Risk Management Policy and Process Guide

Size: px
Start display at page:

Download "Risk Management Policy and Process Guide"

Transcription

1 Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1

2 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including regions and sub-regions) Commissioning Strategy Finance Transformation and Corporate Operations Publications Gateway Reference Document Purpose Document Name POL_1002 Policy and Process Risk Management Policy and Process Guide Publication Date January 2015 Target Audience Additional Circulation List Description Superseded Document Action Required Timing/Deadlines For further information All NHS England staff n/a Policy and high level processes for risk management n/a To note and apply n/a Corporate programme management office Status: pending Next review date: December 2015 Page 2

3 Risk Management Policy and Process Guide Version number: 1.0 First published: January 2015 Updated: (only if this is applicable) Prepared by: Corporate programme management office Status: pending Next review date: December 2015 Page 3

4 This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled. As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet. Status: pending Next review date: December 2015 Page 4

5 Contents 1 Introduction Purpose Audience Distribution plan Training plan and support Roles and responsibilities Risk management roles Risk lead Risk owner Action owner Corporate programme management office (PMO) Risk management process Risk identification and recording Identification of risk Risk register Risk assessment and scoring Action planning Monitoring and closure Reporting and escalating risks Corporate risk register Escalating risks Assuring implementation of this policy Equality and health inequalities analysis Associated documentation Glossary Appendix A NHS England Risk Management Governance and Escalation Route 15 Appendix B NHS England Risk Management Responsibilities Appendix C Risk register guidance Appendix D Risk scoring and rating matrices Status: pending Next review date: December 2015 Page 5

6 1 Introduction This document provides guidance on the policy, process and procedures for risk management in NHS England. Risk management is the recognition and effective management of all threats and opportunities that may have an impact on NHS England s reputation, its ability to deliver its statutory responsibilities and the achievement of its objectives and values. NHS England is committed to developing and implementing a risk management policy and process that will identify, analyse, evaluate and control the risks. 2 Purpose The aim of this policy and process document is to: evidence the importance of risk management to NHS England; support staff to understand their roles and have a consistent approach to risk management; and ensure that correct systems and processes are in place to manage corporate and operational risks across NHS England. It is the policy of NHS England that: we seek to reduce risks that are a threat to the delivery of objectives and put in place actions that address the likelihood and impact of each risk to an acceptable level. This policy and process document supports this by: setting out a risk management framework, which provides assurance to the Board that appropriate processes are in place to manage corporate and operational risks effectively; recommending procedures for the effective identification, prioritisation, treatment and management of risks to minimise or maximise the effect of an uncertain event or set of events on the delivery of objectives; ensuring a cohesive approach to the governance of risk; identifying risk management resources; and establishing risk management as an integral part of the NHS England culture. All identified risks will be required to: be recorded with a core minimum amount of information as set out in this document; be assessed on the likelihood of the risk being realised and the level of impact should the risk be realised; and have an identified risk owner and action owners. The policy element of the document describes the governance structures in place to ensure that risks are managed and escalated through NHS England as appropriate. Status: pending Next review date: December 2015 Page 6

7 It sets out the respective responsibilities for corporate and operational risk management for the Board and staff throughout NHS England. The document describes the corporate standard process to assist staff to identify, analyse and manage risks in their respective areas. 3 Audience This policy and process document is applicable to all corporate and operational risks that NHS England could be exposed to, including information governance, programme, project and clinical risks and those arising from the oversight of the NHS commissioning system as a whole. This is a corporate policy and it is expected that central team directorates, regions and programme and project teams will develop and document their own local level procedures based on this policy. Hosted organisations may develop local risk management processes which adhere to the principles of the NHS England risk management policy. Significant risks affecting NHS England from hosted organisations will be escalated through the appropriate sponsoring national director. 3.1 Distribution plan This policy and process document will be made available to all staff via the NHS England internet and intranet sites. Notification of this document will be included in the all staff bulletin, as well as through the corporate programme management office (PMO) communication and engagement routes such as PMO news, PPM advocates and the community of practice. 3.2 Training plan and support To support the implementation and embedding of the risk management policy and procedures; an e-learning package Introduction to risk management will be made available to all staff through the NHS England intranet; and bespoke advanced risk management training will be available to all NHS England teams, tailored to their specific needs. This could include advice and guidance on the management of risk in their area, peer reviews and / or support with development of risk registers. Further guidance and support is available on the corporate PMO intranet pages here or by contacting the corporate PMO at Status: pending Next review date: December 2015 Page 7

8 4 Roles and responsibilities Each area of the business must undertake an ongoing robust assessment of risks and escalate risks through the formal NHS England governance and escalation route, as set out in Appendix A. To support the governance and escalation process Appendix B sets out the specific risk management responsibilities. It is the responsibility of all staff to maintain risk awareness, identifying and reporting risks as appropriate to their line manager and / or director. 4.1 Risk management roles Risk lead All central team directorates, regions and programme and project teams must have an identified risk lead. They will be responsible for: consulting with teams to identify and assess risks and determine mitigating actions; the ongoing maintenance of a risk register for their area of the business; ensuring risk registers undergo regular review and quality assurance; promoting the risk management policy, procedures and best practice within their area of the business; communicating changes to the risk management policy and procedures to their area of the business; sharing information and knowledge on risks within their area of business, directorate and those on the corporate risk register; and being the key contact for the corporate PMO for assurance on the management of risk and compliance with this policy Risk owner All risks will have an identified risk owner who is responsible for ensuring that risk is managed, including the ongoing monitoring of the risk, ensuring controls and further actions are in place to mitigate the risk and reporting on the overall status of the risk. It is the responsibility of the risk owner to escalate risks where appropriate in line with local risk procedure and the risk escalation process detailed in Appendix A Action owner All risks have action owner(s), to whom the risk owner has delegated responsibility for ensuring the delivery of a task or activity that will help to mitigate the risk and to provide regular reporting on progress. Status: pending Next review date: December 2015 Page 8

9 4.1.4 Corporate programme management office (PMO) The corporate PMO will support the executive risk management group by providing assurance on the implementation of the risk management policy, the management of the corporate risk register and the review of directorate, regional, programme and project risk registers. 5 Risk management process Identify & record Monitor & review Report & Escalate Assess & score Plan 5.1 Risk identification and recording Identification of risk When identifying a risk consideration should be given to what could pose a potential threat (or opportunity) to the achievement of objectives within the context of the organisation. For example, whether the risk is strategic, programme or operational. Risks and issues often get confused and a useful way of remembering the difference is; Risks are things that might happen and stop us achieving objectives, or otherwise impact on the success of the organisation. Issues are things that have happened, were not planned and require management action. Once identified, the risk needs to be described clearly to ensure that there is a common understanding by stakeholders of the risk. The recommended form for risk descriptions is to identify the cause, the event and the effect. Appendix C includes guidance on how to write a risk. Status: pending Next review date: December 2015 Page 9

10 5.1.2 Risk register As a minimum a risk register must contain: risk reference; risk owner; risk description; ratings of likelihood and impact, for both current and after actions; risk proximity; action plans; action owner for each action; and completion date for each action. It is recommended good practice to also include: trend analysis; and sources of internal and external assurance. NHS England s policy is to mandate the use of the standard risk register template, this is available on the corporate PMO intranet pages here. Additional columns can be added to the standard template to enable the best management of risks by those responsible. Guidance on completing a risk register can be found in Appendix C. 5.2 Risk assessment and scoring It is vital that all risks are assessed in an objective and consistent manner if they are to be managed, and to guide operational, project and programme planning and resource allocation. Risks are firstly assessed on the probability (likelihood of the risk happening) and secondly on what would happen (impact) should the risk occur. When assessing how likely it is that a risk will occur, take into account the current environment. Consider the adequacy and effectiveness of the controls already in place within the environment, which could address the causes of the risk and therefore the likelihood of the risk being realised; for example, systems, policies, training and current practice. When assessing what the impact of the risk could be if it happened, consider what the impact of the risk would be in most circumstances within your environment and what is reasonably foreseeable. The assessment is completed by scoring the likelihood and impact. Appendix D sets out the NHS England scoring tables which are based on a scale of 1-5 and the NHS England risk rating matrix which gives the scoring a RAG status. NHS England s procedure is to score and rate a risk twice as a current score and post action score. Status: pending Next review date: December 2015 Page 10

11 Risks are also assessed in terms of proximity i.e. when the risk would occur. Estimating when a risk would occur helps prioritise the risk. The proximity scale used in NHS England is: zero to three months; three to six months; six to nine months; nine to twelve months; and twelve months plus. 5.3 Action planning Following completion of the risk assessment, consideration must be given to whether the risk requires further management actions that ideally minimise the likelihood and/or impact of a threat or maximise the likelihood of opportunities. For each risk an action plan to eliminate, minimise, or maximise the risk is required. It is not always possible to identify and then fully implement actions that eliminate or minimise a risk. Where this is the case, it is essential that the significance of the risk that remains is understood and the organisation in accordance with the risk management governance confirms that it is prepared to accept that level of risk. This is known as the residual risk. 5.4 Monitoring and closure The implementation of the action plan and the level of risk must be kept under review. Where implementation of action plans is not producing the anticipated results, the risk should be re-assessed and a revised action plan agreed as necessary. Once all possible actions have been completed or the event has passed, the risk should be closed and moved to the closed risk register for audit purposes. 6 Reporting and escalating risks 6.1 Corporate risk register NHS England has a corporate risk register, which is an integral part of the system of internal control and defines the highest priority risks which may impact on NHS England s ability to deliver its objectives. The corporate risk register enables the Board and Audit and Risk Assurance Committee to be assured of the management of these risks. The executive risk management group (ERMG) manages these risks on behalf of the Board. Status: pending Next review date: December 2015 Page 11

12 6.2 Escalating risks The governance and escalation diagram set out in Appendix A also includes an example of the process for how risks can be escalated for inclusion on the corporate risk register. It is recommended that at each level Amber/Red and Red risks are escalated. It is the responsibility of each directorate, region and programme and project to define an internal escalation process in line with this policy. This should be documented in an appropriate programme document such as a programme definition document or directorate risk management procedure. A risk management procedure template can be found on the corporate PMO intranet pages here. 7 Assuring implementation of this policy The corporate programme management office will be responsible for assuring the implementation of the policy and procedures. This will be through discussions with risk leads and assessment of risk management processes and risk registers from central team directorates, regions, programme and project teams. The recommendations of the reviews will be reported to the executive risk management group for consideration and where required, further action taken. Internal audit will conduct an annual audit to provide an independent assessment of the design of the risk management policy, processes and procedures and the extent to which they are applied across the organisation. The recommendations of the review will be reported to the National Director, Transformation and Corporate Operations and the Audit and Risk Assurance Committee. The Audit and Risk Assurance Committee oversee the establishment and maintenance of an effective system of assurance on risk management through approval of the risk management policy, regular reporting on the management of corporate risks and progress updates against audit recommendations. 8 Equality and health inequalities analysis This procedural document forms part of NHS England s commitment to create a positive culture of respect for all individuals including staff, patients, their families and carers as well as community partners. The intention is to identify, remove or minimise discriminatory practice in the areas of race, disability, gender, sexual orientation, age and religion, belief, faith and spirituality as well as to promote positive practice and value the diversity of all individuals and communities. As part of the development of this document, its impact on equality has been analysed and no detriment identified. 9 Associated documentation Best Management Practice Management of Risk (MoR) Guidance for Practitioners. Access to this supplementary guidance is available through the corporate access to project and programme management guidance here. Status: pending Next review date: December 2015 Page 12

13 10 Glossary Action plan Assurance Control(s) Corporate risk register Directorate risk register Gaps in controls or assurances Impact Issue Likelihood Operational risks Opportunity Risk Risk assessment Sets out the activities that will address the identified gap and reduce, eliminate or minimise the risk. External evidence that risks are being effectively managed (e.g. planned or received audit reviews). Actions in place to manage the risk. A record of the risks identified through internal processes that will impact on the delivery of NHS England s strategic objectives or major programmes. A record of the risks identified through internal processes that will impact on the delivery of directorate objectives and / or plans. Where an additional system or process is needed, or evidence of effective management of the risk is lacking. Is the result of a particular threat or opportunity should it actually occur. A relevant event that has happened, was not planned and requires management action. Is the measure of the probability that the threat or opportunity will happen, including a consideration of the frequency with which this may arise. A risk or risks that have the potential to impact on the delivery of business, project or programme objectives. Operational risks are managed locally within teams and significant operational risks are escalated, where appropriate, to the executive risk management group (ERMG) via the directorate senior management team. An uncertain event that would have a favourable impact on objectives or benefits if it occurred. A risk is an uncertain event or set of events that, should it occur, will have an effect on the achievement of business, project or programme objectives. A risk can be a threat or an opportunity. The process used to evaluate the risk and to determine whether controls are adequate or more should be done to mitigate the risk. The risk is compared against predetermined acceptable levels of risk. Status: pending Next review date: December 2015 Page 13

14 Risk management Risk proximity Threat The systematic application of management policies, procedures and practices to the task of identifying, analysing, assessing, treating and monitoring risk. The estimate of the timescale as to when the risk is likely to occur. It helps prioritise risk and to identify the appropriate response. An uncertain event that could have a negative impact on the delivery of objectives or benefits, should it occur. Status: pending Next review date: December 2015 Page 14

15 Appendix A NHS England Risk Management Governance and Escalation Route Risk escalation process Board sub committees Board Approve recommendations made in relation to the corporate risk register Audit and Risk Assurance Committee Chief Executive Executive risk management group Major programmes assurance group ERMG review the corporate risk register and consider any escalated risks for addition or removal and recommend to the Board Risk discussed at National or Regional directors SMT meetings and escalated to ERMG where appropriate Regional Director Regional team National director senior management team Director (VSM) Central team All staff Programme / Project senior responsible officer All programme and project teams Risk registers collated and managed with red and amber/red risks being escalated for discussion at management meetings All identified risks are assessed and scored with controls and actions recorded on standard risk registers and reviewed regularly All staff identify risks and report to a nominated risk lead in their directorate, project, programme or region any potential threats or opportunities that impact on delivery of objectives Status: pending Next review date: December 2015 Page 15

16 Appendix B NHS England Risk Management Responsibilities Title NHS England Board Responsibilities Responsible for: articulating the key risk management priorities for NHS England; protecting the reputation of NHS England; providing leadership in risk management; determining the risk appetite for NHS England; ensuring the approach to risk management is consistently applied; ensuring that assurances demonstrate that risk has been identified, assessed and all reasonable steps taken to manage it effectively and appropriately; and, endorsing risk related disclosure documents. Audit and Risk Committee Responsible for on behalf of the Board: providing oversight of the establishment and maintenance of an effective system of assurance on risk management and internal control, across the whole of NHS England s activities that supports the achievement of NHS England s objectives. Chief Executive Further information regarding the responsibilities of the committee is available in the Committee Handbook. Responsible for: ensuring that management processes fulfil the responsibilities for risk management; ensuring that full support and commitment is provided and maintained in every activity relating to risk management; planning for adequate staffing, finances and other resources, to ensure the management of those risks which may have an adverse impact on the staff, finances or stakeholders of NHS England; ensuring an appropriate corporate risk register is prepared and regularly updated and receives appropriate consideration; and, ensuring that the governance statement, included in the annual reports and accounts, appropriately reflects the risk management processes in operation across NHS England. Status: pending Next review date: December 2015 Page 16

17 Title Executive risk management group National directors Responsibilities Responsible for: undertaking a detailed review of NHS England s corporate risk register on a monthly basis and prior to submission to the Board; recommending to the Board the raising of new risks and closing of identified risks, using the corporate risk register; reviewing and discussing the highest key priority risks raised by members of the executive risk management group, with a view to escalating to the corporate risk register, as required; reviewing themes and trends arising from reviews of risks and issues identified; reviewing directorate risk management arrangements; and reviewing the risks of the major organisational programmes and projects, as escalated from the major programmes assurance group. Responsible for: ensuring that directorate and major programme risks are actively managed within their directorate; owner and action owner of individual risks; ensuring staff comply with all organisational policies and procedures and fulfil their responsibility for risk management by identifying, reporting, monitoring and managing risk; leading the management of risk by devising short, medium and long-term strategies to tackle identified risk, including the production of any mitigating action plans; escalation of risks from or to the directorate risk register, for consideration by the executive risk management group for inclusion on the corporate risk register; and ensuring that all activities undertaken within their directorates are consistent with the safe operation of NHS England. Directors (VSMs) / SROs / programme directors Responsible for: ensuring that programme and operational risks are actively managed within their areas of the business; owner and action owner of individual risks (including those delegated by the national director); devising short, medium and long-term strategies to tackle identified risk, including the production of any mitigating action plans; Status: pending Next review date: December 2015 Page 17

18 Title All teams Responsibilities escalation of risks to the national director for inclusion on the appropriate risk register; evaluation of risks leading to the identification of themes (particularly relevant for regional directors across regional risk registers); cascading information and knowledge on risks that are within their area of the business, directorate and those on the corporate risk register; ensuring staff comply with all organisational policies and procedures and fulfil their responsibility for risk management by identifying, reporting, monitoring and managing risk; and ensuring that all activities undertaken within their directorates are consistent with the safe operation of NHS England. Responsible for: participating (as appropriate) in the identification, assessment, planning and management of threats and opportunities; keeping a record of the identified risks in a risk register; undertaking a regular review of the risks on the risk register; and escalating risks to their director, as appropriate and in accordance with the risk management governance and escalation diagram set out in Appendix A. All staff Responsible for: participating (as appropriate) in the identification, assessment, planning and management of threats and opportunities; ensuring that they familiarise themselves and comply with the policies and procedures of NHS England; and undertaking and / or attending mandatory and other relevant training courses. Internal audit Responsible for: agreeing (with the Audit and Risk Assurance Committee) a programme of audits which assess the exposure and adequacy of mitigation of the principal risks affecting the organisation; prioritising the internal audit programme to reflect the risk evaluation set out in the corporate risk register; and reporting and advising on the processes and management of risk through audits, although Status: pending Next review date: December 2015 Page 18

19 Title Corporate programme management office in the Transformation and Corporate Operations Directorate Responsibilities responsibility remains with the organisation or relevant risk owners. Responsible for: assuring the executive risk management group that risk accountabilities exist; reviewing progress in developing and applying the risk management policy; reviewing the results of the assessment of the management of risk; reviewing directorate, region and programme and project team risk registers; evaluation of risks leading to the identification of themes; making recommendations to the executive risk management group on the management of risk implementation; and ensuring risk information is available for review by the executive risk management group through the corporate risk register. Status: pending Next review date: December 2015 Page 19

20 Appendix C Risk register guidance Risk description should describe the risk event, the cause and the effect. The risk should be articulated clearly and concisely with appropriate use of language, suitable for the public domain with acronyms spelt out in the first instance. When wording the risk it is helpful to think about it in three parts and write it using the following phrasing: There is a risk that This is caused by. Would lead to an impact/effect on. Risk owner should include full job title (not just names) of the person who owns the risk. Risk assessment / scoring should be completed in line with the guidance set out in section 5.2 and Appendix D. Risk proximity should be selected based on: zero to three months, three to six months, six to nine months, nine to twelve months and twelve months plus. Action plan should be the actions and activities planned to take place that will when implemented or completed reduce, eliminate or minimise the risk. Action owners should include for each action full job title (not just names) responsible for completing the action. Completion date for actions each action should have a completion date set. Assurances this should include internal assurance / evidence (e.g. Board reporting, subcommittee and programme governance) and external assurance / evidence (e.g. planned or received audits or reviews) that the risk is being effectively managed. Trend this indicates any change in the current risk score in the form of an arrow. It is recommended that is an improvement in position and therefore a reduction in the level of risk e.g. amber to amber/green and a indicates an increase in the level of risk e.g. amber to amber/red. Where there is no change in the level of risk this is indicated by. Last review date this is to indicate when the risk was last reviewed and/or updated. Please note: Be careful and sensitive about the wording of the risk, as risk registers are subject to Freedom of Information (FOI) requests. Do not reference blame to other organisations in the risk register (the register may be made available in the public domain). Status: pending Next review date: December 2015 Page 20

21 Appendix D Risk scoring and rating matrices Likelihood score Likelihood Scoring Descriptor Rare Unlikely Possible Likely Very Likely Frequency / How likely is it to happen? This probably will never happen/recur Do not expect it to happen/recur, but it is possible it may do so Might happen or recur occasionally Will probably happen/recur, but is not a persisting issue or circumstance Very likely to happen/recur; possibly frequently Category Impact Scoring Impact score Descriptor Very low Low Moderate High Very high Operational Minor reduction in quality of treatment or service No or minimal effect for patients. Reputational Financial Not relevant to mandate priorities No adverse media coverage No negative recognition from the public. Programme- Between 10m and 25m Admin- Between 2m and 5m Single failure to meet national standards of quality of treatment or service Low effect for a small number of patients if unresolved. Minor impact on achieving mandate priorities Low level of adverse media coverage Small amount of negative public interest Programme- Between 25m and 50m Admin- Between 5m and 10m Repeated failure to meet national standards of quality of treatment or service Moderate effect for multiple patients if unresolved. Moderate impact on achieving mandate priorities Moderate amount of adverse media coverage Moderate amount of negative public interest. Programme- Between 50m and 100m Admin- Between 10m and 20m Ongoing noncompliance with national standards of quality of treatment or service Significant effect for numerous patients if unresolved. High impact on achieving mandate priorities High level of adverse media coverage Negative impact on public confidence. Programme- Between 100m and 250m Admin- Between 20m and 50m Gross failure to meet national standards with totally unacceptable levels of quality of treatment or service Very significant effect for a large number of patients if unresolved. Mandate priorities will not be achieved National adverse media coverage Total loss of public confidence. Programme- More than 250m Admin- More than 50m Status: pending Next review date: December 2015 Page 21

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Data Protection Policy

Data Protection Policy Issue Date: June 2014 Document Number: POL_1006 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading length; please depending delete other on line length;

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy This section is to be completed by the Policy Custodian Name of Originator: Name of Responsible Committee / Individual: ECCG Clinical Commissioning Group Quality & Safety Committee

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Project Risk Analysis toolkit

Project Risk Analysis toolkit Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,

More information

Risk Management Plan 2012-2015

Risk Management Plan 2012-2015 Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Risk Management Framework

Risk Management Framework 4 November 2013 Performance and Resources Board 15 To consider Risk Management Framework Issue 1 To consider a draft revised Risk Management Framework as requested by Council at its meeting on 7 February

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

IT Services Risk Management Strategy

IT Services Risk Management Strategy Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Complaints Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Policy Governance

More information

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY. Version 3 RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment

More information

Business Continuity Policy

Business Continuity Policy Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England

More information

CCG Social Media Policy

CCG Social Media Policy Corporate CCG Social Media Policy Version Number Date Issued Review Date 2 25/03/2015 25/03/2017 Prepared By: Consultation Process: Formally Approved: Governance Manager, North of England Commissioning

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

POLICY : CORPORATE RISK MANAGEMENT

POLICY : CORPORATE RISK MANAGEMENT APPENDIX 5 POLICY : CORPORATE RISK MANAGEMENT 1 Scope This is a Service wide policy. 2 Aims and Objectives Lancashire Combined Fire Authority provides services to a diverse range of people and organisations,

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Group Risk Management Policy

Group Risk Management Policy Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014

More information

A Framework of Quality Assurance for Responsible Officers and Revalidation

A Framework of Quality Assurance for Responsible Officers and Revalidation A Framework of Quality Assurance for Responsible Officers and Revalidation Supporting responsible officers and designated bodies in providing assurance that they are discharging their statutory responsibilities.

More information

Cost improvement plans Quality Impact Assessment (QIA)

Cost improvement plans Quality Impact Assessment (QIA) Trust Board in public REPORT TITLE: EXECUTIVE SPONSOR/AUTHOR: AUTHOR Date: 28 November 2013 Agenda Item: 3.2 Cost improvement plans Quality Impact Assessment (QIA) Paul Simpson (Chief Finance Officer)

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Guidance for NHS commissioners on equality and health inequalities legal duties

Guidance for NHS commissioners on equality and health inequalities legal duties Guidance for NHS commissioners on equality and health inequalities legal duties NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. &

More information

PM Governance. Executive Team ADCA ADCA

PM Governance. Executive Team ADCA ADCA Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework.

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework. La Trobe University Compliance Framework Introduction The Compliance Framework documents the system and Compliance Process through which La Trobe University can monitor, review and comply with its legislative

More information

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Enterprise Risk Management Process and Procedures Scope In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Risk identification

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

SUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary

SUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary SUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary 1. Introduction Under the Risk Assessment Framework and in line with the NHS

More information

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee Page 1 2 Contents 1. Introduction... 3 1.1 Definition of a... 3 1.2 Why have

More information

Quality and Engagement Sub Committee

Quality and Engagement Sub Committee Quality and Engagement Sub Committee 12 June 2012 Corporate Risk Register and Risk Management Strategy Executive Summary As part of authorisation, Blackpool Clinical Commissioning Group (CCG) must identify

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY

CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY CORP 600 RISK MANAGEMENT POLICY Purpose In March 2003, the Australian Stock Exchange (ASX) Corporate Governance Council released the first version of its

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

Northern Ireland Blood Transfusion Service

Northern Ireland Blood Transfusion Service Northern Ireland Blood Transfusion Service Risk Management Strategy Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 12 CONTENTS

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Central Alerting System Policy

Central Alerting System Policy Central Alerting System Policy This procedural document supersedes: CORP/RISK 6 v.3 Medical Device Related Incidents and Central Alerting System Policy Did you print this document yourself? The Trust discourages

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories Risk Management Plan INTENTIONALLY BLANK 1. Introduction The purpose of this Risk Management Plan (RMP) is to

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT AGENDA ITEM 4 TRANSPORT FOR LONDON AUDIT COMMITTEE SUBJECT: STRATEGIC RISK MANAGEMENT PROGRESS REPORT DATE: 3 MARCH 2009 1 PURPOSE AND DECISION REQUIRED 1.1 The purpose of this paper is to update the Audit

More information

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO

More information

London Legacy Development Corporation s Statement of Risk Appetite September 2015

London Legacy Development Corporation s Statement of Risk Appetite September 2015 London Legacy Development Corporation s Statement of Risk Appetite September 2015 Appendix 1 1. INTRODUCTION 1.1 Her Majesty s Treasury uses the Orange Book definition of risk management The amount of

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Risk Management Strategy

Risk Management Strategy Authors Name & Title: Joan Matthews Risk Manager, Hazel Holmes Director of Nursing Scope: Trust Wide Classification: Non Clinical Strategy Replaces:, v3.1 To be read in conjunction with the following documents:

More information

Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans

Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans A guide to implementing integrated assurance and approvals Version 1.0 - May 2011 Contents Introduction 03 Integrated

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Protocol and Procedure for Accessing External Legal Advice

Protocol and Procedure for Accessing External Legal Advice Protocol and Procedure for Accessing External Legal Advice Reference No: Version: Ratified by: P_CoG_06 Two LCHS Trust Board Date ratified: 29 th July 2014 Name of originator/author: Name of approving

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Risk Policy and Risk Management Procedures

Risk Policy and Risk Management Procedures Risk Policy and Risk Management Procedures Preface The University s Risk Policy sets out The University s approach to risk and its management together with the means for identifying, analysing and managing

More information

PROTOCOL FOR DUAL DIAGNOSIS WORKING

PROTOCOL FOR DUAL DIAGNOSIS WORKING PROTOCOL FOR DUAL DIAGNOSIS WORKING Protocol Details NHFT document reference CLPr021 Version Version 2 March 2015 Date Ratified 19.03.15 Ratified by Trust Protocol Board Implementation Date 20.03.15 Responsible

More information

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information