Risk Management for Health Plans – Part 2

In Part 1 of our Risk Management for Health Plans series, we focused on risk culture. This week we will get more tactical and breakdown the operational approach to risk management.

Organizational Approach to Identifying & Managing RiskRisk Management

The day-to-day operational approach to risk management requires people, processes, and systems for any organization to properly identify, assess, mitigate, and monitor risks. Some organizations may have the means to cover all these areas of risk management while others may need to lean on outside help for support. To determine what gaps your organization may have with your current risk management structure, follow the bullet points below to evaluate your people, processes, and systems.


  • Risk Awareness and Training: Ensure staff are well-informed and aware of potential risks. Conduct regular training and workshops to educate employees about the importance of risk management and how to recognize and report risks.
  • Risk Owners: Assign individuals or teams as risk owners responsible for specific risks. These individuals should develop risk mitigation strategies, monitor progress, and report to senior management.
  • Cross-functional Teams: Form cross-functional teams to address complex risks that span multiple areas of the organization.
  • Risk Culture: Promote a culture that encourages employees to speak up about risks and concerns without fear of reprisal.


  • Risk Identification: Establish a formal process for identifying risks. This may involve regular risk assessments, scenario planning, or using historical data to anticipate potential issues.
  • Risk Assessment: Develop a systematic process to evaluate the potential impact and likelihood of identified risks. Use qualitative and quantitative methods to assess risks and prioritize them.
  • Risk Mitigation and Response Plans: Create plans that outline how to respond to various types of risks. These plans should include steps to mitigate, transfer, or accept risks, depending on the situation.
  • Monitoring and Reporting: Implement processes for ongoing monitoring of risks. Set up key risk indicators (KRIs) to provide early warning signs and ensure that risk owners regularly update senior management on the status of risk management efforts.
  • Continuous Improvement: Periodically review and update  processes to adapt to changing circumstances and lessons learned from previous experiences.


  • Risk Management Software: Invest in software and tools. These tools can help in risk data collection, analysis, and reporting, making the process more efficient and accurate.
  • Data and Analytics: Leverage data analytics and reporting systems to gain insights into potential risks. These systems can help identify patterns and trends that may not be apparent through manual analysis.
  • Document Management: Establish a secure and organized document management system to store risk assessments, mitigation plans, and other relevant information. This ensures that information is readily available when needed.
  • Integration: Ensure that systems integrate with other organizational systems, such as financial, operational, and compliance systems. This allows for a more comprehensive view of risk across the organization.

These topics were covered in more detail in a webinar we recently conducted through our partnership with the Association for Community Affiliated Plans (ACAP), titled Identifying & Managing Risk.

Stay tuned for Part 3 of our Risk Management for Health Plans series where we will help you build a strategy to RM by covering:

  • The 5 pillars of Risk Management and
  • The top emerging risks in healthcare!

Remember We’re Here to Help – CODY® has led the industry for decades, and we have the expertise to help you manage your risk and maintain success. To learn more about our Risk Management products and service, contact us today for a consultation.

About us: Founded in 2006, CODY® is an Industry leader in Governance, Risk, and Compliance (GRC) Solutions designed exclusively for health plans. We enable over 70 government-funded, commercial, and ACA health plans across 50 states and Puerto Rico to mitigate compliance risk, maximize efficiencies, and improve outcomes. Our Enterprise technology and innovative solutions reduce administrative costs, increase accuracy, ensure regulatory compliance, and provide a better experience for plan members and providers. www.codyconsulting.com