An Integrated Approach to Healthcare Safety, Risk, and Compliance Management

Good afternoon and welcome to the PSQH HRM Now online summit as part of risk management week. My name is Megan Barth and I will be moderating this session. Over the next hour, we will be bringing you thoughtful, insightful, and engaging content that will explore key areas that will be critical for the current and future successes of your organization. Our presentation today is titled An Integrated Approach to Healthcare Safety, Risk, and Compliance Management, sponsored by Origami Risk. Our program will be sixty minutes in length. Note that an on demand version of the program will be available approximately one day after the completion of the event and can be accessed using the same login link you used for the live program. Before we get started, I have a few housekeeping details. First, to ensure that you can see all of the content for the event, please maximize your event window and be sure to adjust your computer volume settings and or PC speakers for optimal sound quality. Second, you will find multiple resources lists that are available and as icons at the bottom of your screen. Here we have individually listed materials from our supporters for you to interact with. Third, at the bottom of your console are multiple widgets you can use. To submit a question, click on the Q and A widget. It may be open already and appear on the left side of your screen. You may submit questions at any time during the presentation. However, please note that it is likely your questions will not be answered until the Q and A portion of today’s program. Should you experience any technical difficulties during today’s program and need assistance, please click on the help widget, has a question mark icon and covers common technical issues. Finally, it is my pleasure to introduce our speakers for today’s webinar. Anujia Cannon, senior healthcare market strategy lead at Origami Risk, and Bill Schweck, practice leader health care at Origami Risk. Thank you both for taking the time to speak with us today. And with that, let’s get into our discussion. Thanks, Megan. So when we think of traditional risk management in health care, we often think about the key role of patient safety, and rightfully so. A focus on patient safety and reducing preventable harm has historically and will continue to be a key risk unique to health care organizations. However, the changes in health care reimbursement models, regulatory and legal compliance, and the increased use of technology with these, the additional risks have come to the forefront for health care organizations. These risks do not exist in silos. As you can see here, they are clearly interconnected and often emerge in combination with others. Because of this, it is important now more than ever for hospitals and health care organizations to take a comprehensive, holistic look at their risk management programs. Furthermore, we need to shift from a reactive response to proactive identification and prevention of risks. These complex risks often require many people from multiple departments to deliver a unified organizational response, something an integrated approach to risk management can help facilitate. Without the ability to see all the connections at once, getting to root causes may be difficult, if not impossible. Today, we’ll show you several examples of this throughout the presentation. So late last year, Origami Risk conducted research for our annual state of risk report. As part of our research, we surveyed nearly three hundred risk safety and compliance professionals from a variety of industries. When asked why they were maturing their risk management programs, many interview participants provided variations of the same answer, because we have to. The risk environment is accelerating and evolving in ways that mean old methods such as manual spreadsheets, siloed approaches, and inadequate use of data and technology, are now coming up short. Investment in new risk management solutions has become a necessity to survive the waves of new risk. According to the Healthcare Innovation Group, a third party research firm focused on equipping healthcare organizations with the latest innovations, healthcare organizations typically lag about a decade behind other industries in adopting business technologies. This comment was further supported by our own research. While the State of Risk reports highlights just how much the risk environment is becoming more complex and interconnected, it also painted a clear picture of how much laggards are struggling to keep up. Based on responses to the State of Risk Survey, there’s evidence that two entirely different risk cultures exist, those that fall into the leader category and those classified as laggards. Leaders are determined by responses to the survey, most often rank prioritization at the highest level, while laggards indicate their organizations give a lower priority to risk. While there is widespread push to level up risk programs, there’s also strong evidence that those falling behind are struggling with data silos and with budgeting for the software that they could be using to help break down those silos. While risk management has always been an essential aspect of the health industry, the current landscape of risk amplifies its importance due to several reasons. For starters, the complexity of health care systems has significantly increased over time. Complexities due to system size, advancements in medical technology, sophisticated treatment options, and intricate care processes have introduced new potential risks like cyber threats, data privacy, and more complex medical devices, and an over reliance on technology. Health care organizations must be equipped to identify, assess, and mitigate these risks effectively, or they risk patient and organizational vulnerability. What’s even more important is that health care is a high stakes industry where the consequences of mistakes or failures can have life altering or even life threatening implications. Unlike business sectors where financial losses or reputational damage are primary concerns, health care decisions directly impact individuals and their well-being. The human impact is a key driver to risk management in health care. As we’ll see in an upcoming scenario, errors in diagnosis, treatment, or medication administration can have severe consequences leading to prolonged suffering, disability, or even loss of life. Therefore, risk management in health care extends beyond the traditional scope of business considerations, emphasizing the moral imperative of protecting and preserving human lives. When you also consider factors such as the aging population, the rise of chronic diseases, and the recent COVID-nineteen pandemic, health care has been pressed with higher demand, increased complexity, and a greater need for coordination among stakeholders. Hospitals have been forced to deal with resource allocation dilemmas, capacity constraints, and supply disruptions. By adopting robust risk management practices, health care organizations can better anticipate and address these challenges to optimize patient outcomes and ensure quality delivery of care. The interconnectivity of these risks requires a unified response from the full organization. As we’ve described, risks impacting the health care industry are oftentimes interconnected, and as a result, they simply cannot be handled alone. Current approaches to risk management, where siloed units attack problems that aren’t so isolated, are not reflective of the interwoven problems that health care is facing today. These are organization wide issues, and they require an organization wide response. Unfortunately, many modern health care organizations suffer greatly from the effects of their siloed approach to risk management. Poor communication, compromised efficiency, lack of data sharing, and potential duplicative or unnecessary technology license costs are just some of the effects of individual departments solving their problems separately. An integrated risk management approach assimilates specialist knowledge across all divisions to directly refute the issues a siloed approach causes without trapping systems by slowing down responsive action or making anybody’s job harder. Individual departments and roles do exist for a reason. We need specialists and subject matter experts who can provide focused knowledge into key specific areas, such as pharmacy, quality, supply chain, or even legal. But when these silos are pressed to share data and tackle problems spanning multiple divisions, the lack of communication and teamwork strains problem solving. We believe that by adopting an integrated philosophy to risk management, health care organizations can contribute to patient safety, employee productivity, and continued process improvement. That’s really the inspiration for bringing you today’s webinar, an integrated approach to health care safety, risk, and compliance management. Now that we’ve told you about how crucial risk management is today, especially in the health care industry, and how you can’t handle this alone, let’s transition into looking at what types of risks exist today for the health care industry and go through some examples of overlapping interconnected risks. Thanks, Anusha. Great to be with everyone today and wanted to take a moment to kind of dive into what we call the great eight risks of healthcare. These risks stem from information that was put out by ASHRAM, a few years ago that explained the healthcare risk domain as part of an enterprise risk management approach. Orgami took the ASHRAM risk domains and we’ve applied our point of view as well as our experience with our clients to create the great eight risks of healthcare. These eight risk domains represent the different kinds of risk categories that healthcare organizations face day in and day out. These domains are an excellent way to categorize your risks for reporting and analytics, but also provide a structured approach for integrated risk management. An effective risk integrated risk management program must account for all of these risk domains in some fashion. Otherwise organizations are leaving themselves vulnerable to gaps where negative outcomes can occur. So let’s dive in a little bit deeper and take a look at each of these domains. Starting with operational risk. Operational risks are those that impact the day to day operations that can arise from inadequate processes, system failures, supply chain disruptions, staffing issues or inefficient workloads. Examples include adverse event reporting, facility or equipment issues or breakdowns in communication that can affect the delivery of care. Next up would be clinical or patient safety risks. These are risks that are concerned with any adverse outcome or potential harm to patients. These risks can stem from things like medical errors, misdiagnosis, surgical complications or even clinical patient safety risks that are generally considered serious safety events. Next, strategic risks pertain to the challenges that arise from the organization’s decisions and initiatives in internally. Uncertainties and potential consequences from factors such as competitive pressures, evolving patient needs or change in the healthcare landscape can make up this domain. Next up are financial risks. And financial risks involve anything impacting the financial stability of the organization. These include reimbursement challenges, payment delays, billing and coding errors, fraud, waste and abuse, inadequate revenue generation or even insurance and legal costs associated with potential claims. These can also be impacted by governmental policies or changes to regulations affecting finance. Next, we have human capital risks, which are risks related to employees or staff such as staff retention, staff acquisition, development, engagement or overall work experience for your workforce. Factors like staffing shortages, employee benefits and inadequate training can significantly impact organizational performance and patient care. Next up we have legal and regulatory risks, which refer to the potential violations of laws or standards of care within the healthcare industry. Organizations must adhere to various requirements such as patient safety or HIPAA, anti kickback clause, quality standards and accreditation and failure to comply with these regulations may result in legal penalties, reputational damage or loss of funding. Next up, have technology risks. And I’m sure we’re all familiar with the technology risks that exist in the industry today, but these pertain to things such as data breaches, cybersecurity, system failures, inoperability issues or simply inadequate or outdated technology infrastructure. As healthcare is increasingly relying upon technology for patient care through electronic medical records, finance and risk management tools, addressing technology risks become crucial to protect sensitive patient information, maintain data integrity and ensure operational efficiency. Lastly, we have hazardous risks. And again, stemming from recent events with COVID, I’m sure we can all relate to things like pandemics, natural disasters and other incidents that can disrupt healthcare operations, infrastructure or patient care. While hopefully uncommon, it is important to plan for hazardous risks as part of an integrated risk management approach. It’s important for healthcare organizations to proactively identify, assess and manage these eight great risks within healthcare to be able to protect patient safety, maintain financial stability, comply with regulations and ensure effective operations in an evolving healthcare space. Hopefully, you can start to see how these different risks and risk domains are interconnected. When one of these risk domains is impacted, it’s very likely that other risk domains are triggered or impacted as well. So now let’s take a look and see how this could play out in the real world. Awesome. So let’s meet Valley Brook Hospital. Valley Brook is a made up hospital that’s going to help walk us through our scenarios today. So Valley Brook is a large medical center that handles a relatively high volume of patients daily. The organization is comprised of a large hospital, large outpatient care clinic, which focuses on multiple specialties, a dialysis center, medical education facilities, and a research center as well. Valley Brook is located in a rural part of the country, and recent trends have resulted in a massive employee shortage. Some causes include the aging workforce and the competitive job market. Fatigue and burnout set in quickly with staff working extra hours to cover for the gaps in the hospital staffing model. With how stretched thin human capital resources were, an overworked staff member made a critical mistake in diagnosis and treatment causing harm to a patient. The patient was admitted to the hospital for cardiac surgery. Following the surgery, they were prescribed a medication called warfarin, an anticoagulant to prevent blood clots. This was the correct prescription. However, due to the staff member’s exhaustion causing them to misread the number, the patient received an incorrect dose of warfarin. This error caused the patient to experience severe bleeding resulting in long term complications. In addition to the health concerns, the patient suffered from a decreased quality of life due to ongoing pain and needed medical interventions. The patient and their family suffered as a result of this medical error. There was no immediate incident report filed by the staff member. Eventually, the patient’s family sued Valley Brook Hospital for medical malpractice while the story became picked up by a local news outlet. After further investigation, it was found that the hospital’s medication administration process and staffing practices did not meet quality standards. The staff member who administered the wrong medication dose was treated poorly by administration. And due to the lack of support and punitive nature of their leadership’s actions, this staff member decided to quit their job. So Valley Brook Hospital situation demonstrates a prime example of the effects that unmanagement risk can have, and also shows us the ripple effect that can be caused by this type of situation. Without an integrated risk management strategy in place to handle these ripple effects of insufficient staffing levels, Valleybrooks patients were ultimately put in harm’s way. Even beyond the patient, unmanaged risk caused significant impact to the hospital financially, legally, and publicly. The hospital lacked a centralized approach to risk management, safety, and compliance, resulting in communication issues and ultimately a mishandled situation. So let’s walk through the ripple effects caused by employee burnout at Valley Brook Hospital. First and foremost, the problem impacts patient care. There was a misadministration in medication which led to patient harm and a reduced quality in patient care. The administering nurse was rushed at the end of their shift and did not enter an incident report. The nurse has also had a history of reports going into a black hole with no feedback, so they didn’t feel that it was necessary to submit a report. Unfortunately, due to the lack of timely reporting, no immediate investigation took place, which resulted in multiple similar cases to occur at Valley Brook. The patient and family raised concerns and ultimately decided to assert a claim against Valley Brook. A formal investigation and ultimately litigation took months and extensive organizational resources, including staff time and financial resources to complete. Multiple system and regulatory failures were uncovered. Valley Brook had been cited as not meeting several quality and compliance standards. Their culture also did not support employees. It lacked collaboration, accountability, and transparency, which resulted in fragmented decision making. Lastly, because of the lack of integrated and proactive approach to handling risk, there were several ongoing issues noted, including a negative response from leadership resulting in punitive actions taking place for the nurse who administered the wrong dose. Dose. As stated earlier, the nurse ultimately quit and other employees were severely dissatisfied. Hazardous conditions in the hospital were exposed by an upset overworked employee, and a staffing shortage has now become the catalyst for multiple required risk responses. Public scrutiny toward the hospital for how the case was handled and the shining light of not meeting quality standards was also shared. And lastly, multiple similar events occurred because no immediate incident investigation took place. Let’s now pass it back over to Bill to show us what a similar scenario at Valley Brook could have looked like with an integrated approach to safety risk compliance. Thanks, Anuja. So let’s go ahead and dive in and take a look and see what this situation would have looked like with an integrated risk management approach. Starting at the top, perhaps the medication event or the administration of that medication never even took place due to preventative measures or best practices that would have been in place to help staff prevent the medication event from happening. This would have come in the form of corrective actions such as the implementation of new technology or policies and procedures to help administer the medications by the staff. In addition to that, if the adverse event did in fact happen, staff would have been able to report that event quickly and effortlessly and notify the appropriate teams people or teams of people in an expedited manner. In this case, not only would leadership have been notified, but also potentially the pharmacy team as well as the med safety team. And in addition, the risk management team is potentially risk and legal. The adverse event if it didn’t even reach the patient and near miss still would have been reported into the system. And this would support the learning aspects of an integrated risk management approach. In either case, staff would have been recognized for reporting the event and their contributions to the integrated risk management approach. Within the IRM approach, a root cause analysis would be automatically launched or launched in a timely manner. Teams would have been assigned, timeline of events would have been established, contributing factors would be identified and an action plan would have been formulated to be able to expedite the resolution of the issue. Along with the RCA, perhaps a medication safety audit would also be conducted. And this could be based on proactive monitoring of thresholds for medication events or could be done in an ad hoc basis, based upon the seriousness or the severity of the serious safety event. Regardless, in this case, we launched an audit for all like locations across the organization to be able to help identify if this is a systemic issue or is this something that’s an isolated incident. Within the IRM framework, learning from your data analytics, dashboards and presentations would again support the data support the learning environment and the data collected from each area of the organization. Again, this helps to support the learning aspects of integrated risk management, which can then also lead to supporting ongoing improvements throughout the organization. These efforts can be supported by taking a deeper dive into the data and analyzing processes procedures and protocols that may have broken down. This could have been done via HFNEA tools or other process improvement tools through the integrated risk management approach. This can also lead to enhancements with regards to policies and procedures, proactively evaluating policies and procedures, for producing additional versions or enhancements to those policies and procedures such as the staffing issues that we’ve examined within our. All of this was put in place by keeping the staff involved throughout the entire process. This will help to support not only your patient safety culture, but also make sure that employees feel heard or involved. This involves closing the loop with all stakeholders involved in the adverse event. Moving on, let’s go ahead and take a look at how the integrated risk management approach relates back to our eight great risks from earlier in the presentation. Looking at those risks starting with operational risk, we’ve addressed the staffing concerns that were addressed in an expedited manner through changes to policies and procedures. This helps us to address not only cultural issues within the organization, but also to help reduce the day to day impact on operations. Next from a clinical and patient safety perspective, by streamlining the adverse event reporting process and workflows associated, the organization reduced their clinical risk management clinical patient safety risk through a rapid response involving all areas of the organization needed to address the adverse event. Next, from a strategic risk perspective, we were able to reduce strategic risk through an expedited resolution process thus helping to mitigate any potential reputational or brand risk in the market. Next was financial risk, which was mitigated in that quick action that was taken and the involvement from legal would help to reduce any potential financial loss through the claims process. This could also help to reduce any further financial impacts from an insurance perspective as well. Next, we have human capital risks, which were limited due to the involvement of staff throughout the entire process. This was achieved through closing the loop with not only the reporting reporter but also other stakeholders and encouraging adverse event reporting. In addition to fixing staffing issues, they were also able to support the patient safety culture and adjust culture through non punitive reporting processes. We believe regulatory risks were also mitigated and addressed through proactive monitoring of compliance requirements and also taking a closer look into the processes and procedures and the breakdown through an HFNEA. This will help the organization be more proactive in the future and help to achieve their compliance goals. Finally, we also have technology risks. And in our example with dated or missing technology solutions that could have helped to prevent the adverse event from occurring, we’ve identified and corrected that as part of our action plan resulting from adverse event. Thankfully in our example, we did not have a hazardous risk that was involved in this scenario. As you can see from this example, the risks were not single threaded. Risks can trigger other risks both directly and indirectly. Without an IRM approach, risks associated with this one adverse event could be missed, ignored or addressed with urgency, which can ultimately impact the organization in several meaningful and adverse ways. So now let’s look at applying IRM to your organization. Thanks, Bill. So the best way to start is to identify current and future risks impacting your business through data. By analyzing various sources of healthcare data, patterns, trends, and potential risks can be identified, allowing organizations to implement targeted interventions and preventive measures. To put it simply, you can’t improve if you don’t know where and what to improve. Now data may exist in multiple sources, such as EHRs, claims data, patient surveys, and other administrative databases. Each of these sources can provide valuable information on both clinical and non clinical risks and opportunities. Through our state of risk research, we found that forty five percent of laggards have connected their risk data to other systems and less than thirty three percent plan to connect their data, compared to the leaders, where eighty six percent have connected risk data and ninety five percent plan to connect their data. If your data is still being hosted and stored on paper or basic spreadsheets, you simply aren’t putting your team in the best position possible to manage, quantify, and act on that data. With modern technology risk management information systems, data can be centralized across all platforms to easily assess and make decisions. But more on this later with Bill. Now once your data is gathered, analysis techniques such as descriptive statistics, data mining, machine learning, and predictive modeling can be leveraged to identify health care risks. These techniques can help to identify patterns or trends or even proactively identify potential risks or adverse events. The next step is to quantify, review, and prioritize risks to determine immediate steps and proactively plan for future mitigation efforts. Utilizing the various risk domains that we covered earlier, thoroughly list out your risks to capture a comprehensive view of your risk environment. No surprise here, but this process should not be done in a silo. Expertise from multidisciplinary teams across departments will help produce a complete list of risks facing your organization. You can start to quantify how serious each risk is. Common best practice methods of risk quantification include risk matrices, heat maps, and event tree diagrams. Risk quantification is not meant to diminish any one risk. Instead, it provides guidelines for where to start in order to make the most impact. As part of the integrated risk management model, the prioritization of necessary improvements should be made collectively before plans are built around capturing and investigating incidents. We’ve talked a little bit already about adverse event monitoring, and this plays a key role in risk identification and prevention. An easy to access and easy to use reporting system is one key to ensuring that staff have the means and desire to report incidents. If you’re adding one form or field, which two are you eliminating from their workflow? Systems should allow reports to receive feedback as a way to close the loop on events that were reported. This provides increased transparency and reinforces that staff are being heard. Patient safety events should be reported swiftly, preferably via automated workflows to prompt immediate investigation and implement corrective action. As we saw in our Valley Brook scenario, staff should be encouraged to report near misses and good catches as these are a great source of information to promote learning and process improvement. Once reports are reviewed, standard investigation techniques can be leveraged to identify areas for improvement. Examples include a root cause analysis, which can be done via many methods, such as a fishbone diagram or a five WISE assessment. Once root causes have been identified, corrective actions and changes can be implemented via models such as the PDSA model. These frameworks can be embedded into systems such as a Remus, which can support these processes by automating tasks and workflows and ensuring that key participants are assigned and held accountable to next steps. A RIMIS, or risk management information system, can also support investigations by providing comprehensive reports, dashboards, and methods to help increase transparency throughout the process. Lastly, a RIMIS can also support the proactive identification of risk through models such as an FMEA or a health care HFMEA. These models will help address potential failures and risks and allow users to identify which items need corrective steps for adverse event prevention. So in order to be successful, implementation of an integrated approach to risk safety and compliance management needs unwavering support from senior leadership. Senior leadership can help set the strategic vision, make decisions about resource allocation, and play a vital role in change management. Leaders can and should utilize processes such as rounding to engage with stakeholders throughout the organization, including frontline staff, providers, and even patients to ensure that there is appropriate buy in and an opportunity for feedback. When applying tools for adverse event monitoring, it’s important to adopt a just culture. This is one that promotes fairness in learning from errors and system failures, as opposed to assigning blame to any one individual. An emphasis on continuous learning and quality improvement is a key component of a Just Culture and allows all areas of an organization to benefit from lessons learned to enhance knowledge, improve practices, and prevent similar occurrences in the future. Furthermore, a Just Culture encourages feedback and collaboration and helps employees feel connected to the success of the organization and improving patient safety processes. This type of culture not only creates a sense of psychological safety for your workers to allow them to perform optimally, but it also contributes to the betterment and development of your staff. Supportive leadership and collaboration are key for successful integrated risk management and can help provide a shared responsibility among key stakeholders. So now let’s take a look at selecting or picking the right technology solution to be able to support your integrated risk management approach. It’s no secret that risk management technology solutions have changed significantly over the past several years. With advancements in different technologies and different product modules and different offerings, we now have the tools to be able to support a truly integrated risk management approach. In the past, an IRM approach often required multiple technology solutions or platforms. It required excessive manual intervention or even possibly electronic interfaces between multiple platforms or systems. And ultimately, they did not achieve the ultimate goal of being integrated. There are several things to consider when you’re choosing the right technology solution and chief among them is configurability. And let me explain why. No two organizations have the exact same risks, the same processes or the same cultures within their organization. And as a result, the ability for a solution to be configured or to change or to evolve and improve over time is critical. As your business changes, so should your IRM approach and solutions that support it. Change is never easy within an organization, especially in a large healthcare organization setting. But it often requires a significant amount of help and a significant amount of resources to be able to implement that change. And as a result, your solutions need to be or should be well supported both internally and externally. A partnership between all stakeholders both vendor as well as internally within your organization is fundamental to the overall success of your integrated risk management approach. Your IRM solution should also be scalable. And as we know healthcare organizations are rarely stagnant these days as it relates to growth or expansion. As a result, the tools that you use to support your IRM efforts need to scale with your organization in a way that meets both functional requirements as well as budgetary requirements. But finally, and perhaps most importantly, as it relates to the eight great risks that we’ve identified earlier in the presentation, your IRN platform needs to ensure the safety and privacy of your data, leveraging the latest and greatest technology, data encryptions and other methodologies to ensure that your patient sensitive data remains safe. Finally, as we’ve seen recently in the news and within the industry, data security is critical to healthcare organizations. Your IRM solutions really need to reflect this priority. So in closing or to recap many of the main points that we had in the presentation today. The nature of risks within your organizations are constantly changing. They’re never stagnant. It’s always changing and evolving as your organization changes and grows. By taking an integrated risk management approach, you will better be able to leverage your resources while proactively monitoring and mitigating your ever changing risks. Risks exist everywhere within the organizations. By implementing an IRM approach, you will most likely discover risks and interrelated risks that may or may not have been addressed previously within your organization. You will begin to understand that silos and traditional risk reactive risk management approaches are not well equipped to solve enterprise issues. An enterprise or an integrated risk management approach proactively mitigates these risks. And when an IRM approach is implemented, silos are reduced and efficiencies are gained. A more holistic approach allows for faster resolution and more detailed mitigation activities. Most importantly, it supports your risk decisions and with actionable data. So hopefully today you’ve gained some ideas about transforming, your IRM approach. And really that starts with, leadership buy in as Anujya had stated earlier in the presentation. Presentation. Leadership buy in is critical and fundamental to the integrated approach throughout a healthcare organization. But that also requires that an organization is willing and its members are willing to participate and collaborate within the IRM framework. Without that, progress and being able to mitigate risk is limited. All of this can be supported by technology that can be implemented to be able to support your efforts. We can do this through configuration, partnership that meets all of your organization’s specific and unique needs. Combined, we hope that this will certainly transform your overall risk management portfolio. So now I think we can open it up for questions within the presentation. Okay. So it looks like the first question we have is, how do you recommend getting leadership buy in on an integrated approach to risk management? So that’s an excellent question, and it’s something that many organizations can struggle with in terms of getting buy in and being able to implement change within the organization. Obviously, it requires a lot of discussion and it requires a commitment by the organization to fundamentally change their approach to risk. There are many methods and many tools that are available to be able to support or build that case within an organization. Tools such as ROI tools, levels of effort, and a kind of an engagement where users can be able to trial certain aspects of the integrated risk management approach are all effective in terms of building the case internally. But really at the end of the day, in order for an organization to achieve an integrated risk management approach, you have to be able to commit to that change going forward. And without that commitment from senior leadership as well as all of the respective stakeholders within an organization that change is often difficult. One thing to point out is that technology can obviously play a significant role in terms of driving that change. It’s certainly not the be all end all of changing culture within an organization, but it can certainly set forth a framework to work within and produce standardization that can be leveraged across organizations of all sides. So it’s important to look at different tools that might be available in the industry and how they can specifically address your organization’s unique needs to be able to drive change. But ultimately, again, this comes back to a commitment to change and a commitment to being able to drive those resources internally to make that. Okay. Great. Thank you so much. That is going to be all the time we have for questions today. I want to thank our speakers once again for an excellent presentation, as well as our sponsor for making this presentation possible. Thank you to you and our audience for participating today. We hope you enjoyed the session and look forward to seeing you during our other webinars for the summit.