Version No: 2
Date Approved: 13/06/2014
Date Reviewed: 10/12/2014
Next Review Date: 10/12/2016
Title: Risk Management Policy
Written by: National Risk Manager & Risk Management/Health and Safety Co-ordinator
Approved by: Chief Executive Officer
This policy replaces all existing policies from 10/12/2014 onwards and is due for review on 10/12/2016. It will be reviewed during this time as necessary to reflect any changes in best practice, law, substantial organisational, professional or academic change.
1.0 Purpose of Policy
The purpose of this policy is to provide a framework for staff to identify, assess and rate risks and to develop strategies to deal with risks. It will set out how Cheshire Ireland will reduce unacceptable or inappropriate risks to service users, staff, contractors and the public. Cheshire Ireland acknowledges that it is responsible for the implementation of sound systems of governance and internal controls in order to achieve effective risk management in the organisation. This includes reviewing the effectiveness of risk management systems and sources of assurances. Cheshire Ireland will take appropriate action to ensure the highest possible standards are maintained and any unacceptable risks are minimised or managed effectively.
Cheshire Ireland acknowledges that the delivery of healthcare can never be risk free and that taking decisions about risk and opportunity is a part of everyday clinical and non-clinical practice and management. It also recognises that staff are often faced with difficult dilemmas for which there is no single or simple solution, and there are situations where staff (and service users and carers) need to take opportunities which may carry a risk of an adverse outcome, and that not every decision or action taken has a successful or expected outcome. Cheshire Ireland supports the right and need for these decisions to be made. Reducing risk in all situations can be best achieved by adherence to the tenets of good professional practice, and through the responsible use of frameworks for safer practice and services, for staff and service users, through adherence to sensible, transparent and practical policy, procedure and protocol, and to legislative requirements. This Risk Management Policy supports this philosophy whilst ensuring that ‘unacceptable risks’ are managed appropriately.
Risk assessments will be required as part of the decision-making process when delivering care or support services. Risk assessment will also be required as part of the decision-making processes intended to exploit Service development opportunities.
2.0 Scope
The policy applies to Cheshire Ireland management and employees including volunteers. The policy objectives are:
- Risk management principles are integrated into all aspects of service delivery.
- All hazards/risks are identified and managed proactively.
- All incidents, complaints and near misses are effectively managed
- Governance is improved by ensuring the Board is made aware of all significant risks;
- Compliance with relevant legal and regulatory requirements;
- A reliable basis for decision making and planning is established
- Improved effectiveness of Risk Management (controls) Plans
- A consistent means of measuring risk exists throughout the organisation
- Risk Management performance is measured and enhanced
3.0 Definitions
Risk Management: The method employed to ensure that the entire process from hazard identification through risk assessment, communicating and implementing controls through to documentation and audit.
Integrated Risk Management: A continuous, proactive and systematic process to understand, manage and communicate risk from an organisation- wide perspective.
Risk Management Process: The systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluation, treating, monitoring and reviewing risk.
Risk Assessment: The overall process of risk identification, risk analysis and risk evaluation.
Risk Register: A risk register is a record of all identified risk within a service. Its purpose is to help managers to minimise risk and target improvements to best effect.
Monitor: To check, supervise, observe critically or measure the progress of an activity, action or system on a regular basis in order to identify change from the performance level required or expected.
Operational Risks: relate to the operational and administrative procedures of Cheshire Ireland such as clinical practice, health and safety, financial practices, human resources etc. that present a risk and threaten the day to day delivery of care and support.
Safety: The condition of being protected from or unlikely to cause danger, risk, injury or ill health.
Safety Committee: A committee within a service that meet to discuss, review and address health and safety and issues relating to risks within the service.
Safety Statement (Ancillary): document that outlines how the service manages their health andsafetybased upon theSafety, Health and Welfare at Work Act, 2005 as well as all relevant regulations, standards and guidelines. The service specific safety statement must be based on the risk assessment of the hazards that may affect the service users, staff or visitors. It is the place to record the significant findings of any risk assessments.
Safety Statement (Parent): document that outlines how Cheshire Ireland manages their health andsafetybased upon compliance with any legal obligations and in particular the requirements set out in TheSafety, Health and Welfare at Work Act, 2005.
Strategic Risks: these concern the long term strategic objectives of Cheshire Ireland. These may be external or internal to the organisation.
Quality: Doing the right thing consistently to ensure the best outcomes for people, satisfaction for all stakeholders.
4.0 Responsibilities
4.1 Responsibilities of the ChiefExecutive Officer (CEO).
- Determine strategic approach to risk. Set risk appetite in consultation with Risk Management Committee.
- Understand the most significant risks and oversees their management
- Seeks assurance regarding the effectiveness of Risk Management framework and process
4.2 Responsibilities of the Regional Managers
- Ensure that the services within the region meet all acceptable standards of quality and that all associated risks are controlled.
- Ensure that risk is considered duringservice development, capital and business planning.
- Ensure that all major or high risk issues are brought to the attention of the Risk Management Committee.
- Ensure that there are functioning Safety Committees at service level to provide oversight of risk issues.
- Ensure that appropriately trained and competent staff are charged with responsibility for undertaking the necessary risk assessments throughout their area of responsibility
4.3 Responsibilities of the Service Managers
- Ensure that they and all staff within their responsibility are familiar with the contents of this Risk Management Policy and are working to adhere to this policy to proactively manage risk.
- Ensure that all policies, procedures, protocols and guidelines designed to manage risk are implemented as appropriate.
- Support the embedding of Risk Management in their area and the development of a risk aware culture.
- Ensure the risk register is maintained and up to date. Any new and emerging risks that cannot be managed locally must be communicated to the National Risk Management committee through the Regional Manager.
- Ensure a functioning Safety Committee is in operation to review adverse events and oversee the management of risks that occur locally.
- Ensure implementation of effective governance, risk management, health and safety management, performance management arrangements regarding care delivery and provides assurance to the Regional Manager as to the effectiveness of these arrangements.
- Ensure that the risk management process including identification, assessment, management and ownership of risks is embedded and effective.
- Carry responsibility for service quality, learning from adverse events and complaints, audit, medicines management and medical devices.
4.4 Responsibilities of all Employees
- Understand, accept and implement risk management processes.
- Engage effectively in the risk assessment process.
- Comply with legal, policy and procedural requirements.
- Report inefficient, unnecessary or unworkable controls.
- Report adverse events and near miss incidents as per Cheshire Ireland (2014) Policy for the management of Adverse Events.
- Cooperate with management on incident investigations.
4.5 Responsibilities of the National Risk Manager
- Support the Senior Management Team to develop the Risk Management Policy and keep up to date, based on changes in external and internal context.
- Prepare risk management performance reports for the Risk Management Committee, Senior Management Team and the Cheshire Ireland Board.
- Provide strategic risk management advice relating to service developmentand business planning.
- Document the internal risk policies and structures.
- Analyse adverse event reports and prepare reports.
4.6 Responsibilities of the Risk Management/Health and Safety Co-Ordinator
- To co-ordinate the development of a safety management system which is appropriate to Cheshire services, and which operates in compliance with the underlying values of the organisation.
- To co-ordinate and support the implementation of the policies and procedures across all Cheshire activities.
- To co-ordinate the development of a risk management programme which is appropriate to Cheshire services.
5.0 The Risk Management Process
The risk management process to be effective must be an integral part of management, embedded in the culture and practice of the service and tailored to the business processes of the organisation. In line with Cheshire Ireland Policy for the identification of Hazards, the assessment and management of risk, the main elements of the risk management process are shown below:
5.1 Hazard/Risk Identification
Hazards (risk source) and risks (uncertainty) may be identified proactively, in advance of the risk materialising (through planned risk assessments of service users’ inherent presentation, environments, projects, processes, or activities) or, reactively once an adverse incident has occurred. The consideration of risks and their implications should constitute a formal part of Cheshire Ireland’s service development, business planning, and project planning processes , as well as its on -going general management processes and through the continuous review of incidents, complaints and claims.
5.2 Risk Analysis
Risk analysis is the process used to comprehend the nature of risk and to determine the level of risk. The objective of risk analysis is to separate minor acceptable risks from major risks. Risk analysis involves developing an understanding of the risk, consideration of the causes and sources of risk, their positive and negative consequences, and the likelihood that those consequences can occur. Risk is analysed by determining consequences and their likelihood. Existing controls and their effectiveness and efficiency must be taken into account. In some cases, more than one numerical value or descriptor is required to specify consequences and their likelihood for different times, places, groups or situations. This Risk Management Policy advocates the use of a simple, clear and relevant process (utilising the 5X5 risk matrix).
5.3 Risk Evaluation
Calculating risk is about turning an evaluation of a hazard/risk/incident or potential risk into a measurement which is comparable and consistent with others throughout the organisation. This enables all assessments to be compared on an organisational-wide basis, to identify where risks are likely to occur and to determine what can be learnt from and done to reduce risk exposure. People put differing values on risks depending on how or what they perceive to be the risk. Therefore, in order to achieve greater consistency, Cheshire Ireland uses consequence and likelihood criteria and a colour-coded matrix. This involves three steps: scoring the impact, scoring the likelihood and applying the value to the risk matrix.
5.3.1 Scoring the Impact
The first step is to make a judgement about the consequences (Impact) of the event. The table below should be used as a guide.
IMPACT SCORING TABLE# / Impact / Description
1 / Insignificant/None / No obvious harm
2 / Minor / Non-permanent harm (< one month to resolve)
3 / Moderate / Semi-permanent harm (up to one year to resolve)
4 / Major/Severe / Major permanent harm
5 / Catastrophic / Death /Fatality
5.3.2 Scoring the likelihood
The second step in evaluating risk is to consider the likelihood of a consequence happening again. The table below should be used as a guide.
LIKELIHOOD SCORING TABLERare/Remote (1) / Unlikely (2) / Possible (3) / Likely (4) / Almost Certain (5)
Actual/ Potential Frequency / Probability / Actual/ Potential Frequency / Probability / Actual/ Potential Frequency / Probability / Actual/ Potential Frequency / Probability / Actual/ Potential Frequency / Probability
Occurs every 5 years or more / 1% / Occurs every 2-5 years / 10% / Occurs every 1-2 years / 50% / Every 2 months / 75% / At least monthly / 99%
5.3.3 Applying the value to the risk matrix
Once a judgement has been made about the likelihood and consequence of a risk, the two numerical values should be multiplied to give a risk rating. E.g. Major (4) x Possible (3) = 12. This figure can then be applied to a risk matrix to provide a final risk assessment. The table below shows the risk matrix
Risk Matrix / No injury / Negligible (1) / Minor(2) / Moderate
(3) / Major
(4) / Catastrophic
(5)
Almost Certain (5) / 5 / 10 / 15 / 20 / 25
Likely (4) / 4 / 8 / 12 / 16 / 20
Possible (3) / 3 / 6 / 9 / 12 / 15
Unlikely (2) / 2 / 4 / 6 / 8 / 10
Rare/ Remote (1) / 1 / 2 / 3 / 4 / 5
1-4 / Low Risk
5-8 / Moderate Risk
9-12 / High Risk
12-25 / Very High Risk
5.4 Risk Treatment / Controls
The risk treatment and controls are the list of actions that must be completed in order to eliminate the risk or reduce it to an acceptable level. Each control must have a responsible person and a timeframe allocated.
5.5 Reviewing Controls
The process is not over until the risk controls have been completed. If a service is unable to implement a control then this control should be reviewed or escalated to the Regional Manager.
6.0 Risk Profile of Cheshire Ireland
When caring for and supporting people in a dynamic environment such as Cheshire Ireland, it is acknowledged that some risks are so spontaneous that they are impossible to plan for or prevent. Other risks are foreseeable, if unpredictable, and therefore must be planned for. This risk profile will identify how some of these predictable events (Hazards/Risks/Incidents) can be identified, assessed and managed.
6.1 Challenging Behaviour
Behaviours associated with a service user’s condition in Cheshire Ireland generally comprise shouting and verbal abuse directed towards staff. Some have a tendency to shout and bang objects. Many also have a tendency to hit out and grab staff. Most of these behaviours are needs driven. There is a proactive emphasis on management of behaviours with the inclusion of increased education for staff in Challenging Behaviour.
Precautions to minimise Challenging Behaviour
Cheshire Ireland has in place(draft) a Standard Operating Procedure for Implementation of a Positive Behavioural Support Intervention. A planned program of supports is required to effectively support a person presenting antisocial behaviour within a service. To respond in this situation Cheshire Ireland has developed a Positive Behaviour Support Intervention which is delivered over an 8 week period by a team of support staff in a service. The intervention team will include the local quality officer, a nominated trainer, and the service manager or designate and a member of the clinical support service team.
- The quality officer’s role will be to present to the staff team an identity portrait of the person.
- Using the identity portrait, the staff team are supported to develop a draft Positive Behaviour Support Plan to guide them as they interact with the person.
- The Positive Behavioural Support Plan is shared with the Service User, their advocate and/or family member if appropriate for their input. The service user will be asked to agree to the operation of the plan on a trial basis for a fixed period.
- The intervention team may amend part or all of the plan based on the person’s feedback or with appropriate supports, they may choose to implement the plan having acknowledged the person’s objection.
- The person may decline to agree the operation of the plan. In this case their views will be noted and considered by the intervention team who wrote the plan.
- The actions and responses agreed in the person’s Positive Behavioural Support Plan will be incorporated into the person’s Personal Plan.
- The agreed Positive Behavioural Support Plan will be reviewed with all staff through the handover process.
- For a period of at least six weeks from the time of the implementation of the measures contained in the plan staff will be required to complete an adverse event report each time an adverse event occurs.
- Analysis of the adverse event reportswill provide an overview of the effectiveness of the current Positive Behaviour Support Plan and changes will be made as required which reflects the analysis.
- Where a Positive Behavioural Support Intervention has been implemented and has not succeeded in ensuring a safe and consistent high quality service for the person, a procedure is outlined to arrange a referral to a psychologist.
- The Positive Behaviour Support Plan will be monitored by the service manager on an ongoing basis and will be reviewed by the quality officer with the service on an annual basis.
- Where the plan breakdown or requires review the service manager can request the support of the original intervention team through the regional manager.
6.2 Assault
Assault in Cheshire Ireland could involve assault by service user, member of the public or staff. HR recruitment practice and effective implementation of the safeguarding policy will reduce the risk of assault by a staff member. Assaults experienced within Cheshire Ireland comprise verbal or physical assault by service users towards staff primarily. A service user may present a safeguarding risk in that they may have a tendency to target both service users and staff with their physical and verbal outbursts.
Precautions to minimise assault
- Cheshire Ireland has in place(draft) a Standard Operating Procedure for Implementation of a Positive Behavioural Support Intervention
- Initial and on-going assessment to identify triggers which may lead to assault and implementation of appropriate interventions.
- Multi-disciplinary input to clinical management (Nurses, GP, Family, significant others, Clinical psychologist, psychiatrist etc.)
- Suitable and sufficient care will be provided to all service users to ensure early identification of cues that service user might assault and de-escalation of potential assault.
- Staff training in Challenging Behaviour to ensure appropriate response to service users, for example, understanding why service users decline routine activities/interventions
- Staff delivering what may be perceived as unwelcome news is professionally trained to communicate sensitively and appropriately.
- Staff are vigilant when interacting with members of the public, remaining cognisant at all times of any presentation that may present a risk to their safety.
6.3 Falls