Risk Management Strategy

Size: px
Start display at page:

Download "Risk Management Strategy"

Transcription

1 Risk Management Strategy This section is to be completed by the Policy Custodian Name of Originator: Name of Responsible Committee / Individual: ECCG Clinical Commissioning Group Quality & Safety Committee and Audit Committee/ Director of Quality and Governance Head of Governance & Risk Date: 2 nd September 2013 Policy approved and Ratified on: 25 th September 2013 Policy posted for circulation on: 1 st October 2013 Policy Custodian: Designation: address: Is this a new policy/strategy? Bridget Pratt Head of Governance & Risk NO If Yes, why is it required? (i.e. new legislation necessitating Trust compliance) How does this Policy link to: NHSLA Risk Management Standards National Service Framework Care Quality Commission Outcomes If No, name of previous Policy and reason for replacement, (i.e. expiration of the previous version) Standard 1 Governance: Not Relevant All Essential Standards Risk Management Strategy for CCG as a shadow organisation. 1

2 Document Version Control Date Version Action Author Amendments 09/10/12 1 Created Alison Mitchell-Hall 17/10/12 2 Updated following internal review Alison Mitchell-Hall 30/10/12 3 Updated following Governing Body Review Alison Mitchell-Hall 13/12/12 4 Updated following external review (consultant) Alison Mitchell-Hall Editorial Changes Editorial Changes Editorial Changes 9/01/ Update following Audit Committee review and Quality & Safety Committee Alison Mitchell-Hall & Andy Nuckcheddee, Interim Head of Governance & Risk Editorial Changes Updating for Audit Committee Andy Nuckcheddee, Interim Head of Governance & Risk Feb Updating frequency of reporting, roles & responsibilities (6.2.9) (10.2) and Corporate Risk Register reporting arrangements (10.3.5) Paul Balson Interim Governance Manager Bridget Pratt, Head of Governance & Risk Editorial Changes 9 September Updated to reflect: Revised Corporate Risk Register Reporting Bridget Pratt, Head of Governance & Risk Editorial Changes 2

3 arrangements Datix software for managing risk registers and BAF Enfield CCG Corporate Governance Structure Project Risk Escalation process National Patient Safety Agency (NPSA) Risk Scoring Tool: Corporate Services Manager s responsibilities Audit Committee to receive assurance reports on Health & Safety, Emergency Planning and Security Management Directors attending Audit Committee on a rotational basis to provide assurance on their risks on the BAF and Corporate Risk Register Risk Scoring guidance Integrated BAF & Risk Register Template ECCG Governance structure 3

4 Section 1: Introduction Introduction Aims and Objectives Purpose Scope Section 2: Accountability Structure for Risk Management Roles and responsibilities Enfield CCG Governing Body Staff Responsibilities ECCG Chair... 6 Section 3: Committee Responsibilities ECCG risk management structure & committee (appendix H) Audit Committee Finance Recovery and QIPP (Quality, Innovation, Productivity & Prevention) Committee Quality and Safety Committee Each GP Locality Group will: The ECCG Remuneration and Appointments Committee The ECCG Executive Team Meeting Section 4: Risk Management Process, Performance Management and Monitoring The Risk Management Process Risk Identification and scoring Quantifying and scoring risk The Governing Body Assurance Framework and Risk Registers Section 5: Document consultation, approval & ratification Requirements Open and Fair Culture Training and support Consultation and Communication with Stakeholders Monitoring the Effectiveness of this Strategy Review and Revision of the Strategy Dissemination and Implementation Equality and Diversity Appendix A: Glossary and definitions of governance and risk terms Appendix B: Risk Scoring guidelines Appendix C: Register and BAF Reporting Flowchart to Governing Body and its sub committees Appendix D: Project and Programme Risk Escalation Flowchart for Risk Champions/Project Managers Appendix E Datix Governing Body Assurance Framework and Risk Register Template Appendix F NHS Enfield CCG Board Assurance and Risk Register Framework Appendix G: CCG risk appetite triangle Appendix H: ECCG Governance Structure

5 Section 1: Introduction 1 Introduction Enfield CCG has a responsibility to ensure that the organisation is properly governed in accordance with best practice in corporate, clinical and financial governance. Every activity that the CCG undertakes or commissions others to undertake on its behalf, brings with it some element of risk that has the potential to threaten or prevent the organisation achieving its objectives. The CCG Governing Body recognises that robust risk management and assurance is an integral part of its governance responsibilities and part of Enfield CCG s culture. The Governing Body is, therefore, committed to ensuring that risk management forms an integral part of its philosophy, practices and business plans rather than viewed or practised as a separate programme, and that responsibility for implementation is accepted at all levels of the organisation. 2 Aims and Objectives 2.1 Purpose The Risk Management Strategy enables the organisation to have a clear view of the risks affecting each area of its activity; how those risks are managed, the likelihood of occurrence and their potential impact on the successful achievement of the CCG objectives. The purpose of the risk management strategy is to: Encourage a culture where risk management is viewed by the CCG and staff as an essential process of the CCG s activity Ensure structures and processes are in place to support the assessment and management of risks throughout the CCG. Assure the public, patients and their carers and representatives, staff and partner organisations that the CCG is committed to managing risk appropriately 3 Scope This strategy applies to all areas of the organisation s business, members of the CCG, the CCG Governing Body, CCG Executive team and all managers to ensure that risk management is a fundamental part of the CCG s approach to governing the organisation and all its activities. The strategy sets out the risk register reporting process to ensure that risk management is every employee s business. It describes the reporting/ escalation process through clear governance structures as well as the process for escalating project risks. The strategy describes: The responsibilities of the Governing Body and committees in relation to risk; The roles and responsibilities of staff with regard to risk management; The process for identification, assessment, evaluation and management of risk; The system for managing the organisation wide Risk Register and Governing Body Assurance Framework; and The process for monitoring the risk management strategy and the mechanisms by which the Governing Body can be assured as to the effectiveness within the CCG. 5

6 3.1 Section 2: Accountability Structure for Risk Management 4 Roles and responsibilities 4.1 Enfield CCG Governing Body The Governing Body has a duty to assure itself that the organisation has properly identified the risks it faces, and that it has processes and controls in place to mitigate those risks and the impact they have on the organisation and its stakeholders. The CCG is a legally constituted organisation with statutory duties and powers. The Governing Body discharges its duties as follows: Identifies risks to the achievement of its strategic objectives; Monitors risks the Governing Body Assurance Framework Horizon scanning on risk management Ensure that there is a structure in place for the effective management of risk throughout the CCG Receives assurance regarding risk management within organisations providing services; Receives regular reports from the Audit Committee on significant risks, progress on mitigating actions and assurance regarding commissioned services; Demonstrates leadership, active involvement and support for risk management; Approve, at least annually, the Risk Management Strategy and subsequent revisions thereof Scrutinise (not less than four times a year) the Governing Body Assurance Framework for all red rated risks for which the CCG has no appetite ; Receive reports from the Audit Committee and respond formally to any issues raised by the Audit Committee on the effectiveness of risk management and assurance Approve the Annual Governance Statement on internal control. 4.2 Staff Responsibilities ECCG Chair The role of the Chair is to: Lead the Governing Body, ensuring its effectiveness on all aspects of its role and setting the Board agenda; Ensure the provision of accurate, timely and clear information to Governing Body members; Ensure that there is rigorous scrutiny on the organisation s risk management framework and processes; Ensure effective communication with staff, patients; public and key stakeholders; Arrange regular evaluation of the performance of the Governing Body, its committees and individual directors; 6

7 Locality Leads, Lay Members and Medical Consultant Locality Leads, Lay Members and Medical Consultant have a particular role in encouraging the cultural change that is needed to ensure the full engagement of patients, staff and local communities. Specific responsibilities include: Helping to plan for the future to improve healthcare services; Making sure that the management team meets its performance targets; Making sure that the financial systems and processes of ECCG are managed properly with accurate information; Ensuring that the organisation has sound and robust risk management systems in place to deliver key services by scrutinising the effectiveness of controls in place to manage risks; and Helping the Governing Body work in the public interest and ensuring patients and the public are properly informed, consulted and engaged ECCG Chief Officer The Chief Officer is the accountable officer for ECCG and, as such, has overall responsibility within the organisation, for ensuring that an effective risk management system is in place and that the CCG meets all statutory requirements in respect of governance. The Chief Officer leads on the strategic development of the CCG and has responsibility for ensuring that the organisation meets its contractual obligations as commissioners. The Chief Officer has overall responsibility for ensuring an effective risk management system is in place across Enfield CCG and is responsible for: Continually promoting risk management and demonstrating leadership, involvement and support; Ensuring an appropriate committee structure is in place, with regular reports to the CCG Committee; Ensuring that Clinical Leads and Senior Managers are appointed with responsibility for risk management; Ensuring appropriate policies, procedures and guidelines are in place and operating throughout the CCG; and Ensuring complaints, legal claims and health and safety management are managed appropriately. Hold Directors to account with regards to the management of strategic risk Managing Director of the Commissioning Support Unit The Managing Director of the CSU is responsible, through the Commissioning Support Director for Enfield, for ensuring that commissioning support services provided to the CCG are in line with best practice and national guidance and ensuring that assurance is provided to the CCG on these services. The Managing Director, through the Commissioning Support Director for Enfield, is also responsible for ensuring risk assessments are conducted and when awarding contracts for services, ensure that risks and plans to mitigate them are assessed during the tender process. Providers must give adequate assurance that they manage significant risks appropriately. 7

8 ECCG Chief Finance Officer The Chief Finance Officer is accountable for the effective management of risk within their area of responsibility, including assurance that appropriate controls are in place and that controls are being monitored. This involves maintaining systems to ensure: The effectiveness of the CCG s financial control systems; Significant financial risks faced by the CCG are identified and managed effectively; The Audit Committee and internal audit effectively perform their roles in assuring the CCG s system of internal control; Robust Counter Fraud arrangements are in place; Director of Service Quality and Integrated Governance The Director of Service Quality and Integrated Governance is the Executive lead for risk management and has delegated responsibility for: Ensuring risk management systems are in place throughout the CCG to identify and assess risk in line with the CCG s Risk Management Strategy; Ensuring risk champions are nominated to ensure population and management of risk registers; Ensuring the Assurance Framework and Risk Register are developed, maintained and regularly reviewed by the risk owners, updated and reported to the Governing Body and all of its sub committees in line with the CCG reporting arrangements (section 8); Ensuring that there is appropriate external review of the CCG s risk management systems, and that these are reported to the appropriate CCG committees; Overseeing the management of risks as determined by the CCG Governing Body; Executive Lead for Information Governance and is the CCG s Senior Information Risk Officer; Acting Emergency Planning Director Ensuring that identified risk mitigation and actions are put in place, regularly monitored and implemented; Working collaboratively with Internal Audit; and Ensuring that the Risk Management Strategy is updated on an annual basis and approved by the CCG Governing Body and Audit Committee Medical Director (Clinical Lead) of Integrated Care The Medical Director Integrated Care has delegated responsibility for aspects of quality and safety and safety and clinical risk management including: The professional lead responsible for the designated doctor and named GP for safeguarding children Responsibility as Caldicott Guardian. 8

9 Governing Body Registered Nurse Member The Governing Body Nurse is responsible for ensuring that the CCG has a strong strategic focus on high quality care and patient safety, promoting excellence in professional practice and leading quality improvement across care pathways and organisational boundaries Head of Governance & Risk The Head of Governance & Risk is the Risk Management Lead (supported by the Risk Manager) and has delegated responsibility for: Information Governance Complaints Management Ensuring risk management systems are in place throughout the CCG Ensuring that an organisational Risk Register and an Assurance Framework are developed and maintained and reviewed by the Management Team Ensuring the Assurance Framework and Risk Register is regularly reviewed by the senior managers designated as risk holders, updated and reported to the Governing Body and all of its sub committees Ensuring that there is appropriate external review of the CCG s risk management systems, and that these are reported to the CCG Committee Overseeing the management of risks as determined by the CCG Governing Body Ensuring that identified risk mitigation and actions are put in place, regularly monitored and implemented Providing advice and training on the risk management process Ensuring that the Integrated Risk Management Strategy is updated on an annual basis and approved by the CCG Governing Body Corporate Services Manager The Corporate Services Manager is responsible for: The Corporate Services Manager has delegated responsibility for ensuring arrangements are in place for: Health & Safety Local Security Management Estates Management Emergency Planning Preparedness and Resilience Head of Safeguarding The Head of Safeguarding is responsible for: Ensuring robust arrangements and processes are in place for safeguarding children and adults Directors and Heads of Service Roles within Enfield CCG Directors and Heads of Service where allocated will be responsible for: Appointing departmental risk champions to ensure population and management of risk registers; identifying, assessing, mitigating on risks in connection with the key business processes and activities for which they are responsible through the use of risk registers 9

10 ensuring that all risks identified are allocated to an individual risk owner for the purposes of on-going management and assurance reporting as required; determining resource implications / requirements arising in connection with risk assessments and assurance provision; reporting on the key risks and the effectiveness of controls to the relevant group/committee for the purpose of providing assurance that these are effective. These reports will be supported by evidence in a form that is appropriate and proportionate to the needs of the CCG. Hold to account the individual Risk Leads who are responsible for the management of each individual risk associated with the key business process in question. The risk lead will report on the management of the risk and provide appropriate assurances. Directors will be required to attend the Audit Committee on a timetable rotational basis to discuss the significant risks in their business areas and how these are being managed and mitigated CCG Risk Champions (includes Project Leads) Proactively engage in the implementation of the monthly risk register review and update within their directorate. Work with Service Leads to ensure risk registers are quality checked within the time frames set out in the risk management strategy (appendix C&D). Input risk register information on to the Risk Module of the Datix database in an accurate and timely manner so that the Risk & Governance Team are able to supply the Executive Committee, Audit Committee, Finance & Recovery Committee, Quality & Risk Sub Group and other bodies with accurate and upto-date Corporate Risk Registers and Assurance Framework. Keep up to date with any changes to the database by attending refresher training as and when appropriate. Report any concerns to their Director and advice directors, managers and other staff within their directorate of identified risks requiring attention CCG Executive Committee The CCG Executive Committee will be responsible for: Monitoring in detail individual risks to achieving individual corporate objectives including action plans with focus on amber and red risks Responding to; or keeping under review; key risk management issues arising being faced by the CCG. This role will be fulfilled through the Head of Governance & Risk acting as a central point through which all risk management and assurance activities can be monitored, tested, checked and challenged to ensure they are effective for their purpose; Agreeing resources to be made available in connection with the management of risk; Escalating risks to the Governing Body as necessary via the Director of Quality and Governance 10

11 Clinical Leads and CCG Managers Clinical Leads and CCG Managers are responsible for incorporating risk management within all aspects of their work and for directing the implementation of the CCG Risk Management Strategy by: Demonstrating personal involvement and support for the promotion of risk management Ensuring that staff accountable to them understand and pursue risk management in their areas of responsibility Setting personal objectives for risk management and monitoring their achievement Ensuring risks are identified and managed and mitigating actions implemented in functions for which they are accountable and are included in the organisational risk register as appropriate Ensuring risks are escalated where they are of a strategic nature All Staff All staff members employed by ECCG have a responsibility to perform their duties in accordance with the values, policies and procedures of the organisation, professional statutory bodies regulations, legislative and regulatory frameworks, national good practice standards and to contribute to the achievement of CCG s objectives available on the intranet/internet. All staff working for the CCG are responsible for: Being aware that they have a duty under legislation to take reasonable care of their own safety and the safety of others who may be affected by the CCG s business and to comply with appropriate CCG rules, regulations, instructions, policies, procedures and guidelines; Taking action to protect themselves and others from risks; Identifying and reporting risks to their line manager; Ensuring incidents, claims and complaints are reported using the appropriate procedures and channels of communication (policies on the intranet); Co-operating with others in the management of all ECCG risks; Attending mandatory and statutory training as determined by the CCG or their line manager; Being aware of emergency procedures relating to their particular locations; Ensuring all contractors and partners are made aware of the importance of risk management and the mechanisms for feeding concerns into the formal processes Contractors, Agency and Locum Staff Managers must ensure that where they are employing or contracting agency and locum staff they are made aware of and adhere to, all relevant policies, procedures and guidance of the CCG, including: 11

12 The CCG Incident reporting framework and Procedure, Risk Management Strategy and the Health and Safety Policy; Take action to protect themselves and others from risks; and Bring to the attention of others the nature of risks which they are facing in order to ensure that they are taking appropriate protective action Section 3: Committee Responsibilities 5. ECCG risk management structure & committee (appendix H) 5.1. Audit Committee In line with the NHS Audit Committee Handbook, the responsibility of the Audit Committee is to ensure the CCG has an effective process in place with regards to risk management. The Audit Committee is the Assurance Committee and monitors the quality of the Assurance Framework and Risk Register and refers significant issues to the Governing Body. The Audit Committee is the central means by which the Governing Body ensures that effective internal control arrangements are in place. The Audit Committee receives and considers the latest iteration of the Assurance Framework and Risk Register at every meeting, along with updates on significant developments. The Audit Committee will: review, at each meeting, the levels of assurance provided in the Governing Body Assurance Framework and in the Corporate Risk Register; receive regular reports on the effectiveness and compliance with the risk management and assurance strategy. This will be through a combination of internal management reports and independent reviews; receive independent reports on the on-going effectiveness of key controls that contribute to the management of specific risks being faced by the CCG; assess the level and quality of assurance providers i.e. management and / or internal audit; challenge the way in which risk is managed particularly where there is uncertainty or concerns over the effectiveness of existing arrangements until satisfactory conclusions have been drawn. This could include requesting attendance at meetings for the purpose of providing relevant information for assurance purposes; formally assess, at least annually, the overall effectiveness of the application of the risk management and assurance arrangements and reporting on the conclusions reached to the Governing Body as a basis for continuous improvement; reviewing and commenting on the annual report on risk management (in the form of the AGS) to ensure that it is fair and representative of the risk management arrangements prior to inclusion in the annual financial statements. Receive assurance reports on Emergency Planning, Health & Safety & Security Management 12

13 5.2. Finance Recovery and QIPP (Quality, Innovation, Productivity & Prevention) Committee The Financial Recovery & QIPP Committee will ensure the CCG develops effective strategies and plans for use of its delegated financial resources in order to achieve its strategic objectives. The committee will also ensure appropriate recovery plans are in place where performance deviates and recommend approval of strategies to the CCG Governing Body. The committee also serves to provide the CCG, with assurance that the budgets, as delegated, are being managed effectively and efficiently, and with due regard to the governance and financial procedures. The committee ensures that all financial risks are monitored through a robust Risk Register and reported regularly to the Audit Committee and ensure that the Governing Body and its sub-committees receiving up-to-date finance reports Quality and Safety Committee The Quality & Safety Committee has overarching responsibility for clinical risk management, information governance, health and safety and emergency planning risks. The Quality & Safety Committee will ensure that there is a sound system of risk management and quality assurance in place. As part of that work it: Initiates and monitors all clinical risks; Receives and reviews all quality issues of concern and ensures that any actions to mitigate them are carried out; Ensures that appropriate plans are in place for emergency situations; Liaises with the Governing Body to ensure that there are agreed Clinical Quality and Risk protocols across the CCG; Receive Safeguarding children and adult reports from the CCG Safeguarding Sub Groups and Local Safeguarding Boards; The operational Quality & Risk Subgroup is a sub group of the Quality & Safety Committee and discharges duties on behalf of the Quality and Safety Committee. It supports the development of risk management, reviews annual quality accounts from the main contracted providers, reviews the clinical, quality and safety areas of the Corporate Risk Register and Board Assurance Framework and receives reports on: Information Governance; Serious Incidents and Complaints; Infection, Prevention and Control; Safeguarding Adults; Safeguarding Children; and Quality Alerts Emergency Planning Health and Safety 5.4. Each GP Locality Group will: Promote risk management processes, as part of clinical governance, with all Enfield CCG member practices and escalate risks via their Locality Leads to the CCG Executive. This will ensure that practices continuously improve quality of primary care and report risks relating to commissioned services to the CCG to ensure that risks are identified and managed. 13

14 5.5. The ECCG Remuneration and Appointments Committee The Remuneration and Appointments Committee is the committee with responsibility for overseeing all recruitment and remuneration matters on behalf of the full ECCG Governing Body. It has a particular focus on senior management recruitment and remuneration but also supports CCG s managers on matters of recruitment and remuneration of all staff members overseeing staffing and remuneration strategies and encouraging best practice The ECCG Executive Team Meeting The Executive Team reviews matters relating to the business operations which includes risk management, human resources, Information Management and Technology, health & safety, estates management and incident investigations. The Executive Team reports on a monthly basis to the Governing Body meeting and provides assurance that all risks identified are treated and mitigated in accordance with the Risk Management Strategy and entered on CCG s risk register and escalated appropriately on the Board Assurance Framework. The Executive reviews the Assurance Framework and Corporate Risk Register not less than four times a year. Section 4: Risk Management Process, Performance Management and Monitoring 6. The Risk Management Process 6.1. Risk Identification and scoring Methods for identifying and managing levels of risk would include: Internal methods, such as: incidents, complaints, claims and serious incident reporting and identification of trends, audits, QIPP related risks, project risks based on the achievement of project objectives, patient satisfaction surveys, risk assessments, surveys including staff surveys, whistle-blowing. Contract quality monitoring of commissioned services; and External methods, such as: HM Coroner reports, media, national reports, new legislation, reports from assessments/inspections by external bodies, reviews of partnership working All identified risks will be recorded and managed through the CCG Datix system. The Risk Champion/Project Lead will ensure risks are recorded on Datix using the Assurance Framework and Corporate Risk Register Template Headings in appendix E. Committee/groups reporting to the CCG Governing Body highlight risks for inclusion within the CCG Risk Register or BAF. Risk identification is also obtained from member practices through practice visits, GP locality meetings, patient engagement forums, practice feedback forms and practice managers meetings. The designated risk owners will ensure that all risks are added to the Risk Register and BAF and are managed in line with the CCG risk appetite outlined in appendix B (11.4) Quantifying and scoring risk Once a risk is identified it is important to establish the likelihood of it occurring and the potential impact if it did occur. This is called the original or inherent risk and is measured by using the National Patient Safety Agency risk scoring matrix found at (appendix B (table 3). The risk scoring matrix is a systematic and common approach to quantifying all categories of risk. 14

15 7. The Governing Body Assurance Framework and Risk Registers The CCG has 3 main processes for reporting and managing risks as follows: 7.1. Governing Body Assurance Framework The Governing Body Assurance Framework (GBAF) is a requirement established by the Department of Health in Assurance: the Board Agenda in July The GBAF is a tool for the Governing Body to satisfy itself that risks are being managed and objectives are being achieved. The GBAF is compiled and maintained by the Head of Governance & Risk and contains all 15+ principal and strategic risks from Corporate Risk Registers. The purpose of the GBAF is to: Identify the main risks (15+) to achieving Enfield CCG s objectives, List and evaluate the mitigations in place to the reduce the likelihood or impact of the risk, Summarise the remedial or proposed actions that further mitigate the likelihood or impact of the risk. Summarise the controls, assurances and gaps relating to each main risk Corporate Risk Register The Corporate Risk Register contains strategic and operational risks with a rating of 8+. The Corporate Risk Register is compiled and maintained by the Risk Manager and is populated via corporate (8+) risks from Directorate/Service/Project Risk Registers Directorate/Service /Programme Risk Registers Directorate/Service /Programme Risk Registers provide a local record of all potential or actual risks for the CCG. Actions to mitigate these risks will be managed by the respective director in conjunction with the appropriate senior lead. Directorate/Service Risk Registers are compiled and maintained by locally nominated Service Risk Champions/Co-rdinator. Risks scoring 8+ should be escalated to the Risk Manager for the Corporate Risk Register and the Head of Governance & Risk for Assurance Framework risks rated as 15+. Directorate Risk Registers should be maintained and monitored via team meetings Datix Risk Management Software. All CCG risks are managed via the Datix risk management system. Datix captures risks at all levels within the organisation from operational (directorate) to strategic level as well as project risks. These risks can be prioritised in accordance with the CCG s Risk Management Strategy, thereby enabling its principal risks to be fed upwards onto the Assurance Framework. The key objectives of the Datix are to: Develop and use an agreed coding structure to satisfy the current and anticipated needs of the CCG and, as much as possible, to make risk grading easily understood by relevant managers and directors without compromising the CCG s risk management strategy; Make use of Datix system-wide codes for Risk Register(including Assurance Framework), project and programme risk register to enable easier sharing of information and risks across different directorates and services; Maximise the potential benefit of having an integrated risk management database within the CCG by ensuring that a standard set of reports, 15

16 accessible across the CCG for its relevant committees and for the Governing Body meetings; Centralise storage of related documents and information (assurance records) onto Datix Risk Register through the use of document templates, file uploads, attached documents from the internal drives. A system of trained Risk Champions has been established in each directorate who will be responsible for ensuring their department risk registers are managed and updated. A table of departmental Risk Registers, Risk Champions and Risk Owners can be found in the Datix manual on the Enfield CCG intranet. Risk register Owners are members of the Executive Team and are accountable for the identification, assessment and management/ mitigation of all risks in their area. Nominated Risk Champions ensure their risk register is updated liaising with Risk Leads/Owners. 8. Risk Reporting Arrangements The CCG Governing Body will review the BAF no less than four times a year. The BAF will have previously been scrutinised at the Audit Committee or CCG Executive. The BAF and Corporate Risk Register will be presented at every Audit Committee Meeting. The Corporate Risk Register will be presented to the Finance Recovery & QIPP Committee and Quality & Safety Committee no less than four times a year with specific focus on amber and red risks. To enable successful risk management and assurance reporting and ensure that it is embedded within the CCG, a monitoring and reporting structure has been established for both strategic, operational and project risk. The flowchart can be found in appendix and D. Section 5: Document consultation, approval & ratification 8.. Requirements 8.1. Open and Fair Culture The CCG supports an open, fair and a positive learning culture. A culture of openness is central to improving patient safety and the quality of healthcare systems. Encouraging openness and honesty about how and why things have gone wrong will help improve the safety of NHS services. However, disciplinary action may be appropriate to be considered in the following circumstances: Repeat occurrences of incidents involving the same individual Deliberate failure to report an incident Failure to co-operate fully in subsequent investigation 8.2. Training and support To ensure the successful implementation and maintenance of this Risk Management Strategy, committee members and staff will have access to appropriate advice, guidance, 16

17 information and training in order to carry out their respective responsibilities for risk control and risk assessment. All staff will receive mandatory training annually in health, fire & safety, including risk assessment and management, via the CCG s corporate learning and development programme. General awareness raising for staff is also undertaken through staff briefings, induction programmes and inclusion of relevant documents on the intranet. The Risk Management Strategy is accessible to all CCG staff via the CCG intranet Consultation and Communication with Stakeholders It is good practice to involve stakeholders, as appropriate, in all areas of the CCG s activities, and this includes informing and consulting on the management of any significant risks. Interested parties would include: Staff, patients and the public within the CCG s; Local politicians and the Secretary of State for Health; Statutory and voluntary agencies; Local Authority Health Scrutiny Committee; Primary Care practices; Patient and Public Involvement Forum/Links (Health Watch); and Health and Wellbeing Board. 9. Monitoring the Effectiveness of this Strategy The CCG monitors and reviews its performance in relation to the management of risk, and the continuing suitability and effectiveness of the systems and processes in place to manage risk through a programme of internal and external audit work, and through the oversight of the CCG Governing Body and Audit Committee Review and Revision of the Strategy The Risk Management Strategy will be reviewed on an annual basis by the Head of Governance and Risk Dissemination and Implementation This document will be made available to all employees via the CCG intranet and internet Equality and Diversity The CCG aims to design and implement services, policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. All policies and procedures should be developed in line with the CCG s Equality and Diversity policies. 17

18 10. Appendix A: Glossary and definitions of governance and risk terms A risk is an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives of a programme area. It is measured in terms of impact and likelihood. Risk Management is all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate and anticipate them, and monitoring and reviewing progress. Risk assessment is the process used to evaluate the risk and to determine whether precautions are adequate or more should be done. Consequence is a measure of the effect that the predicted harm, loss or damage would have on the people, property or objectives affected. Likelihood is a measure of the probability that the predicted harm, loss or damage will occur. The control of risk involves taking steps to reduce the risk from occurring such as application of policies or procedures. Strategic risk is a significant risk that will impact organisation wide and not just a directorate. Operational risk is a key risk, which impacts on a programme s operational achievement. An initial risk is the risk score before controls are applied. Controls are the systems and processes in place that mitigate the risk. Assurance Sources are internal or external evidence that risks are being effectively managed (e.g., Governing Body Reports, external audit report CQC reports, NHSE reviews). Gaps in Control or Assurance are where an additional system or process is needed, or evidence of effective management of the risk is lacking The action plan is how the identified gap is to be addressed and how the risk is to be diminished. External Audit the organisation appointed to fulfil the statutory functions in relation to providing an opinion on the annual accounts of ECCG Internal Audit the team, which may be part of ECCG or an outsourced provider, responsible for evaluating and forming an opinion of the robustness of the system of internal control Risk Appetite the level of risk considered the Trust is prepared to accept, tolerate or be exposed to at any point in time Risk Owner the individual who is responsible for the management and control of all aspects of individual risks. This is not necessarily the same as the action owner, as actions may be delegated Risk Champion the individual responsible for populating and updating departmental the Risk Registers and BAF Risk Rating the total risk score worked out by identifying the consequence and likelihood scores and cross referencing the scores on the risk matrix 18

19 Risk Register the tool for recording identified risks and monitoring actions and plans against them. Stakeholders person or persons with an interest in ECCG 11. Appendix B: Risk Scoring guidelines Introduction Risk management is a systematic and effective method of identifying risks and determining the most cost effective means to minimise or remove them. It is an essential part of any risk management programme and it encompasses the processes of risk analysis and risk evaluation. The Enfield CCG Governing Body ensures that the effort and resource that is spent on managing risk is proportionate to the risk itself. Enfield CCG has in place efficient assessment processes covering all areas of risk. To separate those risks that are unacceptable from those that are tolerable, risks should be evaluated in a consistent manner. Risks are usually analysed by combining estimates of consequence and likelihood in the context of existing control measures. The rating of a given risk is established using a two dimensional grid or matrix (table 3 below) with consequence as one axis and likelihood as the other. The following properties are essential for a risk assessment matrix: Simple to use Provides consistent results when used by staff from a variety of roles or professions Capable of assessing a broad range of risks including clinical, health and safety, financial risk or reputation This guidance can be used on its own as a tool for scoring risks, improving consistency and for training purposes. This guidance is integrated with the Governing Body approved Risk Management Strategy and should be used within the framework of Enfield CCGs strategic risk appetite (11.4) and risk management decision making process Guidance on Consequence Scoring When assessing a risk, the consequence or how bad the risk being assessed is must be measured. In this context consequence is defined as the outcome or potential outcome of an event. Clearly there may be more than one consequence of a single event. Consequences can be assessed and scored using qualitative data (Table 1). Whenever possible, consequences should be assessed against objective 19

20 definitions across different domains to ensure consistency in the risk assessment process. Despite defining consequence as objectively as possible it is inevitable that scoring the consequences of some risk will involve a degree of subjectivity. The information in Table 1 below should be used to obtain a consequence score. First define the risk explicitly in terms of the adverse consequence that might arise from the risk being assessed (see example below for cause and effect methodology). Then use Table 1 to determine the consequence score of the potential adverse outcomes relevant to the risk being evaluated. The examples given in Table 1 are not exhaustive How to Use Consequence (Table 1) Choose the most appropriate domain for the identified risk from the left hand side of the table. Then work along the columns in the same row to assess the severity of the risk on the scale of 1-5 to determine the consequence score which is the number given at the top of the column Consequence scoring 1= Negligible 2= Minor 3= Moderate 4= Major 5=Catastrophic Many issues need to be factored into the assessment of consequence. Some of these are: Does the organisation have a clear definition of what constitutes a minor injury? What measures are in place to determine psychological impact on individuals? What is defined as an adverse event and how many individuals may be affected? A single risk area may have multiple potential consequences and these may require separate assessment. It is also important to consider from whose perspective the risk is being assessed because this may affect the assessment of the risk itself, its consequences and the subsequent action taken. TABLE 1: ASSESSMENT OF THE SEVERITY OF THE CONSEQUENCE OF AN IDENTIFIED RISK: Choose the most appropriate domain for the identified risk from the left hand side of the table then work along the columns in same row to assess the severity of the risk on the scale of 1 to 5 to determine the consequence score, which is the number given at the top of the column. 20

21 Consequence score (severity levels) and examples of descriptors Domains Negligible Minor Moderate Major Catastrophic Impact on the safety of patients, staff or public (physical/psychological harm) Minimal injury requiring no/minimal intervention or treatment. No time off work Minor injury or illness, requiring minor intervention Requiring time off work for >3 days Increase in length of hospital stay by 1-3 days Moderate injury requiring professional intervention Requiring time off work for 4-14 days Increase in length of hospital stay by 4-15 days RIDDOR/agency reportable incident An event which impacts on a small number of patients Major injury leading to long-term incapacity/disability Requiring time off work for >14 days Increase in length of hospital stay by >15 days Mismanagement of patient care with long-term effects Incident leading to death Multiple permanent injuries or irreversible health effects An event which impacts on a large number of patients Quality/complaints/audit Human resources/ organisational development/staffing/ competence Peripheral element of treatment or service suboptimal Informal complaint/inquiry Short-term low staffing level that temporarily reduces service quality (< 1 day) Overall treatment or service suboptimal Formal complaint (stage 1) Local resolution Single failure to meet internal standards Minor implications for patient safety if unresolved Reduced performance rating if unresolved Low staffing level that reduces the service quality Treatment or service has significantly reduced effectiveness Formal complaint (stage 2) complaint Local resolution (with potential to go to independent review) Repeated failure to meet internal standards Major patient safety implications if findings are not acted on Late delivery of key objective/ service due to lack of staff Unsafe staffing level or competence (>1 day) Low staff morale Non-compliance with national standards with significant risk to patients if unresolved Multiple complaints/ independent review Low performance rating Critical report Uncertain delivery of key objective/service due to lack of staff Unsafe staffing level or competence (>5 days) Loss of key staff Totally unacceptable level or quality of treatment/service Gross failure of patient safety if findings not acted on Inquest/ombudsman inquiry Gross failure to meet national standards Non-delivery of key objective/service due to lack of staff Ongoing unsafe staffing levels or competence Loss of several key staff Poor staff attendance for mandatory/key training Very low staff morale No staff attending mandatory/ key training No staff attending mandatory training /key training on an ongoing basis 21

22 Statutory duty/ inspections No or minimal impact or breech of guidance/ statutory duty Breech of statutory legislation Reduced performance rating if unresolved Single breech in statutory duty Challenging external recommendations/ improvement notice Enforcement action Multiple breeches in statutory duty Improvement notices Multiple breeches in statutory duty Prosecution Complete systems change required Low performance rating Zero performance rating Adverse publicity/ reputation Business objectives/ projects Finance including claims Service/business interruption Environmental impact Rumours Potential for public concern Insignificant cost increase/ schedule slippage Small loss Risk of claim remote Loss/interruption of >1 hour Minimal or no impact on the environment Local media coverage short-term reduction in public confidence Elements of public expectation not being met <5 per cent over project budget Schedule slippage Loss of per cent of budget Claim less than 10,000 Loss/interruption of >8 hours Minor impact on environment Local media coverage long-term reduction in public confidence 5 10 per cent over project budget Schedule slippage Loss of per cent of budget Claim(s) between 10,000 and 100,000 Loss/interruption of >1 day Moderate impact on environment Critical report National media coverage with <3 days service well below reasonable public expectation Non-compliance with national per cent over project budget Schedule slippage Key objectives not met Uncertain delivery of key objective/loss of per cent of budget Claim(s) between 100,000 and 1 million Purchasers failing to pay on time Loss/interruption of >1 week Major impact on environment Severely critical report National media coverage with >3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence Incident leading >25 per cent over project budget Schedule slippage Key objectives not met Non-delivery of key objective/ Loss of >1 per cent of budget Failure to meet specification/ slippage Loss of contract / payment by results Claim(s) > 1 million Permanent loss of service or facility Catastrophic impact on environment Guidelines on Likelihood Scoring Once a specific area of risk has been assessed and its consequences score agreed, the likelihood of that consequence occurring can be identified by using Table 2 below which includes probability and frequency descriptions. As with the assessment of consequence the likelihood of a risk occurring is assigned a number from 1 to 5 the higher the number the more likely it is the consequence will occur: 1= Rare 2 =Unlikely 3= Possible 4 =Likely 5= Almost certain 22

23 When assessing likelihood it is important to take into consideration the controls already in place. The likelihood score is a reflection of how likely it is that the adverse consequence described will occur. Likelihood can be scored by considering: Frequency (how many times will the adverse consequence being accessed actually be realised?) or Probability (what is the chance the adverse consequence will occur in a given reference period?) What is the likelihood of the consequence occurring? The frequency-based score is appropriate in most circumstances and is easier to identify. It should be used whenever it is possible to identify a frequency Risk Scoring and grading The Risk scoring and grading process is as follows: a. Define the risk(s) explicitly in terms of the adverse consequence(s) that might arise from the risk. b. Use Table 1 to determine the consequence score(s) (C) for the potential adverse outcome(s) relevant to the risk being evaluated. c. Use Table 2 to determine the likelihood score(s) (L) for those adverse outcomes. If possible, score the likelihood by assigning a predicted frequency of occurrence of the adverse outcome. If this is not possible, assign a probability to the adverse outcome occurring within a given time frame, such as the lifetime of a project or a patient care episode. Use the probability descriptions to determine the most appropriate score. d. Calculate the risk score by multiplying the consequence by the likelihood: C (consequence) x L (likelihood) = RR (total risk score). e. The 5x5 risk matrix in Table 3 shows both numerical scoring and colour bandings. Enfield CCGs Risk Management Strategy is used to identify the level at which the risk will be managed in the CCG. A summary of this is in table 4 and section 11.4 below. Table 2: Likelihood (L) score What is the likelihood of the consequence occurring? Likelihood score Descriptor Rare Unlikely Possible Likely Almost certain Frequency This will Do not Might Will probably How often probably expect it to happen or Will undoubtedly happen/recur might never happen/recur recur happen/recur,possibly but it is not a it/does it happen/recur but it is occasionally frequently persisting happen possible it issue may do so Table 3 - Risk Matrix 23

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Complaints Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By: Policy Governance

More information

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY. Version 3 RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review

More information

Board of Directors 24 October 2014

Board of Directors 24 October 2014 Board of Directors 24 October 2014 AGENDA ITEM: Item 16 PRESENTED BY: Richard Jones, Trust Secretary & Head of Governance PREPARED BY: DATE PREPARED: 19 September 2014 Richard Jones, Trust Secretary &

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Quality and Engagement Sub Committee

Quality and Engagement Sub Committee Quality and Engagement Sub Committee 12 June 2012 Corporate Risk Register and Risk Management Strategy Executive Summary As part of authorisation, Blackpool Clinical Commissioning Group (CCG) must identify

More information

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control Hazard Identification, Risk Assessment and Management Procedure Reference: Date approved: Approving Body: Implementation Date: Version: 3 Documentation Control GG/CM/007 Trust Board Supersedes: Version

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,

More information

Risk Management Policy

Risk Management Policy K Risk Management Policy Reference Number Version Status Executive Lead(s) Name and Job Title Author(s) Name and Job Title 52 6 Current Neil Riley Trust Secretary Andy Challands Assurance Manager Approval

More information

A risk matrix for risk managers

A risk matrix for risk managers A risk matrix for risk managers January 008 Contents Introduction Guidance on consequence scoring 8 Guidance on likelihood scoring 0 Risk scoring and grading Relationship with incident scoring Conclusion

More information

AGENDA ITEM NO: 13.0. Meeting Title/Date: Governing Body - 21 July 2015. LNCCG Risk Management Strategy and Policy

AGENDA ITEM NO: 13.0. Meeting Title/Date: Governing Body - 21 July 2015. LNCCG Risk Management Strategy and Policy AGENDA ITEM NO: 13.0. Meeting Title/Date: Governing Body - 21 July 2015 Report Title: Paper Prepared By: Executive Sponsor: Committees where Paper Previously Presented: Background Paper(s): LNCCG Risk

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient

More information

Risk Management Strategy

Risk Management Strategy Authors Name & Title: Joan Matthews Risk Manager, Hazel Holmes Director of Nursing Scope: Trust Wide Classification: Non Clinical Strategy Replaces:, v3.1 To be read in conjunction with the following documents:

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

PM Governance. Executive Team ADCA ADCA

PM Governance. Executive Team ADCA ADCA Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Policy for the Investigation of Incidents, Complaints and Claims, including Analysis and Improvement

Policy for the Investigation of Incidents, Complaints and Claims, including Analysis and Improvement Policy for the Investigation of Incidents, Complaints and Claims, including Analysis and Improvement DOCUMENT CONTROL Version: 3 Ratified by: Risk Management Sub Group Date Ratified: 15 January 2013 Name

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Corporate Health and Safety Policy

Corporate Health and Safety Policy Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS

POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS APPROVED BY: South Gloucestershire Clinical Commissioning Group Quality and Governance Committee DATE August 2015 Date of Issue: August 2015 Version

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Number: THCCGCG0045 Version: V0d1 Executive Summary All incidents must be reported. This should be done as soon as practicable after the incident has been identified to ensure

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

RISK MANAGEMENT POLICY AND PROCEDURES

RISK MANAGEMENT POLICY AND PROCEDURES RISK MANAGEMENT POLICY AND PROCEDURES Version: 6.4 Authorisation Committee: Date of Authorisation: Ratification Committee Level 1 documents: Date of Ratification Level 1 document: Signature of ratifying

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Guide to the National Safety and Quality Health Service Standards for health service organisation boards Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian

More information

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training RISK MANAGEMENT STRATEGY and FRAMEWORK Including risk assessment, risk register, risk management process, risk committee and risk awareness training Document Reference: Document Owner: Accountable Committee:

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Risk Management in the HSE; An Information Handbook

Risk Management in the HSE; An Information Handbook Risk Management in the HSE; An Information Handbook Document reference number Revision number OQR011 Revision date October 2011 Review date Document developed by 5 Document approved by October 2013 Responsibility

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy A Summary for Patients & Visitors This leaflet has been designed to provide information on the Trust s Risk Management Strategy and how we involve patients and the public in reducing

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Clinical Governance and Workforce Committee Summary Report

Clinical Governance and Workforce Committee Summary Report Committee: Trust Board Meeting Date: 25 June 2015 This paper is for: Assurance and Information Title: Clinical Governance and Workforce Committee Summary Report Purpose: The purpose of this report is to

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience

More information

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Assessment Tool and Guidance (Including guidance on application) Risk Assessment Tool and Guidance (Including guidance on application) Document reference number Revision number OQR012 Document developed by 5 Document approved by Revision date October 2011 Responsibility

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

HEALTH AND SAFETY POLICY AND PROCEDURES

HEALTH AND SAFETY POLICY AND PROCEDURES HEALTH AND SAFETY POLICY AND PROCEDURES 1 Introduction 1. The Health and Safety at Work etc. Act 1974 places a legal duty on the University to prepare and revise as often as may be appropriate, a written

More information

Central Alerting System Policy

Central Alerting System Policy Central Alerting System Policy This procedural document supersedes: CORP/RISK 6 v.3 Medical Device Related Incidents and Central Alerting System Policy Did you print this document yourself? The Trust discourages

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Request for feedback on the revised Code of Governance for NHS Foundation Trusts Request for feedback on the revised Code of Governance for NHS Foundation Trusts Introduction 8 November 2013 One of Monitor s key objectives is to make sure that public providers are well led. To this

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Risk Management Strategy 2014-2017

Risk Management Strategy 2014-2017 Appendix 1 London Fire and Emergency Planning Authority London Fire Brigade Risk Management Strategy 2014-2017 Our Risk Management Strategy, together with our underpinning risk management framework and

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Disability ACT. Policy Management Framework

Disability ACT. Policy Management Framework Disability ACT Policy Management Framework OCT 2012 Disability ACT Policy Management Framework Version October 2012 Page 1 of 19 1. Context... 3 1.1 Purpose... 3 1.2 Scope... 3 1.3 Background... 3 1.4

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Policy and Procedure for Claims Management

Policy and Procedure for Claims Management Policy and Procedure for Claims Management RESPONSIBLE DIRECTOR: COMMUNICATIONS, PUBLIC ENGAGEMENT AND HUMAN RESOURCES EFFECTIVE FROM: 08/07/10 REVIEW DATE: 01/04/11 To be read in conjunction with: Complaints

More information

SAFETY and HEALTH MANAGEMENT STANDARDS

SAFETY and HEALTH MANAGEMENT STANDARDS SAFETY and HEALTH STANDARDS The Verve Energy Occupational Safety and Health Management Standards have been designed to: Meet the Recognised Industry Practices & Standards and AS/NZS 4801 Table of Contents

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Northern Ireland Blood Transfusion Service

Northern Ireland Blood Transfusion Service Northern Ireland Blood Transfusion Service Risk Management Strategy Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 12 CONTENTS

More information

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved

More information

Complaints Policy (Listening, Responding and Learning from Views and Concerns)

Complaints Policy (Listening, Responding and Learning from Views and Concerns) (Listening, Responding and Learning from Views and Concerns) Version 1.0 Ratified By Date Ratified 14 th November 2012 Author(s) Responsible Committee / Officers Date Issue 1 st April 2013 Review Date

More information

Job Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents.

Job Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents. Job Description Job Title Pay Band Base Dept./Team Responsible to Accountable to Responsible for Complaints, Incidents and Governance Manager New Alderley House, Macclesfield Eastern Cheshire Clinical

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2010 RISK MANAGEMENT STRATEGY 1 INTRODUCTION 1.1 What is Risk Management? 1.1.1 Risk can be defined as uncertainty of outcome (whether positive opportunity or negative threat).

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

TRUST SECURITY MANAGEMENT POLICY

TRUST SECURITY MANAGEMENT POLICY TRUST SECURITY MANAGEMENT POLICY EXECUTIVE SUMMARY The Board recognises that security management is an integral part of good, effective and efficient risk management practise and to be effective should

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY Version No: 1 Issue Status: awaiting Trust Board approval Date of Ratification: 11th April 2012 Ratified by: Risk Management Committee Policy Author(s): Stuart Coalwood

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Process for reporting and learning from serious incidents requiring investigation

Process for reporting and learning from serious incidents requiring investigation Process for reporting and learning from serious incidents requiring investigation Date: 9 March 2012 NHS South of England Process for reporting and learning from serious incidents requiring investigation

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

RISK MANAGEMENT STRATEGY 2014 2017 (UPDATED MAY 2015)

RISK MANAGEMENT STRATEGY 2014 2017 (UPDATED MAY 2015) RISK MANAGEMENT STRATEGY 2014 2017 (UPDATED MAY 2015) 1 Policy title Risk Management Strategy Policy RM12 reference Policy category Risk Relevant to All Trust staff Date published May 2015 Implementation

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have been applied

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information