Discovery Health Group (DHG) is a private healthcare insurance company, headquartered in Dover, Delaware with offices around the eastern part of the United States. The company has been in business for over 60 years, currently insures over 157 million people, and has reported revenue of over $10 billion. The majority of their income is spent on claims and medical expenses, and the remainder is spent on improving its technologies and customer service. Some of the companys core product and services it provides include Government Health Programs (GHPs) and Private Health Coverages (PHCs). The companys business core drivers include improving the well-being of its customers, trying to have stellar customer service relationship, and being more of a consumer focused when it comes to solving healthcare problems. Each business unit has a risk owner responsible for ensuring that ERM plans are properly established and operating as intended. Risk owners are accountable for developing relevant success measures, strategies that mitigate, respond to, and track identified risks. The ERM team collaborates with the risk owners through this process. The responsibility to identify risks resides with each business unit. To identify risks, DHG holds routine brainstorming sessions which include individuals from cross-functional areas of the company. These sessions start with business objectives and look at potential risk events that would impact the achievement of objectives. Risks identified through these sessions are then assessed based on the residual vulnerability and impact and categorized into common themes. Senior management and certain employees below senior manager provide input into the risk assessment. Using the input from the assessment process, DHG classifies risks into tiers with Tier 1 being the most important. The company currently has 11 Tier 1 risks, 8 Tier 2 risks, and other risks in its risk inventory.

An example of risk would be the outsourcing of certain functions of the operations of the company to external vendors. Since the company needs to have the assurance that the risks inherent in vendor outsourcing are managed effectively, the company uses its internal audit function to assess the controls of those vendors. Also, the vendor management function is audited to determine the effectiveness of overseeing the companys managing of relationships with vendors. During this audit process of vendor management, information received from the Internal Audit team by the ERM team prompted the discovery that risk mitigation strategies needed to be reviewed and revised to better handle the risks involved with outsourcing operational functions to vendors. The internal audit function was able to communicate this to the ERM team, who in turn worked together with the risk leads and the ERC to develop increased and improved risk mitigation activities to better manage the risk.

Q1. On the basis of the above case create a risk quadrant and risk register for a Discovery group

long answer req.