RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer



Similar documents
CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

RISK MANAGEMENT STRATEGY

Confident in our Future, Risk Management Policy Statement and Strategy

Risk Management Policy and Process Guide

BUSINESS CONTINUITY MANAGEMENT POLICY

Risk Management Plan

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

How To Be Accountable To The Health Department

Business Continuity Management Policy

Principles for An. Effective Risk Appetite Framework

Business Continuity Management Framework

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Risk Management Policy Adopted by:

Risk Management Strategy

BUSINESS CONTINUITY POLICY

Clarius Group Risk Management Policy and Framework

Compliance Policy AGL Energy Limited

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Application of King III Corporate Governance Principles

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Draft Corporate Governance Standard for Central Government Departments

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Application of King III Corporate Governance Principles

Integrated Risk Management Policy

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Risk Management Policy

A Framework of Quality Assurance for Responsible Officers and Revalidation

Consultation Paper CP18/15. Corporate governance: Board responsibilities

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

A Guide to Corporate Governance for QFC Authorised Firms

Bridgend County Borough Council. Corporate Risk Management Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

Risk Management. Group Standard

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Solihull Clinical Commissioning Group

Risk Management Framework

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Risk Management Strategy

National Occupational Standards. Compliance

Business Continuity Management Policy

The importance of nurse leadership in securing quality, safety and patient experience in CCGs

INFORMATION GOVERNANCE POLICY

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Risk Management Policy

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Risk Management Policy

International Diploma in Risk Management Syllabus

Risk Management Policy and Framework

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Board oversight of risk: Defining risk appetite in plain English

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Business Continuity Management

Risk Management Within an Organisation

PM Governance. Executive Team ADCA ADCA

Business Continuity Management

The Mid Yorkshire Hospitals NHS Trust. Job Description

Chairs of the Governing Boards for the CCGs within the collaboration

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

WFP ENTERPRISE RISK MANAGEMENT POLICY

Compliance Management Framework. Managing Compliance at the University

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

The NHS Foundation Trust Code of Governance

Risk Management Strategy and Guidelines

Business Continuity Management Policy

Better Practice Guide

Policy Document Control Page

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Risk Management Strategy

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Risk Management & Business Continuity Manual

Corporate Risk Management Policy

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY

RISK MANAGEMENT STRATEGY AND FRAMEWORK

Risk Management Committee Charter

Business Continuity Policy

Corporate Governance Standard for the Civil Service

ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Framework

Reputation, Brand & Communications

Effective Internal Audit in the Financial Services Sector

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

ENGINEERING COUNCIL. Guidance on Risk for the Engineering Profession.

INFORMATION GOVERNANCE POLICY

Emerging Leaders Programme 2011 Personal Leadership Development Plan and Portfolio

Policy and Procedure Statement

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Risk Management. National Occupational Standards February 2014

Transcription:

RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer 3 ACCOUNTABLE DIRECTOR: Jennie Williams, Executive Nurse and Director of Quality and Integrated Governance 4 APPLIES TO: This Policy must be adhered to by all staff (whole or part time) and by Governing Body and Committee Members. 5 GROUPS/ INDIVIDUALS WHO HAVE OVERSEEN THE DEVELOPMENT OF THIS POLICY: Steve Beeho, Head of Integrated Governance Jennie Williams, Executive Nurse and Director of Quality and Integrated Governance 6 GROUPS WHICH WERE CONSULTED AND HAVE GIVEN APPROVAL: Audit Committee, 11 July 2013 Governing Body, 25 July 2013 Senior Management Team, 9 July 2014 7 EQUALITY IMPACT ANALYSIS COMPLETED: Policy Screened Template completed 8 RATIFYING COMMITTEE(S) & DATE OF FINAL APPROVAL: CCG Governing Body, 30 July 2014 1

9 VERSION: 1.3 Intranet Yes Website Yes 10 AVAILABLE ON: 11 RELATED DOCUMENTS: 12 DISSEMINATED TO: Risk Management Procedure Guidance. All staff, Governing Body and Committee Members. 13 DATE OF IMPLEMENTATION: 27.8.14 14 DATE OF NEXT FORMAL REVIEW: July 2016 2

Contents 1. Risk Management policy 3 2. Risk Management strategy 4 3. Risk Management accountability 5 4. Risk Management framework structure 9 Note: A Risk Management procedural guidance exists separate to this Framework and describes in more detail the roles, responsibilities and processes applicable. 3

1 Risk Management policy The NHS Haringey Clinical Commissioning Group (the CCG) is an organisation that is committed to commissioning high quality, cost-efficient and effective healthcare services for the population(s) it serves. All of the CCG s activities are informed by our mission statement, guided by our aim to ensure we achieve our vision. In doing so the CCG recognises that it will face all manner of risks. The purpose of our risk management policy, in conjunction with the risk management strategy, is to outline how we approach managing the challenges that threaten our business on a daily basis and as part of good business practice, how we identify, understand, assess and manage risk across the CCG and stakeholders. In addition, consideration of downside risk, by the very nature of doing so, may also identify potential for missed opportunities and scenarios where we can actively take on more risk if seen to be in the interests of the CCG. Risk is regarded as a quantifiable level of exposure to the threat of an event or action that will adversely affect an organisation s ability to achieve its business objectives successfully. In simple terms, risk is uncertainty. The task of management is to effectively respond to these risks so as to maximise the likelihood of the organisation achieving its purposes and ensure the best use of public money and resources. The types of risk that the CCG is committed to safeguarding against are as follows, although this list is not exhaustive: failure to deliver objectives; financial loss; loss of life or injury to staff or clients; loss or damage of assets; service quality failure; illegality; and reputational damage. This policy sets out the CCG s approach toward managing risk, in that we will: Identify risks and potential missed opportunities that threaten the achievement of our chosen objectives and assess their significance; Put in place appropriate mitigating controls to manage identified risks to an acceptable level; Escalate and report key risk and control information to support management decision-making and oversight at all levels on a continuous basis; Define explicit accountabilities for risk management and put these into practice across the CCG at all levels, particularly with the intention of ensuring that those in a position to manage and mitigate the risk do so, rather than just registering the risk and escalating the responsibility; Have in place an appropriate risk management framework that is aligned to and supports the delivery of our strategic imperatives; and 4

Continuously monitor the changing risk environment, key risks, the effectiveness of mitigation strategies and the application of the Framework. The following key principles are essential for the successful implementation of this strategy: There is Governing Body and management commitment to, and leadership of, the total risk. There is widespread employee participation and consultation in risk management processes, which will operate in a fair blame culture. There are management systems in place that provide safe practices, premises and equipment in the working environment. Systems of work must be designed to reduce the likelihood of human error occurring. The risk management process must be applied to contract management especially when acquiring, expanding or outsourcing services, equipment or facilities. Contracts must be reviewed and written to ensure that only reasonable risks are accepted. On all NHS Haringey CCG premises, whether owned or shared, safe systems of work must be in place to protect patients, visitors and staff. NHS Haringey CCG maintains an effective system of emergency preparedness, emergency response and contingency planning. NHS Haringey CCG provides realistic resources to implement and support effective risk management throughout the organisation. 2 Risk Management Strategy 2.1 Risk Management Objectives The process for identifying and assessing risk is an integral and inseparable part of the management skills, performance culture and processes which are the core of our business. Understanding the risks we face and managing them appropriately will enhance our ability to make better decisions and deliver on objectives. Managing risk effectively will protect and enhance the benefits of and commitments we have made to our stakeholders and it is this overarching principle that is the backbone of our approach. The CCG has a number of clear objectives for risk management which this strategy is intended to help achieve. These are to: Ensure the management of risk is consistent with and supports the achievement of the CCG s strategic and corporate objectives; Commission and ensure the provision of a high quality service to patients. Initiate action to prevent or reduce the adverse effects of risk; Minimise the financial and other negative consequences of losses and claims - for example, poor publicity, loss of reputation; Minimise the risks associated with new developments/activities; 5

Meet statutory and legal obligations and improve compliance with the ongoing requirements of best practice governance standards; and Protect patients, visitors and staff from risks where reasonably practicable. A clear framework is essential in building, implementing and developing strategic and operational risk management practice across the CCG. The CCG s Risk Management Framework, hereafter referred to as the Framework supports the delivery of the CCG s risk management objectives and outlines application principles, risk oversight structures, key accountabilities and requirements for identifying, assessing reporting and monitoring risk. The Governing Body, in conjunction with the Audit Committee will determine the need to update and/or revise the Framework as part of its on-going oversight role. 2.2 Implementation Principles The CCG s Risk Management Framework is underpinned by a number of guiding principles that determine how we put risk management into practice at all levels. These guiding principles are: managing risk is a core competency of all management within the CCG and an integral part of line management responsibility; management support, involvement and oversight is fundamental to the success of the framework; the design of our framework, in order to be successful in fulfilling its objective, must be relevant to our vision, focused on risks that impact our ability to achieve our objectives, aligned to our operating style and culture (which it can also help to create) as well as compliance with our regulatory obligations; application of risk management gives rise to the consideration of opportunity and as such the framework is implicitly focused on upside risk as well as downside risk; the operating environment is constantly changing. Key components of our risk management framework are therefore dynamic (i.e. the CCG risk level and risk appetite) rather than being static; and that the Governing Body and Senior Management Team will need to have confidence in the effectiveness of the framework at all levels of our business to ensure that our corporate governance obligations are met. The application of these principles is fundamental to the approach to risk and control management at the CCG. Although arrangements, processes and mechanisms for risk management will be comprehensive, they must also be proportionate to the nature, scale and complexity of our activities. 2.3 The CCG s Risk Appetite The amount and type of risk that the CCG is willing to take on in pursuit of its strategic objectives (and of those objectives defined in this Framework) is determined by the Governing Body. 6

The Governing Body s appetite for risk is influenced by a number of key factors including (but not limited to) the overall level of risk, as well as the economic, regulatory and operational landscape. The Senior Management Team (on behalf of the Governing Body) will monitor these key influences and advise them of the need to adjust the amount of risk that the CCG takes on. Risk tolerance may, by the choice of management, be different across the CCG. The Governing Body will approve an annual statement of risk appetite principles and the Senior Management Team will consider the impact of the risk appetite in its approach to the management of risk through this Framework. 3 Risk Management Accountability 3.1 Accountability Clear risk and risk management accountability is at the core of the CCG s approach to risk management, is central to the wider system of governance and internal control and is at the heart of positive risk and control culture development. Defining unambiguous risk management accountability will: contribute to the framework of accountability across the CCG and its consistency; provide clear criteria for objective setting and on-going performance management; reduce the risk of blurred responsibility boundaries and the chance that key activity will be overlooked; provide role clarity for individuals and as such a clear focus for day to day activity management; improve overall business oversight, challenge and decision making; and support a culture of risk awareness and positive risk taking behaviour. Summary key accountabilities in connection with this Risk Management Framework are as follows. 3.2 The Governing Body The Governing Body is ultimately responsible for risk management across the CCG. It will be supported in the discharge of its responsibilities by the Audit Committee and the Senior Management Team. An effective Governing Body monitors that principal objectives are being achieved and that it receives regular reports on risks to the principal objectives and the processes in place to manage them. It also needs to ensure that: the CCG Risk Register is reviewed, updated and monitored regularly; and it is satisfied with the controls in place and progress is being made in completing mitigating actions. 7

3.3 Audit Committee The Audit Committee independently reviews the adequacy and effectiveness of risk management across the CCG. Through a programme of work it will review and approve compliance monitoring, internal and external audit plans and monitor risk reporting. The Audit Committee plays a key part in supporting the Governing Body in discharging its responsibilities regarding risk management by advising the Governing Body of the outcomes of its work at regular stages throughout the year. 3.4 Remuneration Committee The Remuneration Committee is responsible for remuneration and terms of service for senior managers, including performance related pay or terms of service. 3.5 Quality Committee The Quality Committee develops quality and safety indicators and reviews clinical quality of health providers. It ensures that quality and safety is integral to the commissioning function and that clinical risk is managed. As part of this, the Committee will receive quarterly assurance reporting in relation to safeguarding adults and children, identifying areas of compliance, themes and trends and will recommend appropriate actions. 3.6 Financial and Performance Committee The Finance and Performance Committee oversees development of the QIPP Plan, underpinned by robust financial planning, and oversees delivery of savings plans and associated implementation plans. The Committee monitors commissioning financial risks and opportunities. 3.7 Communications and Engagement Sub-Committee The Communications and Engagement Sub-Committee is responsible for the development and implementation of the CCG s communications and engagement strategies and channels. 3.8 Accountable Officer The Accountable Officer has overall responsibility for ensuring an effective risk management system is in place across NHS Haringey CCG. 3.9 Senior Management Team The Senior Management Team is responsible for overseeing the implementation of the CCG s Risk Management Framework, including defining, sponsoring, supporting, debating and challenging key risk and risk management activity across the CCG. 3.10 Other Management and Staff Each CCG team is responsible for implementing the requirements of the CCG s Risk Management Framework and for providing assurance to the Senior Management Team that it has done so. All managers have a first line responsibility for identifying, assessing and managing risk within their own area of responsibility, for implementing agreed actions to 8

manage risk and for reporting activities or circumstance that may give risk to new or changed risk. The CCG s Risk Management strategy is mandatory and applies to every part of the business, management and staff. We recognise that risk management is a process that extends to our business partners. Whilst it is difficult to enforce our risk management principles on our partners, suppliers, customers and other stakeholders, we will always seek to influence their activities where possible. 3.11 Internal Audit Internal Audit will provide assurance to the Audit Committee on the effectiveness of the CCG s Risk Management Framework and its application across the business. It will also use the outputs from the risk management framework to drive its assurance plan going forward throughout the year. 4 Risk Management Framework Structure 4.1 Oversight The Governing Body is ultimately responsible for risk and control management across the CCG, although responsibility for risk and control oversight is principally delegated to the Audit Committee and the Senior Management Team. However, risk and risk management on a day to day level forms a key part of each team s responsibility and as such, on-going check and challenge will be provided by each team to oversee the management of all risks and the application of this framework, prior to review and challenge provided by the Senior Management Team, Audit Committee and Governing Body. To support the Governing Body in the discharge of this responsibility, the Head of Integrated Governance works with the Senior Management Team and the Audit Committee to ensure that all key risks are identified and managed and that this framework remains fit for purpose and aligned to the CCG s objectives. The principal method of reviewing risk will be through the CCG Risk Register. The oversight structure has been developed using the principles of the three lines of defence model, this is an established governance and internal control model. The CCG s risk oversight structure is outlined below. This identifies the three lines of defence, along with the inter-connectivity of each element of the Framework. 9

10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information