a complex corporate sphere. It is also ideally suited to identify potential for optimisation in healthcare companies and to highlight concrete proposals for quality improvement.