strategy document risk management strategy · document title: risk management strategy number:...

Note: This document is electronically controlled. The master copy is maintained by the owner department. If this document is printed it becomes uncontrolled.

Printed on 22/04/08 at 12:15 of 25

Strategy Document

Risk Management Strategy

Document Number: 1STG-CLV-001 Sponsor: Lyn Hill-Tout Created date: 01/11/2005 Version.Issue: 3.0 Status: Approved Reviewed date: 30/04/2008 Next Review date: 30/04/2009 To be reviewed by: Head of Corporate

Governance

Document Title: Risk Management Strategy Number: 1STG-CLV-001 Version: 1.0 Status Final Dated: 05/12/2005


Printed on 22/04/08 at 12:15 of 25

Table of Contents 1. Document Definition................................ .................................................................... 3

1.1 Revision History ........................................................................................................................ 3

1.2 Review and Approval History.................................................................................................... 3

1.3 References ............................................................................................................................... 3

1.4 Glossary/Definitions .................................................................................................................. 3

1.5 Purpose..................................................................................................................................... 3

1.6 Scope........................................................................................................................................ 3

1.7 Regulatory Position................................................................................................................... 4

1.8 Special Cases........................................................................................................................... 4

1.9 Comments ................................................................................................................................ 4

2. Introduction....................................... ........................................................................... 5

3. Objectives ......................................... ........................................................................... 6

4. Structure and Communication ........................ ........................................................... 7

4.1 Committees............................................................................................................................... 9

4.2 Trust Officers .......................................................................................................................... 11

4.3 All Trust Managers.................................................................................................................. 13

4.4 All Trust Staff .......................................................................................................................... 14

5. Raising Concerns ................................... ..................................................................... 15

6. Contingency Planning ............................... .................................................................. 15

7. Risk Assessment Process ............................ .............................................................. 15

7.1 The Trust Risk Register.......................................................................................................... 15

7.2 Risk Control ............................................................................................................................ 16

7.3 Acceptable Levels of Authority for Resolving Risk/Incidents .................................................. 16

7.4 Quality and Monitoring ............................................................................................................ 17

7.5 Education and Training........................................................................................................... 17

8. External Standards, Monitoring and Reporting....... .................................................. 17

9. Internal Review of Performance ..................... ............................................................ 18

10. Monitoring and Review .............................. ................................................................. 18

11. Appendices ......................................... ......................................................................... 20

11.1 Appendix 1 – Assurance Framework Proforma .................................................................. 20

11.2 Appendix 2 – Strategic Objectives 2007/08 to 2011/12 ...................................................... 21

11.3 Appendix 3 – Risk Assessment Matrix................................................................................ 22



Printed on 22/04/08 at 12:15 of 25

1. Document Definition

Revision History

Version Status CR No. or Reason for change date Author

0.0 Draft New document 01/11/05 J O’Donnell

0.1 Draft Incorporated Initial review comments 08/12/05 D Thomas

1.0 Issued After Final Review

2.0 Draft Rewrite to reflect changed management structure

11/04/07 D Thomas/ N Hall

3.0 Draft Rewrite to reflect changed management structure

16/04/08 Sarah Robinson

Review and Approval History

Version Reviewer/Approver R/A scope date

0.0 Executive Risk Group R Context, completeness and accuracy 06/12/05

0.1 Trust Board A Current and compliant

2.0 Corporate Governance & Risk Committee

A Current and compliant ???

3.0 Trust Board A Current and compliant 30/04/08

References

Ref # Document title Document Reference/Location

Glossary/Definitions Assurance Framework – a document which identifies which of the organisations objectives are at risk because of inadequacies in the operation of controls or where the organisation has inadequate assurances. It also provides structured assurances about where risk is being managed effectively and objectives are being delivered.

Purpose To provide a clearly defined and documented strategy, policy, framework and operational direction to ensure that identified risks are managed in an appropriate manner

Scope Trust wide



Printed on 22/04/08 at 12:15 of 25

Regulatory Position This strategy takes into account all statutory requirements upon the Trust and pays particular reference to the following documents:

• Governing the NHS: A Guide for NHS Boards (June 2003) • Assurance: The Board Agenda (DoH 2004) • The NHS Improvement Plan (DoH 2005) • National Standards, Local Action: Health and Social Care Standards

and Planning Framework 2005/06 – 2007/08 including Standards for Better Health (2005)

• Integrated Governance Handbook (DoH 2006) • Audit Committee Handbook (2005)

Special Cases None

Comments Any comments on this document should, in the first instance, be addressed to <the Author>.



Printed on 22/04/08 at 12:15 of 25

2. Introduction

The purpose of risk management is to support the Trust in effectively delivering its objectives. It is a systematic and cyclical management process, in which potential risks are identified, assessed, managed and monitored. This is with a view to reducing harm and realising potential. It is applicable at corporate, directorate, department, team and individual levels. To ensure comprehensiveness it is best undertaken in a constructive, open, honest, learning and multidisciplinary environment. The business of healthcare is by its very nature a high-risk activity and the process of risk management is a required control mechanism if risks are to be identified and managed. Risk Management is a proactive approach which:

• Identifies the various activities of the organisation • Identifies the risks that exist • Assesses those risks for potential frequency and severity • Eliminates the risks that can be eliminated • Reduces the effect of those that cannot be eliminated

The Trust Board recognises that complete risk control/avoidance is impossible, but that risks can be minimised by making sound judgements from a range of fully identified options.

This strategy aims to ensure that service users of the Trust receive high quality care through service provision, which is safe and effective, and that staff work in a safety focussed environment. Failure to implement a strategy for managing risk could severely impact on health and service outcomes, the Trust’s reputation, public confidence in the trust and could have serious financial consequences. It is also a breach of our statutory obligations. This document and related policies clearly sets out the processes by which all risks are identified and controlled. It identifies the resources for managing risk and how they relate to each other and roles and responsibilities. As risks do not remain static, the processes are dynamic and effectiveness is continually reviewed. This strategy links directly to the following policies: � Risk Assessment Policy � Health and Safety Policy � Incident Reporting Policy � Complaints Policy � Claims Policy � Major Incident Plan(s) including hotline arrangements � Business Continuity Plans � Consent Policy



Printed on 22/04/08 at 12:15 of 25

� Openness Policy (Whistle Blowing Policy)

3. Objectives

The Trust has 8 Strategic Objectives for the period 07/08-11/12. These directly reflect the requirements of the Healthcare Commissions Standards for Better Health (See Appendix 2). The Trust is required to have comprehensive controls and assurances in place through an Assurance Framework (See Appendix 1). Through this Framework, the Trust can assure the public that it operates an effective system of control in clinical, organisational and financial areas and assure the Trust Board that appropriate decisions in the management of risk have been taken. The Assurance Framework is to be reviewed quarterly by the Corporate Governance & Risk Committee and should assist the Trust in its business planning process. It will identify the Trust’s key objectives and the risks associated with them. These objectives are cascaded throughout the organisation through its committees and the appraisal processes. The Risk Management Strategy is integral to the achievement of the Trust’s objectives by ensuring it: 1. Meets its commitment to provide the highest standards of safety for our

patients/users and staff 2. Complies with all relevant laws, legislation and applicable regulations 3. Minimises damage to and waste of the Trust's physical assets 4. Maximises value for money for taxpayers' funding 5. Enhances the reputation of the Trust This will be achieved by:

� Directorate and Strategic Risk Registers influencing the workplans for the various Risk Management Committees

� Having a single system for assessing, reporting, investigating, managing and reducing risk across the Trust.

� Establishing effective communication of risk management processes across the Trust and train and support staff in actively identifying and managing risks within their area of responsibility.

� Identifying Trust’s objectives and reviewing the risks to achieving them to develop the Strategic Risk Register.

� Collating and prioritising Trust risks on a Corporate Risk Register, ensuring that the Trust Board is informed of serious risks that cannot be managed within defined areas of responsibilities.

� Ensuring appropriate communication of risks within the Trust.



Printed on 22/04/08 at 12:15 of 25

� Harmonising clinical and non-clinical policy, procedures and standards across the Trust and to ensure that local policy, procedures and guidelines are consistent and comply with Trust standards.

� Ensuring that clinical risk assessment and management of any risk in relationship to the risk of violence to self or others, risk of suicide, self harm and neglect as required by Integrated Care Programme Approach is undertaken with all service users.

� Supporting the development and training of staff in developing their skills of managing clinical and non-clinical risk.

� Achieving external accreditation.

4. Structure and Communication

The Trust has adopted the Australian/New Zealand Risk Management Standard (AS/NZS 4360) as the model to be used for the management of all risks within the organisation in line with DoH requirements. Figure 1 above represents the AS/NZS standard and Figure 2 (next page) represents how this translates into the Trust Risk Management model:

The Trust Board delegates responsibilities for components of risk to various sub-committees.

Estab lish Context

Identify R isks

Analyse R isks

T reat R isks

M onito rand

Review

Evaluate and Rank R isks

AS

SE

SS

RIS

KS

Com

mun

icat

ion

and

Con

sulta

tion

R isk M anagem ent Process

A S/N ZS 4360:1999 - R isk m anagem ent

Risk Reg isterR isk Reg ister

Figure 1



Printed on 22/04/08 at 12:15 of 25

Management Board

Clinical Governance Committee

Audit Committee X4 1

X4 Corporate

Governance & Risk Committee

Trust Board X10 1

Remuneration & Appointments Committee X2 1

Charitable Funds Committee

Mental Health Act Committee

X4 1

1 Statutory Committees

X meets X times per annum

2 Temporary Group for specific project

Red – Governance

Green – Management Groups

Blue – Specific Project Groups

KEY

Clinical Quality &

Risk

Governance



Printed on 22/04/08 at 12:15 of 25

4.1 Committees Trust Board The Trust Board is responsible for integrated governance throughout the Trust and for the approval of the Risk Management Strategy and ratification of risk management policies and procedures, though this may be delegated to appropriate sub-committees. Corporate Governance & Risk Committee Including the Trust Chair and two non-executive Directors (one as chair) who have crossover membership with the Clinical Governance Committee and the Audit Committee. • The Corporate Governance and Risk Committee’s primary purpose is to ensure

the Trust meets its corporate governance responsibilities (through the monitoring of the Assurance Framework)

• To ensure a strategy is in place for managing the risks associated with the organisations’ business. These will cover all risks that might prevent the organisation from meeting the goals set out in its Business Plan. They include financial, staff related and associated with facilities

• It will formally review the Risk Management Strategy on an annual basis. • The Trust Board has delegated decision making powers to the Corporate

Governance and Risk Committee to enable it to act on its behalf in achieving the following objectives: 1. To ensure Directorates have systems in place to identify, manage and

minimise non clinical risks 2. To ensure the Trust has a current risk register that identifies, manages and

minimises non clinical risks. The Committee will review this risk register. • Despite being a separate entity this Committee will have significant links to the

Audit and Clinical Governance Committees both in terms of linked agenda items, but also in terms of membership (both non executive and executive)

Clinical Governance Committee Including two non-executive Directors (one as chair) who have crossover membership with the Corporate Governance & Risk Committee and the Audit Committee. • The Clinical Governance Committee primary purpose is to enable the Board to

meet its responsibilities for ensuring that all patients receive high quality care that is appropriate, effective and safe (through monitoring compliance with Standards for Better Health).

• It is responsible for scrutinising and reviewing the systems in place within the

organisation (including the Directorate Risk Management processes) to ensure, monitor and improve the quality of healthcare provided.

• Trust Board has delegated decision-making powers to the Clinical Governance

Committee to enable it to act on its behalf in achieving the following key objectives:-



Printed on 22/04/08 at 12:15 of 25

1. The focus of Clinical Governance is on the patient, in particular ensuring that patients are fully informed and involved in their care

2. That the Trust adheres to or exceeds externally set Clinical Standards and

follows best practice for the delivery of all care 3. The Trust develops a series of internal standards and measures against

which the quality of our clinical performance can be measured Audit Committee The Committee of three Non-Executive Directors shall review the establishment and maintenance of an effective system of governance, risk management and internal control, across the whole of the organisation’s activities (both clinical and non-clinical), that supports the achievement of the organisation’s objectives. In particular, the Committee will review the adequacy of:

• all risk and control related disclosure statements (in particular the Statement on Internal Control and declarations of compliance with the Standards for Better Health), together with any accompanying Head of Internal Audit statement, external audit opinion or other appropriate independent assurances, prior to endorsement by the Board

• the underlying assurance processes that indicate the degree of the

achievement of corporate objectives, the effectiveness of the management of principal risks and the appropriateness of the above disclosure statements

• the policies for ensuring compliance with relevant regulatory, legal and

code of conduct requirements • the policies and procedures for all work related to fraud and corruption as

set out in Secretary of State Directions and as required by the Counter Fraud and Security Management Service

In carrying out this work the Committee will primarily utilise the work of Internal Audit, External Audit and other assurance functions, but will not be limited to these audit functions. It will also seek reports and assurances from directors and managers as appropriate, concentrating on the over-arching systems of integrated governance, risk management and internal control, together with indicators of their effectiveness. This will be evidenced through the Committee’s use of an effective Assurance Framework to guide its work and that of the audit and assurance functions that report to it. The Trust’s Committee Structure is described in Figure 2 above.



Printed on 22/04/08 at 12:15 of 25

Directorate Arrangements Each Directorate including Corporate Support Functions must put in place adequate arrangements for managing risk. This will include forums for discussing risk management along with designated lead(s). This may need to be undertaken at a Departmental or Speciality Level. Some units may choose to discuss risk as part of their clinical governance meeting, some as part of their health and safety meetings and others as part of their management meetings. Each Directorate will maintain a Directorate Risk Register which will be presented quarterly to the Clinical Quality and Risk Committee. A summary of these risks will be presented to the Corporate Governance & Risk Committee along with the Risk Registers from the Corporate Support Functions which will then form the Trusts Corporate Risk Register.

4.2 Trust Officers Chief Executive The Accountable Officer with overall accountability for having an effective risk management system in place within the Trust and for meeting all statutory requirements and adhering to guidance issued by the Department of Health in respect of governance. The Chief Executive takes personal responsibility for all strategic risks and delegates executive responsibility to nominated directors of the Trust within the corporate management team. He/She retains responsibility for Corporate Governance and Risk and Business Continuity and are a member of both the Clinical Governance Committee and the Corporate Governance & Risk Committee. Medical Director has delegated responsibility for Clinical Governance and the management of Clinical Risk within the Trust. He/She is responsible for ensuring that the Trust’s overall duty of care is discharged appropriately. He/She is the Caldicott Guardian, Accountable Officer for Controlled Drugs, Executive Lead for Medicines Management and is a member of the Clinical Governance Committee and Chair the Clinical Quality and Risk Committee. He/She is also responsible for ensuring the implementation of Trust approved operational policies, clinical standards and guidelines and procedures. The Director of Finance has delegated responsibility and accountability for financial, information risk management and Counter Fraud and is a member of the Corporate Governance & Risk Committee and the Information Governance Steering Group. He/She is responsible for developing Finance and Information Risk Register. Director of Nursing has delegated responsibility and accountability for nursing. He/She is the Executive Lead for Emergency Planning and is a member of the Clinical Governance Committee and the Corporate Governance & Risk Committee. He/She ensures risks from specialities, localities and partner organisations affecting the Trust are communicated into the Trust. Director of Workforce and Education has delegated responsibility for ensuring risk management associated with Human Resource Management, Health & Safety and Fire and for Equality and Diversity. He/She is a member of the Corporate



Printed on 22/04/08 at 12:15 of 25

Governance & Risk Committee and the Health and Safety Working Group. He/She is responsible for developing a Workforce and Education Risk Register. Associate Medical Directors are responsible for the management of risk within their Directorates. They are also responsible for the implementation of risk management procedures and for communicating risks that cannot be managed at a local level. They are responsible for developing Directorate Risk Registers and are members of the Clinical Quality and Risk Committee. General Managers are responsible supporting the AMDs in managing risk within their Directorates and are members of the Corporate Governance & Risk Committee. Director of Research will be responsible for implementing research governance across the Trust and within that ensuring that the risks associated within research projects undertaken on site are managed. Head of Corporate Governance has responsibility for supporting the Chief Executive and Board in developing and implementing integrated governance and Risk Management strategies. He/She is a member of the Corporate Governance & Risk Committee and acts as Board Secretary. Associate Director of Clinical Quality has responsibility for supporting the Medical Director in developing and implementing Clinical Governance and Clinical Risk management systems within the Trust. He/She a member of the Clinical Governance Committee, the Clinical Quality and Risk Committee and Chair the Clinical Development Group. They lead on the Standards for Better Health Declaration process. Clinical Risk and Litigation Lead has responsibility for supporting clinical risk management at all levels of the organisation. Ensuring that the necessary systems are in place to help the organisation assess and control clinical risk. They are responsible for maintaining the Trust’s corporate risk register from Directorate Registers and with the Health and Safety Advisor oversee the Trust wide incident reporting system, liasing with locality/speciality risk leads to ensure all risks and incidents are identified and reported. They also monitor new developments in clinical risk management, develop knowledge and expertise and act as a liaison person for clinical risk management issues, both within the Trust and with external agencies. Health and Safety Advisor has responsibility for supporting health and safety risk management at all levels of the organisation. Ensuring that the necessary systems are in place to help the organisation assess and control health and safety risk. With the Clinical Risk and Litigation Lead they are responsible for maintaining the Trust wide incident reporting system, liaising with locality/speciality risk leads to ensure all risks and incidents are identified and reported. They also monitor new developments in health and safety risk management, develop knowledge and expertise and act as a liaison person for health and safety risk management issues, both within the Trust and with external agencies.



Printed on 22/04/08 at 12:15 of 25

4.3 All Trust Managers In support of the Directorate Risk Management structure all staff with managerial responsibility must understand and implement the Trust’s risk management strategy and underlying policies. They are responsible for:

� Ensuring they have adequate knowledge of and/or access to all legislation

relevant to their areas, seek advice from appropriate experts and ensure that compliance with this legislation is maintained.

� Ensuring the guidance about governance and risk management is implemented in

their localities and specialities and that all staff are made aware of the risks within their work environment and of their individual responsibilities.

� Ensuring that staff has access to the necessary information and training to enable

them to work safely. These responsibilities extend to anyone effected by the Trusts’ operations including agency staff, contractors, members of the public and visitors.

� Identifying risk management training needs of staff and supporting staff in

attending relevant mandatory and other training sessions. � Identifying and making arrangements to release appropriate numbers of staff to

be trained as risk assessors, first aiders, health and safety co-ordinators. � Ensuring all untoward incidents are fully reported and investigated in accordance

with the Trust’s Incident Reporting Policy. � Ensuring appropriate resources are available and procedures are in place to

identify risks and hazards in their areas of responsibility; assess risks arising from these hazards; implement appropriate control measures, monitor the effectiveness of control measures; raise outstanding concerns, ensure safe working procedures/practices and their continued monitoring and revision. Contributing to Directorate risk registers. Where significant risks have been identified and where local control mechanisms are considered to be inadequate they are responsible for raising these issues at the appropriate forum.

� Promoting greater risk management and health and safety awareness amongst all

staff by example, and by ensuring that only properly trained and competent staff are responsible for assessing risks and determining adequate control measures within the working environment;

� Monitoring clinical performance, health and safety standards, including risk

assessments; infection control measures; use of personal protective equipment etc., and ensuring these are reviewed and updated regularly;

� Identifying all employees who require Health Surveillance according to risk

assessments and annual screening and ensuring that where Health Surveillance is required, no individual carries out those specific duties until they have attended the Occupational Health Department and have been passed fit.



Printed on 22/04/08 at 12:15 of 25

� Ensuring that, through risk assessment, an adequate number of staff are trained in first aid and adequate provision is made for first aid equipment within the speciality/department. The names of trained First Aid staff and the location of first aid facilities must be made known to all employees;

� Making adequate provision to ensure that fire and other emergencies procedures

are appropriately dealt with.

4.4 All Trust Staff All employees are required to: � Attend Trust induction programmes and comply with Trust terms and conditions of

service in accordance with contracts of employment � Ensure they maintain mandatory competency and attend training events as

identified by their appraisal process or as deemed necessary by their line manager or by Trust policy.

� Comply with all Trust policies and procedures to protect the health, safety and

welfare of everyone affected by the Trust’s business. � Be familiar with the trust risk management policies and local health and safety

and clinical procedures/guidelines and ensure that risk management forms an integral part of their daily duties, avoiding unsafe practices and activities in both clinical and non-clinical settings.

� Work at all times within their professional codes of conduct � Be aware that they have a duty under legislation to take reasonable care for their

own safety and the safety of others who may be affected by their acts or omissions.

� Report incidents and near misses in accordance with the Trust’s Incident

Reporting Policy. The Trust recognises that adverse events are usually as a result of systemic failings, and not usually individuals; it therefore encourages a culture of fair blame to ensure maximum reporting.

� Comply with data protection and confidentiality legislation and guidance including

but not limited to the Data Protection Act and Caldicott Principles. � Be aware of emergency procedures relevant to their role, e.g. fire, and

resuscitation. � Neither intentionally nor recklessly interfere with nor misuse any equipment

provided for the protection of health and safety.



Printed on 22/04/08 at 12:15 of 25

5. Raising Concerns

All employees must be familiar with the trust policy for raising concerns (The Openness Policy) available on the intranet. The Trust supports a culture of fair blame so that lessons may be learned and controls put in place thereby improving patient care and staff safety. In exceptional cases e.g. where there is clear evidence of wilful or gross neglect or where there is repeated evidence of poor performance despite interventional support, disciplinary procedures will be instigated.

6. Contingency Planning

All services within the Trust have a duty to consider and make reasonable preparations to manage and recover from potential disasters. The Trust’s Emergency Plans details how major incidents will be dealt with including: • Environmental emergencies such as fire, explosion, release of hazardous

substances, bomb threats, outbreak of infectious diseases • Deliberate acts of major vandalism, arson, industrial action • System failures such as loss of power, heating, water, telephones • Public demonstrations • Criminal activities of staff or service users that has involved media attention • Hostage taking • Criminal investigations, i.e., suspicious deaths and abuse of patients • Hotline telephone arrangements

The Contingency Plan will be routinely tested.

7. Risk Assessment Process

Appendix 3 show the agreed matrices to be used when assessing the likelihood, the impact and the significance of risks. For more in-depth details of the Risk Assessment Process, used within the Trust, refer to the Risk Assessment Policy (formerly the “Corporate Governance - the Assessment and Management of Risk” Policy) to be found on the intranet. The policy addresses prioritisation and classification of risk, management action and risk assessment analysis. Issues identified locally that may apply across the Trust will be notified to the appropriate Trust Committee so that a Trust wide solution can be found.

7.1 The Trust Risk Register It is important that risks throughout the Trust are quantified and prioritised to enable investment decisions to be made. To assist in that process the Trust has developed a Trust Risk Register to record all risks throughout the Trust, what control measures are in place or what risk treatments are needed to eliminate or mitigate them.



Printed on 22/04/08 at 12:15 of 25

Each Directorate will maintain a Directorate Risk Register which will be presented quarterly to the Clinical Quality and Risk Committee. A summary of these risks will be presented to the Corporate Governance & Risk Committee along with the Risk Registers from the Corporate Support Functions which will then form the Trusts Corporate Risk Register. This will be maintained on the ‘T’ drive under the Corporate Governance & Risk Committee. The Trust will also develop a Strategic Risk Register as part of the formulation of the Assurance Framework. This will be reviewed by the Corporate Governance & Risk Committee to ensure that there is linkage between the Corporate and Strategic registers. Significant risks from the Corporate Risk Register will be added to the Strategic Risk Register where appropriate following review at the Corporate Governance & Risk Committee. The Audit Committee will ensure that assurances are gained as appropriate against these risks.

7.2 Risk Control Corporate Risk Registers It is the responsibility of the Associate Medical Director or relevant Director to ensure that risk assessments are prioritised and actioned. Strategic Risk Register It is the responsibility of the Board to ensure that risk assessments are prioritised and actioned. Where controls are considered to be potentially inadequate, the risk must be brought to the attention of the relevant Committee/Board to discuss possible solutions and advise.

7.3 Acceptable Levels of Authority for Resolving Ri sk/Incidents The Trust aims to provide an environment to encourage innovation and service development and recognises that risk taking is an integral part of this process. However, risk taking without informed evaluation or management can result in adverse outcomes for patients, staff, resources and reputation. The Trust uses a colour system to grade risk. The risk-ranking matrix is attached at Appendix 3 for ease of reference. The responsibility for managing risks and incidents is escalated depending on the local ability to reduce the risk and the risk rating for the particular risk. Low to medium risks (green or orange) are generally to be resolved locally. Once a risk extends beyond the parameters of service provision OR if it has been assessed and given a ‘red’ ranking it will need to be taken by managers to relevant Trust meetings. It should still be managed locally if possible. If the Trust wide group is unable to resolve the issue, the risk will be further graded using the Severity Matrix and added to the Trust Risk Register.



Printed on 22/04/08 at 12:15 of 25

The Corporate Governance & Risk Committee on behalf of the Trust Board will look at all the potential consequences of carrying the risk and decide whether it is reasonable investing in a solution or alternatively accepting the risk. Where the risk is externally driven there may be reason to take the discussion to the Trust partners e.g. Primary Care Trusts or to the Strategic Health Authority. Acceptable risk is defined as where all reasonable steps have been taken to eliminate, reduce and manage a risk but a residual risk remains and the appropriate level of management have taken the decision to ‘accept’ the risk.

7.4 Quality and Monitoring It is the responsibility of the Corporate Governance & Risk Committee to monitor the implementation of this strategy and to ensure that appropriate actions are taken to manage exposure to risk. Audit is the most effective and accurate means to identify, assess and test risk liabilities. All localities/specialties will be subject to a periodic audit of selected clinical and non-clinical audits by a team of internal specialists. Audit results will be used both as feedback and as a baseline measurement of existing risk indicating where further action needs to be incorporated into objective setting at locality, speciality and trust level.

7.5 Education and Training Education and training of staff in all disciplines and at all levels is an essential component of this risk management strategy. Education and training starts with corporate and departmental inductions. Induction for all staff includes a detailed element of mandatory and risk management training. Mandatory training for staff will be monitored in relation to attendance at organised training events. It is the responsibility of each speciality to develop specific departmental induction programmes. These should identify potential clinical risks and environmental hazards in the local area and clinical practices, including training requirements for local equipment use. Training records for all staff will be maintained.

8. External Standards, Monitoring and Reporting

The National Health Service Litigation Authority (NHSLA) is the main external monitor for risk management activity within Trusts. Trusts are able to reduce their insurance premiums by achieving greater levels of compliance against standards created, updated and monitored by the NHSLA. Risk Management standards are incorporated in the Standards for Better Health. This strategy is in line with the standards.



Printed on 22/04/08 at 12:15 of 25

The Health and Safety Executive also provide ongoing support and external monitoring to ensure that the work environment and working practices are managed according to legislation. The external reporting system in place for public and staff safety is the Reporting of Injuries, Diseases and Dangerous Occurrence Regulations (RIDDOR). External auditors may also be employed from time to time to carry out external audits of the health and safety or other risk management system.

9. Internal Review of Performance

The Quarterly updating of the Directorate Risk Matrices allows local governance/risk groups to report their progress on risk and quality, providing evidence of ongoing trust wide clinical risk assessment. Key performance indicators are suggested in Section 10 Monitoring and Review. Locality and Speciality Managers have the role of ensuring that risk assessments are completed locally, that incidents are reported and that the loop is closed on investigating and resolving the issues arising from these processes. They also ensure that local Risk Registers are generated and risks forwarded to the central Risk Register. The Corporate Governance & Risk Committee minutes along with a brief summary report will go to the Trust Board after each meeting.

10. Monitoring and Review

Audit and Review are essential components of the risk management process. It is essential that assurances are being provided through the regular monitoring of performance and risk management at all levels of the Trust. Some of the Key Indicators to gain such assurances are listed below: Accountability for risk should be recorded in individual job descriptions Appraisals personal, should include/monitor accountability for risk Inspections and Audit The organised use of Trust Annual Risk Audit, Audit

Commission, Clinical Audit, Internal Audit to review services, ensure actions taken, also learn from other Trusts’ experiences

Complaints/claims analyse, feedback, share lessons learnt External assessments Healthcare Commission

HSE NHSLA Risk Management Standards

Incidents Analysis and investigation of reported incidents,

feedback, share lessons learnt – Corporate/Directorate themes



Printed on 22/04/08 at 12:15 of 25

Other Indicators other indicators to review risk performance against stated trust or other objectives e.g. Infection Control monitoring

Media monitor media reports Papers key papers for consideration by the Board at least, will

contain a section on risks associated with the topic under consideration

Risk Assessments undertake, record, action, review by checking the

suitability and sufficiency of risk assessments and risk treatment plans sent to the Health and Safety Department

Risk Register maintenance, actions, review Training establish requirements, availability of training,

attendance, review Strategy This strategy is to be reviewed at least annually by the

Corporate Governance & Risk Committee, or sooner if needed.

Document Title: Risk Management Strategy Number: 1STG-CLV-001 Version: 1.0 Status Draft Dated: 24/01/2005


Printed on 22/04/08 at 12:15 of 25

11. Appendices

11.1 Appendix 1 – Assurance Framework Proforma

Principal Objective: 1.

Self Assessment/Declaration Status: COMPLIANT/NON-COMPLIANT Key Controls

Standard Ref.

Controls Risk Refs

Assurances on Controls

Standard Ref.

Assurances

Board Reports

Positive Assurances

Gaps in Control

Gaps in Assurance

�



Printed on 22/04/08 at 12:15 of 25

11.2 Appendix 2 – Strategic Objectives 2007/08 to 2 011/12

1. SAFETY (SfBH Domain 1 ; Standards: C1 a & b, C2, C3, C4a-e, D1) Patients and staff safety will be enhanced by the use of health care processes, working practices and systematic activities that prevent or reduce the risk of harm.

2. PATIENTS (SfBH Domain 4 ; Standards: C13a-c, C14a-c, C15a&b, C16, D8, D9, D10.) Health care will be provided in partnership with patients and their carers, respecting their diverse needs, preferences and choices and, in partnership with other organisations, we will continue to improve patient care, experience and satisfaction so that we become the service of first choice.

3. CLINICAL AND COST EFFECTIVENESS (SfBH Domain 2 ; Standards: C5a-d, C6, D2.) Patients will achieve health care benefits that meet their individual needs through health care decisions and services based on what assessed research evidence has shown provides effective clinical outcomes.

4. STAFF (SfBH Domain 3 ; Standards:C7b,d&e, C8a&b, C9, C10a&b, C11a-c, D6, D7) We will maximise the potential of our staff and the opportunities to develop as a model employer.

5. GOVERNANCE (SfBH Domain 3 ; Standards: C7a-f, C9, C12, D3, D4, D5, D6, D7.) Managerial and clinical leadership and accountability, as well as our organisation’s culture, systems and working practices will ensure that probity, quality assurance, quality improvement and patient safety are central components of all our activities.

6. ACCESSIBLE AND RESPONSIVE (SfBH Domain 5 ; Standards: C17, C18, C19, D11) Patients will receive accessible and responsive care as promptly as possible, have choice in access to services and treatments, and will not experience unnecessary delays.

7. ENVIRONMENT AND AMENITIES (SfBH Domain 6 ; Standards: C20a&b, C21, D12.) Care will be provided in an environment that promotes patient and staff well-being and respect for patients’ needs and preferences in that they will be designed for the effective and safe delivery of treatment and care.

8. PUBLIC HEALTH (SfBH Domain 7 ; Standards: C22, C23, C24 & D13) Services will be designed and delivered in collaboration with all relevant organisations and communities to promote, protect and improve the health of the population served and reduce health inequalities between different population groups and areas.



Printed on 22/04/08 at 12:15 of 25

11.3 Appendix 3 – Risk Assessment Matrix When evaluating the value of any given risk it is necessary to look at the degree of harm or loss (severity) that is likely to result from the risk and then look at the likelihood of that harm or loss occurring. This first assessment is done as if there were no controls in place whatsoever. The Trust has adopted the following definitions for use: Likelihood Definitions

Value Descriptor Description

5

Certain Harm or loss is certain or near certain Is expected to occur Probability >1 in 10 within life time of project or system or relevant activity

4

Likely

Harm or loss will occur frequently Will probably occur Probability between 1 in 100 and 1 in 10 within life time of project or system or relevant activity

3

Possible

Harm or loss could occur once or twice a year Might occur at some time Probability between 1 in 1,000 and 1 in 100 within life time of project or system or relevant activity

2

Unlikely

Harm or loss could occur less than once a year Could occur at some time Probability between 1 in 10,000 and 1 in 1,000 within life time of project or system or relevant activity

1

Rare

Very unlikely or freak event May occur only in exceptional circumstances within the relevant timescale Probability < 1 in 10,000 within life time of project or system or relevant activity



Printed on 22/04/08 at 12:15 of 25

Severity Definitions Value Descriptor Injury/ Illness Patient Experience System or Project Complaint or Claim Financial

Loss Adverse publicity

5 Catastrophic Death or major and permanent incapacity disability

Totally unsatisfactory patient outcome

Failure of critical system or project

Multiple claims or single major claim

£1,000,000 + Nationwide multi media coverage

4 Major Major injuries or long term incapacity or disability

Patient outcome or experience significantly below reasonable expectation across the board

Partial failure of critical system or project Failure of important system or project

Above excess claim or multiple justified complaints

£50,000 – £1,000,000

Extensive local coverage and widespread NHS coverage

3 Significant Significant injury or ill health – medical intervention necessary – Some temporary incapacity RIDDOR Reportable

Patient outcome or experience below reasonable expectation in one or a number of areas

Resolvable problem with critical system or project Partial failure of important system or project Failure of peripheral system or project

Justified complaint involving lack of appropriate care or below excess clam

£5,000 – £50,000

Coverage throughout organisation and/or some public coverage

2 Minor Minor injury or ill health – First Aid or self treatment – no incapacity

Patient experience temporarily unsatisfactory – rapidly resolved

Resolvable problem with important system or project Partial failure of peripheral system or project

Justified complaint peripheral to clinical care (e.g. car parking, access etc)

£500 - £5,000 Coverage limited to elements within the organisation (e.g. Trades Union and/or some external stakeholders

1 Insignificant No harm or injury suffered or minor injury not requiring intervention

Single resolvable problem in patient experience

Resolvable problem with peripheral system or project

Low value claim handled by ex gratia payment

£0 - £500 Awareness limited to individuals within the organisation



Printed on 22/04/08 at 12:15 of 25

The overall risk rating reflects both the likelihood that harm or loss will occur and the severity of its outcome

(i.e. Risk = Likelihood x Severity)

Severity of Outcome

Risk Rating Matrix Catastrophic (5)

Major (4)

Moderate (3)

Minor (2)

Insignificant (1)

Certain (5) 25 20 15 10 5

Likely (4) 20 16 12 8 4

Possible (3) 15 12 9 6 3

Unlikely (2) 10 8 6 4 2

Likelihood

Rare (1) 5 4 3 2 1

THE OVERALL RESIDUAL RISK RATING

HIGH (10 +) “Intolerable”

MEDIUM (5 – 9) “Tolerable”

Provided all reasonable steps have been taken to reduce the

risk

LOW (1 –4) “Acceptable”

Provided all reasonable steps have been taken to reduce the

risk

Document Title: Risk Management Strategy APPENDIX A - Key Risk Areas

Number: 1STG-CLV-001 Version: 1.0 Status Draft Dated: 24/01/2005


Printed on 22/04/08 at 12:15 of 25

The main areas of risk can arise in: Clinical care: dealing with diagnosis, treatment and care of service users, where procedures and clinical standards will be research and evidence based wherever appropriate in order to promote high quality and cost effective care. Environmental and facilities management: ensure compliance with legislation such as Health and Safety at Work etc Act, COSHH, food handling, hotel services, waste management, security and environmental issues etc. Strategic management: include risks associated with strategic management, planning and organisation within the trust. Financial management: dealing with the need for adequate financial control systems, contract arrangements, funding issues and new business and meeting financial balance. Human Resource issues : include personnel and continuing education issues, occupational health matters, confidentiality issues, police vetting procedures, effective recruitment and retention strategies and Improving Working Lives standards. Information management: covers the management of information in the trust but key areas are those of confidentiality, data quality and the security of information systems. In addition there is the need for effective communication of Trust business, both internally and externally. External events/influences: these include government or NHS policy changes such as White papers, as well as legal changes and the changing expectations of society. It also includes the impact on the Trust of action/inaction by partner organisations and vice versa. Research and Development: research activity can sometimes present an element of risk to participants, the researcher and the trust which is minimised by conforming to research

ethics and research governance standards.

strategy document risk management strategy · document title: risk management strategy number:...

Documents