RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training
Size: px
Start display at page:

Download "RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training"

Transcription

1 RISK MANAGEMENT STRATEGY and FRAMEWORK Including risk assessment, risk register, risk management process, risk committee and risk awareness training Document Reference: Document Owner: Accountable Committee: RM01 Version: 01.4 Jackie Bird, Director of Nursing & Quality Risk & Quality Governance Committee Document Author: Jane Hadfield, Risk and Health and Safety Manager Date Approved: 21 September 2011 Ratified by: Board of Directors Date Ratified: 30 September 2011 Date issued: October 2011 Review date: 30 September 2014 Equality Impact Target audience: All trust staff Assessment: 16 th August 2011 Key points How to control, manage and mitigate risk How to implement a system for continuous improvement How to reduce clinical and non clinical risks Risk management process for the organisation

2 Contents Section Page 1.0 ASSOCIATED DOCUMENTS INTRODUCTION Statement of intent Equality Impact Assessment Good Corporate Citizen Purpose Scope DEFINITIONS STRATEGY DUTIES Board of Directors Chief Executive The Director of Nursing and Quality Director of Finance Executive Directors Non Executive Directors Divisional directors General managers, Lead Nurses, Departmental and Ward Managers Head of Facilities Head of Human Resources Associate Director of Education Head of Information/Governance Head of Safety & Risk Quality and Standards team Fire Safety Advisor Local Security Management Specialist Responsibility of all Employees, Agency and Contractors ( Staff ) COMMITTEES AND SUB COMMITTEES WHICH HAVE RISK MANAGEMENT RESPONSIBILITIES 6.1 Management Board Risk and quality governance committee Quality Assurance Committee Page 2 of 52

3 6.4 Audit Committee Patient Safety Committee Patient Experience Committee Clinical and Research Effectiveness Committee Education and Training Committee SUPPORTING FRAMEWORK Board Assurance Framework LEVELS OF RISK MANAGEMENT ACROSS THE TRUST Board level Corporate level Divisional level Ward/departmental level ACCOUNTABILITY AND REPORTING STRUCTURES RISK MANAGEMENT APPROACH Fair Blame Being Open Reporting Concerns PROCESS FOR THE MANAGEMENT OF RISK Overview Proactive risk processes Reactive risk processes PROCESS FOR ASSESSING ALL TYPES OF RISK Risk identification Risk assessment and quantification Risk assessment forms Risk evaluation Risk control Risk ranking, risk acceptability and management responsibility RISK REGISTER Corporate risk register Divisional/departmental risk registers Process for board or high level committee review of the organisationwide risk register 13.4 Escalation of risk Page 3 of 52

4 14.0 CONSULTATION, APPROVAL AND RATIFICATION PROCESS DISSEMINATION & IMPLEMENTATION Dissemination Implementation Training/Awareness PROCESS FOR MONITORING EFFECTIVE IMPLEMENTATION VERSION CONTROL SHEET 23 APPENDICES 1 Trust accountability structure 24 2 Driver diagram 26 3 Annual audit of committee effectiveness 27 4 Terms of reference 30 5 Risk scoring tool 49 Page 4 of 52

5 1.0 ASSOCIATED DOCUMENTS Incident reporting and investigation policy Claims policy Major incident plan Whistle blowing policy Complaints policy Being open policy Management of external agency visits, inspections and accreditations policy Management of national clinical guidelines Corporate induction policy Corporate essential Training Policy 2.0 INTRODUCTION The trust is committed to implementing the principles of governance, defined as the system by which the organisation is directed and controlled, at its most senior levels, to achieve its objectives and meet the necessary standards of accountability, probity and openness. The trust recognises that the principles of governance must be supported by an effective risk management system that is designed to deliver improvements in patient safety and care as well as the safety of its staff, patients and visitors. The trust is required to have a Board approved document for managing risk that identifies accountability arrangements, resources available and contains guidance on what may be regarded as acceptable risk within the organisation. This Risk Management Strategy provides a structured approach to the management of financial, organisational, reputational, clinical and project risks and is a requirement of the NHS Litigation Authority (NHSLA) Risk Management Standards for Acute Trusts, for Monitor and for other external accreditations i.e. ISO 9001/2008 in Radiotherapy. The purpose of this document is to define the trust s Strategy for Risk Management for the period Statement of intent The Christie is committed to the implementation of a risk management strategy which minimises risks to patients, staff and other stakeholders through comprehensive systems of control. This is crucial to ensure the trust is able to fulfil its commitment to providing high quality treatment and care. The focus of the strategy is the promotion of a risk conscious environment where safety is seen as paramount. In order to succeed, risk management must be embedded at all levels within the organisation. To this end, the following components are critical: Clear and effective governance arrangements Sound leadership with accountability Explicit strategic objectives Appropriate resource allocation Integrated planning arrangements Effective stakeholder involvement Education and training strategies Recognising the value of innovation that all staff make to the overall management of risk Integration of risk management at all levels A system of risk identification, recording and action (risk register) Learning from others both internally and externally to the organisation 2.2 Equality Impact Assessment There is a legal duty to analyse the actual or potential effect of the activity on different groups. The requirement is to consider if there any unintended consequences for some groups, and to consider if the policy will be fully effective for all target groups. It involves using equality information and the results of engagement with protected groups and others to understand the actual or potential effect of our Page 5 of 52

6 activities. In line with the trust policy on equality and diversity this document has been screened using the approved e-tool. No detriment was identified. 2.3 Good Corporate Citizen As part of its development, this policy was reviewed in line with the trust s Corporate Citizen ideals. As a result, the document is designed to be used electronically in order to reduce any associated printing costs. 2.4 Purpose This strategy will establish a consistent and integrated approach to the management of all risk across the whole trust. The key objectives of this policy are to provide the framework for achieving: Safety, quality, integrated governance and assurance The control and management of risk to achieve organisational objectives The trust is also required to meet its legal and contractual obligations as described in the Department of Health publication The NHS Performance Regime (June 2008)* which represents the accountability structure as set out below. * As the NHS reforms become embedded this framework will evolve 2.5 Scope This document applies to all trust employees, contractors and other third parties working within the trust. Risk management is the responsibility of all staff and managers at all levels are expected to take an active lead to ensure that risk management is a fundamental part of their operational area. 3.0 DEFINITIONS Term Acceptable risk Adverse event Chief executive Meaning Means a willingness to live with risk to secure certain benefits, but with the confidence that it is being properly controlled Means any event or circumstance leading to unintentional harm or suffering Means the person who has delegated responsibility from the Page 6 of 52

7 CQUINS commissioning for quality and innovation Patient Safety Patient Experience Clinical and Research Effectiveness DATIX Governance Hazard Quality Regulators Risk Risk assessment Risk management Risk register Strategy Strategic management Terms of reference Trust / Organisation board of directors for the management of governance arrangements within the trust, and is ultimately responsible for ensuring that the trust meets its obligations with regards to the safe and effective delivery of services. This is delegated to responsible individuals within the trust. Means the payment framework which enables commissioners to reward excellence, by linking a proportion of English healthcare providers' income to the achievement of local quality improvement goals. Means a trust committee authorised by and accountable to the risk and quality governance committee Means the trust s safety software for healthcare risk management applications. The solution can integrate the following safety, risk and governance elements: Incident, adverse event and near miss reporting Risk assessment/risk register Patient experience and feedback Complaints, compliments, comments and concerns Claims handling Means the framework of rules and practices by which a board of directors ensures accountability, fairness, and transparency in the organisation s relationship with its stakeholders Means situations with the potential to cause harm Means clinical effectiveness, safety and patient experience Monitor Care Quality Commission (CQC) Means the uncertainty of outcome, whether positive opportunity or negative threat, of actions and events. It is the combination of likelihood and impact, including perceived importance Means a systematic and effective method of identifying, evaluating and controlling risks Means all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress. Means a process of recording how risks in an organisation will be managed Means a long term plan of action designed to achieve a particular goal. Means the long term plan for successful administration of the organisation and business. Or TOR, means, the purpose and structure of a committee or meeting for a team of people who have worked together to share a goal. Means The Christie NHS Foundation Trust Page 7 of 52

8 4.0 STRATEGY Objectives of this strategy The Department of Health has provided the foundation for Risk Management, which the trust works within, in the nationally defined Care Quality Commission Essential Standards of Quality and Safety and the NHSLA Risk Management Standards. The trust has introduced a holistic approach to Risk Management across the organisation, which embraces financial, organisational, reputational, clinical and project risks and requires all parts of the organisation to be involved. The trust will take all reasonable steps in the management of risk with the overall objective of protecting patients, staff and its assets. The primary concern is the provision of a safe environment together with working policies and practices, which take into account assessed risks. In order to achieve this objective the trust has adopted a pro-active approach. The key objectives of this strategy are set out in the driver diagram. The framework set out in this document will support the strategy. The Risk Management Strategy consists of four key work streams: Culture, teamwork and accountability Identification, assessment and monitoring Response Training, learning and sharing The work will be prioritised over the next three years to link with the major parallel strategies running alongside this strategy i.e. the 5 year corporate strategy and the quality strategy that will assist and support the delivery of safer care and practice, the Datix web-based incident reporting and risk register system, electronic patient record and prescribing systems across the in-patient and outpatient setting. Culture, teamwork and accountability Various work streams will be introduced over the next three years to strengthen our current systems and processes, they will include: Identifying and re-establishing robust risk management/governance arrangements in each Clinical and Corporate area following re-structuring of the organisation and governance committees by the Autumn of 2011 Monitoring and reviewing key risk management policies and procedures to ensure that all risks are effectively managed by the trust executive directors and divisional directors on behalf of the Board of Directors via the NHSLA steering group to ensure NHSLA Level 3 assessment success in Identification, assessment and monitoring We will continue to promote the pro-active use of the risk registers to Link risk assessments with the Board Assurance Framework, CQC Essential Standards, NHSLA and other standards Further develop the Datixweb system so that all risks and incidents across the whole organisation are registered on the system Provide to the Board committees appropriate information to assist with their assurance functions and to highlight any inadequately controlled risks, incidents and improvement needs. We aim to be successful in the external assessment process by achieving NHSLA Level 3 standard by quarter three 2012/13. Page 8 of 52

9 We will continue to monitor risks by ensuring that: An annual programme of audits is in place to review the control mechanisms in place for key risks Utilise the Quality Accounts targets, CQUINS programme and Quality and Risk Profile (QRP) to identify and drive quality improvement programmes focused on high risk areas. Response Our response to risks will be timely and appropriate by ensuring that we: Develop the role of a Patient Safety Rapid Response Team to respond to incidents and risks promptly, identify learning and develop solutions, that, where appropriate, are shared locally, trustwide, regionally and nationally Ensure that the response by management to risk assessments is followed in line with the process set out in this strategy. Training, learning and sharing Development of staff and learning from review and investigation will be supported by: Further development of appropriate, best practice education and training programmes for staff at all levels in the Trust Ensuring that all staff receive essential risk management training as set out in the Corporate Essential Training Policy, monitored via the PDR process and recorded by the Learning and Development department Continuing to develop mechanisms for sharing and learning from incidents and near misses, that will include learning events following every serious incident and coroner s inquest Ensuring that quality improvement programmes are directed at our high risk areas and that continuous improvement is evident in all areas via the trust-wide quality improvement programmes and reported via the Divisional Boards to the Board of Directors and in the annual Quality Accounts. 5.0 DUTIES 5.1 Board of Directors The Board is responsible for the effectiveness of internal controls; ensuring that the trust has effective systems for identifying and managing all risks. The Board has established a risk management structure to help deliver its responsibility for implementing risk management systems within the trust. The Board is required to produce a statement of assurance that it is doing its reasonable best, to manage the trust s affairs efficiently and effectively through the implementation of internal controls to manage risk. To inform the Annual Governance Statement (AGS) made by the Chief Executive in the annual accounts, the Board of Directors must be able to demonstrate that they have been informed through the assurance framework about all significant risks and that they have arrived at their conclusions on the totality of risk based on the evidence presented to them. The Board of Directors is responsible for maintaining the Board Assurance Framework. delegated to the Company Secretary. This is 5.2 Chief Executive The Chief Executive has overall accountability to the Board of Directors for governance within the trust and safeguarding the public funds and the organisation s assets for compliance with health and safety legislation and for ensuring all reasonable actions are taken to minimise risks to patients, staff and the public. Operationally, the Chief Executive has delegated responsibility for implementation of financial risk management to the Director of Finance and clinical risk management to the Director of Nursing and Quality. Page 9 of 52

10 5.3 The Director of Nursing and Quality The director of nursing and quality has delegated authority for leading risk management within the trust, including: Complaints, claims and inquests Compliance with external quality standards Health and safety Safeguarding vulnerable adults Safeguarding children and child protection 5.4 Director of Finance and Business Development The Director of Finance and Business Development has executive director responsibility for financial governance and all associated financial risks; for ensuring that the trust carries out its business of providing healthcare within sound financial governance arrangements that are controlled and monitored through robust audit and accounting mechanisms that are open to public scrutiny on an annual basis. 5.5 Executive Directors Executive directors are responsible for the management of strategic risks and operational risks within their own portfolios. 5.6 Non Executive Directors The non executive directors have the responsibility to ensure that the chief executive and their director colleagues are held to account for their risk management responsibilities. 5.7 Deputy Chief Operating Officers The deputy chief operating officers are accountable for the effective management of risk within their areas of responsibility and for the systematic review of the effectiveness of their risk management systems. The deputy chief operating officers must ensure the trust s risk management processes are fully implemented within their services, risk registers are maintained, and are able to ensure principal risks to the trust s objectives are systematically identified, evaluated, eliminated or reduced and managed. They must encourage the proactive management of risks through the development, implementation and monitoring of risk education and training programmes and the effective functioning of their governance committees. The deputy chief operating officers are responsible for the management of risk within their own areas of operational responsibility. 5.8 Directors of Service, Lead Nurses, Matron, Departmental and Ward Managers Directors of service, lead nurses, Matron departmental and ward managers have responsibility for ensuring compliance with the standards and overall risk management system, as laid down in the risk management strategy, by: Ensuring that appropriate and effective risk management processes are in place That all staff are made aware of the risks within their work environment and of their personal responsibilities Developing and implementing work-plans to ensure risks are identified, treated and mitigated Ensuring local and divisional risk registers are maintained and reviewed at least quarterly to ensure timely and systematic risk management and communication of risk Ensuring escalation of risks from local to divisional level and corporate level, according to their impact Ensuring that national requirements as described in Essential Standards are met by the appropriate dates and compliance with these objectives by all employees is measured on an annual basis Ensuring that adequate resources are made available to provide safe systems of work. This will include making provision for risk assessments, implementing appropriate control measures, raising Page 10 of 52

11 outstanding concerns, ensuring safe working procedures / practices and continued monitoring and revision of same Ensuring that learning from all incidents, complaints and claims is disseminated to reduce the risk of recurrence and continuously strive for the highest level of patient safety and quality. Ensure that staff have time to undertake both best practice education (detailed in training, learning and sharing bullet point 1)and essential training (detailed in training, learning and sharing bullet point 2) 5.9 Head of Facilities The Head of Facilities is responsible for the management of all property expenses claims and works with the risk and health and safety manager regarding non-clinical risk. Accountability for safe working environment Environmental risk management Estates and Facilities Management issues 5.10 Head of Human Resources The Head of Human Resources, on behalf of the Chief Executive, has overall responsibility for nonclinical risk management in relation to: Organisational leadership and development Implementation of training, development and human resource policies to ensure effective work performance standards 5.11 Associate Director of Education The Associate Director of Education, on behalf of the Chief Executive, has overall responsibility for the delivery of education to support best practice and training programmes for staff at all levels Implementation of education related policies to ensure effective work performance standards 5.12 Head of Information Governance The Head of Information Governance provides support to the Director of Nursing and Quality and the Director of Finance and Business Development to ensure: The implementation and management of the initiatives detailed in the NHS Information Authority toolkit The ongoing notification to the Information Commissioner s Office Freedom of Information requests are acted upon Head of Safety & Risk The Head of Safety & Risk has overall responsibility and professional leadership for this Risk Management Strategy, on behalf of the Director of Nursing. They will lead the strategic direction, development, implementation and evaluation of this strategy Quality and Standards Team (formerly known as the Risk Team. Risk Management processes, including health and safety, will be overseen by the Quality and Standards team. The team will act as a central reference point for all risk management issues. Additional support will be provided by subject matter experts. The Quality and Standards team will receive and collate information on risks within the trust, monitor new developments in risk management, develop knowledge and expertise through the provision of training and act as a liaison point for risk management issues both within the trust and external bodies. The Quality and Standards team is also responsible for maintaining and developing the trust-wide risk management system Fire Safety Advisor The fire safety advisor is responsible for ensuring the trust is complying with all fire-related legislation. This includes: Monitoring all buildings Delivering training to all staff on fire prevention Developing policies and procedures for trust-wide implementation Page 11 of 52

12 Advising management on any areas of concern Ensuring action is taken to rectify any works needed 5.16 Local Security Management Specialist (LSMS) The LSMS has responsibility with the Head of Facilities for management of security to include the following: Implementation of the security policy Responsibility for interrogation of incident data for security related events, identifying themes and influencing specific action plans Production of security reports for the trust health and safety committee Conducting security related risk assessments and prioritising expenditure and formulating bids to mitigate risks identified Delivering relevant training programmes to staff Ensuring compliance against external performance assessment specifically relating to security 5.17 Responsibility of all Employees, Agency and Contractors ( Staff ) It is the responsibility of each individual member of staff to: Be familiar with the trust s risk management strategy and comply with risk and health and safety procedures Comply with all trust rules, regulations and instructions to protect health, safety and welfare of anyone affected by the trust s business. This includes the duty to report any concerns that could potentially cause harm or affect trust activities Utilise the risk management processes as a mechanism to highlight areas they believe need to be improved. Report incidents / accidents and near misses using the recognised channels as set out in the trust s incident reporting policy. The trust supports the culture which accepts that the reporting of adverse incidents or near misses is based on fair blame Provide safe clinical practice in diagnosis and treatment Be familiar with the trust s risk management strategy, departmental clinical policies and health and safety procedures and comply with these Neither intentionally, nor recklessly interfere with nor misuse any equipment provided for the protection of safety and health Be aware of and make others aware of emergency procedures e.g. resuscitation, evacuation and fire precaution procedures appertaining to their particular department or location or arising from their own working practices 6.0 COMMITTEES AND SUB COMMITTEES WHICH HAVE RISK MANAGEMENT RESPONSIBILITIES The ongoing operational aspects of risk management are delegated to the following trust approved committees: 6.1 Management Board Management Board is a formal sub-committee of the Board of Directors, responsible for ongoing operational governance. 6.2 Risk and Quality Governance Committee (R&QGC) The R&QGC is a sub committee of the Management Board with responsibility for monitoring and review of the risk, control and governance processes which have been established in the organisation, and the associated assurance processes. This will help the Board of Directors to be fully assured that the most efficient, effective and economic risk, control and governance processes are in place, and that the associated assurance processes are optimal. The R&QGC receives reports from the trust patient safety, patient experience and clinical & research effectiveness committees. 6.3 Quality Assurance Committee Page 12 of 52

13 Reporting to the Board, the quality assurance committee is Non Executive led and has responsibility for monitoring and review of the governance processes which have been established in the organisation, and the associated assurance processes. This will be in order to help the Board of Directors to be fully assured that the most efficient, effective and economic risk, control and governance processes are in place, and that the associated assurance processes are optimal. The quality assurance committee receives a report of the activity of the risk & quality governance committee. 6.4 Audit Committee Reporting to the Board, the audit committee will have primary responsibility for financial risk and associated controls, corporate governance and financial assurance. 6.5 Patient Safety Committee Reporting to the risk & quality governance committee, the role of this committee is to determine and oversee the continual development and implementation of safe practice in the trust. 6.6 Patient Experience Committee Reporting to the risk & quality governance committee, the role of the committee is to review, monitor and develop the Patient Experience Strategy and associated work in relation to the patient experience agenda. 6.7 Clinical & Research Effectiveness Committee Reporting to the risk & quality governance committee, the role of the committee is to support the implementation of NSF and NICE guidance through a high level Clinical & Research Effectiveness Governance with an overall aim of improving clinical care through the implementation of both NSF and NICE guidance and monitoring of Quality Accounts. 6.8 Education & Training Committee Reporting to the School of Oncology Board the role of the committee is to provide an expert developmental and discussion forum for education and training initiatives and to advise on and endorse the education and training elements of Christie policies, standard operating procedures, training packages and competency documents, ensuring that lessons from incidents, claims and complaints are integrated in educational activity. 7.0 SUPPORTING FRAMEWORK 7.1 Board assurance framework The board assurance framework (BAF) links organisational (corporate) objectives with identified risks to achieving those objectives. This occurs via the risk register, identifying action to treat and control risks and highlighting gaps. It allows the Board to determine where to make efficient use of resources to improve quality and safety of care. Regular review of the BAF monitors progress of remedial action to facilitate delivery of the corporate objectives and assures the effectiveness of controls to manage risk within the organisation. It also provides a structure for the evidence to support the annual governance statement. This is monitored by the audit and quality assurance committees and twice yearly by the Board of Directors. 8.0 LEVELS OF RISK MANAGEMENT ACROSS THE TRUST Risk assessment and management is addressed at three levels across the trust and is communicated via risk registers held on the Datixweb system and accessed at different levels. Risk assessments are a continuing process. 8.1 Board level The Board of Directors is informed of the significant risks that face the organisation. Significant risks are defined as "risks that are significant to the fulfilment of the (organisation's) objectives". Although no specific definition is given as to what constitutes "significant risk", a risk score, although not a precise measure, aids identification of the most serious risks. These are held on the Board Assurance Page 13 of 52

14 Framework which is reviewed twice a year. The Board receive a Top Ten Risk Report consisting of the top ten corporate and top ten divisional risks on a monthly basis. 8.2 Corporate Level The corporate risk register is a "living communication tool" held by the Datixweb system and includes risks identified through corporate and departmental/ward risk assessments. It also serves as a log of actions required and taken to manage risk and is used as a prioritisation tool. The corporate risk register is the responsibility of the Board of Directors and is maintained by the Quality and Standards team. A Top Ten Risk Report is submitted to the R&QGC by the General Managers on a monthly basis for discussion and noting. This report contains the top ten corporate and top ten divisional risks. Any risks that cannot be controlled and involve substantial risk to achieving the corporate objectives are escalated to the Board and added to the Board Assurance Framework via R&QGC through the lead officer. 8.3 Divisional level Risks that are below 15 or form a trend as identified by the divisional registers will be addressed by the divisional board meetings on a monthly basis. Following discussions, the most significant risks for the trust as identified against the organisation s objectives, which cannot be controlled, are escalated to R&QGC and Management Board via the Top Ten Risk Report and exception report to the last sentence of this section Ward/Departmental The ward/departmental management teams will also perform risk assessments of their areas and those will be used to maintain and monitor risk registers, managing risks scored 1-6. Risk assessment will be completed in line with the trust guidance in risk assessment. Escalation of risks 8 and above are reported and managed via Matrons/senior managers within the ward/department and discussed at Divisional Boards 9.0 ACCOUNTABILITY AND REPORTING STRUCTURES The diagram in Appendix 1 shows the governance arrangements for The Christie NHS Foundation Trust RISK MANAGEMENT APPROACH 10.1 Fair Blame The trust supports a fair blame culture. It encourages an open and honest approach to reporting incidents and concerns in the accordance with the principles of An Organisation with a Memory. The trust recognises that whilst it is easy to promote a culture of learning and closing the loop with regard to risk management, the effect on staff directly involved in an incident or enquiry should not be underestimated. Exceptional cases will arise, however, where there is clear evidence of wilful or gross neglect contravening the trust s policies and procedures and/or Professional Codes of Conduct, or where there is repeated evidence of poor performance despite intervention/support. These will be dealt with on an individual basis Being Open 'Being open' supports a culture of openness, honesty, and transparency and includes apologising and explaining what happened. Being open with patients often defuses the situation and allows open communication and learning to avoid recurrence. Patients and/or carers should receive an apology as soon as possible after a patient safety incident has occurred. Staff should feel able to apologise on the spot; saying sorry is not an admission of liability and it is the right thing to do. This culture is promoted throughout the trust in line with the Being Open Policy 10.3 Reporting Concerns All employees must ensure they are familiar with the Whistle blowing Policy for raising concerns of matters relating to fitness to practice for reasons of conduct, health or competence. Page 14 of 52

15 11.0 PROCESS FOR THE MANAGEMENT OF RISK 11.1 Overview The trust employs a number of mechanisms to systematically assess and manage its risks, all of which combined provide the Board of Directors with the required assurance that risks to objectives are being appropriately managed. These processes broadly fall into proactive and reactive risk processes Proactive risk processes: Insert the following wording immediately after the heading:- The proactive risk management process has 3 stages 1. The identification of risk, as set out in section The assessment of risk as set out in section 12.2 through The management and monitoring of this risk information using risk registers as set out in section 13 of this strategy. The following are elements of the proactive risk assessment process. Strategies, policies and procedures In addition to this risk management strategy there are a range of other policies that support the management of risk in the trust. These are available on the trust s intranet site. Policies that link closely to the risk management strategy are detailed under Associated Documents. Resilience Management The trust has in place a comprehensive Major Incident Plan, as well as a range of plans and other associated documents that are designed to ensure the resilience of the trust in a range of scenarios that would limit the operating capacity of the organisation. These plans are tested in line with the requirements of the Civil Contingencies Act, and learning from these tests is communicated back into relevant groups to ensure the processes are refined. Implementation of clinical guidance The trust has mechanisms is place to implement the latest guidance and recommendations these processes are covered by the Management of National Clinical Guidelines policy. Standards and Accreditation The trust ensures that it meets (and aims to exceed) a range of standards and accreditations. Many of these are covered by the Management of external agency visits, inspections and accreditations policy. Audit Activity (clinical, internal and external) There is extensive audit activity within the trust covering a range of issues. Findings from these reviews are fed back to appropriate members of staff, and reports made to the clinical and research effectiveness committee and the Board of Director s assurance committees. Reports to Risk and Quality Governance Committee and/or Management Board on key trust priorities Monthly reports are made identifying potential risks to the trust s strategic priorities, and what actions are being taken to minimise these risks. Organisational Learning (supported by the Being open policy) The trust seeks to learn from the experiences of other organisations. For example, published reports from key regulators are always reviewed, with findings compared to existing trust practice. Training Extensive training activity takes place in the trust on a range of subjects. Much of this is regulated by professional bodies such as the GMC, NMC etc, while some is linked to individual personal development plans, or to the implementation of trust policies. As a minimum all staff receive appropriate essential training as described in the Corporate Essential Training Policy. Risk Registers: The trust has a robust process for the management of the trust-wide risk register. The trust-wide risk register is supported by comprehensive risk assessment systems in all areas, and is stored on the trust risk management system, Datix Reactive risk processes The trust also identifies potential risks from events that have already occurred. The main drivers of this come from: Page 15 of 52

16 Incidents - The trust has a system for reporting adverse incidents, or serious incidents, which is described in the Incident Reporting and Investigation Policy. All notified incidents are graded using a simple risk assessment matrix, consistent with that to be used for risk management. Complaints - The trust has a well-established complaints process that is responsible for handling all trust complaints and ensures that all concerns are responded to within the approved timescales. All serious complaints are the subject of a full root cause analysis. Information and action plans arising from complaints are used to develop or change the service delivery. The trust complaints handling process is described in detail in the Complaints Policy. Claims, litigation and inquests: The trust s Quality and Standards team works closely to enable the early identification of potential legal claims against the trust. They liaise with HM Coroner and clinicians in respect of the inquest process. Any concerns or recommendations raised by the Coroner are communicated appropriately to ensure that remedial action is taken. The processes for claims and litigation are set out in the Claims Policy. The process for inquests is set out in the Inquest Policy. Debriefing/Post Event Analysis Where something happens within the trust that impacts on services, potential risks are identified and appropriate management action put in place to reduce or eliminate the possibility of a similar occurrence. This can be separate or complementary to the processes described in the policies listed above PROCESS FOR ASSESSING ALL TYPES OF RISK AND ENSURING A CONTINUAL, SYSTEMATIC APPROACH TO ALL RISK ASSESSMENTS IS FOLLOWED THROUGHOUT THE ORGANISATION The trust s process for assessing risk is the same across the organisation for all types of risk. There is a continual, systematic approach to risk assessment to ensure consistency across the trust Risk Identification and Categories of Risk The identification of risk is an ongoing and proactive process and is the responsibility of staff at all levels within the organisation. Risks may fall into the following categories Organisational Clinical Health and safety Financial Project Reputational They can be identified in a number of ways. For example, through team based brainstorming, workshops, questionnaires, SWOT analysis, audits, analysis of incidents (including near misses), claims and complaints. Risks can also be identified through information received from a number of external sources (e.g. HSE, CQC, Royal College visits, NHSLA accreditation visits, PMETB etc). Divisional directors must systematically collate all the risks, within their areas of responsibility and clearly document them on a trust-approved general risk assessment form, considering the following points: What are the divisional and/or corporate objectives? What are the risks to achieving these objectives? What would affect service provision? Who could be harmed and how i.e. what can go wrong? Are any groups of staff, patients or visitors at greater risk? Have risks been identified in incidents, complaints or claims? What is the environment like? What equipment is in use? Are there any hazardous substances used? What are the training requirements? Risks may be identified from many sources including: Page 16 of 52

17 Proactive risk assessment Reactive risk assessment following an incident, complaint or claim Observation of trust functions and work activities Incidents in other organisations Independent assessments, for example, Care Quality Commission, NHS Litigation Authority, Health and Safety Executive Articles in professional journals, newspapers or other areas of the media 12.2 Risk assessment and quantification Risks are defined as the chance of anything happening that would have a negative impact upon our ability to provide high quality health services in terms of access, effectiveness, efficiency, appropriateness and safety. The identification and management of risk as communicated in risk registers will aid decision-making and resource prioritisation. It produces proper information by which the trust can reassure the public, patients and stakeholders that it is effective and efficient and delivering the objectives of the organisation. Risk assessment looks at hazards, (which are situations with the potential to cause harm) and risks, (which are defined as the probability that a specific adverse event will occur in a specific time period or as a result of a specific situation). Although it is not possible to eliminate all risks, trust staff have a duty to protect themselves, colleagues, patients and visitors as far as reasonably practicable. The NHS has adopted the AS/NZS 4360:2004 Risk Management Standard which measures risk using a combination of consequence (also described as impact or severity) and the likelihood (or probability or frequency) of an event occurring. Risk is therefore assessed in terms of Consequence x Likelihood. A systematic and common approach to quantifying risk through defining qualitative measures of consequences and likelihood as discussed in the risk scoring tool has been adopted (Appendix 5). This allows construction of a risk matrix for evaluating the level of risk -low/moderate/high/extreme, and the priority for action. A risk assessment seeks to answer four simple, related questions: How bad? What can go wrong? Is there a need for action? How often? The trust uses a 5 step process for risk assessment: Step 1 Identify the hazards (what can go wrong?) Step 2 Decide who might be harmed and how (what can go wrong? who is exposed to the hazard?) Review Page 17 of 52

18 Step 5 implementation. Review your assessment and update if necessary 12.3 Risk assessment forms The trust has a range of subject specific risk assessment forms. Where a subject specific form is not appropriate the general risk assessment form must be used. As a minimum risk assessments must be reviewed every two years Risk evaluation Risk scores are determined by multiplying the score for consequence by the score for likelihood (C x L). See Appendix 4 for descriptors. Likelihood score 1 Rare 2 Unlikely 3 Possible 4 Likely 5 Almost certain Consequence score 5 Catastrophic Major Moderate Minor Negligible Risk control In order to manage the risks identified during the assessment process, it may be necessary to take action and put controls in place. Appropriate control measures ensure risks are eliminated or minimised as far as possible. With suitable controls in place the level of risk may be reduced to an acceptable level. Managers must consider the level, type and cost of the control measures required to manage a specific risk, the benefit these may have on the likelihood of the risk occurring and potential consequences if it should occur. There may be cases where the cost of controlling risk far outweighs the benefit Risk ranking, risk acceptability and management responsibility Management responsibility for individual risks will be assigned according to the risk ranking. The general acceptability of a derived risk is shown in the table below. Risks that are unacceptable shall be subject to suitable risk reduction measures. Score Ranking Descriptor Assignment of management responsibility Extreme Unacceptable level of risk. Mandatory elimination or control to Take immediate action outside routine meeting schedule. reduce risk to an acceptable level. Escalate following discussions, consider as BOARD ASSURANCE FRAMEWORK item. Managed at corporate level, R&QGC. Senior manager responsibility (Band High Undesirable level of risk. Attempts should be made to eliminate or control to reduce risk to an acceptable level. Shall only be acceptable when further risk reduction is impractical. 4-7 Moderate Attempts should be made to eliminate or control the risk. Page 18 of 52 and above). Managed at divisional board level. Senior Manager responsibility (Band 8 and above) Proactively managed by matrons, heads of department, service level (Band 7 and above)

19 1-3 Low Acceptable no further action required or where cost of further reduction outweighs benefits gained. Proactively managed by all staff. Review by head of department RISK REGISTER All Trust risk registers must be populated with risks from the following sources; Incident reports Risk assessments Local risk registers External recommendations The risk register is the main tool to manage organisational risk within the trust. It is a prioritised log of risks faced by the trust. It is used to help ensure that appropriate action is taken to control, reduce or eliminate each risk. All registers are continuously updated as circumstances change, new risks arise and established risks are treated The Trust aims to use the risk register module on Datix to record all risks, corporate, divisional and departmental, by Dec In the interim, risk registers are maintained on Excel spreadsheets. The risk register includes: The source of the risk A description of the risk The current risk score Risk control measures in place An action plan Residual risk score Date of review Access to Datix is via the intranet and requires a password. There are 2 levels of access: full and limited: Full access Is restricted to named leads within each division Is issued by the Quality and Standards team (ring ext or 3646) Provides full access rights to the risk register on Datix which allows users to enter and update risks, approve risk descriptions and scores, and develop and manage action plans. Limited access Is restricted to named departmental managers Is issued by the Quality and Standards team (ring ext or 3646) Provides limited access rights to the risk register on Datix which allows users to enter risks, which then require approval by a senior manager with full access. The risk and health and safety manager maintains the access list. All managers with access to the risk register module on Datix can view risks for other divisions. This will help to ensure consistency of scoring across the trust Corporate risk register The corporate risk register is derived from risk score of 15 identified by divisions and key risks identified against the corporate objectives as detailed in the board assurance framework. These are risks that Page 19 of 52

20 have the capacity to apply to all or the greater part of the trust and which normally have to be managed or resolved at corporate level Divisional/Departmental Risk Registers The divisional director for each division is required to develop a divisional risk register based on extreme and high level corporate risks and local risk assessment scores. Ward and departmental managers are responsible for managing risks locally, for establishing risk registers for each clinical and non-clinical area and for reviewing and updating these registers. Departmental managers are expected to address risk issues as they arise wherever possible and to put into place treatment plans for risks that can not be addressed as they arise. Prioritisation of risks should be influenced by the risk score. It is recognised by the trust that in some divisions an overarching divisional risk register may not be practical due to the number and type of risks present within the departments. In these cases the divisional lead must ensure that there is a process in place which allows them an overview of the risk registers and escalation of appropriate risks on a quarterly basis. All extreme 15 level risks must be reviewed monthly by the divisional general manager in each division and reported to the divisional boards and risk and quality governance committee. In addition, all risks on the risk register must be reviewed quarterly by each division and documented clearly in the divisional board meeting minutes Process for board or high level committee review of the organisation-wide risk register The top 10 key risks on the risk register are formally reviewed at each meeting of the risk and quality governance committee when a representative from the division will be required to attend to submit their intended risk treatment action plan. A report of a review of the full register (i.e. all risks recorded on Datix) is submitted to the risk and quality governance committee 6 monthly. This ensures that the Board of Directors and senior management is aware of the significant risks for the trust Escalation of Risk Risks which arise out of these structures or factors which materially change the content of the corporate risk register may be brought to the attention of the Board of Directors at any time, initially via the private section of the Board. The Board will prescribe or approve a suggested course of action in such circumstances. Any serious risks to corporate and divisional objectives must be brought to the immediate attention of the appropriate management. Risks which apply, or have the capacity to apply, to all or the greater part of the trust and which normally have to be managed or resolved at corporate level must be brought to the attention of the risk and quality governance committee for inclusion on the corporate risk register CONSULTATION, APPROVAL AND RATIFICATION PROCESS This policy has been developed by the Quality and Standards team in consultation with the executive directors, general managers and members of the risk and quality governance committee. The policy will be approved and ratified by the Board of Directors DISSEMINATION & IMPLEMENTATION 15.1 Dissemination Once ratified the document will be sent to the web team who will replace the historical version which will subsequently be archived. The Quality and Standards team will be notified of the policy ratification which will enable update of the procedural document register. A completed procedural document checklist will be submitted to the Quality and Standards team to facilitate an audit of compliance with this policy. Awareness will be raised at team brief, via an to all clinicians, departmental managers, and at ongoing essential training sessions Page 20 of 52

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information