Risk Management Strategy

Similar documents
CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

RISK MANAGEMENT STRATEGY

Risk Management Strategy

How To Manage Risk In Ancient Health Trust

Confident in our Future, Risk Management Policy Statement and Strategy

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Corporate Health and Safety Policy

Risk Management Strategy

The NHS Foundation Trust Code of Governance

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

How To Be Accountable To The Health Department

Business Continuity Policy and Business Continuity Management System

Version: 3.0. Effective From: 19/06/2014

The Risk Management strategy sets out the framework that the Council has established.

SMS0045 Construction Health and Safety Policy and Procedures

Code of Corporate Governance

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

INFORMATION GOVERNANCE POLICY

Policy Document Control Page

Information Governance Strategy

INFORMATION GOVERNANCE POLICY

TRUST SECURITY MANAGEMENT POLICY

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

RISK MANAGEMENT STRATEGY and FRAMEWORK. Including risk assessment, risk register, risk management process, risk committee and risk awareness training

BUSINESS CONTINUITY POLICY

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Policy for Care Quality Commission Essential standards of quality and safety self assessment and assurance process

Northern Ireland Blood Transfusion Service

BUSINESS CONTINUITY MANAGEMENT POLICY

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Information Governance Strategy

The NHS Foundation Trust Code of Governance

RISK MANAGEMENT POLICY AND PROCEDURES

Bedford Group of Drainage Boards

Corporate Health and Safety Policy

JOB DESCRIPTION. Chief Nurse

Information Governance Policy

SAFETY and HEALTH MANAGEMENT STANDARDS

Information Governance Strategy & Policy

Information Governance Management Framework

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Incident reporting procedure

Regulatory Standards of Governance and Financial Management

Health and Safety Policy

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Disability ACT. Policy Management Framework

The National Health Service. Constitution. A draft for consultation, July 2008

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

BUSINESS CONTINUITY MANAGEMENT POLICY

National Standards for Safer Better Healthcare

Corporate Health and Safety Strategy

Performance Management Strategy & Framework. Debbie Kadum, Chief Operating Officer. Debbie Kadum, Chief Operating Officer

Health and Safety Policy and Procedures

Information governance strategy

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Business Continuity Management Policy and Framework

Financial Management Framework >> Overview Diagram

North Cumbria University Hospitals NHS Trust - FoI Enclosure 01. Job Description

Information Governance Strategy

A Review of the NHSLA Incident Reporting and Management and Learning from Experience Standards. Assessment Outcomes. April March 2004

National Standards for the Protection and Welfare of Children

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

Code of Practice Revised Edition 2014

Best Practice Policy

ING Group Compliance Risk Management Charter and Framework

Aegon Global Compliance

REPORT 4 FOR DECISION. This report will be considered in public

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

NHS Constitution The NHS belongs to the people. This Constitution principles values rights pledges responsibilities

Incident reporting policy National Chlamydia Screening Programme

Corporate Risk Management Policy

Building Equality, Diversity and Inclusion into the NHS Board Selection Process for Non Executives and Independent Directors March 2012 Edition

Business Continuity Management

Policies, Procedures, Guidelines and Protocols

Risk Management Policy and Process Guide

Risk Management Strategy

People Strategy 2013/17

TRUST BOARD - 25 April Health and Safety Strategy Potential claims, litigation, prosecution

INFORMATION GOVERNANCE STRATEGY

PM Governance. Executive Team ADCA ADCA

Information Governance Strategy :

Compliance Policy AGL Energy Limited

Shepway District Council Risk Management Policy

JOB DESCRIPTION. Tatchbury Mount base and other Southern Health Sites as required

APPENDIX 50. Enterprise risk management - Risk management overview

Review of compliance. Redcar and Cleveland PCT Redcar Primary Care Hospital. North East. Region: West Dyke Road Redcar TS10 4NW.

Transcription:

Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient Safety and Risk Date issued: September 2014 Review date: July 2015

Contents 1. Executive Summary. 4 2. Purpose.. 5 3. Definitions.. 6 4. Aims 6-7 5. Objectives 7-8 6. Scope.. 8 7. Duties.. 9-17 8. Risk Management Structures. 17-19 9. Risk Management. 19 10. Risk Assessment.. 19 11. Risk Register.. 19-20 12. The Process For The Management of Risk.. 20 13. Authority For The Management of Risk. 20-21 14. Communication and Consultation... 21 15. Training and Education. 21 16. Monitoring 21-22 17. References. 22 18. Associated Documentation 22-23 19. Review 23 Appendices: Appendix A: Risk Measurement and Categorisation Criteria Appendix B: Risk Management Process Appendix C: Risk Register Monitoring Process Appendix D: Version Control Sheet

Trust Policy Foreword 1 SWASFT has a number of specific corporate responsibilities relating to patient safety and staff wellbeing and all Trust policies need to appropriately include these. Patient Experience SWASFT will promote the values and behaviours within the Compassion in Care model which provide an easily understood way to explain our values as professionals and care staff and to hold ourselves to account for the care and services that we provide. These values and behaviours reflect the Trust s commitment to developing an outstanding service through the conduct and actions of all staff (whether on the frontline or in support services). SWASFT will encourage staff to demonstrate how they apply the six core competencies of Care, Compassion, Competence, Communication, Courage, and Commitment to ensure our patients experience compassionate care. Health and Safety - SWASFT will, so far as is reasonably practicable, act in accordance with the Health and Safety at Work etc. Act 1974, the Management of Health and Safety at Work Regulations 1999 and associated legislation and approved codes of practice. It will provide and maintain, so far as is reasonable, a working environment for employees which is safe, without risks to health, with adequate facilities and arrangements for health at work. SWASFT employees are expected to observe Trust policy and support the maintenance of a safe and healthy workplace. Risk Management - SWASFT will maintain good risk management arrangements by all managers and staff by encouraging the active identification of risks, and eliminating those risks or reducing them to the lowest level that is reasonably practicable through appropriate control mechanisms. This is to ensure harm, damage and potential losses are avoided or minimized, and the continuing provision of high quality services to patients, stakeholders, employees and the public. SWASFT employees are expected to support the identification of risk by reporting adverse incidents or near misses through the Trust web-based incident reporting system. Equality Act 2010 and the Public Sector Equality Duty - SWASFT will act in accordance with the Equality Act 2010, which bans unfair treatment and helps achieve equal opportunities in the workplace. The Equality Duty has three aims, requiring public bodies to have due regard to: eliminating unlawful discrimination, harassment, victimization and any other conduct prohibited by the Act; advancing equality of opportunity between people who share a protected characteristic and people who do not share it; and fostering good relations between people who share a protected characteristic and people who do not share it. SWASFT employees are expected to observe Trust policy and the maintenance of a fair and equitable workplace. NHS Constitution - SWASFT will adhere to the principles within the NHS Constitution including: the rights to which patients, public and staff are entitled; the pledges which the NHS is committed to uphold; and the duties which public, patients and staff owe to one another to ensure the NHS operates fairly and effectively. SWASFT employees are expected to uphold the duties set out in the Constitution. Code of Conduct and Conflict of Interest Policy - The Trust Code of Conduct for Staff and its Conflict of Interest and Anti-Bribery policies set out the expectations of the Trust in respect of staff behaviour. SWASFT employees are expected to observe the principles of the Code of Conduct and these policies by declaring any gifts received or potential conflicts of interest in a timely manner, and upholding the Trust zero-tolerance to bribery. Information Governance - SWASFT recognises that its records and information must managed, handled and protected in accordance with the requirements of the Data Protection Act 1998 and other legislation, not only to serve its business needs, but also to support the provision of highest quality patient care and ensure individual s rights in respect of their personal data are observed. SWASFT employees are expected to respect their contact with personal or sensitive information and protect it in line with Trust policy. 1 Updated 24/12/2013

1. Executive Summary 1.1 The Trust Board of Directors is committed to ensure that effective risk management is an integral part of its management approach, underpinning all activities. The Trust s approach to risk management is one of proactive identification, mitigation, monitoring and review. The British Standard BS31000:2009 states that a systematic, structured and timely approach to risk management contributes to efficiency and to consistent, comparable and reliable results. Risk management is an essential part of any organisation and should be embedded in the culture of the organisation to support the continuous improvement of Trust services through ongoing learning encouraged by a responsible culture. Although a risk free environment is impossible, much can be done to minimise risk by having all embracing strategies, policies and procedures that cover and permeate all areas of Trust activities. 1.2 This Risk Management Strategy is a document that explains to staff and the public how South Western Ambulance Service NHS Foundation Trust intends to deliver its commitment to being an organisation that is committed to patient and staff safety and takes its risk management responsibilities seriously. Risk management is everybody s responsibility as everyone is both a risk taker and a risk manager. 1.3 The Risk Management Strategy promotes the philosophy of integrated governance and requires all risk management to be systematic, robust and evident. This strategy requires that risk management processes are applied to business planning at all levels and that risk management issues should be communicated to key stakeholders where necessary. The strategy covers clinical, organisational and financial risk, and identifies the key management structures and processes defining objectives and responsibilities within the Trust. 1.4 This strategy confirms the Trust s commitment to developing a responsible culture. This will, in turn, help maximise the identification, reporting and avoidance of risk, promoting the safest possible environment for patients and staff. 1.5 Healthcare provision is by nature a high risk activity. The challenge for all staff is to reduce the potential for incidents occurring by being proactive in the management of risk. The underpinning principle of this strategy is that a responsible risk management culture is developed within the Trust that empowers all staff to make sound judgements and decisions concerning the management of risk, and risk taking. The principles of this strategy are consistent with the Trust s key priorities patient safety and staff management. 1.6 Implementation of the Risk Management Strategy is co-ordinated and monitored by the Quality and Governance Committee (the Trust s overarching Committee with responsibility for risk management). This strategy will be reviewed on an annual basis and updated if necessary, by the Head of Patient Safety and Risk in consultation with the Quality and Governance Committee. 1.7 This strategy is supported by risk management policies and guidance which clearly describes the processes that the Trust has put in place in order to adequately manage risk. 1.8 The content of this strategy complies with best practice, Monitor and Department of Health requirements.

2. Purpose 2.1 This strategy sets out South Western Ambulance Service NHS Foundation Trust s commitment to effective risk management as an integral part of its delivery of high quality services. The Trust recognises that the proactive and continuous management of risk is essential to the efficient and effective delivery of its service aims and objectives and the organisational culture. It should be integrated into the Trust s philosophy, practices and business and embedded at all levels of the organisation; not viewed as a separate entity. 2.2 In setting out a system which seeks to effectively identify, analyse and control risk, or to transfer it where it is unacceptable or unavoidable, this strategy is consistent with the requirements of BS31000:2009 Monitor Quality Governance Framework; Integrated Governance Handbook: A Handbook for Executives and Non-Executives in Healthcare Organisations (2006); Care Quality Commission; The Orange Book: Management of Risk - Principles and Concepts (2004); A First Class Service Quality in the New NHS (1999) and the revised Turnbull guidance (2005). The strategy also considers the five domains set out within the NHS Outcomes Framework 2014-15 2.3 The Trust s vision is to deliver high performing emergency and urgent care and non urgent patient transport services that are responsive, safe, clinically effective, financially viable, legally constituted and well governed. Underpinning the vision are four strategic goals:- Safe, Clinically Appropriate Responses: Delivering high quality and compassionate care to patients in the most appropriate, safe and effective way. Right People, Right Skills, Right Values: Supporting and enabling greater local responsibility for decision making; building a workforce of competent, capable staff who are flexible and responsive to change and innovation. 24/7 Emergency and Urgent Care: Influencing local health and social care systems in managing demand pressures and developing new care models. Leading emergency and urgent care systems, providing high quality services 24 hours per day, seven days per week. Creating Organisational Strength: Continue to ensure the Trust is sustainable, maintaining and enhancing financial stability. In this way the Trust will be capable of continuous development and transformational change by strengthening resilience, capacity and capability. 2.4 This strategy is integral to the delivery of the Trust s vision, strategic goals and corporate objectives as set out within the Trust s Business Plan and Assurance Framework, and the work of each of the Trust s directorates and members of staff within them. Covering clinical, organisational and financial risk, the strategy identifies the key risk management structures, principles and processes and defines the objectives of and responsibility for each of these within the Trust. 3. Definitions

3.1 The International Risk Management Standard ISO BS 31000:2009 defines risk as being the effect of uncertainty on objectives. An effect has been identified as a deviation from the expected and can be positive and/or negative. 3.2 Risk covers the physical environment, the process of delivery of care and services and of not pursuing an opportunity, which may result in foreseeable harm to patients, visitors, staff and the public, as well as to Trust property, financial resources, projects, and credibility. 3.3 Risk management is defined in BS 31000:2009 as coordinated activities to direct and control an organisation with regard to risk. The purpose of risk management is not to remove all risk but to ensure that risks are recognised and their potential to cause loss fully understood. Action can then be taken to direct appropriate levels of resource at controlling the risk or minimising the effect of potential loss. 3.4 The management of risk is concerned with the elimination or minimisation of uncertainties and potential problems within the organisational environment. This includes corporate, operational, financial, external, internal, project, process, product, tactical and strategic, irrespective of whether the uncertainty or problem is likely to affect patients, employees, volunteers, organisation as a whole, or the wider environment. 3.5 A Risk Register is a prioritised log of risks faced by the Trust and is used to facilitate appropriate mitigation to control and/or reduce each risk as far as reasonably practicable. 4. Aims 4.1 The key aim of this strategy is to establish systems and processes to ensure that risk management becomes infused in the Trust s philosophy, practices and business planning processes ensuring a holistic approach. 4.2 The Trust s business plan sets out the framework for the Trust s activities, taking into account national policy and other external drivers. The Trust must ensure that it delivers its objectives effectively. There should therefore be a close relationship between the Trust s corporate objectives and strategic goals and its management of all the risks to which it is exposed. This Risk Management Strategy is therefore part of the Trust s Governance Strategy and is integrally linked to the Board Assurance Framework. 4.3 South Western Ambulance Service NHS Foundation Trust will seek to maintain good risk management by all managers and staff through actively identifying risks, eliminating those risks or reducing them to the lowest level that is reasonably practicable through appropriate control mechanisms. This is to ensure harm, damage and potential losses are avoided or minimised and therefore protect the Trust s assets. Primarily, it ensures the continuing provision of high quality services to patients, stakeholders, employees and the public. 4.4 Every member of staff must have a real sense of ownership and commitment to identifying and minimising risk. This can be achieved through an environment of transparency, where adverse incidents and near misses are identified quickly and dealt with in a positive and responsive manner.

4.5 By implementation of this strategy and associated risk management policies the Trust aims to:- a) provide the highest quality out of hospital care, without risks to the health of those involved, and within resource allocations; b) meet its corporate objectives and strategic goals as set out in the Trust s Business Plan and Board Assurance Framework; c) understand the risks the Trust faces, their underlying causes and ensure that lessons are learnt; d) ensure the Trust meets its legislative and statutory obligations and complies with best practice; e) enhance the community image of and consumer confidence in the Trust; f) minimise the total cost of claims and other losses to the Trust through fraud and negligence; g) achieve best value for money and ensure resources are appropriately directed, thereby maximising resources for patient services and care; h) encourage and develop risk management as an integral part of the Trust s culture based on honesty and openness, where mistakes and adverse incidents are identified quickly and dealt with in a positive and constructive way; i) provide a clear understanding of the roles and responsibilities of managers and staff at all levels ensuring all employees are clear about their personal responsibility with regard to risk management; j) ensure there is a common framework within which risks are identified and assessed with action plans in place to prevent or mitigate any adverse effects of identified risks. 5. Objectives 5.1 To meet the aims of this strategy the Trust will:- a) continue to assign the Quality and Governance Committee as the Board of Directors committee with responsibility for risk management; b) continue to assign the Directors Group and Quality and Governance Committee to provide a focus for risk management; c) ensure appropriate risk management structures are in place across the whole organisation; d) undertake a Trust wide risk profiling exercise to review Directorate, Executive Directors and Corporate risk registers; including project team risk registers;

e) continue to implement a robust incident reporting system, ensuring lessons are learnt and shared, and that the principles of the Duty of Candour are followed in respect of open communication with patients regarding any moderate or serious incident involving them; f) further develop a safety culture and reinforce the Trust s responsible culture required for effective risk management; g) provide training on risk management to Trust staff ensuring that all individuals within the organisation are aware of their role, responsibilities and accountability with regard to risk management; h) ensure that internal and external comments feed into the risk management system; i) undertake self assessments against national risk management standards and develop appropriate action plans to address any identified areas of improvement; j) continue to provide swifter risk identification, analysis and mitigating actions through regular Quality Risk Watch meetings; k) monitor the effectiveness of risk management policies and procedures via the monitoring of agreed Key Performance Indicators; l) produce a separate Risk Management Process policy document to provide further clarity for managers and staff; m) undertake a self assessment against ISO 31000:2900, the International Risk Management Standard across the enlarged Trust to identify any areas where the Trust s risk management systems can be further strengthened; n) develop an annual Risk Management plan to ensure that the Risk Management Strategy is implemented and that risk management is embedded in all the Trust s practices and processes. 6. Scope 6.1 This Risk Management Strategy applies to all Board of Directors members, employees, governors, contractors and volunteers acting on behalf of the Trust. 6.2 This strategy is also applicable to all staff contracted to provide services to the Trust, and all patients and visitors to the Trust. It applies to all honorary contract holders and to all workers of other organisations visiting the Trust sites in the course of their employment or studies. 6.3 This strategy should be implemented across all Trust service lines. 7. Duties

7.1 The organisational structure and clear lines of accountability aim to ensure that there is both a coordinated and holistic approach to the management of risk throughout the Trust. 7.2 All managers and staff will be responsible for the management of risk within the extent of their roles and responsibilities. They will be expected to comply with the systems and associated procedures, and ensure all efforts are made to eliminate or minimise risks they become aware of. 7.3 Trust Board of Directors 7.3.1 The Trust Board of Directors has overall responsibility for the business of the organisation and its risk management framework. In particular it is responsible for:- a) ensuring appropriate structures are in place to implement effective risk management; b) committing those financial, managerial, technological and educational resources necessary to adequately control identified risks, and to ensure services are high quality and safe for patients; c) monitoring risk management controls in place ensuring their suitability and sufficiency in reducing threats to the achievement of the Trust s strategic goals, corporate objectives and requirements linked to the Care Quality Commission Regulations (DoH 2009) and Monitor s Risk Assessment Framework. d) scrutinising the performance of management in meeting agreed goals and objectives and monitoring the reporting of risk management performance, as well as satisfying themselves that the appropriate level and type of assurance is being provided; e) satisfying themselves that financial controls and systems of risk management are robust and defensible; f) providing leadership to promote a positive risk management culture throughout the organisation. 7.4 Non-Executive Directors 7.4.1 Non-Executive Directors are specifically responsible for:- a) ensuring the systems for governance, risk management and internal control are effective and maintained across all the organisation s activity; b) ensuring the strategic goals and corporate objectives of the organisation are achieved; c) constructively challenging and contributing to the development of risk management systems;

d) one of the Non-Executive Directors is appointed as the Chair of the Quality and Governance Committee which is the Committee responsible for risk management. 7.5 Council of Governors 7.5.1 The Council of Governors is responsible for holding the Non-Executive Directors to account for the performance of the Trust, including ensuring the Board of Directors acts so that the Trust does not breach the conditions of the provider licence. The Trust will ensure that it supports governors in this role by proactive notification to governors of the following:- a) any issues identified by the Trust which put the Trust at risk of breaching the conditions of the provider licence; b) any serious incident, media interest or similar issue which may impact upon the Trust s reputation and which is also notified to the CQC and Monitor; c) any Corporate risk which has the potential to impact on the achievement of the Trust s Corporate Objectives. 7.6 Directors Group and Associate/Deputy Directors Group 7.6.1 Members of these groups will be specifically responsible for ensuring:- a) the Risk Management Strategy is implemented within their own directorate and that suitable and sufficient risk assessments have been carried out to enable the Trust to meet its statutory and legal responsibilities; b) they identify and manage high level key strategic risks; c) they debate, clarify and agree new significant, moderate and low risks to ensure a consistent approach to risk scoring; d) the development, management and population of Directorate risk registers within their Directorates ensuring the risk manager is informed of any risks scoring equal to or greater than 10, which then require escalation to the Executive Directors or Corporate risk registers; e) managers and staff co-operate in applying this strategy throughout their directorate with the involvement of the Head of Patient Safety and Risk; f) Directorate risk registers are reviewed as a standing agenda item at all Directorate and departmental team meetings and that the contents of the Executive Director and Corporate Risk Registers are communicated to staff within their directorate; g) Directorate risk registers are assessed regularly and that managers are updating and managing risks appropriately; h) steps are taken to secure resources for the implementation of associated controls following risk assessment;

i) specialist advice is available to the Trust as required, e.g. fire prevention, infection control, legal, occupational health; j) an open and honest culture is developed where mistakes and adverse incidents are identified quickly and dealt with in a positive and constructive way; k) directorate activity is compliant with national risk management standards; l) staff within their directorates undertaken any relevant risk management training made available to them as identified within the Trust s Training Prospectus. 7.6.2 Specific responsibilities are set out below: 7.7 Chief Executive 7.7.1 The Chief Executive, on behalf of the Trust Board of Directors, is accountable for ensuring there is a comprehensive and effective risk management system, and for ratifying the Annual Governance Statement in the Trust Annual Report in which the Board of Directors acknowledges and accepts its responsibility for maintaining and reviewing the effectiveness of a sound system of internal control, including risk management. 7.6.2 The Chief Executive will communicate with relevant stakeholders where there is a risk that threatens the achievement of the Trust s corporate objectives as set out in the Board Assurance Framework, to gain their support and engage them in the development of a corrective action plan. 7.8 Executive Director of Nursing and Governance 7.8.1 The Executive Director of Nursing and Governance has delegated responsibility for managing the strategic development and implementation of risk management and health and safety. Specific responsibilities include: a) attending Quality Risk Watch Meetings to debate, clarify, challenge and agree risks and review the Corporate and Executive risk registers; b) Presenting new significant, moderate or low risks for debate, quality assurance of risk scoring and approval; to be populated onto either the Corporate or Executive Directors risk registers or to be managed on Directorate risk registers; a triangulated approach to risk management; c) ensuring effective systems exist for the maintenance, monitoring and review of the Trust s health and safety arrangements, activities and performance. 7.9 Deputy Chief Executive/Director of Finance 7.9.1 In particular the Deputy Chief Executive/Executive Director of Finance is responsible for:- a) continuously assessing the financial risks to the Trust in liaison with Executive Directors and directorate managers;

b) identifying internal risks and the safe operation of financial control systems with the Internal Auditor and Audit Committee of the Trust Board, ensuring these direct the development of the annual Audit Plan. The security of these arrangements will be regularly monitored by the Trust Board of Directors; c) taking account of risks within the Corporate Risk Register when setting financial priorities for the Trust; d) the prevention and management of fraud; e) maintenance and review of the Trust s insurance arrangements; f) leading on implementation of a regulatory framework to take account of the financial and governance risk rating assessments applied by Monitor. 7.10 Executive Medical Director 7.10.1 The Executive Medical Director has delegated responsibility for managing the strategic development and implementation of clinical risk management and clinical governance. In particular the Executive Medical Director is responsible for:- a) leading the implementation of the Trust s Risk Management Strategy for clinical matters; b) regularly assessing and ensuring clinical risks are appropriately prioritised within the Trust s risk registers and associated action plan; c) managing risk issues relating to clinical care in collaboration with both the Executive Director of Delivery and the Risk and Litigation Manager d) providing regular reports to the Trust Board of Directors and Quality and Governance Committee on clinical risk including the work of the Clinical Effectiveness Group. 7.11 Executive Director of Information Management and Technology (IM&T) 7.11.1 The Executive Director of IM&T is the Trust s appointed Senior Information Risk Owner (SIRO) who has been identified as having appropriate knowledge and training to champion information security risk at Board level. 7.12 Other Members of the Trust 7.12.1 There are roles within the organisation which have a specialist risk management element, these roles include:- 7.13 Head of Governance 7.13.1 The Head of Governance has delegated responsibility for ensuring the ongoing development of this strategy and the implementation of appropriate risk management strategies. Specific responsibilities include:

a) establishment of efficient and effective risk management systems and arrangements to include analysis of clinical negligence and personal injury litigation, serious and other adverse incidents, concerns, complaints and health, safety and security reports. The development of detailed arrangements to reduce financial and clinical risk are the responsibility of the Deputy Chief Executive/Director of Finance and the Executive Medical Director respectively; b) developing relevant and effective arrangements that ensure appropriate policies and procedures are in place associated with the requirements of Monitor, Care Quality Commission, and those related to litigation or legislation; c) taking steps to ensure specialist advice and/or reports are available to the relevant Trust Committees of the Trust Board of Directors; and d) attending Quality Risk Watch Meetings to debate, clarify, challenge and agree risks and review the Corporate and Executive Director Risk Registers; e) the ongoing development, management and monitoring of the Trust s governance framework including the Board Assurance Framework. 7.14 Head of Patient Safety and Risk 7.14.1 The Trust s Head of Patient Safety and Risk is responsible for: a) leading the risk management, patient safety, litigation and health and safety functions; b) leading the development and implementation of this strategy and associated policy documents; c) developing and implementing relevant appropriate risk management policies and procedures associated with the requirements of Monitor, Care Quality Commission and those related to litigation or legislation; d) provision of regular reports to the Audit Committee, Quality and Governance Committee, Directors Group and Trust Board of Directors regarding risk management; e) co-ordination of the Trust s risk management activities; f) co-ordination of information, briefing, instruction and training across the Trust on risk management, its underlying principles and expectations. This will include advising on the development of appropriate remedial programmes; g) taking action and/or reporting to the appropriate Director and the Head of Governance any concerns about the on-going adequacy and implementation of the Trust s Risk Management Strategy; h) overseeing the accurate logging, monitoring, reviewing and regular reporting to the appropriate Trust managers and relevant Trust Committee on adverse incidents and near miss reports;

i) overseeing the accurate logging, monitoring, reviewing and regular reporting to the appropriate Trust managers and relevant Trust Committee of those incidents classified as serious incidents, ensuring they are investigated in accordance with the Trust Serious Incident Policy; j) providing reports on the Trust s compliance with risk management assessments; k) attending Quality Risk Watch Meetings to debate, clarify, challenge and agree risks and review the Corporate and Executive Directors Risk Registers. 7.15 Trust Secretary 7.15.1 The Trust Secretary is responsible for:- a) ensuring the Trust s corporate affairs are undertaken to the highest standards of probity and according to statutory and legislative requirements and the regulatory framework; b) the identification of Board of Director and Governor development needs, making arrangements for the provision of training and the maintenance of such records; b) ensuring risk management is included with in the Board of Directors annual business cycle. 7.16 Health, Safety and Security Manager 7.16.1 The Trust s Health, Safety and Security Manager is responsible for:- a) working with managers to ensure security, health, safety and welfare risks are appropriately dealt with in accordance with the Trust s Risk Management documents; b) accurately logging, monitoring and reviewing accident and security reports, highlighting any trends and learning points to the Health and Safety Group and Quality and Governance Committee respectively; c) the co-ordination of information, briefing, instruction and training across the Trust on health and safety matters, including risk assessment; d) the management of the Trust s health and safety risk assessment procedures; e) promoting health and safety at work; f) implementing effective systems for the maintenance, monitoring and review of the Trust s health and safety arrangements, activities and performance;

g) providing regular reports to the Quality and Governance Committee and the Trust Board of Directors regarding Health, Safety and Security. 7.17 Fleet Manager 7.17.1The Trust s Fleet Manager is responsible for managing risk issues and incidents relating to vehicles and medical equipment. Their responsibility will also include accurately logging, monitoring and reviewing vehicle accident reports, motor insurance claims and equipment defect reports highlighting any trends and learning points to the Vehicle and Equipment Working Group. 7.18 Senior Patient Experience Manager 7.18.1The Trust s Senior Patient Experience Manager s key risk management responsibilities include highlighting any trends and learning points identified from investigations, complaints and concerns and patient feedback to the Experiential Learning Forum making recommendations for improvement. 7.19 Patient Experience Manager 7.19.1 The Patient Experience Manager s key risk management responsibilities include accurately logging, monitoring, reviewing and risk rating concerns and comments highlighting any trends and learning points to the relevant Trust Committee. Their responsibility also includes liaising with the Head of Patient Safety and Risk to highlight any potential claims and Serious Incidents identified through the Patient Experience processes. 7.20 Head of Resilience 7.20.1 The Head of Resilience will regularly update the Trust s Major Incident Plan and will ensure that managers and staff are appraised, and trained in relevant procedures, and understand their responsibilities. Their responsibility also includes maintaining the Resilience Department risk register and ensuring that risks arising from the Local Resilience Forum s community risk registers are fed into the Trust s risk management process. 7.21 Central Alert System Liaison Officer 7.21.1The Trust s Central Alert System (CAS) Liaison Officer is the Incidents Manager. They are responsible for ensuring CAS alerts are dealt with within stipulated timescales, highlighting any risks to the Head of Patient Safety and Risk. 7.22 Directorate Heads 7.22.1The Heads of individual directorates/divisions have responsibility for:- a) implementing the Trust s Risk Management Strategy including overseeing the management of suitable and sufficient risk assessments throughout their own department/functional responsibility in accordance with the Trust s Risk Assessment documents. In liaison with the Health, Safety and Security Manager, they will ensure that records of health and safety risk assessments are made available to employees and Health and Safety Representatives;

b) contributing to the identification of employees risk management training needs; c) ensuring that managers within their departments investigate any adverse incident, complaint or concern, or claim in accordance with Trust policy documents; d) management of their local risks on their Directorate Risk Register ensuring any corporate risks equal to or over 10 are highlighted to the Risk and Litigation Manager; e) ensuring directorate activity is compliant with national risk management standards. 7.23 Trust Managers 7.23.1 Managers are responsible for the day to day implementation of the strategy within their own area. Responsibilities include:- a) acting upon any significant hazards and risks identified during the normal course of their duties and reporting any risks that they cannot adequately control, as well as anomalies, to the appropriate senior manager; b) checking risk assessment systems are in place for their own area of operation and reviewed regularly, including initiating and participating in any risk assessments, as necessary on a timely basis; c) the identification, action, review and management of the local risks on their Directorate Risk Register ensuring any risks equal to or over 10 are highlighted to the Head of Patient Safety and Risk. d) in liaison with the Head of Patient Safety and Risk, Health, Safety and Security Manager, and/or other senior managers ensuring that staff are adequately informed and trained in risk management, including any existing or new control measures. Where training is arranged locally, the Training and Education Department must be informed so that training records can be updated; e) ensuring accidents and incidents including near misses are reported in line with Trust policy, sufficiently investigated and action taken to prevent reoccurrences; f) effective budget management; g) issuing (and ensuring compliance with) Trust policies and procedures; h) ensuring department activity is compliant with national risk management standards. i) encouraging staff awareness and ownership of the Trust s Risk Management Strategy and associated documents, and processes;

j) leading the on-going development of an open and honest culture where mistakes and adverse incidents are identified quickly and dealt with in a positive and constructive way; l) complying with the requirements of the Duty of Candour. 7.23 Employees 7.23.1 Employees are responsible for:- a) being familiar with, and complying with, all appropriate Trust policies and procedures including risk and health and safety policies, designed to protect the Trust and the health, safety and welfare of anyone affected by the Trust s business; b) being personally responsible for not undertaking any task or action which would knowingly cause risk to themselves, others, or to the Trust; c) as far as is reasonably practicable, manage risk by attempting to prevent other people from undertaking tasks or actions which would knowingly cause risk to themselves, others or to the Trust; d) identifying and reporting actual or potential hazards/risks in the work environment; e) participating in training sessions and carrying out any agreed control measures and duties as instructed; f) participating in the investigation of any serious, moderate or adverse incidents, claims, complaints or concerns as requested; g) taking immediate action to manage or minimise risks where it is reasonably practicable to do so. 8. Risk Management Structures 8.1 Monitoring of risk management, clinical governance and Care Quality Commission Regulations have been incorporated into the work of the Quality and Governance Committee. To demonstrate the holistic approach to risk management within the Trust, the committee and group structure functions are summarised below and described in further detail within the relevant terms of reference. 8.2 In order to achieve a co-ordinated approach to risk management and to avoid duplication of effort, all key committees and groups concerned with risk management will maintain links through designated individuals, as set out in their terms of reference. 8.3 Quality and Governance Committee 8.3.1 The Chair of the Quality and Governance Committee is a Non-Executive Director appointed by the Trust Board of Directors.

8.3.2 The Quality and Governance Committee is a committee of the Board of Directors and has overarching responsibility for risk management. It aims to ensure a holistic approach is achieved within the processes for risk management as well as ensuring risk issues inform corporate decision making. 8.4 Directors Group 8.4.1 The Directors Group (including a monthly meeting with Associate/Deputy Directors) debates and quality assures the scoring of all new significant and moderate risks. To ensure that adequate controls are in place to avoid or manage risk the Directors Group reviews both the Corporate and Executive Directors Risk Registers on a monthly basis. 8.5 Health and Safety Group 8.5.1 The Chair of the Health and Safety Group is the Executive Director of Nursing and Governance 8.5.2 The Health and Safety Group will concern itself with the provision of a healthy and safe working environment for all employees, contractors and members of the public who may visit or use Trust premises and/or vehicles, or be affected by the organisation s operations. 8.6 Experiential Learning Forum 8.6.1 The Experiential Learning Forum aims to:- a) promote and share learning from Trust systems and staff and patient feedback; b) undertake focused reviews from trends identified or concerns raised; c) make recommendations for action to improve patient safety and experience. 8.6.2 The Chair of the Experiential Learning Forum is the Executive Director of Nursing and Governance. The Quality and Governance Committee will receive six monthly reports from the Experiential Forum and is responsible for ensuring that trends and themes are acted upon and managed effectively. It will ensure that any lessons learned through the investigation of incidents, patient feedback such as complaints and concerns, comments, and claims are disseminated internally and externally, as appropriate. A bi monthly update on lessons learned is included within the Patient Experience Report presented to each Quality and Governance Committee. 8.7 Quality Risk Watch 8.7.1 The purpose of the Quality Risk Watch Group is to ensure a consistent approach to risk management and quality assurance for risks contained within the Trust s risk registers. In addition, its responsibilities include:- a) providing swift risk identification as a result of meetings, business plans and external influences; b) debating, clarifying, challenging and agreeing risks; c) the identification of risk controls and mitigating actions for new and changing risks.

8.7.2 Quality Risk Watch is chaired by the Executive Director of Nursing and Governance and attended by the Head of Governance, Head of Patient Safety and Risk, Trust Secretary and Deputy Director of Finance. Other individuals who have a particular interest, knowledge or experience are invited to attend as required. The activity of the Group is recorded on the Quality Risk Watch Register which is presented to each Quality and Governance Committee for assurance. 9. Risk Management 9.1 The management of risk covers every aspect of the Trust s business including clinical care, service delivery, out of hours provision, accountability issues, fleet and equipment management, records management, estates, environment, asset management, financial performance, corporate issues and strategic matters. Risks will be considered in relation to both the internal and external environment and will be informed by systems such as incident reporting and investigation, communication, patient and public involvement and resilience. 9.2 The risk management process identifies risks, assesses their potential frequency and severity, eliminates risks wherever practicable and reduces the effect of those that cannot be prevented. It also informs financial decisions and absorbs the financial consequences of risk materialising. 9.3 Guidance on Trust risk management systems and processes, risk identification, analysis, control, prioritisation and funding is set out in the Trust s risk management policies and associated documents on the Trust s intranet. 10. Risk Assessment 10.1 Detailed procedures describing the risk assessment process to be carried out by each function/department and directorate within the Trust are contained within the Risk Assessment Policy. The Trust s Risk Measurement and Categorisation Criteria document is at Appendix A which details the severity descriptors for assessing the impact of risk which includes the following:- Injury/Safety (patients, staff and the public); Legal and financial; Service Interruption; REAP levels; Regulatory requirements; Reputation. 11. Risk Register 11.1 The Trust s Corporate and Executive Directors Risk Registers are held centrally within the Patient Safety and Risk Department. Each Directorate holds its own Directorate Risk Register which is maintained within the Directorate, with an individual from that Directorate allocated responsibility for its development and maintenance. The Trust s Risk Register Monitoring Process (Appendix C) details the content of Risk Registers and describes the process for ensuring the Risk Register is regularly reviewed and updated by managers, Directors and the Board of Directors.

12. The Process for the Management of Risk 12.1 The detailed Trust process for the management of risk is based on the International and British Risk Management Standard ISO/BS 31000:2009 as demonstrated in the diagram below:- 12.2 Risk Appetite 12.2.1 The risk appetite applied to all risks is Low. This risk appetite requires all risks to be managed down to a low (directorate) level. If this is not possible through mitigation then risks should be escalated through the Risk Register process described at paragraph 3 of Appendix C. 13. Authority for the Management of Risk 13.1 All managers have the delegated authority to manage any level of risk locally within the resources available to them. This will include putting controls in place as a result of risks identified from risk identification processes such as risk assessment, complaints, adverse incidents and claims. 13.2 Where the manager does not have resources to adequately control or manage the risk the advice of a more senior manager or Director should be sought and the risk added to the relevant Trust s risk register. 13.3 If the identified risk affects the whole organisation rather than the local area the manager should notify a senior manager or director who will decide on the action to be taken. In this case the Head of Patient Safety and Risk should be notified and the risk added to the appropriate risk register.

14. Communication and Consultation 14.1 The Trust will employ a variety of methods to share its Risk Management Strategy, policies and plans both internally and externally. This will include both internal and external stakeholders including Commissioners and Monitor. 14.2 Directorate heads and managers will ensure that staff are aware of the strategy and implement the systems included within their areas of responsibility. 15. Training and Education 15.1 Training members of the organisation on risk management principles and systems is a primary aim of the Trust. Staff will be adequately trained in the concepts of risk management, patient safety and quality (formally known as clinical governance) and adverse incident reporting as part of their induction and as set out in the Trust s Training Needs Analysis to promote the highest standards of risk management and clinical care. 15.2 Members of the Trust Board of Directors will receive risk management training and guidance in accordance with the annual Board of Directors cycle and Trust s Training Needs Analysis. 15.3 Training needs for all Trust staff, Board members, volunteers, senior managers and governors will be identified via a Training Needs Analysis and provided as part of the ongoing Training Prospectus. Such training will cover this Risk Management Strategy, risk assessment techniques, record keeping, health and safety, risk management, incident reporting, investigation techniques and infection control. 15.4 Training may be conducted via various methods including face to face, via workbooks, attendance at seminars and developmental sessions. 15.5 Records of attendance at risk management training will be recorded on the Trust s Electronic Staff Record (ESR) system. Any non-attendance will be followed up in accordance with the process set out within the Trust s Training and Education Policy. 16. Monitoring 16.1 Risk management at South Western Ambulance Service NHS Foundation Trust, which includes the effective implementation of this strategy, is monitored through the organisational annual programme of internal audit. Where gaps in the process are identified, these will be drafted into an action plan with designated leads identified for the completion of actions against a specified timescale. Internal audit will follow up implementation of recommendations as part of its re-audit in the following year s audit programme in addition to reporting the progress of recommendation implementation at each Audit Committee meeting. 16.2 The Trust s Quality and Governance Committee will receive, as part of the annual Patient Experience report, an annual Risk Management report which will:-

! demonstrate the effectiveness of the organisation s risk management structure;! include a summary of control measures put in place as part of the Trust s risk management process, and, as a result of risks identified from adverse incidents, complaints and other feedback by those with delegated authority responsible for managing risk locally;! provide a summary of work undertaken by key individuals responsible for risk management activities;! include details of risk management training provided to the Board of Directors, senior managers and employees during the year and any actions undertaken to address non-attendance. 16.3 The Corporate and Executive Directors risk register is presented at each meeting of the Quality and Governance Committee which monitors the document to ensure:- that the process for assessing strategic risks is being followed; that the risk registers accurately reflect the Trust s risks. 16.4 The process for the Board of Directors review of the Risk Register will be monitored as part of the annual review of the Risk Management Strategy by the Trust Board of Directors and will inform updates to the process. 16.5 The Audit Committee is responsible for reviewing the Risk Management process to ensure that it is fit for purpose and receives an annual report from the Head of Patient Safety and Risk on the implementation of the Risk Management Strategy. 17. References 17.1 For this strategy the following references apply:-! Risk Management Standard for Ambulance Services, NHS Litigation Authority.! International Standard ISO 31000:2009! Risk Assessment Framework, Monitor. August 2013. 18. Associated Documentation 18.1 This strategy links to:-! Governance Strategy! Quality Strategy! Equality and Diversity Strategy! Information Governance Policy! Quality and Governance Committee Terms of Reference! Risk Assessment Policy! Incident Reporting Policy! Serious and Moderate Harm Incident Policy! Policy for Managing Recommendations from External Bodies! Training and Education Policies! Health and Safety Group Terms of Reference! Health and Safety Policies! Complaints Policy! PALS Policy! Claims Policy

! Communications Strategy! Patient, Public & Involvement and Community Engagement Strategy! Learning from Experience Procedure! Monitor Compliance Framework 19. Review 19.1 This strategy will be subject to annual review by the Trust s Quality and Governance Committee and Board of Directors.

Table 1 Consequence Score Risk Measurement And Categorisation Criteria Severity 1 2 3 4 5 Descriptors Negligible Low Moderate Serious Very Serious Injury / Safety (patients, staff, public) Minor injury Minor injury or illness, first aid treatment needed Reportable to external agencies/statutory bodies (e.g. RIDDOR) Major injuries, Single death Legal or Financial below 50,000 50,001-100,000 100,001-500,000 500,001-1,500,000 (triggers MEAP) Proactive MEAP <2 Proactive CEAP <2 Multiple deaths or major permanent incapacity QEAP threshold breach 1,500,001 plus Reactive MEAP >Management downside to maintain 1% surplus Reactive CEAP>3 Service Interruption Loss PTS < 12 hour Loss PTS >12 hours and < 24 hours Loss UCS/111 IT < 1 hour Loss PTS > 24 hours and < 5 days Loss UCS/111 IT > 1 hour and < 4 hours Threat of Industrial Action Loss A&E IT > 1 hour and < 2 hours Loss PTS > 5 days Loss UCS/111 IT > 4hours and < 12 hours Loss A&E IT < 2hours Industrial Action 24hrs Loss A&E IT> 2 hours Loss of A&E phones Loss of UCS/111 IT > 12 hours Loss of UCS/111 phones Industrial Action>24hrs REAP Levels REAP 1 REAP 2 REAP 3 REAP 4 REAP 5 or 6 Regulatory Minor recommendations Non-compliance with regulations/standards declared within acceptable threshold and action plan in place Non-compliance with regulations/standards outside acceptable thresholds and regulator reports Minor concern(s) and improvement actions Reputation Low level media coverage Local media coverage short term Non-compliance with standards outside acceptable thresholds and regulator reports Moderate concern(s) and compliance actions required Regional media coverage Single MP/Peer concern Breach Compliance Framework and/or Constitution Non-compliance with regulations/standards and regulator reports Major concern(s) and compliance actions required National Media short term Multiple MP concern Call for Public Inquiry Prosecution Severely critical reports eg Ombudsmen Operating illegally Non-compliance with regulations/standards Regulator reports Major concern(s)/enforcement action/intervention National Media long term Questions in House of Commons and Lords Public Inquiry

Table 2 Likelihood Score 1 2 3 4 5 Descriptor Rare Unlikely Possible Likely Almost Certain Frequency The event may only occur in exceptional circumstances The event could occur at some time The event should occur at some time The event will occur at some time The event is expected to occur in most circumstances Probability < 5% 5 30% 30 60% 60 90% > 90% Rare Unlikely Possible Likely Almost Certain Negligible 1 2 3 4 5 Low 2 4 6 8 10 Moderate 3 6 9 12 15 Serious 4 8 12 16 20 Very Serious 5 10 15 20 25 Risks scoring 1 9 = Low (Directorate Risk Registers) Risks scoring 10-12 = Moderate (Executive Directors Risk Register) Risks scoring 15 25 = Significant (Corporate Risk Register)

Risk Register Monitoring Process Appendix C 1. Introduction 1.1 In order that an organisation can effectively manage its risks it should first identify and prioritise them. These risks should then be recorded on Risk Registers. 1.2 The Risk Register should be a live document and, as far as reasonably practicable, accurately reflect the Trust s risk exposure at any one time. In order that the Risk Register does reflect the Trust s current position a Risk Register monitoring process has been put in place. 2. Content of Risk Registers 2.1 In order that the Trust is aware of all relevant information regarding its risks, the Risk Registers should include the following information:- Risk reference; Description of Risk; Summary of Controls; Action summary; Action deadlines; Reference to Corporate Objectives; Risk scoring (including consequence and likelihood); Residual risk; Managerial lead; Risk source (including but not limited to, Corporate Objectives, incident reports, risk assessments, other risk registers, projects, self assessments); Date of review; Risk movement. 3. Assessment of Risks 3.1 The Trust operates two key systems and processes for managing risk. These are:- Proactive risk management, via the risk assessment process, as described within the Risk Assessment Policy; Reactive risk management, via the various Trust feedback mechanisms as set out in 3.2 below. 3.2 The Trust s Risk Assessment Policy sets out the systems and processes for conducting and managing risk assessments. As part of the risk assessment process the Trust s Risk Measurement and Categorisation Criteria (Appendix A) should be used to assess the level of risk and the risk subsequently managed. Risks can be identified from many sources including:- Strategic goals and Corporate objectives; Business plans; Risk assessments organisational, health and safety, clinical, business, financial; Incident reports and investigations; Claims and inquests;

Patient feedback, such as complaints, concerns; Central Alert System (CAS); External assessments, e.g. Care Quality Commission, Health and Safety Executive, Information Governance; Internal Audits; Self assessments including review of National Guidance including NICE guidance, MCEPOD recommendations and High Level Enquiries; Media Reports; Employment relations cases; Changes in legislation. 3.3 Risks graded as 9 and under are classified as being low and are considered as acceptable. These risks are recorded within the local Directorate Risk Registers and should be monitored at a directorate level with action plans applied by the local manager where appropriate. 3.4 Risks graded between 10-12 are classified as being moderate and are recorded within the Executive Directors Risk Register. These are monitored by the Directors Group with identified directors and heads of department responsible for the application of action plans. 3.5 Risk graded as being over 12 are classified as being significant and are recorded within the Corporate Risk Register. These are monitored by the Trust Board of Directors and Quality and Governance Committee with identified directors responsible for the application of action plans. 4. Risk Register Monitoring Process 4.1 The Head of Patient Safety and Risk will be responsible for maintaining the Trust s Corporate and Executive Directors Risk Registers. 4.2 Each Directorate is responsible for developing, reviewing and maintaining its own Directorate Risk Register and appropriate lead managers should be identified to implement this process. 4.3 The updated Directorate Risk Registers should be e-mailed to the Head of Patient Safety and Risk on a monthly basis. 4.4 All line managers are responsible for discussing their Directorate Risk Register with department staff. It is important that all staff have an awareness of the identified risks within their departments and that they have the opportunity to add to and comment on the Directorate risk register. Directorate Risk Registers will be reviewed as a standing agenda item at all Directorate and departmental team meetings. 4.5 Directors should meet with lead managers on a quarterly basis to review the risks, control measures and associated actions for which they have responsibility. Directors will ensure that risk ratings are calculated in the context of the overall organisation and that the Risk Register is updated on a monthly basis. Directors will be asked to provide assurance to the Head of Patient Safety and Risk that these meetings are taking place.

4.6 Individual Directors, or their representatives, will liaise with the Head of Patient Safety and Risk quarterly to jointly review the content of the Directorate Risk Register, control measures and the status of associated actions. 4.7 Project risk registers will be held by the Project lead and should be forwarded to the Head of Patient Safety and Risk on a quarterly basis for review and presentation to Quality Risk Watch where any risks affecting the operation of the Trust s business will be considered for addition to the appropriate risk register. 4.8 Every Trust committee and working group has a standing agenda item entitled the identification of new risks. Any risks arising from that meeting should then be fed through to the appropriate Register in accordance with the Trust s Risk Management Process. 4.9 The Trust will hold an annual review of all risks to quality assure their content, scoring and relevance. 5. Risk Management Business Cycle 5.1 A Risk Management Business Cycle has been produced which illustrates when and at what level the Risk Registers will be reviewed by the Trust s Groups and Committees. The following information provides further information on the cycle. 5.2 Trust Board of Directors 5.2.1 Members of the Board of Directors will receive the Corporate Risk Register (containing its significant risks scoring 15 25) on a monthly basis and a copy of all Risk Registers annually providing assurance that all Trust functions are managing their risks effectively. 5.2.2 The Board of Directors will conduct an annual deep dive into identified risk registers to ensure the risks accurately reflect the Trust s goals and objectives. 5.2.3 The Board of Directors is ultimately be responsible for considering and accepting any risks rated as significant where it is considered that those risks are controlled as far as practicable. 5.3 Quality and Governance Committee 5.3.1 The Quality and Governance Committee will be responsible for considering any proposals to accept significant risks where it is considered that they are controlled as far as practicable. Such proposals can only be accepted by the Trust Board of Directors following a recommendation by the Quality and Governance Committee. Once a risk has been accepted it will be monitored by the Quality and Governance Committee for any changes that may affect the status of that risk. 5.3.2 The Quality and Governance Committee receives the Corporate Risk Register (containing its significant risks scoring 15 25) and the Executive Directors Risk Register (containing moderate risks scoring 10 12) at each of its bi-monthly meetings where the documents are reviewed and discussed alongside any associated action plans and exception reports that have been produced to manage Trust risks.

5.3.3 The Quality and Governance Committee will review any recommendations made by the Directors Group to accept moderate risks prior to them going to the Trust Board of Directors. 5.4 Directors Group 5.4.1. The Corporate Risk Register and Executive Directors Risk Register are reviewed monthly by the Directors Group. They also review any new risks that have been added to the risk registers by the Quality Risk Watch Group. In addition the Directors Group will receive Directorate Risk Registers (containing the Trust s low risks scoring 9 and below) on an annual basis. 5.4.2 The Directors Group are responsible for the acceptance of any moderate risks where it is considered that those risks are controlled as far as practicable. The acceptance of such risks will be formally noted in the meeting minutes. 5.5 Quality Risk Watch 5.5.1 The Trust s Quality Risk Watch Group aims to meet on a monthly basis and is chaired by the Executive Director of Nursing and Governance and attended by the Head of Governance, Head of Patient Safety and Risk, Trust Secretary, and Deputy Director of Finance. Quality Risk Watch is responsible for reviewing the content of the Trust risk registers and any proposed change to risk scoring. Directors and managers responsible for managing Directorate risk registers are also invited to Quality Risk Watch meetings to quality assure the risks recorded on their Directorate risk registers. 5.5.2 The Group also reviews, quality assures, sense checks and validates any new identified risks that have been brought to the attention of the Head of Patient Safety and Risk. Any new risks identified as moderate and high are taken forward to the Directors Group for agreement. 5.5.3 Quality Risk Watch is supported by a Quality Risk Watch Register. This document is a record of all decisions and discussions that take place at Quality Risk Watch meetings and can be used as an audit tool to track changes to the Corporate and Directors risk registers. This document is presented at each meeting of the Quality and Governance Committee.

Appendix D Risk Management Strategy Version Control Sheet Version Date Author Summary of Changes 5 Sept 2010 V. Williams Amendments to 8.3 regarding training in risk management for Board members. Also the inclusion of Governors and volunteers. Throughout document updates to Trust name, Committee names and job titles to reflect structure changes. Updates to Executive Summary to include reference to risk being an integral part of the Trust s management approach. 1.3 reference to being an aspirant foundation trust removed. 1.3 new paragraph referencing the Trust s strategic goals. 1.4 updated to include reference to strategic goals and corporate objectives Paragraph 2 new paragraph identifying the scope of the strategy 3.1 updated definition of risk to incorporate the International and British Standard 31000:2009 3.4 updated definition of risk management to incorporate the International and British Standard 31000:2009 3.5 addition of definition of risk register. 4.2 link to business plan 4.5 (d) updated with reference to legislative requirements and best practise. 4.5 (i) strengthened reference to responsibilities 4.5 (j) additional aim relating to common framework 5.1 (e) principles of Being Open and Duty of Candour included within objectives. 5.1 (l) additional objective relating to the production of a dedicated Risk Management process document. 5.1 (m) additional objective relating to ISO 31000:2900 5.1 (n) additional objective relating to annual risk management plan. 7.4 Addition of responsibilities of Non Executive Directors 7.5.1 Additional link to Board responsibilities. 7.6 (b) Additional responsibility relating to strategic risks 7.6 (f) additional responsibility relating to communicating Directors and Corporate Risk Registers to directorate staff 7.6 (l) additional responsibility relating to training. 7.12.1 (a) inclusion of responsibility for chairing and developing Learning From Experience Group. 7.13.1 (j) addition of responsibility for facilitating and acting as

6 Jan 2012 6 March 2012 6 March 2012 7 March 2013 7 March 2013 7 March 2013 7 March 2013 7 March 2013 7 March 2013 8 July 2014 deputy chair for Learning From Experience Group. 7.19 addition of link to Community Risk Registers 7.23.1 (a) addition of requirement to be familiar and comply with Trust policies. Para 12 link to ISO 31000:2009 Q&G Committee Board Board Para 12.2 Addition of Risk Appetite Para 14 Addition of Communication and Consultation paragraph Para 15.1 addition of monitoring by Internal Audit Appendix B, Para 3 addition of Risk Assessment section Appendix B, Para 4.7 addition of reference to Project risk registers Appendix B, Para 5.3.2 re-written to duplicate paragraph included within Audit Committee Risk Strategy implementation paper. Appendix B, Para 5.5 re-written to duplicate paragraph within Audit Committee Risk Strategy implementation paper Appendix C triangular risk diagram replaced with new Risk Management Process diagram agreed by Audit Committee. Appendix A separate row for REAP levels on Risk Measurement Categorisation Chart Ordering of responsibility section updated to reflect Governance Strategy Appendix B, 10.1 Inclusion of information regarding risk descriptors. Throughout document, updates to job titles and responsibilities to reflect structure changes. Para 2.3 Strategic Goals updated to reflect current versions. Para 6.3 addition of requirement to implement strategy across all service lines. Para 7.15 addition of responsibilities for the Trust Secretary. Para 7.32.1 (f) reference to the Duty of Candour. Para 8.7 addition of duties for Quality Risk Watch Removal of references to NHSLA Throughout document, updates to job titles and responsibilities to reflect structure changes. Para 1.1 addition to reflect requirements of BS31000:2009 and recommendation from internal audit Para 2.3 Strategic Goals updated to reflect current versions. Para 2.5 removal of reference to acquisition Para 3.2 - addition to reflect requirements of BS31000:2009 and recommendation from internal audit

Para 6.1 additional reference to contractors. Para 8.6 Terms of Ref for Learning From Experience Group replaced with Experiential Learning Forum Throughout document, addition of Trust Secretary to Quality Risk Watch membership Para 17 addition of reference to Monitor s Risk Assessment Framework App C, Para 5.5. Frequency of Quality Risk Watch meetings changed from bi-weekly to monthly.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information