Annual Report 2024/25
accessibility

Accessibility Panel

my report 0

My Report

download center

Download Center

search icon
Overview
Leadership
Management Discussion and Analysis
Organisational Stewardship
Financial Information
Supplementary Information
Corporate Information
Print Icon Download PDF
Print Icon Add To My Report

My Report

At the moment, there are no entries available for display

    Download as PDF
    Organisational Stewardship
    Risk Management

    Risk Management remains a key driver of managing a healthcare institution. At Nawaloka Hospitals, we have embedded a proactive and structured approach to identifying, evaluating, and mitigating risks across all facets of our operations. This approach extends to risks arising from our dynamic operating environment, evolving healthcare practices, and rapid advancements in medical technology. This cohesive approach enables us to ensure continuity of care, safeguard patient trust, and uphold our responsibility to deliver excellence in healthcare.

    The Nawaloka Risk Management Framework

    Our risk management framework integrates a structured and comprehensive approach to identifying, assessing, mitigating, and controlling risks that may arise from both routine operations and unforeseen developments, beyond our control. As such, we effectively address risks across the organisation in a consistent manner, underpinned by robust oversight and clear accountability.

    In addition, the framework is aligned with internationally recognised standards. Further, it integrates the regulatory expectations of the Sri Lanka Medical Council (SLMC), the Private Health Services Regulatory Council (PHSRC), and the Central Environmental Authority (CEA). Through this holistic approach, the Nawaloka Risk Management Framework reinforces our commitment to patient safety, operational resilience, and institutional integrity.

    Risk Governance at Nawaloka

    We recognise that robust risk governance is essential to embedding cohesive and adaptive risk management practices across our operations. Accountability for the effectiveness and adequacy of the Group's risk management framework rests with the Board of Directors, underscoring our commitment to governance at the highest level. The Audit Committee and the Risk Management Committee assist the Board of Directors to provide structured oversight, independent review, and strategic guidance to ensure that risk management remains both rigorous and responsive to the evolving healthcare landscape.

    The Audit Committee carries retains oversight and responsibility for matters relating to risk and internal controls, while the Risk Management Committee is entrusted with ensuring the effective execution of risk management processes across the organisation. The Risk Management Committee meets on a monthly basis to present regular reports to the Board, outlining the key risks identified, evaluated, and addressed.

    This structured top-down approach to governance has enabled Nawaloka to embed risk considerations into every aspect of our operations. Over the years, it has fostered a culture of heightened risk awareness, accountability, and control across the organisation, reinforcing both operational resilience and institutional integrity.

    Risk Governance

    Risk Management Committee

    Our Risk Management Committee consists of members from the Board of Directors and other working officers to ensure that all risks applicable to a healthcare operator are considered on a timely basis.

    Collectively, the Risk Management Committee is responsible for:

    • Ensuring the comprehensive risk management framework.
    • Putting in place risk measurement, monitoring, and management processes.
    • Compliance with regulatory and internal prudential requirements.
    Name
    		 Areas of oversight
    Vidya Jyothi Professor Lal Chandrasena Chairman (DGM/ED) Comprehensive Risk Management Framework
    Mr A Dharmadasa – ED
    Ms A G Dharmadasa – ED Risk measurement, monitoring, and management
    Mr Theja Vimuktha De Silva – CFO
    Dr Tissa Perera – Medical Superintendent requirements Compliance with regulatory and Internal prudential
    Ms U W Padmini – Chief Nursing Officer
    Mr Kanishka Warusavitarana –
    Senior Manager Operations

    Risk Assurance

    To ensure risk assurance, Nawaloka Hospitals takes a Three Lines of Defence Approach. This approach ensures accountability while distinguishing responsibility between owning and managing risks, overseeing risks, and providing independent assurance.

    With this Three Lines of Defence Approach, embedding risk management processes into our day-to-day operations becomes more streamlined and ensures that the Group is better equipped to identify events impacting our risk appetite and improve risk control measures to support strategic imperatives.

    1st Line of Defence
    		 2nd Line of Defence
    		 3rd Line of Defence
    Business line management DGM/ED + Risk Management Committee Internal and external audit
    Primary risk ownership and control Oversight Independent assurance
    Responsible for day-to-day risk management Regular risk reporting to the Board of Directors Assurance and oversight by the internal audit function
    New and potential risks escalated to Board through Risk Management Committee Ongoing monitoring and review of emerging and potential risks by Risk Management Committee and Board of Directors Assurance on the financial statements by external audit
    Risk Factor/Description
    		 Potential Impact
    		 Mitigating Actions
    Competition

    Increased competition from new entrants with reputed brand names and capacity expansions by existing players.
    • Decreased market share resulting in pressure on revenue and profitability margins.
    • Difficulties in building brand loyalty.
    • Investing in customer value propositions to enhance patient healthcare experience including retaining reputed consultants and skilled nurses, investing in technology and specialty services, service delivery, and affordable pricing.
    • Marketing and developing brand based on customer value proposition.
    • Identifying growth areas relating to both services and location.
    • Promotion of customer loyalty programme.
    • Rewarding for frequent patronage.
    Financial and liquidity risk

    Nawaloka Hospitals PLC has increased exposure to high levels of gearing following increased debt from funding of capital expenditure on the Specialty Centre and refurbishment projects. This has been exacerbated by cash flow constraints from impacts of the economic and political crisis.
    • Possible constraints in meeting liability obligations.
    • Restructure of long-term debt to support cash flows.
    • Organisation-wide cost reduction initiatives to improve margins and cash flows.
    • Strategy in place to improve business volumes, operational efficiencies, and margins.
    Shortage of skilled healthcare professionals

    • Attracting and retaining consultants of high repute.
    • Shortage of technically skilled staff such as nurses, laboratory technicians and pharmacists in the country
      could negatively affect the quality of care provided by the Hospital Group.
    • Affects the ability to deliver quality patient care and services, impacting growth prospects, and ultimately, the sustainability of operations.
    • Proactively identifying the next generation of consultants and attracting them prior to competitors.
    • Ensuring consultant satisfaction through a superior value proposition including provision of facilities, technology, and staff quality.
    • Maintaining competitive remuneration packages for
      skilled staff.
    Clinical and Patient Safety Risk

    • Failure to deliver safe, high-quality care to our patients. Associated risks include reputation risk and legal risk.
    • Customer dissatisfaction could lead to loss of reputation and loss of market share impacting revenue and profits.
    • Commitment to maintaining global standards of quality and safety of healthcare services through international accreditations.
    • Regular maintenance and upgrade of equipment.
    • Regular training and upskilling of employees.
    Technological obsolescence
    • Inability to acquire the latest technology and maintain high technological standards as well as technological obsolescence.
    • Loss of competitive edge and market share impacting revenue and profits.
    • Ongoing investments in the latest technology for specific areas.
    • Keeping abreast of current developments in medical technology and evaluating the possibilities of adopting same.
    IT and Cyber Risk

    • Following the drive towards electronic health records and digitalisation.
    • Possibility of cybersecurity breaches and threat to compromising confidential patient information.
    • Possibility of system failures and breakdowns and negative impact on operations.
    • Impact of customer privacy in the event of a potential
      loss event.
    • Potential loss of information assets and the hospital loss
      in reputation.
    • Well-defined cybersecurity incident response process.
    • Training employees and creating staff awareness on the importance of maintaining information security and handling of sensitive information.
    • Comprehensive IT and information systems security policy. Implementation and regular testing and verification of network protection technology.
    Reputation Risk

    • In the healthcare industry, trust and reputation are key factors distinguishing players within the same industry. Incidents including adverse events while performing clinical procedures, cyberattacks and breach in security and customer confidentiality could negatively affect Nawaloka Hospitals PLC's reputation and its relationships with its key stakeholders.
    • Loss in market position and share.
    • Impact on profitability margins.
    • Standard operating protocols.
    • Quality audits.
    • Accreditation and awards provide assurance to stakeholders regarding the quality of our offering.
    • Procedures to ensure responsible marketing communications.
    • Nurturing and maintaining strong relationships with key stakeholders and ensuring needs are satisfied.

    Net Risk Assessment

    High
    Moderate
    Low

    Close