RISK MANAGEMENT POLICY. Version 3



Similar documents
Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

Version: 3.0. Effective From: 19/06/2014

A risk matrix for risk managers

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Management Policy and Process Guide

Healthcare risk assessment made easy

AFTRS Health and Safety Risk Management Policy

Bedford Group of Drainage Boards

RISK MANAGEMENT POLICY

How To Manage Risk In Ancient Health Trust

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Bridgend County Borough Council. Corporate Risk Management Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Hazard Identification, Risk Assessment and Control Management

Corporate Health and Safety Policy

Risk Management Policy

Policy and Procedure for Claims Management

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

POLICY : CORPORATE RISK MANAGEMENT

Risk Management Strategy

Northern Ireland Blood Transfusion Service

Incident reporting procedure

Risk Management Strategy

Risk Management Policy and Framework

OH&S Management Systems Audit Checklist (NAT, E3)

Risk Register Policy and Procedure

Title: OHS Risk Management Procedure

Risk Management Policy. Corporate Governance Risk Management Policy

POLICY. Number: Title: Enterprise Risk Management. Authorization

Core Infrastructure Risk Management Plan

Risk Management in the HSE; An Information Handbook

The Risk Management strategy sets out the framework that the Council has established.

A Review of the NHSLA Incident Reporting and Management and Learning from Experience Standards. Assessment Outcomes. April March 2004

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training

Asbestos Policy. Ymddiriedolaeth GIG Gwasanaethau Ambiwlans Cymru Welsh Ambulance Service (NHS) Trust. November All Staff.

RISK MANAGEMENT POLICY

Risk Management Strategy

TRUST SECURITY MANAGEMENT POLICY

SAFETY and HEALTH MANAGEMENT STANDARDS

RISK MANAGEMENT FOR INFRASTRUCTURE

Wide Bay Respite Services Supporting the caring role of families. Service Management Policy

Shepway District Council Risk Management Policy

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

WHS Risk Assessment and Control Form

Policy Number: 054 Work Health and Safety July 2015

CORP RISK MANAGEMENT POLICY & METHODOLOGY

Information Governance Strategy

Risk Management & Assessment at UQ

RISK MANAGEMENT STRATEGY

Manchester Metropolitan University. Policy for the Reporting and Investigation of Accidents and Incidents

CCG CO11 Moving and Handling Policy

Health and safety policy

Risk Management Framework

OHSMS Implementation Guide

HEALTH AND SAFETY POLICY AND PROCEDURES

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

Risk Management. Policy

The Lowitja Institute Risk Management Plan

PROCESS FOR RISK ASSESSMENT

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Health and Safety Management Standards

Guidance on Risk Assessment and Control

Incident Reporting Policy

Workshop: The nitty gritty of risk assessment - decontamination processes

RISK MANAGEMENT TOOLKIT

Clinical Trials - Insurance and Indemnity

Information Governance Strategy

Council Meeting Agenda 27/07/15

V1.0 - Eurojuris ISO 9001:2008 Certified

Health and safety guidance for research undertaken in the community

Risk Management Guide

Policy for the Reporting and Management of Incidents and Near Misses

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

CCG CO11 Moving and Handling Policy

NHS in Scotland. A Model Management Structure for Fire Safety

Incident reporting policy National Chlamydia Screening Programme

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

RISK MANAGEMENT POLICY AND PROCEDURES

Measuring your capabilities in Fleet Safety Management ACC Fleet Saver

Health and Safety Policy and Procedures

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES

Manual handling. Introduction. The legal position

School or service safety advisor (SSA) role

Project Risk Analysis toolkit

Business Continuity Policy and Business Continuity Management System

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

Operations. Group Standard. Business Operations process forms the core of all our business activities

Transcription:

RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review date: May 2011 Version 2.1 Authors: Version 2 Authors: Version 1 author: This amendment to Version 2 updates the policy to reflect the changes in the organisation, as authorised by the Governance Committee in October 2007. Liz Hollman, Dorothea Reid, Mary Klaus, Sarah Langan-Hart Jon Hilton Distribution: All employees will be made aware of its existence by all user e- mail. Other Relevant Documents: Risk Management Strategy SUI Policy Incident Reporting Policy Page 1 of 15

1. CONTENTS 1. CONTENTS... 2 2. INTRODUCTION... 3 THE PURPOSE OF THE RISK MANAGEMENT POLICY... 3 3. DEFINITIONS... 3 4. IDENTIFICATION AND CONTROL OF RISKS... 4 4.1. IDENTIFYING POTENTIAL RISKS... 4 4.2. RISK ASSESSMENT AND EVALUATION... 4 4.3. REDUCING THE RISK... 5 4.4. RISK REGISTERS... 5 4.5. DIVISIONAL REGISTERS... 5 4.6. CORPORATE RISK REGISTER... 6 5. RESPONSIBILITIES... 6 5.1. TRUST BOARD RESPONSIBILITIES... 6 5.2. HEALTHCARE GOVERNANCE COMMITTEE RESPONSIBILITIES... 6 5.3. TRUST MANAGEMENT COMMITTEE RESPONSIBILITIES... 6 5.4. EMPLOYEE RESPONSIBILITIES... 6 5.5. SENIOR MANAGERS RESPONSIBILITIES... 7 5.6. RISK ASSESSORS RESPONSIBILITIES... 8 5.7. RESPONSIBILITIES OF THE RISK MANAGEMENT TEAM... 8 6. MONITORING, AUDITING AND REVIEW... 8 7. APPENDICES... 8 Page 2 of 15

2. Introduction The Trust is obliged (by statute and Department of Health requirement) to systematically identify and control all significant strategic and operational risks. These arise across the organisation and include all business, workplace or clinical arenas. The Board is required to ensure that robust systems exist and be assured that there are systems in place to control and reduce risk. This involves both: The proactive identification and management of principal risks that may threaten the achievement of Trust objectives; and Reaction, or response to losses from complaints, claims, and incidents, and response to internal or external reports or audits. The purpose of the Risk Management policy is to set out the process for achieving the Risk Management Strategy. The Risk Management Strategy sets out the overall plan and direction for Risk Management in the Trust. This document describes the mechanisms and responsibilities for: Identifying risk; Assessing and evaluating risk, in a consistent manner, using the Trust s Risk Assessment Tool ( RAT ); Controlling risk; and Recording risk within the Trust s Corporate Risk Register and Divisional Risk Registers. 3. Definitions Risk Risk Management Adverse Event Patient Safety Incident Acceptable / Tolerable Risk Residual Risk Risk Assessment A risk is the chance of something happening that will have an adverse impact on the achievement of the Trust s objectives and the delivery of high quality patient care. Risk Management is the proactive identification, classification and control of events and activities to which the Trust is exposed Any event or circumstance leading to unintentional harm or suffering. Any unintended or unexpected incident which could have harmed or did lead to harm for one or more patients receiving healthcare. It is a specific type of adverse event. Is defined based on the following principles. Tolerability does not mean acceptability. It refers to a willingness to live with risk to secure certain benefits, but with the confidence that it is being properly controlled. To tolerate risk does not mean to disregard it, but rather that it is reviewed with the aim of reducing further risk. No person should be exposed to serious risk unless they agree to accept the risk. It is reasonable to accept a risk that under normal circumstances would be unacceptable if the risk of all other alternatives, including nothing, is even greater. Residual Risk Is the lowest possible level of risk remaining after control measures / actions are implemented. An identification of significant hazards which arise out of Trust activities and a judgement of the likelihood and severity of harm which might occur as a Page 3 of 15

Co-employer Senior Manager Risk Assessor Risk Assessment Training Internal External Trust result of exposure to the hazard. Another employing organisation which has links with the Trust (e.g Sodexho, Medirest, Buckinghamshire PCT, Ambulance Trust, Mental Health Trust etc). Defined as those who play a significant role in making decisions about the management of the whole or a substantial part of their organisation s activities, and those who actually manage or organise those activities. This includes all managers who report to an Executive Director. Member of staff (manager or other) who has attended the Trust s Risk Assessment training, and refresher training not less than once in every two year period from the date of the initial training. It is a management responsibility to ensure that each Division has at least one Trained Risk Assessor per department. Course provided by the Risk Management Team (see Trust Training Brochure / on-line booking for details). Equivalent courses by other training providers (as confirmed by Patient Safety Manager) will be accepted. This training will include as a minimum; an introduction to the identification of hazards, the assessment of risks, and the process for informing an appropriate manager about the level of risk. Refers to activities or documents within the Trust. Refers to activities or documents which do not originate in the Trust. Buckinghamshire Hospitals NHS Trust. 4. Identification and Control of Risks 4.1. Identifying Potential Risks Potential risks can be identified from a variety of sources for example; Internally generated information (eg. Departmental Meetings, Clinical Audit, Incident reports, Claims & Complaints). Externally-generated information (eg. guidance from NPSA, DH, Royal Colleges.) External inspections or audits Senior Managers should note that they are responsible for: Identifying risk Assessing risk Establishing risk management procedures Allocating appropriate staff and resources Controlling the risks where possible, and informing the Board of risks which are not controlled Populating the Divisional risk register (see below) within their areas of responsibility and ensuring that it is up to date. Liaising with other Senior Managers within the Trust, Liaising with co-employers working within their area of responsibility Effective communication of risks to staff. Ensuring that where potential risk is identified, appropriate assessment and evaluation takes place. 4.2. Risk Assessment and Evaluation Risks must be assessed / graded using a common matrix (shown at Appendix A). Grading shall take account of all existing controls (e.g fire alarm detection, maintenance, contracts, Page 4 of 15

protocols, training etc) and the effectiveness of those controls (how up to date training is, when the last fire drill took place). Grading requires skill and relevant knowledge, and involves the following process: i) Objectively assess the Severity / Impact / Consequence and determine a score. ii) Objectively assess the Likelihood / Probability / Frequency of an event occurring and determine a score; and iii) Multiply the two scores to give the risk score. Risk Assessments will be carried out in 2 parts. Part 1 will be completed by a trained Risk Assessor, who will identify hazards, their possible effect and their risk grading. Part 2 of the assessment will be undertaken by a Senior Manager who will verify Part 1 and produce any action plan to address the risk. The Trust s Risk Assessment Tool ( RAT ), Risk Assessment matrices, and risk level tables are given at Appendix A. 4.3. Reducing the Risk The purpose of identifying and assessing risk is to ensure that measures are put in place to reduce that risk to its lowest practicable level. Table indicating level of risks and acceptable timescales for commencing action. Level of Risk Extreme (15-25) High (8-12) Moderate (4-6) Low Risk (1-3) Target Time for Initiating Controls Immediately or within 48 hours Up to 2 weeks Up to 6 weeks Up to 12 weeks 4.4. Risk Registers Risk Registers are the centre of the Trust s risk management process. Following identification, assessment and initial control of a risk, the risk and its related action plan will be included within the Divisional Register. To minimise administration low risks will not need to be included in the register. Extreme risks are those that could significantly jeopardise the Trust s objectives, and these will also be recorded in the Corporate Register. Copies of all assessments will need to be maintained. Divisional Managers must identify who will hold risk assessments within their division. 4.5. Divisional Registers Divisional Registers are accessible to all Senior Managers, Clinical Governance Leads, Lead Clinicians and Matrons who are responsible for the population and management of their own Divisional risk register on the Q Drive. Access and administration of this drive is managed by the Risk Management Team. Divisional Risk Registers and their associated action plans will be reviewed, discussed and updated at Divisional Board Meetings every month. Page 5 of 15

4.6. Corporate Risk Register The Corporate Risk Register is a document designed to inform the Healthcare Governance Committee and Trust Board of the highest level of risks in the organisation; and to assure them of the controls and actions which have been put in place to either remove the risk or reduce it to the lowest practicable level. Extreme risks scored 15 or above on the Divisional Risk Registers will be included on the Corporate Risk Register. Any gaps in control identified on the Assurance Framework with a score of 9 or above will also be included on the Corporate Risk Register. This process will be administered by the Risk Team. The Trust Management Committee (TMC) will review the Corporate Risk Register prior to its submission to the Healthcare Governance Committee. The Corporate Risk Register will be presented to the Healthcare Governance Committee on a bi-monthly basis for review, and to the Trust Board at least 3 times a year. 5. Responsibilities 5.1. Trust Board Responsibilities These are detailed within the Risk Management Strategy but in summary, the Board is responsible for: Establishing and monitoring delivery of the Trust corporate objectives; Establishing durable systems of internal control; Addressing principal risks; and Accepting risks that the Board decides not to address. 5.2. Healthcare Governance Committee Responsibilities It is the responsibility of the Healthcare Governance Committee to review the Extreme Risks, actions, controls and timescales on a bi-monthly basis; and to highlight the key areas to the Trust Board. 5.3. Trust Management Committee Responsibilities It is the responsibility of the Trust Management Committee to review the Corporate Risk Register on a monthly basis and to moderate the risk scores 5.4. Employee responsibilities ALL staff have a responsibility to inform their line manager of any significant hazards in the workplace. It is essential that if a member of staff considers that a serious concern, which they have raised through the line management route, has not been resolved, they should report this to a more senior level of management. In order to ensure this policy is implemented effectively, individual employees must: Attend training as identified by their manager or by the Trust (e.g. induction and new procedures, mandatory training: induction, fire safety, moving and handling and personal safety). Co-operate fully with departmental and Trust guidelines, protocols and policies in the interests of health and safety and risk management. Report any incident, defect or other concern directly to their manager and complete a DIF1 electronically / IR1 form promptly. Follow prescribed working practices and all information and training provided. Participate actively in the process of risk assessment. Comply with, and implement control measures / actions that arise from assessments. Page 6 of 15

Promptly report to their manager or local Risk Assessor, any changes that might affect assessments / working conditions. 5.5. Senior Managers Responsibilities The Manager of a Department / Ward / Service Delivery Unit (SDU) has the responsibility to manage ALL risks within their workplace. The Manager may delegate the task of carrying out the Risk Assessments to a member/s of the team who has attended the Trust s Risk Assessment Training for Assessors. Senior Managers are responsible for: The implementation of the Risk Management Strategy and this policy within their own area of management responsibility. Managing their Divisional Risk Register. This includes populating, review and updating. Attending Senior Managers Training for Corporate Manslaughter and Corporate Homicide Act 2007 (details in Trust Training Brochure). Identifying Risk Assessors for their areas of responsibility, ensuring that those Risk Assessors are released to attend the risk assessor training and update sessions. Ensuring that the risk assessor has an appropriate allocation of time to carry out risk assessments. Validation of all risk assessments carried out, and for taking action to reduce risks identified to the lowest practicable level. Completing Part 2 of the Risk Assessment Tool. (To Review / agree the Matrix Grading : To state what Actions are required / taken to reduce the risk to the lowest possible level ) Identifying if funding is required and how that funding is obtained Timescales for commencing / improving Control Measures : What level of Residual Risk remains following the implementation of the Actions / Improved Control Measures : if the risk requires entry onto the Divisional / Corporate Risk Register / Review dates) The provision of suitable and sufficient information, training and supervision for staff to support risk reduction. (This includes that all staff attend relevant mandatory training). Keeping records of risk assessments undertaken and for recording progress and performance against remedial action plans. The format of the records must allow access by external auditors. The manager must notify Risk Management Team if Assessor leaves / is no longer fulfilling the role as the Risk Management Team have responsibility to update the Trust s Risk Assessors Register) Ensuring that risk assessments are re-validated at suitable intervals or following a change to circumstance. The frequency of reviews will vary according to the residual level of risk. The following is suggested: Level of Residual Risk Extreme High Moderate Low Risk Category Risk Colour Extreme (15 to 25) High (8 to 12) Medium (4 to 6) Low (1 to 3) Review of risk Assessment by Frequency of reviews Red Director Monthly Orange General Manager Every 2 months Yellow Ward Manager Every 3 months Green Ward Manager Every 6 months Where plans to manage risks are outside the authority of Senior Manager, or where there is a large resource implication, risks will be prioritised by the Chief Operating Officer. Action plans referred to TMC should include a cost benefit analysis for all options proposed. Page 7 of 15

5.6. Risk Assessors Responsibilities Risk Assessors must be nominated by the Senior Manager. The Senior Manager must ensure that the nominated Risk Assessor has sufficient job skill knowledge and experience to fulfil this role. Staff wishing to take on the role of appointed Risk Assessor for their Department MUST discuss the role and gain the agreement of their Senior Manager. Risk Assessors are responsible for: Attending the Risk Assessors training and updates as provided by the Risk Management Team as detailed in the Trust Training Brochure. Assessing risks in their area of work using RAT part 1, identifying ALL significant risks first and ensuring that their Senior Manager is made aware of these risks. Ensuring that they hold their original risk assessments and pass on a copy to the Senior Manager to be held within the department records. Risk assessors may choose to keep a copy in the Risk Management Folder (Blue Folder). Wherever stored in a department it must be accessible to ALL staff at ALL times or in an identified Risk Assessment folder electronically within their Department s PC or on a Shared Drive within their Service Delivery Unit / Division accessible to staff. Indication of electronic held risk assessments will need to be noted in the Risk Management Folder. Demonstrating evidence of completed robust assessments and action plans with time scales for completion of remainder of assessments to the Trust s Risk / Health & Safety Advisor / Trainer as agreed at the training session. If Risk Assessors are concerned that their Risk Assessments are not being given adequate attention, they should contact the Risk / Health and Safety Adviser for advice. 5.7. Responsibilities of the Risk Management Team The risk management team are responsible for: Development and review of the Risk Management Policy and Strategy. The provision of risk assessment training Monitoring of the Divisional Risk Registers for any changes, incomplete sections, concerns over level of risk, timescales. Advising risk Assessors, Senior Managers and the Trust Executive on risk management. Maintaining an active register of Risk Assessors Responding to Internal and External Audit Requests regarding risk management Responding to External Agency requests for information regarding risk processes. 6. Monitoring, Auditing and Review This Policy will be monitored through an annual audit looking at a sample of completed Risk Assessment Tools (Part 1 & 2), Divisional Risk Registers and the Corporate Risk Register. The Audit will include a review of the minutes of the Divisional Boards, the Healthcare Governance Committee and Trust Board to confirm discussions around risk management. 7. Appendices Appendix A RAT Parts 1 & 2 Page 8 of 15

Appendix A RISK ASSESSMENT TOOL Assessment Ref No: Division/ Speciality/ 0001 PART 1 Hospital Site: AH / SMH / WYC Department / Ward / Exact Location:.. List DIF1 / IR1 s relevant to this assessment:.. Activity / Task / Clinical Procedure BEING ASSESSED: List significant Hazards that are Associated with this Activity / Task / Clinical Procedure (inc any potential hazards) 1. Who might be harmed & How they might be harmed? How Many People could be involved What existing measures are in place to reduce the chance / risk of an incident / accident occurring? (eg Current Policies, Procedures or Guidelines. Mechanical controls - eg Hoists. Records: Training / Maintenance) Who Checks these Controls? (e.g at Division / Trust / External level?) Multiply (I/ C / S) by (L /P/ F) Impact / Consequenc e / Severity Probability / Frequency Likelihood Initial Risk Score 2. 3. 4. 5. Assessor s Name:... Date of Assessment:. Department / Ward Manager : Date Assessment give to Manager for action / review:... Page 9 of 15

Appendix A/.cont2 Consequence Score (severity levels) and examples of descriptors 1 2 3 4 5 Domains Negligible Minor Moderate Major Catastrophic Impact on the Minimal injury requiring Minor injury or illness, requiring Major injury leading to long-term Moderate injury requiring no/minimal intervention or minor intervention incapacity/disability safety of patients, professional intervention treatment. staff or public Requiring time off work for >3 Requiring time off work for >14 Requiring time off work for 4-14 (physical / No time off work days days days psychological Increase in length of hospital Increase in length of hospital harm) stay by 1-3 days stay by >15 days Quality/complaints/ audit Human resources/ organisational development/staffi ng/ competence Peripheral element of treatment or service suboptimal Informal complaint/inquiry Short-term low staffing level that temporarily reduces service quality (< 1 day) Overall treatment or service suboptimal Formal complaint (stage 1) Local resolution Single failure to meet internal standards Minor implications for patient safety if unresolved Reduced performance rating if unresolved Low staffing level that reduces the service quality Increase in length of hospital stay by 4-15 days RIDDOR/agency reportable incident An event which impacts on a small number of patients Treatment or service has significantly reduced effectiveness Formal complaint (stage 2) complaint Local resolution (with potential to go to independent review) Repeated failure to meet internal standards Major patient safety implications if findings are not acted on Late delivery of key objective/ service due to lack of staff Unsafe staffing level or competence (>1 day) Low staff morale Poor staff attendance for mandatory/key training Mismanagement of patient care with long-term effects Non-compliance with national standards with significant risk to patients if unresolved Multiple complaints/ independent review Low performance rating Critical report Uncertain delivery of key objective/service due to lack of staff Unsafe staffing level or competence (>5 days) Loss of key staff Very low staff morale No staff attending mandatory/ key training Incident leading to death Multiple permanent injuries or irreversible health effects An event which impacts on a large number of patients Totally unacceptable level or quality of treatment/service Gross failure of patient safety if findings not acted on Inquest/ombudsman inquiry Gross failure to meet national standards Non-delivery of key objective/service due to lack of staff Ongoing unsafe staffing levels or competence Loss of several key staff No staff attending mandatory training /key training on an ongoing basis Page 10 of 15

Statutory duty/ inspections No or minimal impact or breech of guidance/ statutory duty Breech of statutory legislation Reduced performance rating if unresolved Single breech in statutory duty Challenging external recommendations/ improvement notice Enforcement action Multiple breeches in statutory duty Improvement notices Multiple breeches in statutory duty Prosecution Complete systems change required Low performance rating Zero performance rating Adverse publicity/ reputation Business objectives/ projects Finance including claims Service/business interruption Environmental impact Rumours Potential for public concern Insignificant cost increase/ schedule slippage Small loss Risk of claim remote Loss/interruption of >1 hour Minimal or no impact on the environment Local media coverage short-term reduction in public confidence Elements of public expectation not being met <5 per cent over project budget Schedule slippage Loss of 0.1 0.25 per cent of budget Claim less than 10,000 Loss/interruption of >8 hours Minor impact on environment Local media coverage long-term reduction in public confidence 5 10 per cent over project budget Schedule slippage Loss of 0.25 0.5 per cent of budget Claim(s) between 10,000 and 100,000 Loss/interruption of >1 day Moderate impact on environment Critical report National media coverage with <3 days service well below reasonable public expectation Non-compliance with national 10 25 per cent over project budget Schedule slippage Key objectives not met Uncertain delivery of key objective/loss of 0.5 1.0 per cent of budget Claim(s) between 100,000 and 1 million Purchasers failing to pay on time Loss/interruption of >1 week Major impact on environment Severely critical report National media coverage with >3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence Incident leading >25 per cent over project budget Schedule slippage Key objectives not met Non-delivery of key objective/ Loss of >1 per cent of budget Failure to meet specification/ slippage Loss of contract / payment by results Claim(s) > 1 million Permanent loss of service or facility Catastrophic impact on environment Likelihood score 1 2 3 4 5 Descriptor Rare Unlikely Possible Likely Almost certain This will probably never Do not expect it to happen/recur Might happen or recur occasionally Will probably happen/recur but it happen/recur but it is possible it may do so is not a persisting issue Frequency How often might it/does it happen <0.1 % <0.1 1% 1 10% 10 50% Will undoubtedly happen/recur,possibly frequently >50% Page 11 of 15

Appendix A continued Risk Scoring Matrix Severity Likelihood 1 Insignificant 2 Minor 3 Moderate 4 Major 1 Rare 1 2 3 4 5 2 Unlikely 2 4 6 8 10 3 Possible 3 6 9 12 15 4 Likely 4 8 12 16 20 5 Almost Certain 5 10 15 20 25 5 Catastrophic Target Times for Controls Level of Risk Extreme (15-25) High (8-12) Moderate (4-6) Low Risk (1-3) Target Time for Initiating Controls Immediately or within 48 hours Up to 2 weeks Up to 6 weeks Up to 12 weeks Frequency of Review Level of Residual Risk Extreme High Moderate Low Risk Category Risk Colour Extreme (15 to 25) High (8 to 12) Medium (4 to 6) Low (1 to 3) Review of risk Assessment by Frequency of reviews Red Director Monthly Orange General Manager Every 2 months Yellow Ward Manager Every 3 months Green Ward Manager Every 6 months Page 12 of 15

Appendix A RISK ASSESSMENT TOOL PART 2 MUST BE COMPLETED BY A SENIOR MANAGER OR NOMINATED DEPUTY Name: Risk Assessment Ref No:.. (PLEASE PRINT) Title:.. Date:. Hazard No. Accept Accept the likelihood of a risk provided that it is consistent with the risk appetite of the Trust. Transfer * Transfer the potential consequences of the risk materialising to a 3 rd party. Eliminate * Remove the risk entirely by ceasing a particular activity. Reduce * Reduce either the likelihood of occurrence or the impact on both through the implementation of appropriate controls. Increase * Response whereby management take a decision to reduce controls around a risk because cost outweighs consequence should the risk materialise. Signature 1 2 3 4 5 * denotes requirement of an Action Plan please use following Sheets to record Page 13 of 15

Appendix A continued ACTION PLAN Risk Assessment Ref No: HAZARD NO: RISK GRADING ACTION PLAN TO ADDRESS RISK FUNDING REQUIRED? IF YES, CAPITAL OR REVENUE? YES / NO CAPITAL / REVENUE DATE CAPITAL BID SUBMITTED PREDICTED RESIDUAL SCORE LEAD MANAGER REVIEW DATE COMPLETION DATE Appendix A continued Risk Assessment Ref No: Page 14 of 15

HAZARD NO: NOTES Page 15 of 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information