|
|
| Risk management process
Netcare recognises that undertaking risk for reward is an inextricable part of doing business. For this reason, risk management at Netcare does not attempt to eliminate risk completely, but rather provides a structure to continuously identify, assess, evaluate and manage risk. Engaging in risk is inherent in all our activities as we strive to achieve our objectives and increase stakeholder value.
Introduction
The Board is ultimately responsible for
the governance of risk within the Group
and has appointed the Risk Committee
to assist in discharging this responsibility.
The Board, through the Risk Committee,
sets the strategic direction for the
process and system of risk management
by authorising the risk management
policy and plan.
The Board defines the risk appetite for
the Group in terms of the level of risk
that it is willing to accept in pursuit of
its vision and in creating sustainable
value for stakeholders. In defining the
risk appetite the Board considers the
economic, social and environmental
requirements of stakeholders. Our risk
appetite is not one specific figure or
formula, but varies depending on the
specific category of risk.
Management is responsible for executing
the Group’s strategy in accordance with
the Board’s risk management policy and
plan, and for applying the risk appetite in
day-to-day activities and operations.
Management is accountable to the Board
for designing, implementing and
monitoring the process and system of
risk management. Risk management is
embedded in overall Group governance
as part of the policy framework.
The Group Risk Management function
is the custodian of the risk management
policy and plan, and coordinates
risk management activities throughout
Netcare. It ensures that risks are
properly managed and consistent
with the agreed risk appetite.
The Group reviews its risk management
policy and methodology annually,
incorporating input from:
| • |
Enterprise Risk Management
– Integrated Framework published
by the Committee of Sponsoring
Organisations of the Treadway
Commission (COSO); |
| • |
Principles and best practices of
the King Report on Corporate
Governance for South Africa
(King III); |
| • |
South African National Standard on
Risk Management (ISO 31000); and |
| • |
Best practice in risk management
of major South African listed
companies. |
Risk management is a systematic and
formalised process to identify, assess,
evaluate and manage risks. We have
adopted a comprehensive approach to
managing risk and have embedded risk
management into our business
activities, functions and processes to
ensure our response remains current
and dynamic. The process to identifyrisks is driven by an assessment of the
impact that risks may have on the
Group achieving its objectives.
Risk management responsibilities
Netcare openly discloses its risk
management processes, both internally
and externally, to create awareness and
understanding of the Group’s risk
management culture and responsible
corporate citizenship among our
stakeholders. We aspire to establish a
culture in which the management of
risk is the responsibility of every
employee.
 Risk managment process
The risk management process involves
the coordinated and prudent
application of activities and resources
to minimise potential negative impacts
of risks to levels acceptable to
stakeholders, while at the same time
recognising and pursuing the
opportunities that can be realised
in managing specific risks.
The Group Risk Management function
engages with key stakeholders from the
major divisions and business units
within South Africa (SA) and Lesotho to
identify key risks, and monitors the
plans and processes to manage these
risks. With these stakeholders, it also
consolidates key risks identified, and
then ranks and assesses the top
business risks affecting the Group. The
top business risks are formally reported
to the Risk Committee which meets
twice a year.
The United Kingdom (UK) operations
do not have a formal risk management
function. Risks pertaining to the UK
operations are prepared by the
executive management of General
Healthcare Group (GHG) and reported
to the GHG Board for ratification
annually. The UK risks are presented to
the Netcare Group Risk Committee.
The process and system of managing
risk takes into account the:
| • |
Strategic direction and objectives of
the Group; |
| • |
Nature and extent of risks facing the
Group; |
| • |
Extent and categories of risk
regarded as acceptable for the
Group to tolerate; |
| • |
Likelihood and impact of identified
risks materialising; |
| • |
Ability of the Group to reduce the
incidence and impact to the
business if identified risks
materialise; |
| • |
Cost of risk response plans and
processes relative to the benefit
obtained; and |
| • |
Effectiveness of the implemented
risk response plans. |
Risk management process
|
Effectiveness of risk management
The Audit Committee is responsible for providing independent and objective assurance on the effectiveness of the system of internal control, governance and risk management within the Group. Netcare’s internal control environment comprises the policies and control procedures adopted and implemented by management to provide reasonable assurance that risks are mitigated and that the Group’s objectives are attained. The Audit Committee has specific oversight over the Group’s Internal Audit function, financial risk management, compliance and Information Technology (IT) internal control framework.
The Group Internal Audit function is an integral component of the risk management process and provides independent and objective assurance to the Board, through the Audit Committee, on the effectiveness of the system of internal control and risk management, and provides recommendations for improvement where necessary. The Group Internal Audit function monitors implementation of internal financial control improvements through follow-up reports and its follow-up database, which provides a system for ensuring that all internal financial control recommendations are recorded, actioned and monitored.
The Board is satisfied that the Group’s risk funding strategy and existing cover are adequate and appropriate in relation to the exposures identified. The Board, through the Audit Committee, has also considered the effectiveness and efficiency of the process and system of risk management and found it to be effective, a determination that has been corroborated by appropriate compliance reports. Furthermore, in the event of a disastrous incident there is a documented and tested major incident plan and disaster recovery programme to support continuity of critical business processes.
The Board is confident that:
| • |
The system and process of risk management in place is appropriate for the Group’s model and strategy; |
| • |
The risk appetite inherent in the business model is appropriate; |
| • |
An appropriate risk culture has been embedded in the Group’s strategy; and |
| • |
The system and process of risk management operates appropriately to inform the Board of major risks facing the Group. |
An ongoing process for identifying, evaluating and managing the key risks faced by the Group has been in place for the year under review and up to the date of approval of the annual integrated report.
|
Key risks – Southern Africa
The major risks identified as being business critical for the sustainability of the southern African operations, together with the plans and processes to mitigate these risks, are discussed below:
| Risk |
A failure by the Group to consistently provide affordable, world-class patient care at every level of the
organisation. |
| Performance |
Refer to the Clinical governance report: SA for information on specific clinical quality measures and key
performance indicators (KPIs). |
| Impact |
Failure to provide the best and safest patient care adversely affects the Group’s:
| • |
Quality of clinical outcomes; |
| • |
Brand and reputation; and |
| • |
Long-term sustainability. |
|
| Risk mitigation |
The Group continues to enhance its clinical governance systems and processes to ensure that only the
highest standards of patient outcomes are achieved. Netcare applies a proven methodology to quality
improvement and innovation. We follow international best practice in evaluating, selecting and
implementing quality improvement initiatives. Every quality improvement initiative is evaluated to ensure
that implementation will create sustainable value for stakeholders.
Netcare appointed a National Medical Director for the Hospital division on 1 July 2012 who is driving
enhanced doctor engagement and improved product and process standardisation through reviewing
and implementing clinical pathways. The Primary Care division appointed a Medical Director and a
Dental Director effective 1 August 2012.
We successfully rolled out “the Netcare Way”, a programme of action focused on demonstrating
Netcare’s core value of Care through basic behaviours. We also completed the strategic review of
Netcare Education and finalised the revised education strategy.
The Group commenced and continued with various quality improvement initiatives to ensure we
continuously improve the quality of care provided to our patients. Examples of quality improvement
initiatives include:
| • |
Netcare’s Antibiotic Stewardship programme improves the quality of outcomes for patients by using
appropriate antimicrobial treatment regimes, reducing overall exposure to antibiotics, preventing
antimicrobial resistance and decreasing antibiotic utilisation. The Group continues to drive the practice
of antibiotic stewardship in all hospitals; |
| • |
The Group actively promotes a culture of reporting adverse clinical incidents and sharing of
experiences to prevent reoccurrence; |
| • |
The Group continues to explore the implementation of an upgraded incident management system;
and |
| • |
We are continuing with the project to improve the gathering and review of patient feedback. |
|
| Risk |
A pandemic or widespread infection breakout that affects the public as well as healthcare institutions
and professionals. |
| Performance |
Refer to the Clinical governance report: SA for information on specific clinical quality measures and KPIs. |
| Impact |
A pandemic or widespread infection breakout could challenge the current clinical protocols designed to
ensure business continuity and to maintain quality patient care. |
| Risk mitigation |
The Group has documented and tested its major incident management plan. The major incident
management plan was reviewed and updated during the year and contains detailed procedures to be
adhered to in response to a major incident. All hospital executive committees have received training
relating to the major incident plan.
The Group has a pandemic preparedness plan which outlines the responsibilities, authorities and
mechanisms to prevent and manage a potential pandemic breakout.
We provide continuous training to raise awareness and increase knowledge of current breakouts. |
| Risk |
The healthcare industry continues to experience a shortage of skilled professionals including nurses,
pharmacists, paramedics, emergency services doctors, doctors and specialists. |
| Performance |
The Hospital division Executive Committee monitors the number of healthcare practitioners recruited and
lost on a monthly basis.
Refer to the Our people: SA report on page 70 for specific measures and KPIs relating to:
| • |
Employee attraction and retention; and |
| • |
Training and development |
Refer to the online Transformation report for specific measures and KPIs relating to employment equity. |
| Impact |
The shortage of skilled healthcare professionals impacts on the Group’s:
| • |
Quality of clinical outcomes; and |
| • |
Ability to capitalise on expansion opportunities. |
|
| Risk mitigation |
The Group continues with various attraction and retention strategies.
The 2012 Employee Engagement Survey was completed during September 2012 and will inform our attraction and retention strategy going forward.
To help alleviate the shortage of skills, Netcare Education provides nursing training and education to
students and qualified nurses.
The Netcare 911 School of Emergency and Critical Care has been integrated into Netcare Education
and provides training in basic, intermediate and advanced life support to paramedics in the Group and
externally.
The Group also sponsors training and registrar positions at tertiary institutions and grants scholarships
and fellowships for doctors. |
| Risk |
Changes in healthcare industry regulation and funder regime impact on the industry landscape and competitive environment. The most significant changes are as follows:
Price regulation:
Price regulation has been a key theme in the Minister of Health’s recent public addresses, alluding to
the necessity of price regulation in the private healthcare sector. Further downward pressure on tariffs
and above-inflationary salary demands could place pressure on the Netcare business model which
maintains a delicate balance between the tariffs negotiated with funders, the salaries paid to employees
and wage increases passed on by suppliers and service providers.
The Competition Commission is currently formulating the framework for an inquiry into the private
healthcare sector. As at the date of this report the Competition Commission had not formally announced
an inquiry and the terms of reference remain outstanding.
Medical scheme consolidation:
Medical scheme consolidation is expected to continue thereby further strengthening the negotiating
position of the bigger schemes and increasing the likelihood that healthcare tariff increases above
inflation will be challenged in future.
Designated Service Providers (DSPs) or preferred networks:
Medical schemes who select DSPs have a greater ability to negotiate lower prices with healthcare
providers with promises of higher volumes. Not being selected as a DSP poses the threat of a decline in
patient volumes depending on the size of the scheme.
National Health Insurance (NHI):
The South African Government is planning to implement major health sector reform through the
introduction of NHI.
Office for Health Standards Compliance (OHSC):
The National Health Amendment Bill provides for the establishment of an independent entity,
the OHSC, to:
| • |
Assist in developing minimum quality standards for health facilities |
| • |
Monitor compliance of health facilities to the minimum quality standards; and |
| • |
Ensure that complaints are appropriately and independently investigated. |
|
| Performance |
Refer to the Health policy and regulation: SA review for information on the healthcare industry and
funder regime. |
| Impact |
Changes in healthcare regulation and funder regime impact on the industry landscape and
competitive environment. |
| Risk mitigation |
The Group continuously monitors the regulatory environment and engages with regulators regarding
policy decisions. This enables proactive amendments to the Group’s strategy and business model.
Netcare continues to become “future fit” by driving a substantial focus on increasing efficiencies and
product standardisation and reducing costs throughout the business.
The Group, through the Primary Care division, is well positioned to play a strategic role in the provision
of equitable and sustainable healthcare through the proposed National Health Insurance (NHI) and to
capitalise on the primary healthcare opportunities presented by the NHI. |
| Risk |
Technological advancements in electronic medical records, remote patient monitoring and the increased
adoption of mobile medical devices and applications may have a significant impact on the delivery of
healthcare in the future. The increasing pace of technological advancement requires a considered IT
strategy and investment to ensure the Group is positioned to identify and implement the new
technologies (which will define the future landscape of the healthcare industry) in good time.
Netcare is dependent on IT to enable critical business processes. |
| Performance |
The Information Systems division manages the performance of the IT environment and IT service
delivery through the Group’s IT helpdesk system (Sigma). |
| Impact |
IT and technological advancement have the potential to substantially improve healthcare delivery into
the future. |
| Risk mitigation |
The Group is developing a revised IT strategy to ensure that it is positioned to timeously identify,
implement and capitalise on new technologies which will define the future landscape of the
healthcare industry. |
| Risk |
The appropriate operation of fire safety measures incorporated in the Group’s facilities, including the
safety of electrical installations. |
| Performance |
Fire and electrical safety reviews and Occupational Health and Safety risk assessments were conducted
during the year. |
| Impact |
The appropriate operation of fire safety measures is essential to maintain business continuity and ensure
the safety of patients and employees. |
| Risk mitigation |
The Group continues to be proactive in ensuring that facilities provide a safe and secure environment for
patients, employees and members of the public.
We have documented and tested our major incident management plan and disaster recovery
programme. The major incident management plan was reviewed and updated during the year and
contains detailed procedures to be adhered to in response to a major incident. All hospital executive
committees have received training relating to the major incident plan.
The Group has comprehensive insurance cover to mitigate potential financial impacts. |
| Risk |
The continued operation of the Lesotho PPP is dependent on the ability of the Lesotho Government to
timeously meet its financial obligations in terms of the agreement.
The provision of clinical services exposes the Group to the associated clinical risk involved with
providing quality clinical services. |
| Performance |
Refer to the Hospital division review:SA for further information relating to the
performance of the Lesotho PPP. |
| Impact |
The success of the Lesotho PPP is critical to the Group’s brand and reputation, and may create future
growth and expansion opportunities to support and improve public healthcare infrastructure and
delivery, while redressing existing healthcare inequalities. |
| Risk mitigation |
The investment in the Lesotho PPP is ring-fenced to the PPP and without recourse to the SA operations.
The PPP in Lesotho continues to produce excellent improvements in clinical outcomes across all key
indicators, in particular maternal and infant mortality and in-hospital mortality.
Specialists employed by the Lesotho PPP spend time at the Universitas Academic Hospital in
Bloemfontein on a rotation basis to acquire additional knowledge and skills.
Netcare continues to second senior employees to assist in managing the operations of the Lesotho PPP. |
| Risk |
The challenging economic environment characterised by severe recessionary pressures in the UK continues to impact on GHG’s operations with decreasing Private Medical Insurance (PMI) volumes.
The UK Competition Commission commenced with an inquiry into private healthcare in the UK, focusing
on competition and efficiency in the private hospital market and among healthcare consultants in private
practice.
The non-recourse and ring-fenced GHG PropCo 1 (portfolio of 35 UK hospital properties initially
acquired in 2006) debt facility, which exceeds £1 500 million, matures in October 2013. The availability
and cost of capital in the current economic climate remain a challenge in terms of refinancing the GHG PropCo 1 debt. |
| Performance |
Refer to the Hospital operating review: UK for further information on the performance of GHG and the
Directors’ report for further details on events after the reporting date relating to GHG PropCo 1. |
| Impact |
The success of GHG in the UK is critical to the Group’s brand and reputation and may create future
growth and expansion opportunities through improved collaboration between private and public
healthcare providers. |
| Risk mitigation |
GHG continues to monitor, analyse and forecast the impact of the economic downturn, to enable
proactive amendments to GHG’s strategy and business model. GHG increased its NHS caseload
through the Any Qualified Provider scheme to compensate for the decline in PMI volumes. Operational
efficiencies and continuing cost rationalisation programmes further offset the effect of declining PMI
volumes.
In terms of the UK Competition Commission enquiry, GHG continues to comply with competition law and
is working with external lawyers and economists to support the internal team to respond to the enquiry
and to address the Competition Commission’s questions.
The debt of GHG PropCo 1 is ring-fenced from the UK operating business (BMI OpCo) and GHG
PropCo 2 (six remaining hospital properties acquired from Nuffield Hospitals in 2008) and is nonrecourse
to Netcare and the South African operations. The business continues to consider various
options relating to the refinancing of the GHG PropCo 1 debt which matures in October 2013. |
|
Key risks – United Kingdom
The major risks identified as being business critical for the sustainability of the UK operations, together with the plans and
processes to mitigate these risks, are detailed below:
| Risk |
A failure to attract and retain the appropriate quality and number of healthcare consultants and other
staff critical to the continued success of GHG. |
| Performance |
Refer to the Our people: UK report on page 88 for specific measures and KPIs relating to:
| • |
Employee attraction and retention; and |
| • |
Training and development. |
|
| Impact |
GHG’s future success will depend on its ability to attract and retain highly skilled and qualified
personnel. |
| Risk mitigation |
GHG strives to be an employer of choice. Levels of remuneration are benchmarked against peers.
GHG makes a concerted effort to retain and manage the Group’s talent pool.
The graduate training programme continues as an important part of our human resource development
strategy.
Revised performance management tools being rolled out across GHG. |
| Risk |
A failure of IT platforms that will impact GHG’s ability to deliver commercial and clinical objectives. |
| Performance |
Measured as the number of service-impacting outages during the year. |
| Impact |
GHG’s IT systems need to be reliable to support clinical services and commercial objectives. |
| Risk mitigation |
GHG has contracts with third parties in place for the delivery of core IT services such as
telecommunications, server hosting and core application delivery. |
| Risk |
The downturn in the economy and business environment adversely affects the demand for private
healthcare services. |
| Performance |
Financial KPIs are monitored each month including revenue growth by case type, cost/efficiencies and
profitability. See the Hospital operating review: UK for more details on performance. |
| Impact |
The downturn in the economy and business environment adversely affects the demand for private
healthcare services procured through PMI and direct patient payment. |
| Risk mitigation |
GHG continues to monitor, analyse and forecast the impact of the economic downturn, to enable
proactive amendments to GHG’s strategy and business model. |
| Risk |
Failure to meet the requirements of debt covenants. |
| Performance |
Compliance with all loan covenants reported on a quarterly basis. Refer to the Chief Financial Officer’s
review and Directors’ report for further details on debt covenants. |
| Impact |
Failure to meet the requirements of debt covenants would require GHG to refinance or restructure
existing debt, which is subject to the cost and availability of capital that has been affected by the
prevailing capital market conditions. |
| Risk mitigation |
GHG continues to monitor, analyse and forecast compliance with the requirements of debt covenants
and remains confident of its ability to comply with debt covenants in the year ahead. |
| Risk |
A decline in insured lives and self-pay patients, and lower margins from NHS work, are being driven by
the continued economic downturn. |
| Performance |
Profit margins across all areas of the business are monitored on a monthly basis to ensure targets are
met. Refer to the Hospital operating review: UK for further information relating to the performance
of GHG. |
| Impact |
Falling profit margins would reduce the ability of GHG to invest in future growth and capital expenditure. |
| Risk mitigation |
GHG continues to focus on ensuring that its operating framework and patient pathways are as efficient
as possible, while delivering clinical excellence. It also ensures that administrative support and
discretionary costs are adequately controlled and appropriate. |
| Risk |
The risk of adverse findings emanating from the Competition Commission enquiry into private healthcare
in the UK. |
| Performance |
The outcome of the enquiry and resulting measures will not be known until late 2013. |
| Impact |
The Competition Commission has significant powers to address anti-competitive behaviour. |
| Risk mitigation |
Continued compliance with competition law.
GHG is working with external lawyers and economists to support the internal team to respond to the
enquiry and to address the Competition Commission’s questions. |
| Risk |
A failure to provide safe and clinically effective care. |
| Performance |
Refer to the Clinical governance report: UK for information on specific clinical quality measures
and KPIs. |
| Impact |
Failure to provide the best and safest patient care adversely affects GHG’s operations, brand and
reputation. |
| Risk mitigation |
GHG operates within a robust clinical governance framework and has instituted various clinical
governance processes to ensure that only the highest standards of patient outcomes are achieved.
Where any issues have been identified these are investigated and there is group-wide learning to
minimise the risk of recurrence. |
| Risk |
Failure to comply with healthcare regulation and legislation. |
| Performance |
Refer to the Health policy and regulation: UK review for information on the UK healthcare industry. |
| Impact |
Possible improvement notices or prosecution if non-compliant; reputational risk as non-compliance is in
the public domain; risk to ongoing operation if terms of registration affected. |
| Risk mitigation |
GHG continuously monitors the regulatory and legislative environment and makes proactive amendments
to ensure ongoing compliance. |
|
Financial risk management
Details on the Group’s financial risk management are included in note 34 to the annual financial statements.
|
Looking ahead
The Group Risk Management function will continue to enhance the risk management strategy and framework to ensure Netcare maintains its strategic advantage and continues to increase stakeholder value. Key priorities and focus areas for the 2013 financial year include the following:
| • |
Continue with embedding the enhanced Enterprise Risk Management (ERM) framework through implementing the risk management policy and methodology; |
| • |
Manage and mitigate the key risks affecting the southern African operations; |
| • |
Review current business and risk management structures to ensure optimal integration of risk management within existing management structures; and |
| • |
Facilitate risk management training. |
In the UK, management and mitigation of the key risks affecting the UK operations will continue.
|
The directors are entitled, at the Group’s expense, to seek professional advice about the affairs of the Group, and have unrestricted access to all Group information, records, documents and property. This can be procured independently or coordinated through the Group Legal division. |
|
