Health Information Compliance Alert
Understand The 6 Major Risk Categories For Your Risk Assessment
PDF
And check out 10 other risk areas that you shouldn’t overlook.
You may feel like the risk assessment idea has been drilled into your head, but you should look at risk analysis from all angles. And one way to gain a different perspective on risk assessments is to identify and define certain key risk categories.
According to Susan Ulrey, an internal audit and compliance practice leader for two CPA consulting firms who has conducted more than 100 risk assessments, you should understand the following six key risk categories:
1. Strategic: The risk that your organization will not meet its business objectives due to poorly defined business strategies, poorly communicated strategies, or the inability to execute these strategies due to inadequate organizational structure, infrastructure or alignment.
2. Operational: The risk that operational processes are not achieving the objectives they were designed for to support the business model. This risk addresses inefficient operations, poor alignment of processes with objectives and strategies, failure to protect assets, etc.
3. Financial: The risk that financial reporting is inaccurate, incomplete, or untimely due to a variety of factors including the pace of change, the amount of uncertainty, the presence of a large error, or the pressure on management to meet certain expectations.
4. Compliance: The risk that your organization is not in compliance with the legal and regulatory requirements associated with mandated federal and state regulations, statutes, and standards.
5. Technology: The risk that IT systems/applications are unavailable and/or there is a lack of integrity with the data and information to support decision making. This risk also considers the level of use, sophistication, complexity, robustness, ease of use and speed, and accuracy of system recovery/replacement.
6. Human Capital: This risk addresses the type of behaviors that management encourages, the methods used to reward employees, and the approach to consistently enforce policies and procedures. This risk also includes the selection, screening, and training of employees, as well as the reason and frequency of turnover.
Evaluate Other Key Risk Areas, Too
Although the above categories are the major risk areas, Ulrey identifies the following other risk categories to consider:
Health Information Compliance Alert
- Case Study:
Don't Cut Any Corners In Your Security Rule Compliance Practices
The road to a data breach is riddled with (fixable) security potholes. Taking a lax [...] - Learn 7 Big Lessons From HIPAA Breaches
Tip: Don’t forget about physical safeguards for your paper records. Data breaches and exposure of [...] - Risk Assessment:
Understand The 6 Major Risk Categories For Your Risk Assessment
And check out 10 other risk areas that you shouldn’t overlook. You may feel like [...] - Tool:
Use This Cheat-Sheet To Mitigate Your Security Risks
Don’t forget about organizational requirements like business associate contracts. Security Rule compliance may seem overwhelming [...] - Reader Question:
Which Comes First: Compliance Or Strategic Risk?
Question: Should our internal audit focus on compliance or strategic risks? Answer: “It depends,” answers Susan Ulrey, [...] - Reader Question:
Is Sending An Unencrypted Email An Automatic Breach?
Question: If we use unencrypted email to send a message with a patient’s protected health information [...] - Reader Question:
How Can You Make Continuous Monitoring Feasible?
Question: What is the best way to develop a more continuous monitoring approach to our internal [...] - Enforcement News:
When HIPAA Trumps State Law Privacy Claims
Plus: Identity theft hackers could open you up to an investigation by the IRS and [...]