Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf

8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf

http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 1/27

1

Rebalancing Risk Management ÐPart 1: The Process for Active

Risk Control (PARC)

Authors: Alan J. Card, PhD, MPH, CPH, CPHQ

James R. Ward, BEng, CEng, PhD

P. John Clarkson, PhD, HonD, CEng, FIET, FIED, FREng

This is a pre-print draft of the paper. The final and definitive version will be published in the Journal of

Healthcare Risk Management. Please cite as:

Card AJ, Ward JR, Clarkson PJ. Rebalancing Risk Management ÐPart 1: The Process for Active

Risk Control (PARC). Journal of Healthcare Risk Management. [In Press].

ABSTRACT

Risk assessment, by itself, does nothing to reduce risk or improve safety. It can only

change outcomes by informing the design and management of effective risk control

interventions. But current practice in healthcare risk management suffers from an almost

complete lack of support for risk control. This first installment of a 2-part series on

rebalancing risk management describes a new framework to guide risk control practice:

The Process for Active Risk Control.

INTRODUCTION

Risk assessment, by itself, does nothing to reduce risk or improve safety. It can only

change outcomes by informing the design and management of effective risk control

interventions. But, while current practice in healthcare risk management is supported by a



2

bewildering array of risk assessment (problem exploration) tools, 1 there is very little

support for the problem-solving process of risk control. 2Ð4 This may reflect the fact that

healthcare risk management relies on approaches that were originally developed for high-

reliability fields (e.g., power generation, manufacturing, the chemical industry, etc.), in

which the risk management process is typically led by safety / reliability engineers.

Engineers receive extensive training in converting requirements (such as those identified

through risk assessment) into robust and effective interventions, 5 which may prepare

them to bridge the gap between risk assessment and the design high-quality risk controls.

This is not the case in the healthcare industry 6 where risk assessment techniques are used

largely by healthcare workers who have deep clinical knowledge, but often lack training

in fields like engineering or ergonomics. 7 Perhaps as a result, healthcare workers have a

difficult time generating and assessing risk control options, leading to overuse of weak

risk controls, including some that may do more harm than good. 6,8Ð14

Healthcare risk management has been defined as Òan organized effort to identify, assess,

and reduce, where appropriate, risks to patients, visitors, staff, and organizational

assets.Ó15 And among these objectives, patient safety improvement has been identified as

the disciplineÕs Ònumber one goal.Ó 16 But despite the uptake of risk assessment

techniques such as root cause analysis (RCA) 6 and failure mode and effects analysis

(FMEA), 17 it does not appear that patients are getting safer. 18 And the current rate of

harm, at about 25-30%, 18Ð20 clearly represents an unacceptable failure rate. Indeed,

preventable adverse events in healthcare may be the leading cause of death in the US. 21



3

There are probably many reasons for this, including slow uptake and sometimes poor

application of existing risk management approaches, as well as an anemic evidence base

to support practice. 22 But the well-documented shortfalls of current practice in risk

control almost certainly play a role. 6,8Ð13 This article is the first in a two-part series aimed

at addressing these shortfalls.

In this first installment, we present a novel framework for risk control practice, the

Process for Active Risk Control (PARC). In the second installment, we will describe a set

of techniques for operationalizing the PARC, in the form of the Active Risk Control

(ARC) Toolkit 23,24 and present pilot study to show how the approach can be used in

practice. (The ARC Toolkit is available for free at www.activeriskcontrol.com )

FRAMING THE PROCESS FOR ACTIVE RISK CONTROL

Defining Risk Control

We define risk control as: Coordinated activities to modify the level of one or more risks

that have been evaluated as unacceptable, with the goal of achieving, maintaining, and

demonstrating an acceptable level of risk for the risk(s) of interest, and an overall

improvement in the organizationÕs risk profile. Table I describes some implications of

this definition.



4

Table I: Implications of this definition

Facets of the Definition ImplicationsRisk can be constructed in positive ornegative terms (the risk of benefit). 25

Not important when focusing on negative patient safety risks, but allows for broader application of the definition in supportof the recent trend toward enterprise risk management 26

Successful risk control must result in a netimprovement in risks held by theorganization.

Reducing the risk of interest is necessary, but not sufficient; both the positive and negative side effects of the risk controlmust be taken into account to determine the system-wideeffect of risk control interventions.

Risk control success must be maintained . Initially achieving an acceptable risk level is only part of the job. Sustaining success is an ongoing process that is more orless active, depending on the nature of the risk control.

Risk control success must bedemonstrated .

Requires monitoring and evaluation. Investment in this process should be in proportion to the risk, identified sideeffects, and the nature of the risk control.

Risk control success is based on achievingan acceptable level of risk (while doingmore good than harm for the organizationÕsrisk profile).

This is gauged by evaluating risk levels against theorganizations risk criteria .27 These risk criteria may beimposed (e.g., by law, regulations, or contract), or may belocally constructed [e.g., a 50% reduction within 6 months;as low as reasonably practicable (ALARP). 28]

When risk criteria are locally constructed, this definitionÕsfocus on acceptability allows for the potential of double-looplearning, 29 in cases where the assessment of risk controloptions, or the experience of attempting to implement andsustain risk controls, leads to a new definition of what isacceptable.

Current Practice

The risk management process model described in ISO 31000: Risk management Ñ

Principles and guidelines on implementation 27 has been widely adopted as a framework

for healthcare risk management policies and procedures. Because ISO 31000 is

frequently used as an approach to enterprise risk management (ERM), the recent



5

promotion of ERM by the American Society for Healthcare Risk Management

(ASHRM) 30 is likely to accelerate the adoption of this approach in healthcare.

ISO 31000 describes a risk management process consisting of 5 steps (Establishing the

Context; Risk Identification; Risk Analysis; Risk Evaluation; and Risk Treatment) and 2

cross-cutting functions that take place in parallel with all 5 steps (Communication and

Consultation; and Monitoring and Review).

Risk control (referred to in ISO 31000 as risk treatment) focuses on solutions. Arguably,

it is therefore the most important component of the broader risk management process.

But this function has received scant attention in the risk management literature. 2Ð4,6

Instead, the risk management literature has primarily concerned itself with the problem-

focused process of risk assessment. That is reflected in the ISO process model, 27 which

perpetuates this unbalanced approach by illustrating risk assessment as a 3-step process

(risk identification, risk analysis, and risk evaluation), while relegating risk treatment to a

single step.

The standard gives some useful guidelines for risk treatment (see Table II), but much of

the guidance it provides is vague, inconsistent, or incomplete. 31,32 Examples include:

¥ Defines risk treatment (i.e., risk control) as a Òprocess to modify risk,Ó which is sovague that purposely making things worse would qualify as risk treatment;

¥ Ignores the need to sustain risk controls in operation;



6

¥ Discusses the possibility that a risk control might lead to secondary risks, but

ignores the possibility of positive or negative side-effects that do not meet the ISO

definition for risks;

Perhaps most importantly from the standpoint of a practitioner seeking to use the

standard as a framework for risk control practice, it paints an incomplete and confused

portrait of the risk control process. First, it states that ÒRisk treatment involves a cyclical

process of: assessing a risk treatment; deciding whether residual risk levels are tolerable;

if not tolerable, generating a new risk treatment; and ! ssessing the effectiveness of that

treatment.Ó 27p.19 Without acknowledging the first description, it then goes on to describe

risk treatment as a 2-step risk treatment process consisting of Selection of risk treatment

options and Preparing and implementing risk treatment plans. As we will describe, both

of these descriptions are incomplete.

Table II: Selected risk control guidance from ISO 31000 27

Risk control selection should be based on cost-benefit analysis (including non-economic costs)

A combination of risk controls may be required

Produce a prioritized list of risk control recommendations

Consider new risks that might result from risk control; integrate management of these secondaryrisks with management of the risk of interest

Monitor, review, and communicate residual risk after treatment

Document performance measures and constraints

Document the resource requirements

Document planned timing and schedule

Engage stakeholders

Integrate risk treatment plan with existing management processes



7

Despite its widespread adoption, ISO 31000 provides an inadequate model for

understanding and managing the risk control process. It includes some useful advice, but

overall its guidance for risk control is underdeveloped, inconsistent, and difficult to

translate into practice. There is an urgent need for clear, cogent guidance to achieve better

risk control performance.

The Process for Active Risk Control

Figure 2 illustrates the Process for Active Risk Control (PARC), which is intended to fit

within the consensus model of the risk management process (for example by replacing

the risk treatment step of the ISO 31000 process model). As shown in Figure 1, the

PARC consists of eight steps (central column) and two cross-cutting functions (the outer

columns, which are drawn from ISO 31000). Movement through the steps is not expected

to occur in a strictly linear fashion; in fact, iterative loops are an important component of

the process. Learning generated in one step should be used not only to inform subsequent

steps, but also to refine previous ones.



8

Figure 1: The Process for Active Risk Control 23 (used by permission under a CreativeCommons Attribution 3.0 Unported License)

Beyond the risk management literature, the PARC draws from (and may contribute to)

the disciplines of design, 33Ð38 and Lewinian change management. 39Ð44 It also aligns well

with the Engineering Problem Solving Methodology, which has recently been introduced

to the patient safety community. 45

" # $ $ % &

' ( ) * ' # & ) &

+ ( # & , %

- * ) * ' # &

!"#$%&' )''*''+*&#

.,*)/-',0 *01(#&*12*

31&14)*1 4',5(#&*4#- #6*'#&,

7&)-891 4',5 (#&*4#-#6*'#&,

.:)-%)*1 4',5(#&*4#- #6*'#&,

;1-1(* 4',5 (#&*4#-,

<$6-1$1&* 4',5(#&*4#-,

;%,*)'& 4',5 (#&*4#-,

.:)-%)*1 #%*(#$1,

= # &

' * # 4 ' & > ) & + 4 1 : ' 1 ?



9

Establish the (Risk Control) Context

This step consists of two components: Framing the Problem , and Defining the Criteria

for Success .

Framing the Problem

This sub-step ensures that the risk to be addressed is correctly framed (e.g., is the real

problem patient falls, or patient falls with injury?), and that the risk is formulated as a

solution-neutral problem statement, 36 (i.e., a definition of the problem that does not

specify a preferred solution).

Defining the Criteria for Success

In this sub-step, participants explicitly state the conditions under which the risk control

process would be deemed successful. Given the definition of risk control proposed

earlier, the definition of success should include a net improvement in the risks held by the

organization.

Rationale for Establish the Context

Establishing the context defines the goals of the risk control process, and serves as the

standard against which outcomes are measured.

Problem framing is a concept borrowed from the literature on design thinking. 34 It is

necessary because the problem-as-presented (in this case, the risk as originally defined



10

through the risk assessment process) is not always the most useful way of looking at the

problem. Two common approaches to problem-framing include making the problem

more abstract, and making it more specific.

For example, consider an incident in which a patient fell and broke her hip because she

needed help toileting, but her nurse was away from the unit retrieving supplies for

another patient. Framing the problem as Òa patient fallÓ is not inaccurate, but it might not

be the most helpful approach. A more abstract problem frame, such as Ònurses are being

pulled away from patient care,Ó could result in a much broader range of solutions (e.g.,

storing more supplies in the unit, using non-care staff to restock supplies, etc.). Perhaps

counter-intuitively, a more specific problem frame, such as Òpatient falls with injuryÓ can

also allow for a broader range of solutions; unlike the original problem frame of Òpatient

falls,Ó this approach would allow for a focus on reducing injury for those who do fall

(e.g., by using softer materials for floors and walls, using inset sinks, etc.).

Establishing the criteria for success should ideally result in a goal that is SMART

(specific, measurable, achievable, realistic, and time-bounded), such as Òa 50% reduction

in the rate of falls-with-injury within 6 months of implementation, and a net positive

effect on the organizationÕs risk profile.Ó But in the case of low-likelihood incidents like

active shooter scenarios, 46 or risks for which reliable tracking data is not available, the

goal can be to achieve a level of risk that is as low as reasonably practicable (ALARP). 28



11

Options Assessment

Analogous to the Risk Assessment function from ISO 31000, Options Assessment is

made up of three steps: Generate Risk Control Options (analogous to Risk Identification),

Analyze Risk Control Options , and Evaluate Risk Control Options (analogous to Risk

Analysis, and Risk Evaluation, respectively). This is the overarching process by which

potential risk control interventions are conceived and explored, and through which their

anticipated outcomes are compared to the criteria for success.

Generate Risk Control Options

This is the creative process of developing an initial list of potential risk control

interventions. 47

Analyze Risk Control Options

This is a process to comprehend the nature of a risk control option across its lifecycle, to

and to determine the level of costs and benefits associated with that risk control option.

This includes a description of its mechanism of action (the logic model 48 that explains

how the risk control option would reduce risk), and an assessment of positive and

negative side effects (i.e., new risks introduced, and additional risks controlled, as a result

of the risk control). The PARC calls for users to analyze and document the factors

described in Table III.



12

Table III: Factors to be documented in the Options Analysis Stage

Negative and positive side effects of the risk control

Assessing both enables modification of the risk control design to reduce the former and increase the latter; it isalso critical for making accurate assessments of a risk controlÕs net impact on the risks held by an

organization.

Mechanism of action

ÒThe theory behind the chosen intervention components or an explicit logic model for why this patient safety practice should work.Ó 49, p.694

Stakeholder identification

Stakeholder engagement necessarily requires stakeholder identification.

Ease-of-use

An evaluation of how easy or difficult it will be for stakeholders to use the risk control as intended.

Definitions of success for implementation, sustainment, and outcomes evaluation

The criteria for success at all 3 stages of the risk controlÕs lifecycle.

Risk control robustness

The likelihood of the risk control being consistently sustained over time. A hierarchy of risk controls can beused as a high-level measure of the likely robustness of a risk control 6,50

Forces in favor of, and against, the risk controlÕs success

e.g., a force-field analysis 51 or Lovebug Diagram 52

Requirements for successful implementation, sustainment, and monitoring / evaluation

The resources that will be required to implement and sustain the risk control, to monitor implementation andsustainment, and to evaluate the success of the risk control.

Anticipated costs

Monetary costs associated with implementing, sustaining, and evaluating the risk control. This may bequantitative or qualitative.

Cost-effectiveness for sustained success

An assessment of the risk controlÕs cost-effectiveness across all 3 stages of its lifecycle. This may bequantitative or qualitative.



14

the risk of interest, but also to improve the organizationÕs overall risk profile. It should

also result in a detailed rationale for these recommendations, to assist decision-makers in

the next step of the process select risk controls .

Select Risk Controls

In this step, decision-maker(s) use the results of the previous steps to make a judgment

about which risk controls to implement. This decision may be informed by information

not immediately available to the team that produced the recommendations [see for

instance 9,53 ].

Depending upon the nature of the risk controls in question, this may lead to another round

of the options assessment / selection process, in which detailed (implementable) designs

or prototypes are generated, analyzed, and evaluated before final selection /

implementation takes place. For instance, if training is selected as a risk control, the

training curriculum might be generated, analyzed, evaluated, and selected (approved)

before final implementation. Or if a decision is made to purchase a new type of IV

pump, a list of candidate IV pumps might be generated, analyzed (including usability

testing, cost comparisons, risk assessment, etc.), and evaluated before a final selection is

made and purchasing can commence.



15

Rationale for Select Risk Controls

Final approval of risk control recommendations should include sign-off from senior

management. This is important both to ensure that the risk controls are aligned with the

organizationÕs strategic goals, and to secure senior management support for the intended

actions.

Implement Risk Controls

This step consists of putting the selected risk controls into practice. The Implementation

phase lasts until the risk control is fully operational in all respects and meets the criteria

for successful implementation described in the Options Analysis documentation.

Rationale for Implement Risk Controls

A risk control that is never implemented cannot reduce risk. Nevertheless, current

practice in risk management often consists of preparing a report and designating a

responsible manager, with little or no follow-up to ensure that the risk controls have been

implemented (or that implementation has been accurately measured). 10,54

Sustain Risk Controls

This step consists of ensuring that the risk control continues to operate as intended over

time. The Sustain Risk Controls step lasts until either the risk control is no longer

intended to operate, or until it is determined that no further action is required to ensure its

sustainment.



16

Note: This does not necessarily mean sustaining the risk control as originally envisioned.

Rather, the focus should be on sustaining the most current agreed version of the risk

control, in line with the PARCÕs iterative, progressively-elaborated approach.

Note: The degree of activity required for sustainment will vary depending on the nature

of the risk control in question. Ongoing sustainment is particularly important for

administrative risk controls like training, policies, etc., which are the most commonly-

used category of risk controls in healthcare. 6,55

Rationale for Sustain Risk Controls

As Kurt Lewin wrote:

A change towards a higher level of group performance is frequently short lived;

after a Ôshot in the arm,Õ group life soon returns to the previous level. This

indicates that it does not suffice to define the objective of a planned change in

group performance as the reaching of a different level. Permanency at the new

level, or permanency for a desired period, should be included in the

objective. 41 ,pp.34-35

Current practice often provides little support for sustaining risk controls once they have

been implemented, which can result in reversion to previous (riskier) practice, 56

especially when the risk controls rely on people to do the right thing. 6,55 These

administrative controls may often require more active sustainment efforts to achieve

long-term success than risk controls that do not rely on people to do the right thing

(design controls, or eliminating the hazard entirely). 6,55



17

Evaluate Outcomes

This step involves a summative evaluation of the acceptability of the risk controlÕs

outcomes. At this point a decision is made as to: A) whether or not the given risk control

makes an acceptable contribution to risk control success and should therefore be

maintained as-is or in some modified form, and B) whether or not the aggregate level of

risk control achieved is acceptable (essentially a revisiting of the Risk Evaluation step in

light of the new risk controls in place).

Note: Through the process of implementing and sustaining risk controls, the original

criteria for success may be revised in a phenomenon known as double-loop learning. 29

Similarly, it is important to differentiate between the outcomes of the suite of risk controls

and the contribution of an individual risk control. For both of these reasons, individual

risk controls should be assessed in terms of acceptability, not the original criteria for

success.

Rationale for Evaluate Outcomes

If it is worth taking action to reduce a risk, then it is worth determining what that action

achieved. If the results were not acceptable, the reasons for its failure should be

investigated and the risk control process should be revisited. If the results wereacceptable, the risk control should be sustained and/or serve as the foundation for further

improvement efforts.



19

Monitoring and Review

This cross-cutting function is retained from ISO 31000, which defines it as Òcontinual

checking, supervising, critically observing or determining the status in order to identify

change from the performance level required or expected,Ó and Ò[determining] the

suitability, adequacy and effectiveness of the subject matter to achieve established

objectives.Ó 27

Rationale for Monitoring and Review

This is a form of process evaluation. The central question it seeks to answer is Òare we on

course to achieve success?Ó It allows the organization to make changes to ensure

implementation, sustainment, and acceptable outcomes without waiting for the results of

the outcomes evaluation process.

DISCUSSION

A recent review of healthcare risk management policies and procedures found ÒÉan

almost complete lack of useful guidance to promote good practiceÓ in risk control. 54,p.1

This reflects the state of the literature on risk management, which has long focused

almost exclusively on risk assessment. The PARC helps to address both problems, and

also provides a structure to guide the development of risk control tools and techniques.

First, it provides a framework for risk management policies and procedures. An

increasing proportion of risk management policies are currently built around the ISO

31000 process model; the PARC can easily be integrated into such policies, providing a



20

structure for the risk control process without disrupting the risk assessment components

of an organizationÕs risk management system. It can also be used in conjunction with

other risk management frameworks (such as those described here 60).

Second, the PARC helps delineate the scope of the risk control process, and provides a

vocabulary that will enable researchers and practitioners alike to discuss risk control in a

comprehensible way. We hope this conceptual contribution will help to open the field of

risk control as an area of research and practice innovation.

Finally, the PARC can help guide the development of risk control tools and techniques.

The Active Risk Control (ARC) Toolkit will be the subject of the second installment of

the Rebalancing Risk Management series. 61 It was specifically designed to help

implement the PARC. 23,24,47 Currently, there are few other techniques available to support

risk control. 52,62 In contrast, the risk assessment process benefits from a wide array of

tools. 63 We hope that the PARC will help support the development of a similar (if

hopefully more manageable) selection of risk control techniques.

References

1. Lyons M. Towards a framework to select techniques for error prediction:

supporting novice users in the healthcare sector. Appl Erg . 2009;40(3):379Ð

395.

2. Ben-David I, Raz T. An integrated approach for risk response development

in project planning. J Oper Res Soc . 2001;52(1):14Ð25.



21

3. Hillson D. Developing effective risk responses. In: Proceedings of the 30th

Annual Project Management Institute 1999 Seminars & Symposium .

Philadelphia, Pennsylvania, USA; 1999.

4. Saari H. Risk management in drug development projects . Helsinki: Helsinki

University of Technology Laboratory of Industrial Management; 2004:41.

5. Engineering Professors Council. The EPC Engineering Graduate Output

Standard: Interim Report of the EPC Output Standards Project . Godalming,

UK; 2000.

6. Card AJ, Ward J, Clarkson PJ. Successful risk assessment may not alwayslead to successful risk control: A systematic literature review of risk control

after root cause analysis. J Healthc Risk Manag . 2012;31(3):6Ð12.

doi:10.1002/jhrm.20090.

7. Dul J, Bruder R, Buckle P, et al. A strategy for human factors/ergonomics:

developing the discipline and profession. Ergonomics . 2012;55(4):377Ð95.

8. Mills PD, Neily J, Kinney LM, Bagian J, Weeks WB. Effective

interventions and implementation strategies to reduce adverse drug events in

the Veterans Affairs (VA) system. Qual Saf Health Care . 2008;17(1):37Ð46.

doi:10.1136/qshc.2006.021816.

9. Iedema R, Jorm C, Braithwaite J. Managing the scope and impact of root

cause analysis recommendations. J Heal Organ Manag . 2008;22(6):569Ð

585.

10. Nicolini D, Waring J, Mengis J. The challenges of undertaking root cause

analysis in health care: a qualitative study. J Health Serv Res Policy .

2011;16 Suppl 1(April):34Ð41. doi:10.1258/jhsrp.2010.010092.



23

19. HHS OIG. Adverse Events in Hospitals: Incidence Among Medicare

Beneficiaries . Washington DC; 2010.

20. Unbeck M, Schildmeijer K, Henriksson P, et al. Is detection of adverse

events affected by record review methodology? an evaluation of the

ÒHarvard Medical Practice StudyÓ method and the ÒGlobal Trigger ToolÓ.

Patient Saf Surg . 2013;7(1):10.

21. Card AJ. Patient Safety: This is Public Health. J Healthc Risk Manag . [In

press].

22. Card AJ, Ward JR, Clarkson PJ. Getting to Zero: Evidence-based healthcarerisk management is key. J Healthc Risk Manag . 2012;32(2):20Ð27.

23. Card AJ. The Active Risk Control (ARC) Toolkit . 1st ed. Davenport, FL:

Evidence-Based Health Solutions, LLC; 2011:1Ð83.

24. Card AJ. The Active Risk Control (ARC) Toolkit: A New Approach to

Designing Risk Control Interventions. J Healthc Risk Manag . 2014;33(4):5Ð

14.

25. Raz T, Hillson D. A comparative review of risk management standards. Risk

Manag . 2005;7(4):53Ð66. doi:10.1057/palgrave.rm.8240227.

26. Carroll RL, Nakamura P, Rose R V. Enterprise Risk Management

Handbook for Healthcare Entities . 2nd ed. AHLA; 2013:830.

27. ISO. ISO 31000: Risk management Ñ Principles and guidelines on

implementation . Geneva; 2009.



24

28. HSE. Policy and guidance on reducing risks as low as reasonably practicable

in Design. ALARP Suite Guid . 2003. Available at:

http://www.hse.gov.uk/risk/theory/alarp3.htm. Accessed May 27, 2012.

29. Argyris C. Double loop learning in organizations. Harv Bus Rev .

1977;55(5):115Ð126.

30. Mitchell J. A new view. Healthc Risk Manag Rev . 2014. Available at:

http://www.hrmronline.com/article/a-new-view.

31. Leitch M. ISO 31000:2009--The new international standard on risk

management. Risk Anal . 2010;30(6):887Ð92. doi:10.1111/j.1539-6924.2010.01397.x.

32. Aven T. On the new ISO guide on risk management terminology. Reliab

Eng Syst Saf . 2011;96(7):719Ð726. doi:10.1016/j.ress.2010.12.020.

33. Cross N. Designerly ways of knowing. Des Stud . 1982;3(4):221Ð227.

doi:10.1016/0142-694X(82)90040-0.

34. Dorst K. The core of Òdesign thinkingÓ and its application. Des Stud .

2011;32(6):521Ð532. doi:10.1016/j.destud.2011.07.006.

35. March L. The logic of design and the question of value. In: March L, ed.

The Architecture of Form . Cambridge, UK: Cambridge University Press;

1976:1Ð40.

36. Wynn D, Clarkson J. Models of Designing. In: Clarkson J, Eckert C, eds.

Design Process Improvement: A Review of Current Practice . London;

2004:1Ð18.



25

37. Shah JJ, Smith SM, Vargas-Hernandez N. Metrics for measuring ideation

effectiveness. Des Stud . 2003;24(2):111Ð134. doi:10.1016/S0142-

694X(02)00034-0.

38. Ulrich KT. Design: Creation of Artifacts in Society . 1st ed. Philadelphia:

University of Pennsylvania; 2011:137.

39. Lewin K. Action research and minority problems. In: Lewin GW, ed.

Resolving Social Conflict . London: Harper & Row; 1946.

40. Lewin K. Frontiers in group dynamics. In: Field Theory in Social Science .

London: Social Science Paperbacks; 1947.

41. Lewin K. Frontiers in Group Dynamics: Concept, Method and Reality in

Social Science; Social Equilibria and Social Change. Hum Relations .

1947;1(1):5Ð41. doi:10.1177/001872674700100103.

42. Lewin K. Frontiers in Group Dynamics: II. Channels of Group Life; Social

Planning and Action Research. Hum Relations . 1947;1(2):143Ð153.

doi:10.1177/001872674700100201.

43. Lewin K. The Research Center for Group Dynamics at Massachusetts

Institute of Technology. Sociometry . 1945;8(2):126Ð136.

44. Burnes B. Kurt Lewin and the Planned Approach to Change: A Re-

appraisal. J Manag Stud . 2004;41(6):977Ð1002.

45. Anderson DE, Watts B V. Application of an engineering problem-solving

methodology to address persistent problems in patient safety: a case study

on retained surgical sponges after surgery. J Patient Saf . 2013;9(3):134Ð9.



26

46. Card AJ, Harrison H, Ward J, Clarkson PJ. Using prospective hazard

analysis to assess an active shooter emergency operations plan. J Healthc

Risk Manag . 2012;31(3):34Ð40.

47. Card AJ, Ward JR, Clarkson PJ. Generating Options for Active Risk Control

(GO-ARC): Introducing a Novel Technique. J Healthc Qual .

2013;00(00):[Epub ahead of print]. doi:10.1111/jhq.12017.

48. Foy R, Ovretveit J, Shekelle PG, et al. The role of theory in research to

develop and evaluate the implementation of patient safety practices. BMJ

Qual Saf . 2011;(February). doi:10.1136/bmjqs.2010.047993.

49. Shekelle P, Pronovost P, et al. Advancing the Science of Patient Safety. Ann

Intern Med . 2011;154(10):693Ð6.

50. Manuele FA. Risk assessment and hierarchies of control. Prof Saf .

2005;50(5):33Ð39.

51. Baulcomb J. Management of change through force field analysis. J Nurs

Manag . 2003;11(4):275Ð280.

52. Card AJ. A new tool for hazard analysis and force field analysis: The

Lovebug Diagram. Clin Risk . 2013;00(00):00.

doi:10.1177/1356262213510855.

53. Morse RB, Pollack MM. Root Cause Analyses Performed in a ChildrenÕs

Hospital: Events, Action Plan Strength, and Implementation Rates. J Healthc Qual . 2011;34(1):55Ð61.

54. Card AJ, Ward JR, Clarkson PJ. Trust-Level Risk Evaluation and Risk

Control Guidance in the NHS East of England. Risk Anal . 2013:00Ð00.

doi:10.1111/risa.12159.



55. Bagian JP. Health care and patient safety: The failure of traditional

approaches Ð How human factors and ergonomics can and MUST help.

Hum Factors Ergon Manuf . 2012;22(1):1Ð6. doi:10.1002/hfm.

56. De Saint Maurice G, Auroy Y, Vincent C, Amalberti R. The natural lifespan

of a safety policy: violations and system migration in anaesthesia. Qual Saf

Healthc . 2010;19(4):327Ð331. doi:10.1136/qshc.2008.029959.

57. Committee on Quality of Healthcare in America / IOM. Crossing the

Quality Chasm: A New Health System for the 21st Century . National

Academies Press; 2001:364.

58. Atun R. Health systems, systems thinking and innovation. Health Policy

Plan . 2012;27 Suppl 4(Hsiao 2003):iv4Ð8. doi:10.1093/heapol/czs088.

59. Mills PD, Neily J, Luan DD, Stalhandske E, Weeks WB. Using Aggregate

Root Cause Analysis to Reduce Falls and Related Injuries. Jt Comm J Qual

Patient Saf . 2005;31(1):21Ð31.

60. Jardine C, Hrudey S, Shortreed J, et al. Risk management frameworks for

human health and environmental risks. J Toxicol Environ Health B Crit Rev .

2003;6(6):569Ð720. doi:10.1080/10937400390208608.

61. Card AJ, Ward JR, Clarkson PJ. Rebalancing Risk Management -Part 2: The

Active Risk Control (ARC) Toolkit. J Healthc Risk Manag . In press.

62. Pham JC, Kim GR, Natterman JP, et al. ReCASTing the RCA: an improvedmodel for performing root cause analyses. Am J Med Qual . 2010;25(3):186Ð

91.

63. ISO. ISO 31010: Risk management Ñ Risk assessment techniques . Geneva;

2009.

Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf

Documents

Transcript of Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf