Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health

Size: px
Start display at page:

Download "Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health"

Transcription

1 Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) Fax (02) Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health Document Number PD2015_043 Publication date 13-Oct-2015 Functional Sub group Corporate Administration - Governance Summary This Policy Directive describes the requirements for NSW Health organisations to establish, maintain and monitor risk management practices in accord with the Australian/New Zealand Standard ISO 31000:2009, consistent with whole of Government policies. Replaces Doc. No. Risk Management - Enterprise-Wide Policy and Framework - NSW Health [PD2009_039] Author Branch Legal and Regulatory Services Branch contact Legal and Regulatory Services space space Applies to Local Health Districts, Board Governed Statutory Health Corporations, Chief Executive Governed Statutory Health Corporations, Specialty Network Governed Statutory Health Corporations, Affiliated Health Organisations, Public Health System Support Division, Dental Schools and Clinics, NSW Ambulance Service, Ministry of Health, Public Health Units, Public Hospitals, NSW Health Pathology, Cancer Institute (NSW) space Audience Boards, Chief Executives, Directors, Health Service Managers, Audit and Risk Committees Distributed to Public Health System, NSW Ambulance Service, Ministry of Health Review date 13-Oct-2020 Policy Manual Not applicable File No. H15/24603 Status Active Director-General space This Policy Directive may be varied, withdrawn or replaced at any time. Compliance with this directive is mandatory for NSW Health and is a condition of subsidy for public health organisations.

2 PURPOSE ENTERPRISE-WIDE RISK MANAGEMENT POLICY STATEMENT Risks and being risk aware are an integral part of organisational operations and must be identified and managed at the appropriate level for an organisation to be effective. Opportunities and threats should be addressed through a risk management process in order to maintain and improve performance and achieve identified objectives. NSW Health is committed to developing a risk management culture, where risk is seen as integral to the achievement of our aims at all levels of the organisation. This Policy Directive outlines the minimum mandatory requirements for NSW Health staff in complying with risk management standards, consistent with Principle 1 and Core Requirement 1.1 and 1.2 of the NSW Treasury Policy TPP MANDATORY REQUIREMENTS Each Health organisation is required to implement a risk management approach in line with this Policy Directive and the attached Enterprise-Wide Risk Management Framework. In order to achieve this, health organisations must: Embed risk management into corporate governance, planning, financial, insurable, clinical, workforce management structures, operational service delivery, project management and support functions such as procurement and asset management Include risk management as a part of the strategic, operational and annual business planning activities of the organisation, its facilities and/or networks Have an up-to-date Risk Register in place Have a Risk Management Plan that identifies how the organisation will manage, record, monitor and address risk, and includes processes to escalate and report on risk to the Chief Executive, Audit and Risk Committee and Board, as appropriate Have in place processes to monitor and review the risk and governance system Consider nominating a senior executive (other than the Chief Audit Executive) to be responsible for designing the agency s risk management framework and coordinating, maintaining and embedding the framework in an agency. IMPLEMENTATION Ministry of Health will: Champion a culture of risk awareness and monitoring systemic risk across NSW Health Update and monitor compliance with this Policy Directive Identify systemic risk issues in consultation with health organisations, central agencies and accountability bodies Review quarterly risk register reports received from health organisations and provide regular feedback on system-wide trends PD2015_043 Issue date: October-2015 Page 1 of 3

3 Provide feedback to health organisations, based on quarterly reports received POLICY STATEMENT Monitor compliance with NSW Health annual Audit and Risk Attestation Statements Maintain the Ministry of Health Risk Register and formal reporting requirements. Chief Executives will: Champion risk management culture within their organisation that includes a focus on continuous improvement and identifying opportunities as well as risks Ensure the Risk Management Plan is implemented and the Risk Register is current Ensure appropriate resources are allocated to managing and monitoring risk and to implementing risk mitigation strategies identified through risk planning activities Allocate accountability for managing individual risks at an appropriately senior level to ensure risk mitigation strategies are implemented Communicate risk management requirements to management and staff Take appropriate action on risks reported or escalated Provide the Audit and Risk Committee and Board with regular reports on risks and management actions being taken to mitigate these risks Determine the level of management that will be delegated authority to accept risks Provide quarterly reports to the Ministry of Health on the organisation s top 10 risks inclusive of all extreme risks Approve the annual Audit and Risk Management Attestation Statement. Senior Managers have key responsibilities to: Promote risk management within their areas of responsibility, including communication of requirements to relevant staff Be accountable for risks and mitigating controls within their area of responsibility and take appropriate action on risks reported or escalated Report on changes and updates to the organisation Risk Register, including updates on risk management strategies, current risk ratings and emerging risks. Risk Owners have key responsibilities to: Manage the risk, including designing, implementing and monitoring actions to address (or risk treatments for) a particular risk Assess the effectiveness of existing controls and design improvements as required Escalate the risk for effective management as appropriate to the level of the risk. Organisation Board will: Ensure an effective risk management framework (including risk appetite and risk tolerance) is established and embedded into the clinical and corporate governance processes of the organisation Provide strategic oversight and monitoring of organisation s risk management activities and performance PD2015_043 Issue date: October-2015 Page 2 of 3

4 POLICY STATEMENT Seek information from the Chief Executive as necessary to satisfy itself that risks are being identified and mitigation strategies are in place and effective. Audit and Risk Committees, with support of the Internal Audit function, will: Operate in accordance with the Committee s Charter as approved under the Internal Audit Policy Directive (PD2010_039 or current) Monitor and review risk management attestation compliance and report to the Agency Head on risk management and control frameworks within the organisation Ensure audit plans for the organisation include appropriate consideration of risk. REVISION HISTORY Version Approved by Amendment notes PD2015_043 Deputy Secretary, Updated policy directive (October 2015) Governance, Workforce PD2009_003 (June 2009) ATTACHMENTS and Corporate Director General New policy directive 1. Risk Management Enterprise-Wide Risk Management Policy and Framework NSW Health: Procedures. PD2015_043 Issue date: October-2015 Page 3 of 3

5 Risk Management Enterprise-Wide Policy and Framework NSW Health Issue date: October 2015 PD2015_043

6 Risk Management Enterprise-Wide Policy and Framework NSW Health CONTENTS 1. BACKGROUND AND DEFINITIONS Key Definitions and Concepts The Australian Standard on Risk Management KEY CONCEPTS AND OBLIGATIONS What is risk and risk management? Why a risk management framework? How can you embed risk management within an organisation? Risk Management Tools in the Framework NSW Health Risk Categories NSW Health Risk Matrix Risk Rating Types Risk Escalation THE RISK MANAGEMENT METHODOLOGY Step 1 Communication and consultation Step 2 Establish the context Step 3 Identify Risks Step 4 Analyse Risks Step 5 Evaluate Risks Step 6 Treat Risks Step 7 Monitor and review RISK REGISTER AND REPORTING Organisation Risk Register Risk Reporting Organisation Level Reporting State-wide Reporting LIST OF RISK MANAGEMENT TOOLS (Web Links) REFERENCES PD2015_043 Issue date: October-2015 Contents page

7 1. BACKGROUND AND DEFINITIONS This document describes the structures and processes Heath organisations are required to use to manage risks. The systematic process described here applies to all services obtained or provided internally or externally, and takes into account both clinical and non-clinical (service) reporting structures. It can be applied to any risk, regardless of severity. TPP15-03 Internal Audit and Risk Management Policy for the NSW Public Sector issued by NSW Treasury ( the Treasury Policy ) establishes whole of Government standards to support effective corporate governance and risk management practices across the NSW public sector. To this end the Treasury Policy sets out Core Principles and Core Requirements, including Risk Management. This requires organisations to establish and maintain an enterprise risk management process appropriate to their operations and adopts the Australian New Zealand Standard on Risk Management, to ensure common and generally accepted risk management terminology and processes are applied across Government. The current standards are AS/NZS ISO 31000:2009 (Risk Management Principles and Guidelines). NSW Health is committed to developing a risk management culture, where risk is seen as integral to the achievement of our aims at all levels of the organisation and where all staff are alert to risks, capable of an appropriate level of risk assessment and confident to report risk or opportunities perceived to be important in relation to each Health organisation s priorities. The Framework complements other NSW Health policy directives (such as those for incident management and workplace health and safety) and other key programs or initiatives specifically designed for the identification and management of individual incidents. The Framework is structured in 6 parts: Part 1 Background and Definitions Part 2 Key Concepts and Obligations Part 3 The Risk Management Methodology Part 4 Risk Registers and Reporting Part 5 List of Risk Management Tools (web links) Part 6 References 1.1 Key Definitions and Concepts The following definitions are used in this Framework: The Australian (AS/NZS ISO 31000:2009) means the Australian/New Zealand Standard Consequence and International Standard on Risk Management. means the outcome of an event that has a positive or negative effect on objectives. PD2015_043 Issue date: October-2015 Page 1 of 29

8 Current risk is a level of risk at a point in time. Subsequent re-assessments of risk rating usually made as a part of the review of the actual effectiveness of any additional controls, is referred to as Current risk rating. Health organisation means a Local Health District, Specialty Health Network, Statutory Health Corporation, Units of the Health Administration Corporation (including the NSW Ambulance Service, HealthShare NSW, ehealth NSW, Health Infrastructure and NSW Health Pathology), the Ministry of Health and health bodies established under their own statute, including the Cancer Institute of NSW and the NSW Institute of Psychiatry. Initial risk Likelihood Projected risk Risk is the first time the level of risk is assessed. The term is synonymous with the term Inherent Risk Rating. is the chance of something happening (whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and described using general terms or mathematically). is the level of risk assessed on the assumption that additional controls (additional treatments or mitigation) are in place. The term is synonymous with the terms Targeted Risk and Residual Risk. is the chance of something happening that will have an impact on an organisation s objectives. May be a positive or negative impact, and is measured in terms of impact and likelihood. Risk is also defined in the Australian Standards as the effect of uncertainty on objectives. Risk Management is generally understood as coordinated activities to direct and control an organisation, with regard to risk. The Australian Standards refer to risk management as including the the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk. Risk owner is the officer designated as responsible for designing, implementing and monitoring actions to address (or risk treatments for) a particular risk. Risk Management sets out the organisations strategies for implementing and Plan maintaining a robust risk management framework, including activities, resources, responsibilities and timeframes. Risk Matrix means the NSW Health Risk Matrix, set out in Table 3 of this Policy Directive. Risk Treatment means an action identified to address or mitigate a risk. PD2015_043 Issue date: October-2015 Page 2 of 29

9 Stakeholder Strategic risks is a person or an organisation that can affect or be affected by a decision or an activity and includes those who have the perception that a decision or an activity can affect them; can be internal or external. are a source of uncertainty that may arise from a Health organisation s pursuit of a strategic objective, performance indicator or health system/support outcome. For example, a strategic risk might arise from substandard execution of decisions, inadequate resource allocation, or a failure to respond well to changes in the business environment or to failure to take advantage of untapped opportunities. 1.2 The Australian Standard on Risk Management The Australian Standard has been adopted by the NSW Government to ensure consistent terminology and to guide the approach of NSW public sector agencies. The Standard is not therefore a compliance standard, but provides a generic and flexible set of principles for risk management practice that can be applied to a wide range of activities and includes: An outline of the benefits to an organisation for adopting a consistent, systematic and integrated approach to managing risks and opportunities Concepts to be adopted when designing and implementing a risk management framework A focus on integrating risk management into organisation culture, creating continual improvement and best practice. How an organisation applies the Standard will depend on its size, nature, complexity and objectives, and maturity in risk management. Common features should include: A commitment by the executive to risk management A process which outlines how risks are to be managed A process in how risks are to be monitored and reported Clear accountabilities for the management of risks A process to review and improve on the local risk management procedure/plan. The Table 1 illustrates the relationships between the risk management principles, framework and process. Paragraph references are to the Australian Standards. The Standard forms the basis of the NSW Health Framework, as set out in the following Parts. PD2015_043 Issue date: October-2015 Page 3 of 29

10 (Extract from AS/NZS ISO 31000: Risk management Principles and guidelines) Table 1. PD2015_043 Issue date: October-2015 Page 4 of 29

11 2 KEY CONCEPTS AND OBLIGATIONS 2.1 What is risk and risk management? Risk is the effect of uncertainty on objectives with a likelihood and frequency that something will occur. Risk is expressed in terms of consequence or impact (How bad will an event be if it happens?) and likelihood (How likely is it that the event will happen?) As the outcomes of operational and business activities can be uncertain, they are said to have some element of risk. In the Health context, risks can contribute to strategic failures, operational failures, failures in quality and safety systems, financial failures, major environmental or public health incidents, deficiencies or ineffective plant or equipment, or failures in regulatory compliance. Risk management involves identifying the types of risk exposure within an organisation, measuring those potential risks and proposing means to mitigate them. While it is impossible to remove all risk, it is important for organisations to understand their risks and manage and identify the level of risk they are willing to accept in the overall context of effective operation and service provision. Risk management is essential to good management practice and effective corporate governance and ensures decisions are made with sufficient information about risks and opportunities. 2.2 Why a risk management framework? Managing risks identifying, assessing and controlling them is part of everyday activity throughout the NSW public health system. By identifying risks, a Health organisation is identifying any threats or opportunities in achieving its goals and objectives, as outlined in the Service Agreement or Agency Compacts and organisation planning documents and at a public health system level in the State Plan NSW 2021 and the State Health Plan. A Risk Management Framework provides a structure for a consistent risk management approach and for embedding risk management across all operations. An effective framework involves the examination of all aspects of an organisation s functions and responsibilities in order to identify and manage opportunities and threats. This includes, for example, consideration of risk and opportunities during: Strategic, business, service and workforce planning Budget planning and monitoring Planning, development and implementation of new service delivery methods, programs, clinics or projects Planning, development, implementation and maintenance of new and existing information technology hardware and software systems PD2015_043 Issue date: October-2015 Page 5 of 29

12 Development and implementation of new or revised policies, procedures and guidelines Changes to service delivery, projects or agreed levels of activity Planning and implementing capital projects and programs Procurement and acquisitions processes. Applying the framework helps management to make decisions that impartially and systematically consider both opportunities and threats. The framework also helps management and staff to prepare for and deal with risks in a timely manner, and the process of reviewing risks will allow new risks to emerge. 2.3 How can you embed risk management within an organisation? To integrate risk into everyday activities, it is essential to define responsibilities and accountabilities for staff in relation to risk management. Staff must understand what risks they are accountable for, and what activities and actions must be taken to manage those risks. Risk management must also be supported at the most senior level of the organisation, to ensure it is integrated into, and not viewed as separate from, core operational activities and to ensure accountabilities and responsibilities are clearly defined. Some ways of embedding risk in organisation operations and achieving greater engagement of staff across the organisation are: Including risk management accountabilities and expectations in internal performance management systems, both informal and formal, to support a culture where by risk and opportunities are proactively managed and learnings are shared Including consideration of risk in the terms of reference of significant organisation committees (e.g. committees overseeing quality and safety, infection control, disaster management) to engage them in identifying, monitoring and reviewing risks relevant to their area of oversight Ensuring risks identified by the organisation are allocated a risk owner to oversee the management of a risk. The risk owner should be sufficiently senior to properly direct and implement risk controls and assess their effectiveness. As such, while they should be knowledgeable about the risk, they will not generally be the person who implements the actions required to address the identified risk Ensuring local processes focus on risks being managed at as low a level as reasonably practicable, but also ensure there are processes are in place for staff to identify and escalate risks as the need arises to a more senior management for consideration, review and appropriate management action and direction to be given Ensuring senior executives and senior management accept responsibility for promoting risk management within the organisation, designing the organisations risk management framework and for the day-to-day activities associated with coordinating, maintaining and embedding the framework in day to day business. PD2015_043 Issue date: October-2015 Page 6 of 29

13 All staff are expected to manage risks in their own area, and within their capacity and delegation of authority. Risks that are beyond a staff member's capacity or delegation of authority need to be escalated to a higher level of management for review. Any subsequent mitigation should be communicated to the staff member who identified the risk. Reporting or communicating risks in this way will help to prevent errors, improve care and performance and achieve business objectives. 2.4 Risk Management Tools in the Framework An effective risk management system requires the application of consistent processes for identifying and categorising risk. The Framework sets out four main tools in this regard in the following subsections NSW Health Risk Categories Categorising risks supports identification of risks across all key aspects of a health organisation s business. They also assist in reporting and allow comparison and assessment across the wider health system. To this end a set of NSW Health Risk Categories has been developed (Table 2), including relevant examples. Table 2 NSW Health risk category Clinical Care and Patient Safety Health of the Population Examples of areas to consider within category Clinical KPIs in organisation Service Agreement Access appropriate to needs and prioritised according to clinical need Care evaluation, clinical handover, clinical ethics, clinical pathways and variance analysis Clinical quality improvement and clinical practice improvement Decision making at end of life and mortality management Discharge and transfer of care and recognition and management of deteriorating patients Ongoing care and management of chronic disease Patient safety, including infection control, medication safety and response to complaints and concerns about clinicians and near miss or incident trends Protection of children and others who are unable to care for themselves while accessing health services Monitor the continuum of care and clinical performance across the State Community health Disease prevention and control Human behaviour and demographics Health protection and surveillance Clinical strategic direction, planning, monitoring and performance of population health services across the State PD2015_043 Issue date: October-2015 Page 7 of 29

14 NSW Health risk category Workforce Communication and Information Facilities and Assets Security Emergency Management Examples of areas to consider within category Continuing education, learning and professional development Human resources performance management Claims (including general insurance) Organisational culture, Recruitment selection, credentialing, retention and appointment, including internationally trained medical officers Succession planning Workplace relations, including grievances Visiting medical officers, contracts and volunteers Hardware infrastructure (switchboards, pager systems, etc.) Information and data management system Informed consent Privacy and confidentiality Knowledge management Records management Risk communication Alerts Software Staff communication Technology and technical issues Release of information Digital Information Security eg. electronic medical record Social Media Assets management, including buildings, equipment, land, plant, vehicles, supplies and utilities Catering and food hygiene Preventative, repairs and maintenance Minor & Capital works Procurement Access and controls Identification Surveillance/CCTV Personal threat Security management Security monitoring Business continuity planning, management and resilience Infectious disease outbreaks, including emerging infectious diseases, and other biological threats Drinking water, pharmaceutical, food or other contamination Natural disasters, (eg. Extreme weather event) Man-made disasters (eg widespread power failure, explosion) Chemical, radiation or hazardous material incident PD2015_043 Issue date: October-2015 Page 8 of 29

15 NSW Health risk category Legal Finance Work Health & Safety Environmental Leadership and Management Community Expectations Examples of areas to consider within category Litigation Commercial and legal management Contract management Intellectual property Regulatory Compliance Fraud Medical indemnity insurance and Treasury managed fund Operational budgets and financial performance requirements under Service Agreements Public liability Administration, including accommodation, payroll and transport and travel Commercial income Procurement of goods and services, maintenance and contracts management Workplace health and safety Workers compensation and injury management Contractor non compliance Air quality, heating, noise, lighting and radiation Hazardous substances and dangerous good Waste management Cleaning services Infection control Complaints and compliments management Credentialing and delineation of clinical privileges Economic circumstances Effective Leadership Enquiries and ministerials External and internal auditing Governance structures, delegations and financial management Legislative compliance Monitoring performance Performance Management Political circumstances Professional development and Mentoring Reputation and image Resource accountability Service Agreement requirements Strategic and operational planning Succession planning Access to services Consumer engagement and empowerment, and stakeholders expectations Consumer feedback, cultural and special needs, planned and delivered in partnership with patient rights and responsibilities The right care and services including the protection of children provided in the right setting within appropriate timeframes PD2015_043 Issue date: October-2015 Page 9 of 29

16 2.4.2 NSW Health Risk Matrix The Risk Matrix (Table 3) was developed in 2009 to support classification of risks across the public health system with specific reference to the indicia relevant to health service providers. The Matrix provides a tool to apply a severity rating to each risk, by assessing the potential consequence of the risk and its likelihood of occurring. The Risk Matrix is required to be used for assessment and management of Health organisation risks, development of organisation Risk Registers, and forms the basis for reporting at the local, Chief Executive, Board (where applicable), Audit and Risk Committee and to the Ministry of Health (State-wide level). Rating the risk The Consequence and Likelihood descriptors are used to determine the possible outcome if the risk were to occur, which in turn provides the overall risk rating. The Risk Matrix should be used to determine the initial, current and projected risk ratings. In rating risks, it is important to use the matrix and follow these steps: Step 1 rank the consequence Step 2 rank the likelihood (probability/frequency) Step 3 classify the level of risk Step 1 Rank the consequence For each identified risk, determine the consequence of the event occurring (from catastrophic to minimal), using the examples contained within the NSW Health Risk Matrix, as a guide. Step 2 Rank the likelihood (probability / frequency) For each identified risk, determine the likelihood that the event will occur. Step 3 Classify the level of risk Once the consequence and likelihood of each risk has been determined, the position on the NSW Health Risk Matrix is represented alphabetically, from A to Y. The alphabetical representation highlights the risk position in relation to its consequence and likelihood, in doing this it clarifies the context of the risk position (risk rating). PD2015_043 Issue date: October-2015 Page 10 of 29

17 NSW Health Risk Matrix Risk rating Red = Extreme (A E) Orange = High (F K) Yellow = Medium (L T) Action required Escalate to CE or Head of Health service or Secretary, MoH A detailed action plan must be implemented to reduce risk rating with at least monthly monitoring and reporting. Escalate to Senior Management A detailed action plan must be implemented to reduce risk rating. Specify Management Accountability and Responsibility Monitor trends and put in place improvement plans. NSW HEALTH RISK CATEGORIES Clinical Care & Patient Safety Health of the Population Workforce Communication & Information Facilities & Assets Security Emergency Management Legal Finance Work Health & Safety Environmental CONSEQUENCE EXAMPLES Catastrophic Major Moderate Minor Minimal Unexpected multiple patient deaths unrelated to the natural course of the illness. An increase in the prevalence of known conditions contributing to chronic diseases across the state-wide population health KPI categories currently measured by NSW Health and or an increase of more than 10% in one or more category. Unplanned cessation of a critical statewide program or service or multiple programs and services. Cessation of services due to loss, damage or unauthorised access to property, assets, records and information. State-wide system dysfunction resulting in total shutdown of service delivery or operations. Legal judgement, claim, non compliance with legislation resulting in indeterminate or prolonged suspension of service delivery. More than 5% over budget NOT recoverable within the current or following financial year. Unable to pay staff or finance critical services. Multiple deaths or life threatening injuries or illness to non-patients. Permanent effect on the environment or is unlikely to recover. Unexpected patient death or permanent loss/reduction of bodily function unrelated to the natural course of the illness. Failure to materially reduce the prevalence of known conditions contributing to chronic disease across the majority of the state-wide population health KPI categories measured by NSW Health and or an increase of more than 5% up to 10% in one or more category. Unplanned cessation of a service or program availability within a Service Area with possible flow on to other locations. Prolonged service disruption or suspension of services due to the loss, damage or unauthorised access to property, assets, records and information. Services compromised as service providers are unable to provide effective support and other areas of NSW Health are known to be affected. Legal judgement, claim, non compliance with legislation resulting in medium term suspension of service delivery. Up to 5% over budget or a material overrun NOT recoverable within the current financial year. Unable to pay creditors within MOH benchmark. Death or life threatening injury or illness causing hospitalisation of non-patients. Long term effect on the environment. The environment will only recover through external assistance / intervention (EPA) Unexpected temporary reduction of patient s bodily function unrelated to the natural course of the illness which differs from the expected outcome. Failure to materially reduce the prevalence of more than one of the known conditions contributing to chronic disease from the statewide population KPI categories measured by NSW Health and or an increase of more than 2% and up to 5% in one or more category. Unplanned restrictions to services and programs in multiple locations or a whole hospital or community service. Temporary suspension of services due to the loss, damage or unauthorised access to property, assets, records and information. Disruption of a number of services within a location with possible flow on to other locations in the area. Legal judgement, claim, non-compliance with legislation resulting in medium term but temporary suspension to services. Up to 5% over budget but recoverable within current financial year. Serious harm, injury or illness causing hospitalisation or multiple medical treatment cases for non-patients. Short term effect on the environment. Environment likely to make a full recovery through local planning and response measures. Patient s care level has increased unrelated to the natural course of the illness. Failure to reduce the prevalence of one of the known conditions contributing to chronic disease from the state-wide population health KPI categories measured by NSW Health or an increase of up to 2% in one or more category. Unplanned service delivery or program delays localised to department or community service. Localised disruption to services. Minor loss, damage or unauthorised access to property, assets, records and information. Some disruption within a location but manageable by altering operational routine. Legal judgement, claim, noncompliance with legislation resulting in short term disruption to services. Up to 1% temporarily over budget and recoverable within current financial year Minor harm, injury or illness to a nonpatient where treatment or First Aid is required. Minor effect on the environment. Environment to make a full recovery by routine procedures First Aid provided to patient unrelated to the natural course of the illness. A preventative Health program has not demonstrably met planned objectives but the prevalence of known condition is continuing to decrease in line with KPI targets. Minimal effect on service delivery. Minimal effect on services. No loss or damage to property, assets, records or information. No interruption to services. Legal judgement, claim or legislative change but no impact on service delivery. Less than 1% over budget. Temporary loss of or unplanned expenditure related to individual program or project but no net impact on budget. Harm, injury or illness not requiring immediate medical treatment. No lasting effect on the environment. Green = Low (U Y) Manage by routine procedures Monitor trends. Leadership and Management Community Expectations Failure to meet critical priority KPI s included in the service s performance agreement. Sustained adverse national publicity. Significant loss of public confidence, loss of reputation and/or media interest across NSW in services. Failure to meet a significant number of priority KPI s included in the service s performance agreement. Sustained adverse publicity at a state-wide level leading to the requirement for external intervention. Systemic and sustained loss of public support/opinion across a service. Failure to meet a number of priority KPI s included in the services performance agreement. Increasing and broadening adverse publicity at a local level, loss of consumer confidence, escalating patient/consumer complaints. Extended loss of public support/opinion for a Facility/Service. Failure to meet one or more of the KPI s (excluding priority KPI s) included in the service s performance agreement. Periodic loss of public support. Minimal impact on local operations, local management review and occasional adverse local publicity. CONSEQUENCE RATINGS Probability Frequency Catastrophic Major Moderate Minor Minimal > 95% to 100% Several times a week > 70% to 95 % Table 3 Monthly or several times a year LIKELIHOOD Almost certain A D J P S Likely B E K Q T > 30% to 70% Once every 1-2 years Possible C H M R W > 5% to 30% Once every 2 5 years Unlikely F I N U X < 5% Greater than once every 5 years Rare G L O V Y PD2015_043 Issue date: October-2015 Page 11 of 29

18 2.4.3 Risk Rating Types The Risk Matrix should also be used to monitor progress through allocating a risk rating to each risk. These Risk Ratings form a key element of the organisation Risk Register as follows: Initial Risk Rating This is the initial risk, in the absence of any controls or mitigation strategies. The Initial Risk Rating will assist determining the importance of existing controls and the extent to which place are relied on to control the risk. Current Risk Rating Once an Initial Risk Rating is determined, identification of any existing controls in place will establish the Current Risk Rating. The Current Risk Rating will vary from time to time, depending on the effectiveness of those controls. The Current Risk Rating should be assessed regularly, as part of internal and external reporting and to check effectiveness of control strategies or identify any further strategies which may need to be employed. Being a progressive rating of the risk, the Current Risk Rating is usually based on partial implementation of the additional controls at a point in time. It should be noted that when a new risk is identified it is possible that the initial and Current Risk Rating will be the same, until such time as controls/treatments identified begin to be implemented. Projected Risk Rating The Projected Risk Rating will reflect the Current Risk Rating after any additional mitigation strategies are put in place. The Target Risk Rating therefore reflects the expected future level of the risk if and when all treatments (including those currently in train) are successfully implemented Risk Escalation All staff are responsible for identifying risks and reporting those risks to their managers for assessment. External stakeholders can also raise awareness of risks in health services. Once a risk has been identified, managers are responsible for assessing the risk using the NSW Health Risk Matrix. If a risk is beyond the manager s control or delegation to effectively control or mitigate the risk, the manager should escalate the risk to an appropriate, more senior level of management. This process should follow the governance and reporting structure that exist within the Health organisation. There is a direct link between the severity of a risk and the management level to which it should be escalated for action. The greater the risk, the more attention is required from senior management and the executive. The NSW Health risk escalator (Table 4) shows the communication flow to the appropriate authority, consistent with the NSW Health Risk Matrix. PD2015_043 Issue date: October-2015 Page 12 of 29

19 Risk rating Red = extreme (A E) Orange = high (F K) Yellow = medium (L T) Green = low (U Y) Action required Escalate to Chief Executive or head of health service Implement a detailed action plan to reduce risk rating Escalate to senior management Implement a detailed action plan to reduce risk rating Specify management accountability and responsibility Monitor trends and plan for improvement Manage by routine procedures Monitor trends Table 4 PD2015_043 Issue date: October-2015 Page 13 of 29

20 3 THE RISK MANAGEMENT METHODOLOGY The following 7 steps provide a methodology for identifying, assessing, and (where appropriate) addressing organisation risks, and for determining matters which should be recorded in the health organisation Risk Register. The methodology is based on the Australian Standard. The main elements of the methodology, set out in detail in the following paragraphs are as follows: Step 1 Communication and consultation Step 2 Establish the context Step 3 Identify risks Step 4 Analyse risks Step 5 Evaluate risks Step 6 Treat risks Step 7 Monitor and review risks (Steps 3 5 taken together are described as risk assessment ). 3.1 Step 1 Communication and consultation Communication and consultation are continual or iterative processes undertaken to provide, share or obtain information and to engage stakeholders about the management of risk. They are vital aspects of good risk management, and should be used in each step of the risk management process. A consultative approach to the risk process will: Help establish the risk context appropriately Help ensure that the interests of stakeholders are understood and considered Help ensure that risks are adequately identified and defined Ensure a common understanding across the organisation of the risks and strategies to address them Bring different areas of expertise together for analysing risks Help ensure that different views are appropriately considered when defining risk criteria and in evaluating risks Secure endorsement and support for a treatment plan PD2015_043 Issue date: October-2015 Page 14 of 29

21 Enhance appropriate change management during the risk management process. Some actions to take include: Develop a communication strategy for Enterprise-Wide Risk Management. Ensure that the strategy highlights the relevance of risk management to planning, performance, quality and safety, so that risk management becomes part of everyday business Review planning and reporting arrangements to ensure risk and risk management is embedded in the core business and reporting processes of the organisation. If a risk is assessed as having reached its projected rating, ensure that the risk is regularly monitored and reviewed, for example, by the owner of the risk or through team meetings and risk workshops. 3.2 Step 2 Establish the context Defines the context and scope for the organisation risk assessment. To establish the context, it is necessary to consider the strategic, organisational and risk management context in which risks will be managed. This means considering both the internal and external environment. First, consider the following three contexts for the organisation: Strategic Organisational consider the relationship between the organisation and its environment including reputational risk; identify the organisation s strengths, weaknesses, opportunities and threats; consider elements that might support or impair the organisation s ability to successfully manage risks. consider the organisation and its capabilities, including goals and objectives, and the strategies in place to achieve them; align risk management with the organisation s Service Agreement or Compact and consider NSW Health strategic and corporate plans Risk management consider the goals, objectives, strategies, scope and parameters of the risk management process, including the benefits, costs and opportunities of risk management activities and the required PD2015_043 Issue date: October-2015 Page 15 of 29

22 resources. Once the context has been considered: Develop / Use criteria evaluating risk Decide structure Use criteria in the Risk Matrix to evaluate the risk having regard to: organisations objectives outlined in key strategic and the operational documents such as LHD/SHN Service Agreements/Agency Compacts and plans linked to system wide and state-wide plans (such as the State Health Plan and NSW 2021); to be used to establish context, to ensure that it does not overlook any significant risks. Questions that may assist in establishing the context include: What is the policy, program, process or activity? What are the KPIs? Who are the stakeholders? What are the major outcomes expected? What are the significant factors in the organisation that have an impact on this area (for example: operational, environmental, social, community expectations, and technological)? What were the issues identified by previous reviews? What is the best way of structuring risk identification? What risk criteria should be established? What are the cost and revenue considerations? PD2015_043 Issue date: October-2015 Page 16 of 29

23 3.3 Step 3 Identify Risks Identifying risks involves asking: What can happen? and how can it happen? To determine what can happen, it is necessary to compile a comprehensive list of events that might affect the organisation, including sources of risk and areas affected. The aim is to identify all risks, regardless of whether they are within the control of the organisation. The process needs to be systematic and structured, to ensure all potential risks have been identified and considered. The identification of risk can be by an individual or through structured group process, as described below in Table 5. Methods for identifying risks and opportunities Risk identification group Structured risk and opportunity identification process Table 5 Examples Department/Unit planning process Risk workshops Risk profiling Techniques such as strengths, weaknesses, opportunities, threats (SWOT) analysis; brainstorming; analysis of systems or scenarios Risk identification through normal organisation activities Assessment against standards Incident or complaint Team meetings Managers forums Briefings Informal ad hoc meetings Routine data collection and in-patient data sets Stakeholder feedback Clinical quality reviews and audits Internal or external audits Accreditation reviews or other external reviews Workplace Health and Safety (WHS) and injury management (IM) profile audits Observation Professional judgement (from knowledge of standards) Adverse events and incident reporting Patient complaints Health Care Complaints Commission Independent Commission Against Corruption Ombudsman Coroners PD2015_043 Issue date: October-2015 Page 17 of 29

24 Internal Investigation processes Root cause analysis conduct investigations Generic sources of risk might include commercial and legal relationships, budgetary issues, human behaviour, clinical issues, natural events, political circumstances, technological issues or management activities. The categories of risk adopted for NSW Health are set out in Table 2. Questions that may assist in identifying risks: What are we trying to achieve? What are our KPIs or performance criteria? What is going to stop us from achieving our KPIs or performance? What could help us to achieve it & how? What is in our way of getting there & why? How likely what impact? What has to be done? How much will / may it cost? When should it be done? How quickly do we need to respond to prevent/reduce the impact if it does go wrong / realise the opportunities? Who is the Risk Owner accountable for mitigation? What could go wrong and how it could go wrong? What opportunities exist and how can they be realised? What resources do we already have to enable our actions to succeed? If required, can we obtain additional resources? Who else (internal / external stakeholders) needs to know or be involved? Once a risk is identified the risk needs to be described concisely, setting out what the risk is, what it is affecting, and how it impacts on objective(s). This description is important as it is where the risk story is told. It must make a reader understand the impact the risk has on the objectives. It should stand on its own, and be able to be understood by those not necessarily familiar with the background detail. This in turn ensures a common understanding across different operational and management levels as to the nature and consequences of the particular risks. PD2015_043 Issue date: October-2015 Page 18 of 29

25 3.4 Step 4 Analyse Risks Involves understanding the risks requiring action, and then ranking those risks so that resources to treat risks can be allocated to those of greater priority. Risks are analysed by combining estimates of likelihood and consequences, using the NSW Health Risk Matrix Table 3. The aim is to understand the nature of risk, and determine the risk before treatment. Analysis can be qualitative or quantitative, or a combination of both. Questions that may assist when using the Matrix include: What are the potential adverse (threats) consequences of each risk if they occur? What is the potential likelihood (probability) or frequency of the risks happening? What current controls exist to prevent, detect or correct the consequences or likelihood of the risk? PD2015_043 Issue date: October-2015 Page 19 of 29

26 3.5 Step 5 Evaluate Risks Develop a prioritised list of risks requiring attention. When the risk has been rated, the risk level needs to be compared with the Health organisation s management s acceptable level of risk or risk tolerance. Evaluating risks involves comparing the level of risk determined at Step 4 (Risk Analysis) against predetermined criteria, to decide if a level of risk is acceptable as is (referred to as within the tolerance level ), or action is needed to mitigate the risk (ie it needs to be treated ). This requires risk tolerance, which simply means the risk owners review the risk information in their area of responsibility to ensure the information, assessment and actions are reasonable and whether the risk is within the tolerance level. A range of issues arise in determining at what point to classify a risk as acceptable. Appetite for taking on a particular risk will vary from one manager or clinician to another: a risk that is acceptable to one person may be unacceptable to someone else. There is also likely to be different perspectives of risk at different levels of management from unit to department to executive level. Some key issues to consider in risk evaluation are: A decision must be taken on whether to accept or reject the risk, and if the latter to identify controls (see Step 6) Failure to make this decision means the risk has been accepted by default. A risk owner may decide to accept the risk with the current treatments / controls, and this is acceptable if it is within their delegation of authority. Organisations should neverthless have processes in place for review and oversight of risk evaluation to ensure consistency across the organisation and consideration and acceptance of tolerance levels/evaluations at Chief Executive / Board level. PD2015_043 Issue date: October-2015 Page 20 of 29

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

APPLICABLE TO: Flow Systems Group and all employees. Risk Management

APPLICABLE TO: Flow Systems Group and all employees. Risk Management PURPOSE: Flow Systems is committed to managing its risks and ensuring compliance with all relevant laws and regulations in a proactive, on-going and positive manner. This document outlines Flow s Risk

More information

Clinical Trials - Insurance and Indemnity

Clinical Trials - Insurance and Indemnity Policy Directive Clinical Trials - Insurance and Indemnity Document Number PD2011_006 Publication date 25-Jan-2011 Functional Sub group Corporate Administration - Governance Clinical/ Patient Services

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Guide to the National Safety and Quality Health Service Standards for health service organisation boards Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Managing for Performance. Functional Sub group Personnel/Workforce - Conditions of employment Personnel/Workforce - Learning and Development

Managing for Performance. Functional Sub group Personnel/Workforce - Conditions of employment Personnel/Workforce - Learning and Development Policy Directive Document Number PD2013_034 Publication date 17-Oct-2013 Managing for Performance Functional Sub group Personnel/Workforce - Conditions of employment Personnel/Workforce - Learning and

More information

Managing Risk in Procurement Guideline

Managing Risk in Procurement Guideline Guideline DECD 14/10038 Managing Risk in Procurement Guideline Summary The Managing Risk in Procurement Guideline assists in the identification and minimisation of risks involved in the acquisition of

More information

RISK MANAGEMENT FOR INFRASTRUCTURE

RISK MANAGEMENT FOR INFRASTRUCTURE RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Risk management framework

Risk management framework Risk management framework Security classification: PUBLIC Reference number: DSITI:FW:001P Policy owner: Executive Director, Strategic Transformation & Performance Contact officer: Principal Consultant,

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Council policy Approved Manager Organisational Development Risk Management Committee Council DATE ADOPTED:

More information

Title: OHS Risk Management Procedure

Title: OHS Risk Management Procedure Issue Date: July 2011 Review Date: July 2013 Page Number: 1 of 9 1. Purpose: To outline the methodology by which Department of Education and Early Childhood Development (DEECD) identifies, assesses, controls

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Category or Type Originally approved by, and date Administration and Management Vice Chancellor at VCAG on December 2008 Last approved revision October 2011 Sponsor Chief Operating

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

WHS Risk Assessment and Control Form

WHS Risk Assessment and Control Form WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval

More information

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14 For North Simcoe Muskoka LHIN Health Service Providers Table of Contents Purpose of this document... 2 Introduction... 3 What is Risk?... 4 What

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

SAFETY and HEALTH MANAGEMENT STANDARDS

SAFETY and HEALTH MANAGEMENT STANDARDS SAFETY and HEALTH STANDARDS The Verve Energy Occupational Safety and Health Management Standards have been designed to: Meet the Recognised Industry Practices & Standards and AS/NZS 4801 Table of Contents

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,

More information

Delegations of Authority - Local Health Districts and Specialty Health Networks

Delegations of Authority - Local Health Districts and Specialty Health Networks Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) 9391 9000 Fax (02) 9391 9101 http://www.health.nsw.gov.au/policies/

More information

Quality and Engagement Sub Committee

Quality and Engagement Sub Committee Quality and Engagement Sub Committee 12 June 2012 Corporate Risk Register and Risk Management Strategy Executive Summary As part of authorisation, Blackpool Clinical Commissioning Group (CCG) must identify

More information

Hazard Identification, Risk Assessment and Control Procedure

Hazard Identification, Risk Assessment and Control Procedure Hazard Identification, Risk Assessment and Control Procedure 1. Purpose To ensure that there is a formal process for hazard identification, risk assessment and control to effectively manage workplace and

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network.

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network. Discipline: Technical Services Category: Procedure Risk Management RM-01 2013 Applicability ARTC Network Wide Interstate Network Hunter Valley Document Status Version Prepared by Reviewed by Endorsed Approved

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Incident Reporting Policy

Incident Reporting Policy Document Name: Incident Reporting Policy Issue Date: 11/12/2012 Adventist Aged Care Incident Reporting Policy 1. Introduction 2. Purpose 3. Scope 4. Legislative Obligations 5. Procedure 6. Documentation

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

Safety Alert Broadcast System Policy Directive

Safety Alert Broadcast System Policy Directive Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) 9391 9000 Fax (02) 9391 9101 http://www.health.nsw.gov.au/policies/

More information

Application of the Framework is relevant to clinical networks, units and health service teams within each service or organisation.

Application of the Framework is relevant to clinical networks, units and health service teams within each service or organisation. NSW Health Performance Framework The NSW Health Performance Framework, encompassing Service Agreements, Service Compacts Performance Review meetings and associated processes, is now well accepted across

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Risk Management in the HSE; An Information Handbook

Risk Management in the HSE; An Information Handbook Risk Management in the HSE; An Information Handbook Document reference number Revision number OQR011 Revision date October 2011 Review date Document developed by 5 Document approved by October 2013 Responsibility

More information

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control Hazard Identification, Risk Assessment and Management Procedure Reference: Date approved: Approving Body: Implementation Date: Version: 3 Documentation Control GG/CM/007 Trust Board Supersedes: Version

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

The anglo american Safety way. Safety Management System Standards

The anglo american Safety way. Safety Management System Standards The anglo american Safety way Safety Management System Standards 2 The Anglo American Safety Way CONTENTS Introduction 04 Anglo American Safety Framework 05 Safety in anglo american 06 Monitoring and review

More information

Motor Vehicles - Use of Within NSW Health

Motor Vehicles - Use of Within NSW Health Policy Directive Motor Vehicles - Use of Within NSW Health Document Number PD2014_051 Publication date 18-Dec-2014 Functional Sub group Corporate Administration - Asset Management Corporate Administration

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

A guide for members APES 325 Risk Management for Firms

A guide for members APES 325 Risk Management for Firms A guide for members APES 325 Risk Management for Firms An explanation and introduction to APES 325 Risk Management for Firms Overview of the scope and application of a risk management framework. APES 325

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Organisational charts...2. NSW Ministry of Health...3. Health Administration Corporation...4. Local health districts...4

Organisational charts...2. NSW Ministry of Health...3. Health Administration Corporation...4. Local health districts...4 GOVERNANCE Organisational charts...2 NSW Ministry of Health...3 Health Administration Corporation...4 Local health districts...4 Statutory health corporations...4 Pillar organisations...4 Affiliated health

More information

Health and Safety Management Standards

Health and Safety Management Standards Health and Safety Management Standards Health and Safety Curtin University APR 2012 PAGE LEFT INTENTIONALLY BLANK Page 2 of 15 CONTENTS 1. Introduction... 4 1.1 Hierarchy of Health and Safety Documents...

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

Incident Management Policy

Incident Management Policy Policy Directive Document Number PD2014_004 Publication date 10-Feb-2014 Incident Management Policy Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059

More information

OHSMS Implementation Guide

OHSMS Implementation Guide OHSMS Implementation Guide Developed by the Employee Health Unit, Department of Education and Early Childhood Development and Marsh Pty Ltd. Published by the Employee Health Unit, Department of Education

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

RISK MANAGEMENT STRATEGY 2013-2016

RISK MANAGEMENT STRATEGY 2013-2016 RISK MANAGEMENT STRATEGY 2013-2016 As presented and endorsed by the Mornington Peninsula Shire s Audit Committee at its meeting of 20 February, 2013 and subsequent adoption by Council at its meeting of

More information

Policy Number: 054 Work Health and Safety July 2015

Policy Number: 054 Work Health and Safety July 2015 Policy Number: 054 Work Health and Safety July 2015 TRIM Ref: TD14/318 Policy Details 1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors and volunteers 3. Approved by

More information

Tuberculosis Management of People Knowingly Placing Others at Risk of Infection

Tuberculosis Management of People Knowingly Placing Others at Risk of Infection Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) 9391 9000 Fax (02) 9391 9101 http://www.health.nsw.gov.au/policies/

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

RISK MANAGEMENT TOOLKIT

RISK MANAGEMENT TOOLKIT RISK MANAGEMENT TOOLKIT (OPERATIONAL) This toolkit has been adapted from the toolkit prepared by the Finance Facilities and Planning Services Branch of the Department of Education and the University of

More information

Nurse Practitioners in NSW

Nurse Practitioners in NSW Policy Directive Document Number PD2012_026 Publication date 15-May-2012 Nurse Practitioners in NSW Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059

More information

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers Queensland Government Human Services Quality Framework Quality Pathway Kit for Service Providers July 2015 Introduction The Human Services Quality Framework (HSQF) The Human Services Quality Framework

More information

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.

More information

Risk Management Policy

Risk Management Policy Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

WORK HEALTH AND SAFETY

WORK HEALTH AND SAFETY WORK HEALTH AND SAFETY SCOPE POLICY Work Health and Safety System Work Health and Safety Objectives Roles and Responsibilities Executive Responsibilities Manager Responsibilities Worker Responsibilities

More information

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY. Version 3 RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review

More information

Risk Management Guide

Risk Management Guide Risk Management Guide Page(s) Introduction 3 The 5 steps to identifying risk 4 Risk Management Process - Step 1 5 Identify - Step 2 Assess Step 3 5-6 6 Control - Step 4 6 Monitor and Review -Step 5 6 Risk

More information

CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY

CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY CORP 600 RISK MANAGEMENT POLICY Purpose In March 2003, the Australian Stock Exchange (ASX) Corporate Governance Council released the first version of its

More information

Section 6. Strategic & Service Planning

Section 6. Strategic & Service Planning Section 6 Strategic & Service Planning 6 Strategic & Service Planning 6.1 Strategic Planning Responsibilities Section 6 Strategic & Service Planning 6.1.1 Role of Local Health Districts and Specialty

More information

RISK MANAGEMENT MATRIX FOR ACADEMIES. Contents. Introduction. Mission/objectives. Law and regulation. Governance and management.

RISK MANAGEMENT MATRIX FOR ACADEMIES. Contents. Introduction. Mission/objectives. Law and regulation. Governance and management. RISK MANAGEMENT MATRIX FOR ACADEMIES Contents A B C D E F G H K J Introduction Mission/objectives Law and regulation Governance and management External factors Operational factors Human resources Environmental

More information

Insurance management policy and guidelines. for general government sector, September 2007

Insurance management policy and guidelines. for general government sector, September 2007 Insurance management policy and guidelines for general government sector September 2007 i Contents 1. Introduction... 2 2. Identifying risk is the first step... 2 3. What is risk?... 2 4. Insurance is

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Part One: Introduction to Partnerships Victoria contract management... 1

Part One: Introduction to Partnerships Victoria contract management... 1 June 2003 The diverse nature of Partnerships Victoria projects requires a diverse range of contract management strategies to manage a wide variety of risks that differ in likelihood and severity from one

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

Revised Risk Management Policy and Framework. Report by Head of Finance

Revised Risk Management Policy and Framework. Report by Head of Finance Audit Committee 29 April 2010 Item No 7 Revised Risk Management Policy and Framework Report by Head of Finance Summary A substantial review of our current Risk Management Strategy has been carried out.

More information

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Assessment Tool and Guidance (Including guidance on application) Risk Assessment Tool and Guidance (Including guidance on application) Document reference number Revision number OQR012 Document developed by 5 Document approved by Revision date October 2011 Responsibility

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

Integrated Risk Management Policy

Integrated Risk Management Policy Integrated Management Policy Document reference number Document developed by Quality and Patient Safety Directorate Revision number 4 Document approved by Quality and Patient Safety Directorate Approval

More information

Ambulance Service - Charges

Ambulance Service - Charges Policy Directive Document Number PD2015_016 Ambulance Service - Charges Publication date 12-May-2015 Functional Sub group Corporate Administration - Fees Clinical/ Patient Services - Transport Ministry

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

Core Infrastructure Risk Management Plan

Core Infrastructure Risk Management Plan SHIRE OF MOUNT MAGNET Roads and Buildings Core Infrastructure Risk Management Plan Version 1 May 2013 AM4SRRC Document Control Asset Management for Small, Rural or Remote Communities Document ID: 59_280_110211

More information

Hazard/Incident Recording, Reporting and Investigation

Hazard/Incident Recording, Reporting and Investigation Hazard/Incident Recording, Reporting and Investigation Power and Water Corporation Procedure 1 Purpose... 1 2 Scope... 1 3 References... 2 4 Roles and Responsibilities... 2 5 Definitions... 6 6 Records...

More information

Clinical Incident Management Policy

Clinical Incident Management Policy Clinical Management Policy Policy Name: Clinical Management Document Number: 1 Page 1 of 13 Policy Portfolio Owner: Manager, Quality and Clinical Governance/General Managers Policy Contact Person: Manager,

More information

Contract Management Guideline

Contract Management Guideline www.spb.sa.gov.au Contract Management Guideline Version 3.2 Date Issued January 2014 Review Date January 2014 Principal Contact State Procurement Board Telephone 8226 5001 Contents Overview... 3 Contract

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information