Program addresses future uncertainties that could endanger SickKids Foundation’s business and strategic objectives
Mark Goldbloom, general counsel and chief risk officer
For an organization devoted to ensuring The Hospital for Sick Children in Toronto has the funding necessary to conduct medical research and save young lives, the most common question asked at its compliance meetings is about the health of the management team.
“What keeps you up at night?”
That’s the way Mark Goldbloom, general counsel and chief risk officer at The Hospital for Sick Children Foundation (which operates as SickKids Foundation), starts every risk and compliance meeting. He wants to know what concerns senior management has about issues or potential problems that could put the foundation at risk.
“It's amazing how with that one sentence, people will be able to say, ‘Oh, this is what I’m worried about.’ And you know, I always think we can address those risks and everyone will sleep easier. To me, that’s the ultimate goal: to manage that risk.”
In order to help the foundation manage risks and to better encourage the growth of the risk management culture within the organization, Goldbloom, a colleague who is no longer with the organization, and a cross-department team developed and implemented an enterprise risk management program at the behest of the chief operating officer and the senior management team. He says that, while the foundation had risk management processes in place, the growth of the organization meant there needed to be more effective and efficient methods to protect the foundation.
Not being an expert in enterprise risk management systems, Goldbloom says, he resorted to reading and independent learning to get up to speed on everything from best practices to technical requirements. He also consulted with risk management specialists at the hospital and with outside professionals, although budget limitations meant he couldn’t just hand the problem off to firms such as KPMG or Deloitte. Instead, Goldbloom and his colleagues developed the framework for the system in-house, writing their own risk scales and impact scales. They even conducted surveys of senior management and asked them to vote on which risks were most pressing.
On the technology side, Goldbloom says, he was fortunate that the foundation’s insurer Healthcare Insurance Reciprocal of Canada (better known in the health-care industry as HIROC) offered a program that hospitals and other health-care organizations could use as the software basis of their own risk management programs. After assessing the program, Goldbloom determined that not only was it the most affordable solution, it was the one that best suited the foundation’s needs. While many hospitals in the country are running the program, SickKids Foundation is the first hospital-affiliated fundraising charity to do so, and Goldbloom is proud to be a trailblazer in that regard.
While Goldbloom says there are standard risks that every organization needs to protect itself against, as a registered not-for-profit organization, the most valuable asset the foundation has is its reputation —especially since everything the foundation does gets reflected back upon the hospital itself, even though they are separate legal entities — and protecting that reputation is one of the key drivers of the program.
One of the ways the foundation protects itself and its reputation is by being very careful about partnerships. Goldbloom explains that any potential partners, such as those holding events on the foundation’s behalf or those who want to offer corporate partnerships, must comply with the foundation’s terms and conditions, and those include strict trademark licence agreements. He says the foundation monitors the behaviour of its partners very closely to ensure they are living up to the foundation’s standards.
Since the foundation’s reason for existence is fundraising, Goldbloom says that risks about the economy are also top of mind for senior executives and for the enterprise risk management committee. While the foundation may not be able to control what happens to the general Canadian economy, it can ensure its donor base is diversified, employs not just a single fund-raising campaign (or a single type of campaign) and that it reaches out to donors through a variety of advertising and marketing methods.
The ERM program has been running for about a year (and took about one year to develop), but that doesn’t mean it’s completed. Now is the time for “blue sky thinking,” says Goldbloom, as well as expanding the scope of the program and working to create new ways it can be used to prevent liability.
It’s also not finished because it should never be a static program. According to Goldbloom, he expects people to be continually reclassifying risks as they are dealt with, and moving them from potential future risk categories into categories indicating they have been addressed. As an example, he says, one potential risk identified by the program and the committee was the need to implement cybersecurity software. That software has now been deployed, so the status of the risk a cyber-threat poses needed to change.
While everybody involved with the ERM program is passionate about it because they’re responsible for developing the system, Goldbloom says it’s critical to have senior management’s commitment and support for creating a risk management culture as this type of approach must be driven from the top down in order to be successful.
He also believes that it helps to have a lawyer in charge of risk management projects, rather than have them under the control of finance or IT departments
“As a general counsel, aside from ensuring we are legally compliant, I’m here to minimize risk to the organization and I’m also here to facilitate maximizing of revenue. One thing about a risk management culture is it feeds directly into the minimizing of risk, so in any organization . . . you as a lawyer want to make sure you can minimize risk in every way you can.
“You’re never going to have no risk in an organization. If you’re trying to carry out your activities or trying to be innovative, there will always be some form of risk, but if you can mitigate it as best you can and think through all the stuff that can go wrong and plan against it, you’re setting yourself up for success, and especially in the legal department, that will make your job that much more successful.”