Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
-
Upload
ghaida-faridah -
Category
Documents
-
view
217 -
download
0
Transcript of Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 1/27
1
Rebalancing Risk Management ÐPart 1: The Process for Active
Risk Control (PARC)
Authors: Alan J. Card, PhD, MPH, CPH, CPHQ
James R. Ward, BEng, CEng, PhD
P. John Clarkson, PhD, HonD, CEng, FIET, FIED, FREng
This is a pre-print draft of the paper. The final and definitive version will be published in the Journal of
Healthcare Risk Management. Please cite as:
Card AJ, Ward JR, Clarkson PJ. Rebalancing Risk Management ÐPart 1: The Process for Active
Risk Control (PARC). Journal of Healthcare Risk Management. [In Press].
ABSTRACT
Risk assessment, by itself, does nothing to reduce risk or improve safety. It can only
change outcomes by informing the design and management of effective risk control
interventions. But current practice in healthcare risk management suffers from an almost
complete lack of support for risk control. This first installment of a 2-part series on
rebalancing risk management describes a new framework to guide risk control practice:
The Process for Active Risk Control.
INTRODUCTION
Risk assessment, by itself, does nothing to reduce risk or improve safety. It can only
change outcomes by informing the design and management of effective risk control
interventions. But, while current practice in healthcare risk management is supported by a
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 2/27
2
bewildering array of risk assessment (problem exploration) tools, 1 there is very little
support for the problem-solving process of risk control. 2Ð4 This may reflect the fact that
healthcare risk management relies on approaches that were originally developed for high-
reliability fields (e.g., power generation, manufacturing, the chemical industry, etc.), in
which the risk management process is typically led by safety / reliability engineers.
Engineers receive extensive training in converting requirements (such as those identified
through risk assessment) into robust and effective interventions, 5 which may prepare
them to bridge the gap between risk assessment and the design high-quality risk controls.
This is not the case in the healthcare industry 6 where risk assessment techniques are used
largely by healthcare workers who have deep clinical knowledge, but often lack training
in fields like engineering or ergonomics. 7 Perhaps as a result, healthcare workers have a
difficult time generating and assessing risk control options, leading to overuse of weak
risk controls, including some that may do more harm than good. 6,8Ð14
Healthcare risk management has been defined as Òan organized effort to identify, assess,
and reduce, where appropriate, risks to patients, visitors, staff, and organizational
assets.Ó15 And among these objectives, patient safety improvement has been identified as
the disciplineÕs Ònumber one goal.Ó 16 But despite the uptake of risk assessment
techniques such as root cause analysis (RCA) 6 and failure mode and effects analysis
(FMEA), 17 it does not appear that patients are getting safer. 18 And the current rate of
harm, at about 25-30%, 18Ð20 clearly represents an unacceptable failure rate. Indeed,
preventable adverse events in healthcare may be the leading cause of death in the US. 21
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 3/27
3
There are probably many reasons for this, including slow uptake and sometimes poor
application of existing risk management approaches, as well as an anemic evidence base
to support practice. 22 But the well-documented shortfalls of current practice in risk
control almost certainly play a role. 6,8Ð13 This article is the first in a two-part series aimed
at addressing these shortfalls.
In this first installment, we present a novel framework for risk control practice, the
Process for Active Risk Control (PARC). In the second installment, we will describe a set
of techniques for operationalizing the PARC, in the form of the Active Risk Control
(ARC) Toolkit 23,24 and present pilot study to show how the approach can be used in
practice. (The ARC Toolkit is available for free at www.activeriskcontrol.com )
FRAMING THE PROCESS FOR ACTIVE RISK CONTROL
Defining Risk Control
We define risk control as: Coordinated activities to modify the level of one or more risks
that have been evaluated as unacceptable, with the goal of achieving, maintaining, and
demonstrating an acceptable level of risk for the risk(s) of interest, and an overall
improvement in the organizationÕs risk profile. Table I describes some implications of
this definition.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 4/27
4
Table I: Implications of this definition
Facets of the Definition ImplicationsRisk can be constructed in positive ornegative terms (the risk of benefit). 25
Not important when focusing on negative patient safety risks, but allows for broader application of the definition in supportof the recent trend toward enterprise risk management 26
Successful risk control must result in a netimprovement in risks held by theorganization.
Reducing the risk of interest is necessary, but not sufficient; both the positive and negative side effects of the risk controlmust be taken into account to determine the system-wideeffect of risk control interventions.
Risk control success must be maintained . Initially achieving an acceptable risk level is only part of the job. Sustaining success is an ongoing process that is more orless active, depending on the nature of the risk control.
Risk control success must bedemonstrated .
Requires monitoring and evaluation. Investment in this process should be in proportion to the risk, identified sideeffects, and the nature of the risk control.
Risk control success is based on achievingan acceptable level of risk (while doingmore good than harm for the organizationÕsrisk profile).
This is gauged by evaluating risk levels against theorganizations risk criteria .27 These risk criteria may beimposed (e.g., by law, regulations, or contract), or may belocally constructed [e.g., a 50% reduction within 6 months;as low as reasonably practicable (ALARP). 28]
When risk criteria are locally constructed, this definitionÕsfocus on acceptability allows for the potential of double-looplearning, 29 in cases where the assessment of risk controloptions, or the experience of attempting to implement andsustain risk controls, leads to a new definition of what isacceptable.
Current Practice
The risk management process model described in ISO 31000: Risk management Ñ
Principles and guidelines on implementation 27 has been widely adopted as a framework
for healthcare risk management policies and procedures. Because ISO 31000 is
frequently used as an approach to enterprise risk management (ERM), the recent
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 5/27
5
promotion of ERM by the American Society for Healthcare Risk Management
(ASHRM) 30 is likely to accelerate the adoption of this approach in healthcare.
ISO 31000 describes a risk management process consisting of 5 steps (Establishing the
Context; Risk Identification; Risk Analysis; Risk Evaluation; and Risk Treatment) and 2
cross-cutting functions that take place in parallel with all 5 steps (Communication and
Consultation; and Monitoring and Review).
Risk control (referred to in ISO 31000 as risk treatment) focuses on solutions. Arguably,
it is therefore the most important component of the broader risk management process.
But this function has received scant attention in the risk management literature. 2Ð4,6
Instead, the risk management literature has primarily concerned itself with the problem-
focused process of risk assessment. That is reflected in the ISO process model, 27 which
perpetuates this unbalanced approach by illustrating risk assessment as a 3-step process
(risk identification, risk analysis, and risk evaluation), while relegating risk treatment to a
single step.
The standard gives some useful guidelines for risk treatment (see Table II), but much of
the guidance it provides is vague, inconsistent, or incomplete. 31,32 Examples include:
¥ Defines risk treatment (i.e., risk control) as a Òprocess to modify risk,Ó which is sovague that purposely making things worse would qualify as risk treatment;
¥ Ignores the need to sustain risk controls in operation;
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 6/27
6
¥ Discusses the possibility that a risk control might lead to secondary risks, but
ignores the possibility of positive or negative side-effects that do not meet the ISO
definition for risks;
Perhaps most importantly from the standpoint of a practitioner seeking to use the
standard as a framework for risk control practice, it paints an incomplete and confused
portrait of the risk control process. First, it states that ÒRisk treatment involves a cyclical
process of: assessing a risk treatment; deciding whether residual risk levels are tolerable;
if not tolerable, generating a new risk treatment; and ! ssessing the effectiveness of that
treatment.Ó 27p.19 Without acknowledging the first description, it then goes on to describe
risk treatment as a 2-step risk treatment process consisting of Selection of risk treatment
options and Preparing and implementing risk treatment plans. As we will describe, both
of these descriptions are incomplete.
Table II: Selected risk control guidance from ISO 31000 27
Risk control selection should be based on cost-benefit analysis (including non-economic costs)
A combination of risk controls may be required
Produce a prioritized list of risk control recommendations
Consider new risks that might result from risk control; integrate management of these secondaryrisks with management of the risk of interest
Monitor, review, and communicate residual risk after treatment
Document performance measures and constraints
Document the resource requirements
Document planned timing and schedule
Engage stakeholders
Integrate risk treatment plan with existing management processes
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 7/27
7
Despite its widespread adoption, ISO 31000 provides an inadequate model for
understanding and managing the risk control process. It includes some useful advice, but
overall its guidance for risk control is underdeveloped, inconsistent, and difficult to
translate into practice. There is an urgent need for clear, cogent guidance to achieve better
risk control performance.
The Process for Active Risk Control
Figure 2 illustrates the Process for Active Risk Control (PARC), which is intended to fit
within the consensus model of the risk management process (for example by replacing
the risk treatment step of the ISO 31000 process model). As shown in Figure 1, the
PARC consists of eight steps (central column) and two cross-cutting functions (the outer
columns, which are drawn from ISO 31000). Movement through the steps is not expected
to occur in a strictly linear fashion; in fact, iterative loops are an important component of
the process. Learning generated in one step should be used not only to inform subsequent
steps, but also to refine previous ones.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 8/27
8
Figure 1: The Process for Active Risk Control 23 (used by permission under a CreativeCommons Attribution 3.0 Unported License)
Beyond the risk management literature, the PARC draws from (and may contribute to)
the disciplines of design, 33Ð38 and Lewinian change management. 39Ð44 It also aligns well
with the Engineering Problem Solving Methodology, which has recently been introduced
to the patient safety community. 45
" # $ $ % &
' ( ) * ' # & ) &
+ ( # & , %
- * ) * ' # &
!"#$%&' )''*''+*&#
.,*)/-',0 *01(#&*12*
31&14)*1 4',5(#&*4#- #6*'#&,
7&)-891 4',5 (#&*4#-#6*'#&,
.:)-%)*1 4',5(#&*4#- #6*'#&,
;1-1(* 4',5 (#&*4#-,
<$6-1$1&* 4',5(#&*4#-,
;%,*)'& 4',5 (#&*4#-,
.:)-%)*1 #%*(#$1,
= # &
' * # 4 ' & > ) & + 4 1 : ' 1 ?
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 9/27
9
Establish the (Risk Control) Context
This step consists of two components: Framing the Problem , and Defining the Criteria
for Success .
Framing the Problem
This sub-step ensures that the risk to be addressed is correctly framed (e.g., is the real
problem patient falls, or patient falls with injury?), and that the risk is formulated as a
solution-neutral problem statement, 36 (i.e., a definition of the problem that does not
specify a preferred solution).
Defining the Criteria for Success
In this sub-step, participants explicitly state the conditions under which the risk control
process would be deemed successful. Given the definition of risk control proposed
earlier, the definition of success should include a net improvement in the risks held by the
organization.
Rationale for Establish the Context
Establishing the context defines the goals of the risk control process, and serves as the
standard against which outcomes are measured.
Problem framing is a concept borrowed from the literature on design thinking. 34 It is
necessary because the problem-as-presented (in this case, the risk as originally defined
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 10/27
10
through the risk assessment process) is not always the most useful way of looking at the
problem. Two common approaches to problem-framing include making the problem
more abstract, and making it more specific.
For example, consider an incident in which a patient fell and broke her hip because she
needed help toileting, but her nurse was away from the unit retrieving supplies for
another patient. Framing the problem as Òa patient fallÓ is not inaccurate, but it might not
be the most helpful approach. A more abstract problem frame, such as Ònurses are being
pulled away from patient care,Ó could result in a much broader range of solutions (e.g.,
storing more supplies in the unit, using non-care staff to restock supplies, etc.). Perhaps
counter-intuitively, a more specific problem frame, such as Òpatient falls with injuryÓ can
also allow for a broader range of solutions; unlike the original problem frame of Òpatient
falls,Ó this approach would allow for a focus on reducing injury for those who do fall
(e.g., by using softer materials for floors and walls, using inset sinks, etc.).
Establishing the criteria for success should ideally result in a goal that is SMART
(specific, measurable, achievable, realistic, and time-bounded), such as Òa 50% reduction
in the rate of falls-with-injury within 6 months of implementation, and a net positive
effect on the organizationÕs risk profile.Ó But in the case of low-likelihood incidents like
active shooter scenarios, 46 or risks for which reliable tracking data is not available, the
goal can be to achieve a level of risk that is as low as reasonably practicable (ALARP). 28
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 11/27
11
Options Assessment
Analogous to the Risk Assessment function from ISO 31000, Options Assessment is
made up of three steps: Generate Risk Control Options (analogous to Risk Identification),
Analyze Risk Control Options , and Evaluate Risk Control Options (analogous to Risk
Analysis, and Risk Evaluation, respectively). This is the overarching process by which
potential risk control interventions are conceived and explored, and through which their
anticipated outcomes are compared to the criteria for success.
Generate Risk Control Options
This is the creative process of developing an initial list of potential risk control
interventions. 47
Analyze Risk Control Options
This is a process to comprehend the nature of a risk control option across its lifecycle, to
and to determine the level of costs and benefits associated with that risk control option.
This includes a description of its mechanism of action (the logic model 48 that explains
how the risk control option would reduce risk), and an assessment of positive and
negative side effects (i.e., new risks introduced, and additional risks controlled, as a result
of the risk control). The PARC calls for users to analyze and document the factors
described in Table III.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 12/27
12
Table III: Factors to be documented in the Options Analysis Stage
Negative and positive side effects of the risk control
Assessing both enables modification of the risk control design to reduce the former and increase the latter; it isalso critical for making accurate assessments of a risk controlÕs net impact on the risks held by an
organization.
Mechanism of action
ÒThe theory behind the chosen intervention components or an explicit logic model for why this patient safety practice should work.Ó 49, p.694
Stakeholder identification
Stakeholder engagement necessarily requires stakeholder identification.
Ease-of-use
An evaluation of how easy or difficult it will be for stakeholders to use the risk control as intended.
Definitions of success for implementation, sustainment, and outcomes evaluation
The criteria for success at all 3 stages of the risk controlÕs lifecycle.
Risk control robustness
The likelihood of the risk control being consistently sustained over time. A hierarchy of risk controls can beused as a high-level measure of the likely robustness of a risk control 6,50
Forces in favor of, and against, the risk controlÕs success
e.g., a force-field analysis 51 or Lovebug Diagram 52
Requirements for successful implementation, sustainment, and monitoring / evaluation
The resources that will be required to implement and sustain the risk control, to monitor implementation andsustainment, and to evaluate the success of the risk control.
Anticipated costs
Monetary costs associated with implementing, sustaining, and evaluating the risk control. This may bequantitative or qualitative.
Cost-effectiveness for sustained success
An assessment of the risk controlÕs cost-effectiveness across all 3 stages of its lifecycle. This may bequantitative or qualitative.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 13/27
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 14/27
14
the risk of interest, but also to improve the organizationÕs overall risk profile. It should
also result in a detailed rationale for these recommendations, to assist decision-makers in
the next step of the process select risk controls .
Select Risk Controls
In this step, decision-maker(s) use the results of the previous steps to make a judgment
about which risk controls to implement. This decision may be informed by information
not immediately available to the team that produced the recommendations [see for
instance 9,53 ].
Depending upon the nature of the risk controls in question, this may lead to another round
of the options assessment / selection process, in which detailed (implementable) designs
or prototypes are generated, analyzed, and evaluated before final selection /
implementation takes place. For instance, if training is selected as a risk control, the
training curriculum might be generated, analyzed, evaluated, and selected (approved)
before final implementation. Or if a decision is made to purchase a new type of IV
pump, a list of candidate IV pumps might be generated, analyzed (including usability
testing, cost comparisons, risk assessment, etc.), and evaluated before a final selection is
made and purchasing can commence.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 15/27
15
Rationale for Select Risk Controls
Final approval of risk control recommendations should include sign-off from senior
management. This is important both to ensure that the risk controls are aligned with the
organizationÕs strategic goals, and to secure senior management support for the intended
actions.
Implement Risk Controls
This step consists of putting the selected risk controls into practice. The Implementation
phase lasts until the risk control is fully operational in all respects and meets the criteria
for successful implementation described in the Options Analysis documentation.
Rationale for Implement Risk Controls
A risk control that is never implemented cannot reduce risk. Nevertheless, current
practice in risk management often consists of preparing a report and designating a
responsible manager, with little or no follow-up to ensure that the risk controls have been
implemented (or that implementation has been accurately measured). 10,54
Sustain Risk Controls
This step consists of ensuring that the risk control continues to operate as intended over
time. The Sustain Risk Controls step lasts until either the risk control is no longer
intended to operate, or until it is determined that no further action is required to ensure its
sustainment.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 16/27
16
Note: This does not necessarily mean sustaining the risk control as originally envisioned.
Rather, the focus should be on sustaining the most current agreed version of the risk
control, in line with the PARCÕs iterative, progressively-elaborated approach.
Note: The degree of activity required for sustainment will vary depending on the nature
of the risk control in question. Ongoing sustainment is particularly important for
administrative risk controls like training, policies, etc., which are the most commonly-
used category of risk controls in healthcare. 6,55
Rationale for Sustain Risk Controls
As Kurt Lewin wrote:
A change towards a higher level of group performance is frequently short lived;
after a Ôshot in the arm,Õ group life soon returns to the previous level. This
indicates that it does not suffice to define the objective of a planned change in
group performance as the reaching of a different level. Permanency at the new
level, or permanency for a desired period, should be included in the
objective. 41 ,pp.34-35
Current practice often provides little support for sustaining risk controls once they have
been implemented, which can result in reversion to previous (riskier) practice, 56
especially when the risk controls rely on people to do the right thing. 6,55 These
administrative controls may often require more active sustainment efforts to achieve
long-term success than risk controls that do not rely on people to do the right thing
(design controls, or eliminating the hazard entirely). 6,55
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 17/27
17
Evaluate Outcomes
This step involves a summative evaluation of the acceptability of the risk controlÕs
outcomes. At this point a decision is made as to: A) whether or not the given risk control
makes an acceptable contribution to risk control success and should therefore be
maintained as-is or in some modified form, and B) whether or not the aggregate level of
risk control achieved is acceptable (essentially a revisiting of the Risk Evaluation step in
light of the new risk controls in place).
Note: Through the process of implementing and sustaining risk controls, the original
criteria for success may be revised in a phenomenon known as double-loop learning. 29
Similarly, it is important to differentiate between the outcomes of the suite of risk controls
and the contribution of an individual risk control. For both of these reasons, individual
risk controls should be assessed in terms of acceptability, not the original criteria for
success.
Rationale for Evaluate Outcomes
If it is worth taking action to reduce a risk, then it is worth determining what that action
achieved. If the results were not acceptable, the reasons for its failure should be
investigated and the risk control process should be revisited. If the results wereacceptable, the risk control should be sustained and/or serve as the foundation for further
improvement efforts.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 18/27
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 19/27
19
Monitoring and Review
This cross-cutting function is retained from ISO 31000, which defines it as Òcontinual
checking, supervising, critically observing or determining the status in order to identify
change from the performance level required or expected,Ó and Ò[determining] the
suitability, adequacy and effectiveness of the subject matter to achieve established
objectives.Ó 27
Rationale for Monitoring and Review
This is a form of process evaluation. The central question it seeks to answer is Òare we on
course to achieve success?Ó It allows the organization to make changes to ensure
implementation, sustainment, and acceptable outcomes without waiting for the results of
the outcomes evaluation process.
DISCUSSION
A recent review of healthcare risk management policies and procedures found ÒÉan
almost complete lack of useful guidance to promote good practiceÓ in risk control. 54,p.1
This reflects the state of the literature on risk management, which has long focused
almost exclusively on risk assessment. The PARC helps to address both problems, and
also provides a structure to guide the development of risk control tools and techniques.
First, it provides a framework for risk management policies and procedures. An
increasing proportion of risk management policies are currently built around the ISO
31000 process model; the PARC can easily be integrated into such policies, providing a
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 20/27
20
structure for the risk control process without disrupting the risk assessment components
of an organizationÕs risk management system. It can also be used in conjunction with
other risk management frameworks (such as those described here 60).
Second, the PARC helps delineate the scope of the risk control process, and provides a
vocabulary that will enable researchers and practitioners alike to discuss risk control in a
comprehensible way. We hope this conceptual contribution will help to open the field of
risk control as an area of research and practice innovation.
Finally, the PARC can help guide the development of risk control tools and techniques.
The Active Risk Control (ARC) Toolkit will be the subject of the second installment of
the Rebalancing Risk Management series. 61 It was specifically designed to help
implement the PARC. 23,24,47 Currently, there are few other techniques available to support
risk control. 52,62 In contrast, the risk assessment process benefits from a wide array of
tools. 63 We hope that the PARC will help support the development of a similar (if
hopefully more manageable) selection of risk control techniques.
References
1. Lyons M. Towards a framework to select techniques for error prediction:
supporting novice users in the healthcare sector. Appl Erg . 2009;40(3):379Ð
395.
2. Ben-David I, Raz T. An integrated approach for risk response development
in project planning. J Oper Res Soc . 2001;52(1):14Ð25.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 21/27
21
3. Hillson D. Developing effective risk responses. In: Proceedings of the 30th
Annual Project Management Institute 1999 Seminars & Symposium .
Philadelphia, Pennsylvania, USA; 1999.
4. Saari H. Risk management in drug development projects . Helsinki: Helsinki
University of Technology Laboratory of Industrial Management; 2004:41.
5. Engineering Professors Council. The EPC Engineering Graduate Output
Standard: Interim Report of the EPC Output Standards Project . Godalming,
UK; 2000.
6. Card AJ, Ward J, Clarkson PJ. Successful risk assessment may not alwayslead to successful risk control: A systematic literature review of risk control
after root cause analysis. J Healthc Risk Manag . 2012;31(3):6Ð12.
doi:10.1002/jhrm.20090.
7. Dul J, Bruder R, Buckle P, et al. A strategy for human factors/ergonomics:
developing the discipline and profession. Ergonomics . 2012;55(4):377Ð95.
8. Mills PD, Neily J, Kinney LM, Bagian J, Weeks WB. Effective
interventions and implementation strategies to reduce adverse drug events in
the Veterans Affairs (VA) system. Qual Saf Health Care . 2008;17(1):37Ð46.
doi:10.1136/qshc.2006.021816.
9. Iedema R, Jorm C, Braithwaite J. Managing the scope and impact of root
cause analysis recommendations. J Heal Organ Manag . 2008;22(6):569Ð
585.
10. Nicolini D, Waring J, Mengis J. The challenges of undertaking root cause
analysis in health care: a qualitative study. J Health Serv Res Policy .
2011;16 Suppl 1(April):34Ð41. doi:10.1258/jhsrp.2010.010092.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 22/27
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 23/27
23
19. HHS OIG. Adverse Events in Hospitals: Incidence Among Medicare
Beneficiaries . Washington DC; 2010.
20. Unbeck M, Schildmeijer K, Henriksson P, et al. Is detection of adverse
events affected by record review methodology? an evaluation of the
ÒHarvard Medical Practice StudyÓ method and the ÒGlobal Trigger ToolÓ.
Patient Saf Surg . 2013;7(1):10.
21. Card AJ. Patient Safety: This is Public Health. J Healthc Risk Manag . [In
press].
22. Card AJ, Ward JR, Clarkson PJ. Getting to Zero: Evidence-based healthcarerisk management is key. J Healthc Risk Manag . 2012;32(2):20Ð27.
23. Card AJ. The Active Risk Control (ARC) Toolkit . 1st ed. Davenport, FL:
Evidence-Based Health Solutions, LLC; 2011:1Ð83.
24. Card AJ. The Active Risk Control (ARC) Toolkit: A New Approach to
Designing Risk Control Interventions. J Healthc Risk Manag . 2014;33(4):5Ð
14.
25. Raz T, Hillson D. A comparative review of risk management standards. Risk
Manag . 2005;7(4):53Ð66. doi:10.1057/palgrave.rm.8240227.
26. Carroll RL, Nakamura P, Rose R V. Enterprise Risk Management
Handbook for Healthcare Entities . 2nd ed. AHLA; 2013:830.
27. ISO. ISO 31000: Risk management Ñ Principles and guidelines on
implementation . Geneva; 2009.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 24/27
24
28. HSE. Policy and guidance on reducing risks as low as reasonably practicable
in Design. ALARP Suite Guid . 2003. Available at:
http://www.hse.gov.uk/risk/theory/alarp3.htm. Accessed May 27, 2012.
29. Argyris C. Double loop learning in organizations. Harv Bus Rev .
1977;55(5):115Ð126.
30. Mitchell J. A new view. Healthc Risk Manag Rev . 2014. Available at:
http://www.hrmronline.com/article/a-new-view.
31. Leitch M. ISO 31000:2009--The new international standard on risk
management. Risk Anal . 2010;30(6):887Ð92. doi:10.1111/j.1539-6924.2010.01397.x.
32. Aven T. On the new ISO guide on risk management terminology. Reliab
Eng Syst Saf . 2011;96(7):719Ð726. doi:10.1016/j.ress.2010.12.020.
33. Cross N. Designerly ways of knowing. Des Stud . 1982;3(4):221Ð227.
doi:10.1016/0142-694X(82)90040-0.
34. Dorst K. The core of Òdesign thinkingÓ and its application. Des Stud .
2011;32(6):521Ð532. doi:10.1016/j.destud.2011.07.006.
35. March L. The logic of design and the question of value. In: March L, ed.
The Architecture of Form . Cambridge, UK: Cambridge University Press;
1976:1Ð40.
36. Wynn D, Clarkson J. Models of Designing. In: Clarkson J, Eckert C, eds.
Design Process Improvement: A Review of Current Practice . London;
2004:1Ð18.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 25/27
25
37. Shah JJ, Smith SM, Vargas-Hernandez N. Metrics for measuring ideation
effectiveness. Des Stud . 2003;24(2):111Ð134. doi:10.1016/S0142-
694X(02)00034-0.
38. Ulrich KT. Design: Creation of Artifacts in Society . 1st ed. Philadelphia:
University of Pennsylvania; 2011:137.
39. Lewin K. Action research and minority problems. In: Lewin GW, ed.
Resolving Social Conflict . London: Harper & Row; 1946.
40. Lewin K. Frontiers in group dynamics. In: Field Theory in Social Science .
London: Social Science Paperbacks; 1947.
41. Lewin K. Frontiers in Group Dynamics: Concept, Method and Reality in
Social Science; Social Equilibria and Social Change. Hum Relations .
1947;1(1):5Ð41. doi:10.1177/001872674700100103.
42. Lewin K. Frontiers in Group Dynamics: II. Channels of Group Life; Social
Planning and Action Research. Hum Relations . 1947;1(2):143Ð153.
doi:10.1177/001872674700100201.
43. Lewin K. The Research Center for Group Dynamics at Massachusetts
Institute of Technology. Sociometry . 1945;8(2):126Ð136.
44. Burnes B. Kurt Lewin and the Planned Approach to Change: A Re-
appraisal. J Manag Stud . 2004;41(6):977Ð1002.
45. Anderson DE, Watts B V. Application of an engineering problem-solving
methodology to address persistent problems in patient safety: a case study
on retained surgical sponges after surgery. J Patient Saf . 2013;9(3):134Ð9.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 26/27
26
46. Card AJ, Harrison H, Ward J, Clarkson PJ. Using prospective hazard
analysis to assess an active shooter emergency operations plan. J Healthc
Risk Manag . 2012;31(3):34Ð40.
47. Card AJ, Ward JR, Clarkson PJ. Generating Options for Active Risk Control
(GO-ARC): Introducing a Novel Technique. J Healthc Qual .
2013;00(00):[Epub ahead of print]. doi:10.1111/jhq.12017.
48. Foy R, Ovretveit J, Shekelle PG, et al. The role of theory in research to
develop and evaluate the implementation of patient safety practices. BMJ
Qual Saf . 2011;(February). doi:10.1136/bmjqs.2010.047993.
49. Shekelle P, Pronovost P, et al. Advancing the Science of Patient Safety. Ann
Intern Med . 2011;154(10):693Ð6.
50. Manuele FA. Risk assessment and hierarchies of control. Prof Saf .
2005;50(5):33Ð39.
51. Baulcomb J. Management of change through force field analysis. J Nurs
Manag . 2003;11(4):275Ð280.
52. Card AJ. A new tool for hazard analysis and force field analysis: The
Lovebug Diagram. Clin Risk . 2013;00(00):00.
doi:10.1177/1356262213510855.
53. Morse RB, Pollack MM. Root Cause Analyses Performed in a ChildrenÕs
Hospital: Events, Action Plan Strength, and Implementation Rates. J Healthc Qual . 2011;34(1):55Ð61.
54. Card AJ, Ward JR, Clarkson PJ. Trust-Level Risk Evaluation and Risk
Control Guidance in the NHS East of England. Risk Anal . 2013:00Ð00.
doi:10.1111/risa.12159.
8/11/2019 Rebalancing_Risk_Management_Part_1_-_PARC_-_Pre-print-libre.pdf
http://slidepdf.com/reader/full/rebalancingriskmanagementpart1-parc-pre-print-librepdf 27/27
55. Bagian JP. Health care and patient safety: The failure of traditional
approaches Ð How human factors and ergonomics can and MUST help.
Hum Factors Ergon Manuf . 2012;22(1):1Ð6. doi:10.1002/hfm.
56. De Saint Maurice G, Auroy Y, Vincent C, Amalberti R. The natural lifespan
of a safety policy: violations and system migration in anaesthesia. Qual Saf
Healthc . 2010;19(4):327Ð331. doi:10.1136/qshc.2008.029959.
57. Committee on Quality of Healthcare in America / IOM. Crossing the
Quality Chasm: A New Health System for the 21st Century . National
Academies Press; 2001:364.
58. Atun R. Health systems, systems thinking and innovation. Health Policy
Plan . 2012;27 Suppl 4(Hsiao 2003):iv4Ð8. doi:10.1093/heapol/czs088.
59. Mills PD, Neily J, Luan DD, Stalhandske E, Weeks WB. Using Aggregate
Root Cause Analysis to Reduce Falls and Related Injuries. Jt Comm J Qual
Patient Saf . 2005;31(1):21Ð31.
60. Jardine C, Hrudey S, Shortreed J, et al. Risk management frameworks for
human health and environmental risks. J Toxicol Environ Health B Crit Rev .
2003;6(6):569Ð720. doi:10.1080/10937400390208608.
61. Card AJ, Ward JR, Clarkson PJ. Rebalancing Risk Management -Part 2: The
Active Risk Control (ARC) Toolkit. J Healthc Risk Manag . In press.
62. Pham JC, Kim GR, Natterman JP, et al. ReCASTing the RCA: an improvedmodel for performing root cause analyses. Am J Med Qual . 2010;25(3):186Ð
91.
63. ISO. ISO 31010: Risk management Ñ Risk assessment techniques . Geneva;
2009.