Integrated Risk Management Framework

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Integrated Risk Management Framework"

Transcription

1 Integrated Risk Management Framework Number: THCCGCG1 Version: 2 This document provides an overview of the risk management process utilised by NHS Tower Hamlets CCG. The Board Assurance Framework provides assurance (internal and external) that risks to the achievement of Corporate Objectives are being managed effectively and at the right level of the organisation. Executive Summary Risks can arise from a number of areas: QIPP, Incident reports, complaints, audits, inspections, etc. Risk can impact on a number of areas: Service disruption, financial loss, physical harm to patients, staff and others, increased likelihood of complaints, service disruption and negative media interest. Date of ratification 3 September 2013 Document Author(s) Paul Balson Governance and Risk Manager, NHS NELC Who has been consulted? NHS TH CCG Audit Committee 20 May 2013 Senior Management Team 17 May 2013 Was an Equality Analysis required? No With what standards does this document demonstrate compliance? Department of Health Circular HSC 1999/123 Annual Statement of Internal Control 2009/10 guidance Integrated Governance Handbook February The Health and Social Care Act 2008 regulations Australian Standard AS/NZS 4360:1999 The Internal Control Working Party of the Institute of Chartered Accounts in England & Wales Guidance September NHS Constitution for CCGs NHSLA Risk Management standards List of approvals obtained Senior Management Team May 2013 Audit Committee May 2013 Governing Body TBC Recommended review period April 2014 Key words contained in document Is this document fit for the public domain? Y / N assessment, assurance, audit, committee, control, criminal, culture, development, east, elimination, evaluation, executive, financial, governance, grading, guidance, health, healthcare, incident, indicators, internal, key, kpi, likelihood, management, monitoring, objectives, operational, organisation, provider, quality, reporting, risk, risks, sacu, safety, sector, stakeholders, strategic, strategy If No, Y why? Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 1 of 33

2 Contents 1 Governing Body statement Purpose and scope Purpose Scope The Risk management structure Risk reporting and management Board Assurance Framework (BAF) Risk grading matrix Roles & responsibilities Risk rating Zero Tolerance Risks Assurance sources External Internal Training Communication and awareness of the CCGs approach to risk management Monitoring, evaluation and review Monitoring and evaluation Reviews Frequently Asked Questions: Appendix 1: Definitions of key terms Part 1: Core risk management elements Part 2: Advanced risk management terms Appendix 2a: Risk register template Appendix 2b: Board Assurance Framework (BAF) summary Appendix 2c: Board Assurance Framework (BAF) full detail Appendix 3: Risk categorisations Risk rating categorisations: Appendix 4: Responsibilities Groups and Committees Governance Structure of NHS Tower Hamlets CCG Individuals Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 2 of 33

3 1 Governing Body statement NHS Tower Hamlets CCG (the CCG) Governing Body recognises risk is ever present and all pervasive in the provision of healthcare, treatment and care of patients, employment of staff, maintenance of premises and managing finances. The CCG is committed to having a risk management culture that underpins and supports the business of the CCG. Where this is done well, this ensures effective health provision, the safety of our patients and staff, effective commissioning, and that as an organisation; is not surprised by risks that could, and should, have been foreseen. Considered risk taking is encouraged, together with experimentation and innovation within authorised limits. The priority is to reduce those risks that impact on safety, and reduce our financial, operational and reputational risks. The CCG is committed to implementing the principles of governance, defined as the system by which the organisation is directed and controlled to achieve its objectives and meet the necessary standards of accountability, probity and openness. THCCG recognises that the principles of governance must be supported by an effective risk management system that is designed to deliver improvements in health provision, patient safety and care as well as the safety of its staff. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 3 of 33

4 2 Purpose and scope 2.1 Purpose The establishment of effective risk management systems is recognised as being fundamental in ensuring good governance. Its aim is to continually improve the quality of health service commissioning through the identification, prevention, control and containment of risks of all kinds. To do this, a systematic and consistent approach to risk management across the range of TH CCG commissioning activities is preferable. The CCG Governing Body ensures that there are robust and independent assurances given on the soundness and effectiveness of the systems and processes in place for meeting their objectives and delivering appropriate outcomes. It therefore has overall responsibility for ensuring that they are reasonably assured that the processes of risk identification, evaluation and control are effective. This is achieved through the management and application of the Assurance Framework. The Board Assurance Framework (BAF) enables the TH CCG Governing Body to be assured that the controls applied in the mitigation of risk are operating effectively. Hence the BAF is a key element of the risk management process. With these principles in mind, the purpose of this strategy is: To encourage a culture where risk management is viewed by the CCG and staff as an essential process of the CCG s activity To assure the member practices, public, patients and their carers and representatives, staff and partner organisations that the CCG is committed to managing risk appropriately To ensure structures and processes are in place to support the assessment and management of risks throughout the CCG The risk management framework is integrated because it covers a number of key areas such as: clinical, corporate, financial and reputational risk. For a fuller list of areas risk see Risk classification and risk categorisation. 2.2 Scope This risk management framework applies to all employees, permanent or temporary, of TH CCG. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 4 of 33

5 2.3 Description of terms and definitions Risk management has a number of terms and definitions that communicate its meanings, interpretations and outcomes in a common language. Detailed descriptions of these terms and definitions that are relevant to TH CCG s approach to risk and board assurance as described in this document are presented in Appendix 1: Definitions of key terms. This includes terms and definitions that reflect those areas of risk management which extend beyond the traditional reporting framework into one that moves the organisation more towards best practice risk management. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 5 of 33

6 3 The Risk management structure The risk management structure is the vehicle by which risks are captured, reported and managed. It enables risks to be considered and managed at the appropriate level of the organisation (operational level and strategic level) dependent on the nature and severity of the risk. The risk management structure of NHS TH CCG is shown below: Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 6 of 33

7 Note 1 4 Risk reporting and management Explanation Risks are identified via a number of methods (not an exhaustive list) Proactive risk assessments Service alerts Incident reports (including Serious Incidents and Never Events ) Complaints Audits All risks are graded in line with the matrix at Risk grading matrix The Board Assurance Framework (BAF) is used for the management of risk. 4.1 Risk Register The risk registers are used for recording risks at a Locality, Delivery Board and team level. The Governance and Risk manager, working in partnership with the risk lead(s), or designated persons will update the risk registers as and when required but no less than once a quarter. An exemplar Risk register format is explained in Appendix 2a: Risk Register Template The criteria for determining which level in the escalation process a risk will sit on is determined primarily by the risk rating but also based on the following criteria: action that is outside the remit of an individual locality risks that have an impact on other or related areas of the CCG s business activities risks that are common to a number of departments / functions / GP practices risks where no action has been taken to implement additional controls, risks where additional controls have not succeeded in reducing the risk grading. The relationship between the BAF and the risk registers is summarised below: Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 7 of 33

8 Note Explanation 4.2 Board Assurance Framework (BAF) The BAF records more detail than the risk registers and is the vehicle by which the NHS TH CCG board is assured of the effectiveness of the risk management processes employed. The purpose of the Board Assurance Framework can be shown below: 1. To inform the Annual Governance Statement which is signed off at the end of the financial year by the Chief Officer; the BAF demonstrates that the CCG has a strong system of internal control. 2. Lists the CCG s Corporate Objectives 3. List the main risks to the achievement of the Corporate objectives 4. List the Controls and Assurances that demonstrate how the risks will be adequately managed. 5. List the Controls and Assurances that are not yet in place. The Governance and Risk manager, working in partnership with the Locality Clinical Directors, TH CCG Management Team, risk lead(s), or designated persons will update the BAF as and when required but no less than once a quarter. Working in partnership with the designated persons, risks reported through the BAF will be updated on a monthly basis. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 8 of 33

9 Note Explanation The BAF is subject to external audit and scrutiny and supports the NHS TH CCG annual governance or equivalent statement that will demonstrate robust mechanisms for internal control. The risk reporting format shown Appendix 2b is the Board Assurance Framework summary which gives at a glance how the TH CCG is performing against its risks. Appendix 2c, is the full detailed document. The criteria for considering raising a risk from the Locality registers to the TH CCG BAF is outlined in 5.1 Escalation of risk. Both the Board Assurance Framework Summary and full detail documents will be reported to the Finance, Performance and Quality Sub-Committee, Audit Sub- Committee and the TH CCG Governing Body as and when required. Additional detail of Committee responsibilities can be viewed at Appendix 4: Responsibilities. 2 Each risk identified will be allocated a Committee with responsibility for monitoring the risk. Each risk will also have an executive lead. Additional detail of responsibilities can be viewed at Appendix 4: Responsibilities. 3 Versions of the Board Assurance Framework is presented to the Committees of the Governing Body who will review the risks pertinent to their remit. Following review, the risk leads and the Governance and Risk Manager will update the documents. 4 The risks are amended or documented as required. 5 Updated versions of the documents are drafted. 6 The updated versions of the documents are circulated to the pertinent Committees and groups and the process begins again. The BAF is presented to the Audit Committee at each meeting, with a revised version presented each quarter. The Governing Body will receive the updated BAF once a quarter. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 9 of 33

10 4.3 Risk grading matrix In order to ensure that all risks in TH CCG are managed appropriately all risks will be assessed using the following risk grading matrix (see figure 2). Additional guidance on using the matrix is available at 20. Appendix 3: Risk categorisations. Likelihood Rating Description Rare Unlikely Possible Likely Certain Frequency Not expected to occur in years Expected to occur once a quarter Expected to occur once a month Expected to occur weekly Expected to occur daily Rating Description A B C D E F G H Objectives / Projects Harm / Injury to Patients, Staff Visitors and Others Actual / Potential complaints and claims Service disruption Staffing and Competence Financial Inspection / Audit Adverse Media Probability <10% 10% to 24% 25%-45 50% - 74% >75% 1 Insignificant Insignificant cost increase / time slippage. Barely noticeable reduction in scope or quality Incident was prevented Locally resolved OR Incident complaint occurred and there was no harm Loss / Interruption more than 1 hour Short term low staffing leading to reduction in quality (less than 1 day) Small loss < 1000 Minor recommendations Rumours Severity Minor Moderate Major Severe Less than 5% cost or time increase. Minor reduction in quality or scope 5-10% cost or time increase. Moderate reduction in scope or quality 10-25% cost or time increase. Failure to meet secondary objectives >25% cost or time increase. Failure to meet primary objective Individual(s) required first aid Staff needed <3 days off work or normal duties. Individual(s) require a moderate increase in care. Staff needed >3 days off work or normal duties Individual(s) appear to have suffered permanent harm. Staff have sustained a "Major Injury". As defined by the HSE Individual(s) died as a result of the incident Justified complaint peripheral to clinical care. Below excess claim. Justified complaint involving inappropriate care Claim above excess level. Multiple justified complaints Multiple claims or single major claims Loss of one whole working day. Loss of more than one working day Loss of more than one working week Permanent loss of premises or facility. On-going low staffing levels reducing service quality Late delivery of key objectives / service due to lack of staff. On-going unsafe staff levels Small error owing to insufficient training. Uncertain delivery of services due to lack of staff. Large error owing to insufficient training Non delivery of service. Critical error owing to insufficient training Loss of 0.1% budget. < 10,000 Loss of more than 0.25% of budget. < 100,000 Loss of more than 0.5% budget < 500,000 Loss of more than 1% budget. > 500,000 Recommendatio ns given. Noncompliance with standards. Reduced rating. Challenging recommendations. Non-compliance with standards. Enforcement action. Low rating. Critical report. Major noncompliance with core standards. Prosecution. Zero rating. Severely critical report Local Media column. Local Media frontpage story Local media - short term National media more than 3 days. MP concern Figure 2: The TH CCG Risk Grading Matrix Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 10 of 33

11 5 Roles & responsibilities A prerequisite for the effective management of risk is the need for all of the TH CCG, clinicians, Governing Body, Committees and sub committees to be clear on, and to execute fully, their specific duties in respect to their roles and responsibilities within the risk management structure. These are described in Appendix 5: Responsibilities. 5.1 Risk rating Every identified risk has a chance of occurring therefore each risk will have its own potential likelihood. Similarly if the risk were to occur then it would have its own measure of impact (also known as a consequence). It is important to recognise that risk can never be eliminated and the aim of risk management is to progressively manage risk within acceptable levels. The acceptable level of risk is known as the risk tolerance to a particular risk. Likelihood and impact are typically allocated a number between 1 and 5. The total risk score is the impact multiplied by the likelihood. Hence the risk score can lie between 1 (1x1) and 25 (5x5). The overall risk score determines the risk rating. This in turn governs the actions that are required to manage the particular risk. Risk rating categorisations are shown in Appendix 4: Risk Categorisations. 5.2 Zero Tolerance Risks Zero tolerance risks are areas of risk where the Governing Body would benefit from being aware of regardless of its risk rating at any particular point in time. The Tower Hamlets CCG Governing Body have identified the following as its Zero Tolerance Risks for 2013/14: Safeguarding 6 Risk treatment The approach to the management of risks within individual risk categories are typically associated with the need to Avoid, Reduce, Transfer or Accept the risk, i.e. Avoid: Not proceeding with activity likely to generate the risk Reduce: Reducing or controlling the likelihood and consequences of the occurrence Transfer: Arranging for another party to bear or share some part of the risk, through contracts, partnerships, joint ventures, insurance etc. Accept: some risks may be minimal and retention acceptable Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 11 of 33

12 7 Assurance sources 7.1 External External Audit External Audit provides assurance that the BAF is in place, in collaboration with the processes carried out by Internal Audit. 7.2 Internal Internal Audit Internal Audit reviews the process for the maintenance and delivery of the BAF and provides the assurance that it meets the requirements of the Department of Health. Internal Audit also reviews other risk areas in line with an agreed annual audit plan and reports its findings to the audit committee Performance Committee The Performance Committee will receive all reports pertaining to risks on the Board Assurance Framework and new risks. It will provide assurance to the Audit Committee and the Governing Body that the controls and assurances are robust. 8 Training The provision of appropriate and targeted training is a key ingredient to the achievement of embedding risk management systems and processes within TH CCG. Training will be delivered through a number of channels that will include real time coaching by risk leads and, where deemed appropriate, formal training sessions which will be coordinated through the CCGs workforce development programmes that may include external provision. Training will include such things as; understanding the processes of risk management learning how to conduct a risk assessment Understanding how risk management works in the CCG and how to contribute to it. developing the risk management processes in line with new and emerging best practice 9 Communication and awareness of the CCGs approach to risk management Tower Hamlets CCG will communicate its risks to all pertinent stakeholders via the following methods: Practice notice boards Intranet Internet Newsletters An annual report covering the risk management activity of the CCG will be presented at the AGM. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 12 of 33

13 10 Monitoring, evaluation and review 10.1 Monitoring and evaluation The following key performance indicators (KPIs) have been identified as being appropriate in providing a measure of the risk management controls across the TH CCG. They are intended to allow the CCG Governing Body, the audit committee and other committee s tools to monitor and evaluate the management of risks within TH CCG. In so doing the KPIs enable scrutiny, challenge and learning within the risk and Governing Body assurance environment with the aim of improving deliverable outcomes in commissioned and other services associated with the portfolio of business activities of TH CCG. Listed below are KPIs. The total number of risks by category (i.e., high, medium and low risk ratings) The number of risks, by category type, where the current risk is equal to or exceeds the target risk (agreed acceptable level of risk) Changes in risk profile The number of new and retired risks by category type 10.2 Reviews Reviews on the approach to risk management and Governing Body assurance described in this document are a proactive activity in order to seek out and implement best practices. Updates will therefore be implemented where identified best practices provide desired improvements to the latest approach. There will be an annual refresh and update. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 13 of 33

14 11 Frequently Asked Questions: What is meant by risk management? Risk management is a process whereby CCGs and other organisations identify and manage risks that could prevent them from achieving their objectives. These can be strategic objectives are more local departmental objectives Why is risk management important? CCGs and other organisations will often redefine their objectives as they respond to the continually changing circumstances with which they are faced. These can be related to internal organisation changes and /or external changes that impact on the environment in which the organisation is operating. Such changes can expose the CCG /organisation to new or changing risks. A sound and robust risk management system therefore provides the internal control mechanism to ensure a thorough and regular evaluation of the nature and the extent to risks which the CCG/ organisation is exposed So, what is a risk? A risk is something which if it arises may impact on an organisation s ability to achieve its objectives successfully this can be at any level of the organisation. When considering the severity of a risk it is considered in terms of (i) the likelihood of it arising (ii) its impact should it arise. What. Is the best way to describe a risk? When describing a risk it should be worded so that it is clear how the risk, if it arose, would impact on the achievement of the objective. In other words the risk is expressed as a cause and effect relationship E.g. Objective: Improve Patient Safety and Experience: Risk Description Poor communication by doctors and nurses, together with weaknesses in key CCG processes, has a negative impact on patient experience What is a risk register and why do we need one? The Risk Register provides a means of recording risks at the lowest operational level e.g. departmental or intermediate level dependent upon organisational structure and reporting arrangements. The risk register is a day-to-day tool to help managers achieve their objectives whilst driving and evidencing risk management activities. The risk register must be simple, practical and worthwhile What is the difference between a risk register and the Board Assurance Framework (BAF)? The BAFs fundamental purpose is to provide the organisation s Governing Body with assurance that the risks to delivering the organisation s strategic objectives and goals are being managed effectively the lens through which the CCG Governing Body examines the assurances it requires to discharge its duties. What are the key areas of the BAF? Controls: A control is something which occurs or is currently in place to mitigate the likelihood of the risk arising or the impact of the risk should it arise. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 14 of 33

15 The following is not a control as it describes something which has not yet happened or is already in place: Slips, trips and falls programmed being developed Assurances Assurances are essentially documents that evidence that the controls / systems that are in place to control a risk are working. Assurances can be internal (e.g. performance reports, subcommittee reports) or external (e.g. external audit reports, CQC reports, clinical audit). Gaps in Controls An identified control not currently in place, which if in place would help to mitigate the risk E.g. Absence of a robust system to monitor feedback from GPs on a regular basis. Gaps in Assurances A control is in operation but there is no mechanism to provide assurance as to how effectively this is operating e.g. there is no independent assurance over the GP Liaison Improvement Plan. Actions What is planned to be carried out with the intention of improving the controls in place to manage the risks or to increase the assurance over the controls in operation. The actions column should clearly state the date by which the action is to be Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 15 of 33

16 12 Appendix 1: Definitions of key terms 12.1 Part 1: Core risk management elements Risk The threat that an event or action may adversely affect an organisation s ability to achieve its business objectives Risk Description This is a brief description of the risk that may occur and how it could prevent the achievement of a particular strategic objective. The Treasury recommends the following format for articulating risks Because of this / these (causes) we are concerned that this (risk event) might happen and it matters because of its (impact on the achievement of the strategic / principle objective) i.e. its effect Risk Management The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects Risk Register The vehicle used to record identified risks and the details of the associated controls and assurances that are put in place to manage an individual risk to its agreed acceptable level. Strategic objectives These are the key areas that the CCG intend to deliver. Each identified risk will be linked to one of these objectives. This will be evidence through the risk register framework. These are declared at the start of the financial year. Board Assurance Framework (BAF) Provides the CCG Governing Body with a simple but comprehensive mechanism for effective and focussed monitoring and reviewing of strategic (significant) risks and any gaps in their controls and assurance. It identifies the high and extreme risks associated with the delivery of corporate, principle and business objectives. A key area for internal auditors is the quality and degree of assurances that are in place to demonstrate that the controls in place to manage as particular risk are being effective or not. At its simplest, the BAF is a list of: the main risks to an organisation achieving its objectives what controls are in place to the prevent the risk occurring or reduce the impact should it occur, what assurances exist to ensure the controls are in place. Details of gaps in controls and assurance Action plans to ensure that the gaps are managed appropriately. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 16 of 33

17 Strategic (significant) level risk Those risks that threaten the achievement of the CCGs strategic objectives. Specifically these tend to be those risks rated as being High or Extreme. Operational level risks Those risks that impact on the day to day activities of the CCG and its associated activities. These risks are likely to be associated with a particular GP practice or CCG function only, although this may not always be the case. Specifically these are those risks rated as being low or medium and will be managed locally. Initial (Gross) Risk The risk rating of an identified risk area prior to any controls being put in place. This assessment is made at the beginning of each (financial) year or when a new project etc. is started. The assessment of this risk does not change. It is the bench mark against which the management of the risk is measured until such time that it reaches its agreed acceptable level. Current (Residual) Risk The risk rating of an identified risk as the effects of the controls and assurances put in place become effective. This level of risk is expected to improve over time until it reaches its agreed acceptable level. It is an indication of the effectiveness of the controls and assurance put in place. Forecast Risk The risk rating that is expected to be achieved at the end of the current financial year. This level of risk is expected to improve over time but may not achieve the target risk level set due to circumstances - internal and / or external which were not anticipated / evident when the Target risk was set at the beginning of each (financial) year or when the project etc. was started Target (Acceptable Level) Risk The risk rating which represents the agreed acceptable level of risk expected to be achieved at the end of the current financial year during which the risk process is being monitored. The assessment of this risk does not change. It is a bench mark of the effectiveness of the controls and assurance put in place over the current year / period of risk management. It represents the organisations tolerance to the particular risk Controls Those actions that have been designed to manage the identified strategic risks. When controls are being designed then consideration should be given to their likelihood of being effective. Some controls will only be effective if linked to other control systems Gaps in control Those areas where there are inadequate controls in place to manage a strategic risk or where the existing controls are not effective Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 17 of 33

18 Assurance Mechanisms Those processes, systems and methods in place that provide timely assurance that the key controls to manage the strategic risks that have been put in place are effective. Assurance mechanisms are provided through two main sources: internal assurances e.g. performance reports, subcommittee reports external assurances e.g. external audit reports, CQC reports, clinical audit Gaps in Assurance Those areas where there is insufficient assurance that the controls in place are providing are adequate and effective 12.2 Part 2: Advanced risk management terms Risk Treatment It defines how, based on the criteria established by senior management, each risk is to be handled. The options are to: Knowingly accept the risk as it falls within the organisation's "risk appetite", in other words management deem the risk acceptable, compared to the cost of improving controls to mitigate it; Implement a suitable control or combination of controls to reduce (mitigate) the risk to a more acceptable level. Controls may be selected from the best practices defined in ISO and/or from other sources; Avoid the risk i.e. do not undertake the associated business activity; Transfer the risk to another organisation (e.g. through insurance or by contractual arrangements with a business partner). Risk appetite The degree of risk that an organisation is prepared to tolerate. E.g. a medium risk may be tolerated by TH CCG as it would be too costly to implement remedial control measures. Risk acceptance (willingness to accept risk) The CCG Governing Body does not willingly accept risks that significantly impact on their ability to deliver against their corporate, principle or business objectives. They recognise that risks are influenced by both internal and external factors and that the degree of their control and assurances will vary upon the level of stakeholder influence Risk proximity Defines when the risk will materialise i.e. it could be scored as follows 5 less than a week, weeks, 3 within a month etc. This helps to determine when particular risks will materialise and hence the timing for a decision to be made. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 18 of 33

19 Horizon Scanning Horizon scanning is defined as the systematic examination of potential threats, opportunities and likely future developments (including but not restricted to) those at the margins of current thinking and planning. (Source: Office of Science and Technology (OST)). There is a body of literature that notes the increasing application of horizon scanning in risk management including public services. Indeed there are a number of emerging horizon scanning groups and forums that are specifically aligned to the NHS. One of the identified benefits of horizon scanning is that it creates a better understanding of potential risks to an organisation s wellbeing and therefore facilitates the development plans to protect against them. Specifically it enables the identification of relations between different risk areas by which otherwise discrete entities become integrated. This aligns to the integrated risk management methodology described above and hence forms an integral part of the enterprise risk management system. Enterprise Risk Management Enterprise risk management is defined as a continuous and structured process implemented throughout an organisation for identifying, assessing and reporting on related risks that affect the achievement of the organisations objectives. Gain the full benefits and value of identifying and managing related risks requires an integrated approach to risk management to be developed. This extends the risk management system to one that recognises that risks in one part of the organisation may have an impact on, or be impacted by, risks within another part of the organisation. Treatment of risks in this integrated way provides a means to prioritise them in order to give maximum benefit in achievement of corporate objectives whilst leading to a better value return, including financial and resource utilisation Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 19 of 33

20 13 Appendix 2a: Risk register template CCG Function0 Date of this update Function / GP Practice / Workstream Risk Lead Area / topic being risk assessed Risk Description Likelihood score Current Current Risk Rating Risk Proximity See note 1 Risk Owner Escalated to: Already taken Actions Proposed Risk 1: Risk 2: Note 1: Risk Proximity. This is how far away the risk is from materialising, the closer the date and the higher the score Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 20 of 33

21 14 Appendix 2b: Board Assurance Framework (BAF) summary This is a snapshot of the risks to the achievement of the corporate objectives and allow the TH CCG Governing Body and its sub-committees to track progress against risks over the financial year. Examples shown for illustration purposes only Figure 1: BAF Summary Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 21 of 33

22 15 Appendix 2c: Board Assurance Framework (BAF) full detail Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 22 of 33

23 16 Appendix 3: Risk categorisations The following risk rating methodology ensures consistency of risk rating categorisations recognising the bounds of individual subjectivity that inherently exist within the risk assessment process. This is based on the universally acknowledged approach to assessing risks through a consideration of risk likelihood and risk consequence, the resultant risk ratings are sense checked against a general risk rating conditions criteria that takes into account the inevitable intuitive nature of risk assessment particularly within robust and mature operating environments. This acknowledges that there is no risk classification system that is applicable to all types of organisations (ISO31000) and consequently respects the variability and dynamism of the CCG activities Risk rating categorisations: Risk likelihood The likelihood of a particular risk occurring is assessed against the criteria shown in Table 1 below. A score of 1 to 5 is allocated dependent upon the assessed likelihood category determined. Score Description Rare Unlikely Possible Likely Certain Frequency The risk may occur but only in exceptional circumstances The risk is not expected to happen but there is a possibility that it could occur at some time The risk might occur at some time. There is some history of it, or similar occurrences, having occasionally happened in the past There is a strong possibility that the risk will occur. There is a history of it, or similar occurrences, frequently happening in the past The risk is expected to occur. There is a history of it, or similar occurrences, regularly happening in the past Score Figure 2 Likelihood of the risk occurring table Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 23 of 33

24 Risk impact The impact (sometimes referred to as consequence) of a risk occurring is assessed against the criteria shown in Figure 5. A score of 1 to 5 is allocated dependent upon the assessed impact that the risk would have on the organisations corporate, principle and business objectives, it were to occur. Score Description Impact Description 5 Severe There is a very major and potentially disastrous impact on the achievement of the corporate objective(s) 4 High There is a major impact on the achievement of the corporate objective(s) 3 Moderate There is a significant impact on the achievement of the corporate objective 2 Minor There is some impact, albeit not significant, on the achievement of the corporate objective (s) 1 Negligible There is minimal impact on the achievement of the corporate objective(s) Figure 3 Impact on corporate objective(s) if risk occurs It must be noted that the impact on corporate objectives is just one area that a risk can impact. Figure 6 below shows some of the areas a risk can impact that should be considered when analysing the impact a risk could have. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 24 of 33

25 Figure 4 Areas of risk impact Risk classification and risk categorisation For the majority of public services, including the NHS, risk classification is determined by the product of the assessed risk likelihood score and the assessed risk impact score the output which is then mapped on to a risk rating matrix (see Figure 6). This enables risks to be prioritised or ranked for further analysis. Figure 5 Risk Rating scores (likelihood score x impact score) Likelihood Rating Description Rare Unlikely Possible Likely Certain Frequency Not expected to occur in years Expected to occur once a quarter Expected to occur once a month Expected to occur weekly Expected to occur daily Rating Description A B C D E F G H Harm / Injury to Actual / Objectives / Patients, Staff Potential Service Staffing and Inspection / Financial Adverse Media Projects Visitors and complaints and disruption Competence Audit Others claims Probability <10% 10% to 24% 25%-45 50% - 74% >75% 1 Insignificant Insignificant cost increase / time Incident was prevented slippage. Barely Locally resolved OR Incident noticeable complaint occurred and there reduction in scope was no harm or quality Loss / Interruption more than 1 hour Short term low staffing leading to reduction in quality (less than 1 day) Small loss < 1000 Minor recommendations Rumours Severity Minor Moderate Major Severe Less than 5% Individual(s) Justified cost or time required first aid complaint On-going low Recommendatio increase. Minor Staff needed <3 peripheral to Loss of one staffing levels Loss of 0.1% ns given. Noncompliance with Local Media reduction in days off work or quality or scope normal duties. clinical care. whole working reducing service budget. day. quality < 10,000 standards. column. 5-10% cost or Late delivery of key Individual(s) time increase. require a moderate Below excess objectives / service claim. Justified due to lack of staff. Loss of more Reduced rating. increase in care. Moderate complaint Staff needed >3 Loss of more On-going unsafe staff Challenging than 0.25% of reduction in involving levels recommendations. days off work or than one scope or quality inappropriate care Small error owing to budget. Non-compliance Local Media normal duties working day insufficient training. < 100,000 with standards. frontpage story Individual(s) 10-25% cost or appear to have Claim above Enforcement time increase. suffered excess level. Uncertain delivery Loss of more action. Low rating. permanent harm. Failure to meet Multiple of services due to Critical report. Staff have Loss of more than 0.5% lack of staff. Large Major noncompliance with Local media - secondary sustained a "Major justified than one error owing to budget objectives Injury". As defined complaints working week insufficient training < 500,000 core standards. short term by the HSE >25% cost or time increase. Individual(s) Multiple claims Non delivery of Prosecution. National media Failure to meet died as a result or single major service. Permanent loss Loss of more Zero rating. more than 3 Critical error owing primary of the incident claims of premises or to insufficient than 1% budget. Severely critical days. objective facility. training > 500,000 report MP concern The risk rating score determines the severity of the risk and aligns it to a particular risk category. These are described at a high level in Table 4 below. They provide a sense check against the assessed risk rating categorisation and therefore provide a means of ensuring, as far as practicably possible, a high degree of consistency of risk assessment across the CCG within the boundaries of inevitable individual risk owner subjectivity. Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 25 of 33

26 Risk category Risk category description Extreme (Risk Score 15-25) Extreme categorisation level risks are not acceptable under any circumstances as they will (i) prevent the achievement of the corporate, principle and business objectives and will damage the CCG s reputation, politically and financially as well as creating a significant and unacceptable response from stakeholders, (ii) impact on individual or population health outcomes resulting in death. They require specific monitoring and appropriate action plans at Executive director level to ensure that their impact is mitigated at the earliest opportunity Medium (Risk Score 4-12) Medium categorisation risks are, like low risks, generally acceptable as they are (i) unlikely to cause much disruption and efficiency losses to the achievement of corporate, principle and business objectives, (ii) impact on individual or population health outcomes resulting in some chances of suboptimal health outcomes. They require specific monitoring at individual directorate senior management level to ensure that their impact does not increase to a higher risk level Low (Risk Score 1-3) Low categorisation risks are in general at an acceptable level of risk. They are unlikely to require specific application of resources and will be subject to on-going review and monitoring at a departmental / functional level Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 26 of 33

27 17 Appendix 4: Responsibilities 17.1 Groups and Committees Function / Lead Responsible for Accountable for Accountable to The Governing Body s role is to: Determine the organisations objectives Reviewing the effectiveness of internal controls: financial, organisational and professional. NHS England Identify the key risks that are likely to impact on achievement of the objectives Seek assurances on the effectiveness of the controls in place to manage the risks NHS Tower Hamlets CCG Governing Body Provide oversight of the risk management process Promote innovative and best practice integrated risk management systems and processes in order to achieve best outcomes Prepare an annual Governance Statement Promoting an open, honest, participative and learning culture that supports its risk management philosophy. Supporting CCG development the organisation s system of internal control, including risk management. Reviewing the effectiveness of internal controls financial, organisational and clinical. Executive Reviewing and providing verification on the systems in Implementation of organisational risk TH CCG Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 27 of 33

28 Function / Lead Responsible for Accountable for Accountable to Team place for internal control and risk management with a special interest in risks related to Information Governance. management Governing Body Audit Committee Reviewing and providing verification on the systems in place for internal control and risk management. Receiving, reviewing and monitoring reports from counter fraud, Internal and External Audit. Providing, collectively and individually, an independent oversight of the governance and assurance processes on behalf of the organisation TH CCG Governing Body Effective implementation of the risk management strategy Ensuring that a strategic overview is maintained in respect of the TH CCG exposure to risk. Providing assurance on the effective and co-ordinated risk arrangements Implementation of organisational risk management TH CCG Governing Body Finance, Performance and Quality Committees Implement and review the Governing Body Assurance Framework and supporting locality risk registers Ensure that the Governing Body and Audit Committee are informed of risks rated as high and assurance issues. To review and assess action plans that are developed to address any identified weaknesses and gaps in assurance. To encourage and foster awareness of risk management throughout TH CCG. Transformation and Innovation Receive risks of concern from the Programme Boards Implementation of organisational risk management TH CCG Governing Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 28 of 33

29 Function / Lead Responsible for Accountable for Accountable to Committee Body Programme Boards Identify risks to the achievement of the Programme Boards Escalate risks in line with this risk management strategy (i.e. if the risk is significant or unmanageable at a programme board level) Implementation of organisational risk management Transformation and Innovation Committee Locality Boards Effective implementation of the risk management strategy at a locality level Implementation and review the Locality risk registers Implementation of organisational risk management TH CCG Governing Body Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 29 of 33

30 17.2 Governance Structure of NHS Tower Hamlets CCG Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 30 of 33

31 17.3 Individuals Function / Lead Responsible for Accountable for Accountable to Chief Officer Deputy Director of Quality and Performance Maintaining a sound system of internal control and the risk management systems within TH CCG Ensuring that there are proper and independent assurances given on the soundness and effectiveness of the systems and processes in place for meeting their objectives and delivering appropriate outcomes implementation of organisational risk management Implementation of organisational risk management TH CCG Governing Body Accountable Officer Chief Officer Finance Establish an audit programme, ensuring that all work programmes are completed and that audit recommendations are implemented in a timely manner. production of annual accounts in accordance with recommendations from the appointed external auditors Effective management of all audit functions including audit programme, financial probity, counter fraud, bribery and corruption Accountable Officer All Executives in the Management Team Ensuring that each risk identified for each department / function within their scope of responsibility is escalated in line with the risk management reporting structure Coordinating the implementation of actions arising from identified risks for each department / function within their scope of responsibility Implementation of the TH CCG approach to risk management and Governing Body assurance within their areas of responsibility. Chief Executive Governance and Risk Manager Ensuring that the TH CCG approach to risk management and Governing Body assurance is effectively communicated and coordinated Day to day management and maintenance of the TH CCG BAF and other risk management processes and systems. application of risk management strategy / approach to risk management Deputy Director of Quality and Performance Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 31 of 33

32 Function / Lead Responsible for Accountable for Accountable to Managers Ensuring that appropriate and effective risk management processes are in place within for each department / function within their scope of responsibility compliance to the TH CCG approach to risk management and Governing Body assurance bringing to the attention of their Line Manager any significant risks that have been identified where local control measures are considered to be inadequate Implementation and overseeing of the TH CCG approach to risk management and Governing Body assurance within their areas of responsibility ensuring that all staff, sub-contractors, members of the public and visitors are given the necessary information and training to enable them to keep safe Line Manager (Executive Director) All Staff compliance to the TH CCG cluster approach to risk management and Governing Body assurance having an awareness of the key risks faced by the TH CCG. identifying risks in their areas Implementation of the TH CCG approach to risk management and Governing Body assurance within their areas of responsibility ensuring that all staff, sub-contractors, members of the public and visitors are given the necessary information and training to enable them to keep safe Line Manager Date approved: Sept 2013 [THCCGCG1 Integrated Risk Management Strategy] Page 32 of 33

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Quality and Engagement Sub Committee

Quality and Engagement Sub Committee Quality and Engagement Sub Committee 12 June 2012 Corporate Risk Register and Risk Management Strategy Executive Summary As part of authorisation, Blackpool Clinical Commissioning Group (CCG) must identify

More information

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control Hazard Identification, Risk Assessment and Management Procedure Reference: Date approved: Approving Body: Implementation Date: Version: 3 Documentation Control GG/CM/007 Trust Board Supersedes: Version

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate Document Control Information Status and reason for development Revised updating the

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy This section is to be completed by the Policy Custodian Name of Originator: Name of Responsible Committee / Individual: ECCG Clinical Commissioning Group Quality & Safety Committee

More information

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE

More information

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY. Version 3 RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY Version 4 Document History/Progress Author Version 1: Jill Henderson, Clinical Governance Coordinator Version 1 approved by: Trust Board 6th April 2004 Author Version 2 Dorothea

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

Risk Management Policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Risk Management Policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope... Risk Management Policy Board library reference Document author Assured by Review cycle P136 Interim Head of Risk and Legal Services Audit and Risk Committee 3 Years This document is version controlled.

More information

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Complaints Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Policy Governance

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Risk Management Policy and Assurance Framework

Risk Management Policy and Assurance Framework Risk Management Policy and Assurance Framework March 2015 Author: Responsibility: Janet Young, Governance & Risk Manager All Staff should adhere to this policy Effective Date: March 2015 Review Date: April

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Board of Directors 24 October 2014

Board of Directors 24 October 2014 Board of Directors 24 October 2014 AGENDA ITEM: Item 16 PRESENTED BY: Richard Jones, Trust Secretary & Head of Governance PREPARED BY: DATE PREPARED: 19 September 2014 Richard Jones, Trust Secretary &

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Risk Management Strategy

Risk Management Strategy Authors Name & Title: Joan Matthews Risk Manager, Hazel Holmes Director of Nursing Scope: Trust Wide Classification: Non Clinical Strategy Replaces:, v3.1 To be read in conjunction with the following documents:

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Risk Assessment and Risk Register Policy. Contents

Risk Assessment and Risk Register Policy. Contents Classification: Policy Lead Author: Paul Dodd Head of risk management Additional author(s): N/A Authors Division: Corporate Unique ID: RM6(06) Issue number: 3 Expiry Date: January 2017 Contents Section

More information

PM Governance. Executive Team ADCA ADCA

PM Governance. Executive Team ADCA ADCA Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

Risk Management in the HSE; An Information Handbook

Risk Management in the HSE; An Information Handbook Risk Management in the HSE; An Information Handbook Document reference number Revision number OQR011 Revision date October 2011 Review date Document developed by 5 Document approved by October 2013 Responsibility

More information

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Assessment Tool and Guidance (Including guidance on application) Risk Assessment Tool and Guidance (Including guidance on application) June 2008 Document Reference Number OQR012 Document Drafted By Office of Quality and Risk Revision Number 4 Document Ms. Edwina Dunne,

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy A Summary for Patients & Visitors This leaflet has been designed to provide information on the Trust s Risk Management Strategy and how we involve patients and the public in reducing

More information

Risk Management Strategy - Supplement 1: Procedure for Production of Risk Registers

Risk Management Strategy - Supplement 1: Procedure for Production of Risk Registers This is an official Northern Trust policy and should not be edited in any way Risk Management Strategy - Supplement 1: Procedure for Production of Risk Registers Reference Number: NHSCT/12/557 Target audience:

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Risk Management Plan 2012-2015

Risk Management Plan 2012-2015 Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision

More information

Performance Management Strategy & Framework. Debbie Kadum, Chief Operating Officer. Debbie Kadum, Chief Operating Officer

Performance Management Strategy & Framework. Debbie Kadum, Chief Operating Officer. Debbie Kadum, Chief Operating Officer Reporting to: Trust Board Tuesday 25th July 2013 Enclosure 5 Title Sponsoring Director Author(s) Performance Management Strategy & Framework Debbie Kadum, Chief Operating Officer Debbie Kadum, Chief Operating

More information

Title. Learning from Incidents, Complaints and Claims. Description of Document

Title. Learning from Incidents, Complaints and Claims. Description of Document Title Description of Document Scope Author and designation Equality Impact Assessment (EIA) Associated Documents Supporting References Learning from Incidents, Complaints and Claims This policy identifies

More information

RISK MANAGEMENT POLICY (Revised October 2015)

RISK MANAGEMENT POLICY (Revised October 2015) UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Risk Management Policy

Risk Management Policy Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

Risk Policy and Risk Management Procedures

Risk Policy and Risk Management Procedures Risk Policy and Risk Management Procedures Preface The University s Risk Policy sets out The University s approach to risk and its management together with the means for identifying, analysing and managing

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

IFoA Risk Management Framework 29 February 2016

IFoA Risk Management Framework 29 February 2016 IFoA Risk Management Framework 29 February 2016 1.0 Introduction The IFoA has developed a new Risk Management Framework which was implemented in early 2015-16 and which brings together the management of

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

Risk Register Policy and Procedure

Risk Register Policy and Procedure Risk Register Policy and Procedure Printed copies must not be considered the definitive version DOCUMENT CONTROL POLICY NO. Policy Group Risk Management Group Author Maureen Stevenson Version no. 3.0 Reviewer

More information

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Safety Management Systems (SMS) guidance for organisations

Safety Management Systems (SMS) guidance for organisations Safety and Airspace Regulation Group Safety Management Systems (SMS) guidance for organisations CAP 795 Published by the Civil Aviation Authority, 2014 Civil Aviation Authority, CAA House, 45-59 Kingsway,

More information

PROCESS FOR RISK ASSESSMENT

PROCESS FOR RISK ASSESSMENT NHS Cambridgeshire Risk Assessment Framework INTRODUCTION The National Patient Safety Agency (NPSA) defines risk management as the process of identifying, assessing, analysing and managing all potential

More information

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2 UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT Purpose of the guide... 2 Risk Management The Basics... 2 What is Risk Management?... 2 Applying Risk Management... 2 The Use of Risk Registers in Risk Management...

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

Risk Management Guide

Risk Management Guide Risk Management Guide Page(s) Introduction 3 The 5 steps to identifying risk 4 Risk Management Process - Step 1 5 Identify - Step 2 Assess Step 3 5-6 6 Control - Step 4 6 Monitor and Review -Step 5 6 Risk

More information

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 106 LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 Leicestershire County Council believes that managing current and future risk, both opportunity and threat, is increasingly vital

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Assessment Tool and Guidance (Including guidance on application) Risk Assessment Tool and Guidance (Including guidance on application) Document reference number Revision number OQR012 Document developed by 5 Document approved by Revision date October 2011 Responsibility

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

SOUTH CENTRAL AMBULANCE SERVICE NHS TRUST

SOUTH CENTRAL AMBULANCE SERVICE NHS TRUST SOUTH CENTRAL AMBULANCE SERVICE NHS TRUST Clinical and Quality Governance Strategy 2010-12 DOCUMENT INFORMATION Authors: Fizz Thompson, Director of Patient Care Benita Playfoot, Lead for Quality and Patient

More information

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk?

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk? PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE This Framework and Guidelines have been developed in support of the CQUniversity Risk Management Policy and are intended for use by the CQUniversity

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015 Internal Audit Annual Report 2014/15 May 2015 Internal Audit Annual Report INTRODUCTION This is the 2014/15 Annual Report by TIAA on the internal control environment at Dorset Clinical Commissioning Group.

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Internal Audit Charter. June 2016

Internal Audit Charter. June 2016 Internal Audit Charter June 2016 1 Introduction 1.1 The Internal Audit Charter is a formal document that defines Internal Audit s purpose, authority and responsibility. The charter establishes Internal

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Number: THCCGCG0045 Version: V0d1 Executive Summary All incidents must be reported. This should be done as soon as practicable after the incident has been identified to ensure

More information

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

EPRR: Toolkit Business Impact

EPRR: Toolkit Business Impact NHS England Business Continuity Management EPRR: Toolkit Business Impact Assessment (BIA) Template Appendix 3.1 0 [Intentionally Blank] 1 INTRODUCTION The purpose of this document is to assist those who

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

Title: OHS Risk Management Procedure

Title: OHS Risk Management Procedure Issue Date: July 2011 Review Date: July 2013 Page Number: 1 of 9 1. Purpose: To outline the methodology by which Department of Education and Early Childhood Development (DEECD) identifies, assesses, controls

More information

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Undertaken by KPMG on behalf of Australian Commission on Safety and Quality in Health Care Contents

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Extract from Draft Code as prepared by Institute of Directors in Southern Africa.

Extract from Draft Code as prepared by Institute of Directors in Southern Africa. Extract from Draft Code as prepared by Institute of Directors in Southern Africa. 3. Audit committees 3.1. A company should have an effective audit committee Membership and resources of the audit committee

More information

Southern Health NHS Foundation Trust

Southern Health NHS Foundation Trust 1. Introduction Southern Health NHS Foundation Trust 1.1 Southern Health NHS Foundation Trust provides Mental Health, Learning Disability, Community and Social Care services in Hampshire, Oxford, Dorset

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training RISK MANAGEMENT STRATEGY and FRAMEWORK Including risk assessment, risk register, risk management process, risk committee and risk awareness training Document Reference: Document Owner: Accountable Committee:

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Good Governance Guide. www.accs.ie. Risk Management in Community and Comprehensive Schools

Good Governance Guide. www.accs.ie. Risk Management in Community and Comprehensive Schools www.accs.ie Cumann na Scoileanna Pobail is Cuimsitheacha Association of Community and Comprehensive Schools Risk Management in Community and Comprehensive Schools Good Governance Guide 2013 Association

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Risk Register - Policy for Management and Use

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Risk Register - Policy for Management and Use The Newcastle upon Tyne Hospitals NHS Foundation Trust Risk Register - Policy for Management and Use Version No.: 4.1 Effective From: 20 June 2013 Expiry Date: 31 May 2016 Date Ratified: 17 June 2013 Ratified

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

Risk management framework

Risk management framework Risk management framework Security classification: PUBLIC Reference number: DSITI:FW:001P Policy owner: Executive Director, Strategic Transformation & Performance Contact officer: Principal Consultant,

More information

Risk Management Policy

Risk Management Policy Principles Through a process of Risk Management, the University seeks to reduce the frequency and impact of Adverse Events that may affect the achievement of its objectives. In particular, Risk Management

More information

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience

More information

Document Title. Version: 8 Author (name and designation) Trish Armstrong-Child, Director of Nursing

Document Title. Version: 8 Author (name and designation) Trish Armstrong-Child, Director of Nursing Document type: Document Title Version: 8 Risk Management Strategy Author (name and designation) Trish Armstrong-Child, Director of Nursing Ratified by: Board of Directors Date ratified: 26 th June 2014

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment

The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment East Thames Group The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment 1 Context 1.1 Under the Regulatory Framework,

More information

Governance, Risk and Best Value Committee

Governance, Risk and Best Value Committee Governance, Risk and Best Value Committee 2.00pm, Wednesday 23 September 2015 Internal Audit Report: Integrated Health & Social Care Item number Report number Executive/routine Wards Executive summary

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Issue Date: February 2010 Reviewed: July 2011 Contents Scope...3 Key Points...3 Background...3 Roles and Responsibilities...3 Classification of Risks...4 Risk Evaluation...4 Risk

More information