Burwell, and Enterprise Risk Oversight
Now that the King v. Burwell verdict is behind us, let’s look at the case through a different lens. If you and your board members were well-informed about the case and its implications, your board is likely well-positioned to monitor enterprise risk-management developments. But if you or your fellow board members aren’t familiar with Burwell, the board may not be up-to-date with other issues that have crucial ramifications for the health system. Either way, the management-board dynamic with respect to King v. Burwell is a good barometer of the board’s involvement in critical enterprise risk issues.
The board’s supervision of hospital or system enterprise risk management is an increasingly important aspect of its obligation to oversee management’s conduct of operations. The duty of oversight, also known as the duty to monitor, is one of two core elements of the basic fiduciary duty of care — the other being the decision-making, or judgment, element. In essence, it is about trustees’ staying abreast of events, so that they can be effective stewards, make prudent decisions and protect the long-term sustainability of the organization. To do that, management needs to keep the board reasonably informed. It’s what the checks and balances component of the board-management relationship is all about.
Good governance practices acknowledge the need for the board to play a vital role in the organization’s enterprise risk-management process. There is an expectation that the ERM process will provide the board with a profile of the organization’s most material business risks so that trustees can consider the relationship of those risks to corporate operations and strategic planning. And, as with the strategic planning process, the board is not expected to be the body that develops and manages the ERM process. Rather, the board should work with management to initiate the development of such a process; evaluate and approve management’s recommended process; and then periodically evaluate its effectiveness, including management’s approach to identified risks, working with management to make changes to the process as necessary.
Management’s Role
The ERM process should monitor current threats to the organization’s overall business model, its financial stability and long-term viability as an enterprise. These include significant laws, regulations, judicial decisions and enforcement initiatives. Foundational legislation like the Affordable Care Act falls within the business risk category, as does the Supreme Court decision ruling on the legality of federal tax credits under the ACA, which many consider essential to the law’s success. It’s hard to imagine any circumstance in which the future of the principal provisions of the Affordable Care Act would not be of vital interest to the governing board of a health care system.
While there is no blueprint for how the board should be involved with critical enterprise risks such as the Burwell case, the law provides some basic parameters for a board briefing plan. Management must identify the development and explain why it constitutes a business risk; monitor the evolution of that risk; and explain the implications of that risk on the organization’s business model and financial viability. It must describe management’s plan for dealing with such risk in sufficient detail and context for the board to be able to evaluate the strength of the plan and, perhaps, to seek additional input from recognized experts on the risk’s implications.
Greater risks warrant more comprehensive board briefings, but the process ideally is initiated and guided by senior leaders who have the flexibility to develop a briefing plan that both constituencies believe is appropriate and the expertise to evaluate the risk for the board.
Some executives have chosen to limit comprehensive briefings to those board committees with responsibilities related to the specific risk; for example, the finance and strategic planning committees with respect to Burwell-type risks, and the audit and compliance committee for Stark and antitrust developments as with the Tuomey Healthcare System case. This may be sufficient if committee members have the necessary expertise. But the full board must receive some basic level of education, whether it comes from the committee, management, or a combination thereof. Exclusion is not an option.
An Opportunity for Discussion
What should you do if your board didn’t get more than a cursory briefing on King v. Burwell? That the Supreme Court upheld the subsidies doesn’t negate management’s responsibility to provide a thoughtful briefing on the issue. Use the omission as an opportunity to discuss the board’s expectations of its role in the enterprise risk-management process and its need to provide oversight of management’s response to business risks. If information wasn’t delivered as well as it should have been this time, there certainly will be many more opportunities for such involvement in the future, including the need for briefings on myriad remaining challenges to the ACA. If management educated the board effectively, then build on that as a means of strengthening the board-management relationship in anticipation of future challenges and opportunities.
With an industry evolving, consolidating and diversifying at such an incredible rate, there will be no lack of issues to be processed by the enterprise risk protocol. The Burwell decision provides the added benefit of prompting a healthy discussion of the board’s proper role in monitoring key enterprise risks.
Michael W. Peregrine (mperegrine@mwe.com) is a partner with McDermott, Will & Emery LLP, Chicago.