Item 9.1 for 7 Dec Update on Strategic Risk Register

NHS GRAMPIAN

Corporate Risk Register

Aim

NHS Grampian is aiming to improve the monitoring and use of risks and risk registers within the organisation. A large number of interconnected actions are taking place in order to make these improvements. This paper is one of those improvements and aims to keep the Board informed of the current risk profile. Data was extracted from the Datix system on 23rd November 2010.

• To update the Board on the movement of risks on the Corporate Risk Register since October 2010
• To update the Board on the current risks on the Corporate Risk Register
• To update the Board on the development of operational (Sector/Directorate/Service) level risks registers held on Datix

Strategic Context

• Risk management is a fundamental management process for NHS Grampian and supports all strategic objectives.
• Risk management is one of the standards within NHS QIS Clinical Governance and Risk management standards.
• Risk is part of the Quality Strategy under “Safe” care.

Discussion

1.The Corporate Risk Register

The overarching Corporate Risk Register comprises the Strategic Risk Register and Corporate Operational Risk Register.

As noted in previous papers there has been significant work in terms of updating, reviewing and monitoring risks on the Strategic Risk Register, including being reviewed at the Strategic Management Team, where changes to the risk are collectively agreed. All strategic risks were reviewed and discussed at the September 2010 SMT meeting and two risks are being brought forward for discussion at the November SMT meeting by the risk owners using an SBAR (Situation, Background, Assessment and Recommendations) reporting template.

Relevant strategic risks have also been taken to the Clinical Governance Committee, Performance Governance Committee and Staff Governance Committee and will be taken to the Patient Focus and Public Involvement and Assurance Framework meetings at the next opportunity.

The Sector Level High and Very High risks were discussed at the Operational Management Team in October to clarify the monitoring and escalation arrangements for operational risks. In addition reports on the risk registers for each part of the Delivery Unit were prepared and used to foster discussion at the individual Performance and Risk meetings led by the Chief Operating Officer.

2. The Corporate Risk Register and the Board

The process of linking agendas and risk, as adopted (where possible) for the Board is also being adopted by other senior level committees and provides an opportunity to review the risk and controls and gaps in controls on a regular basis.

The Patient Safety risk (ID 853) was presented at the October Board meeting, one risk will be presented at each meeting. In December therisk being presented is 749 New PAS (Patient Management System) risk.

3. Current Corporate risk profile

The current corporate risk profile is shown below; this has changed since the October meeting with no risks now being graded as Very High, 11 risks (69%) as High and five risks (31%) graded as Medium. Previously this was Very High 6%, High 62% and Medium 25%.

Figure 1 - Current corporate risk profile

4. Movement of Corporate Risks

There has been some movement of corporate risks in terms of risk grading since the last report as shown below in table 1.

Table 1 – movement of corporate risks

Risk level / May 2010 / July 2010 / Sept 2010 / Nov 2010 / Movement
Very High / 2 / 2 / 1 / 0 / 1 Very High risk closed
High / 10 / 10 / 11 / 11 / 1 High risk closed and 2 High risks added
Medium / 4 / 4 / 4 / 5 / 1 High risk now medium

Following a review of the risks owned by the Director of Public Health and Planning it was identified that there were two risks (1 very high (852) and 1 high risk (857)) which related to the health plan and strategy, linked to service delivery that required significant changes to bring them into the context of the Health and Care Framework. Overwriting these risks would remove them from the history, as they exist, in the risk register module of Datix. The solution proposed and agreed by the Executive Team was to close the existing two risks (unchanged) and create two replacement risks (both High risk (ID’s 1115 and 1116)) which are essentially the same but in the context of the Health and Care framework.

Risk ID 859has been reduced from a likelihood of Likelyto a likelihood ofUnlikely, with the same consequence of Major, which has reduced the overall risk level from High to Medium. Table 2 below shows some of the detail around this risk. This risk is linked to the strategic objective of ‘Being the best performing provider of health care services in Scotland’.

Table 2

ID / Risk Title / Description / Context and/or Impact / Controls / Gaps in controls / Action
859 / Loss of Medical Training in Grampian / Colleges within Scotland are looking at centralising training of undergraduates. Therefore at risk in terms of being centralised. Service redesign within the organisation may reduce training opportunities and any neglect of the post graduate training opportunities will increase the likelihood of centralisation / Consequence: Difficulty in attracting 'good' staff when qualified; Benefits of being a training hospital are lost; Lose tertiary level services; Post graduate research is restricted; Completely changes nature of the business / 1. Representation at regional and national committees that deal with allocation of training numbers (NOSPG; MSG. RMW, Deanery)
2. A memorandum of understanding has been developed between AberdeenUniversity, the North of Scotland Deanery, and NHSG about the role of medical education in the 9 plus one job plan setting
3. Directors of Undergraduate and Post Graduate education have been appointed to facilitate the culture of teaching and training amongst consultant medical staff
4. The importance of contribution to training will be emphasised in the allocation of discretionary points / NHSG has no control over allocation of undergraduate training places. It can only support the University by delivery of high quality teaching and contribution to high quality research.
Lack of acknowledgement of this risk at SEHD level, Board level, and senior management level. / Achieve a good score at the July 2010 GMC visit
Increase profile of teaching and research in collaboration with NHSG University Board member and the Postgraduate Dean.
Appointment of Clinical Directors of Undergraduate and Postgraduate Education

Completion of controls, gaps in controls, actions and assurance sources

Work is ongoing with the risk owners to populate the risk with the appropriate information related to controls, gaps in controls, actions and assurance sources. This progress is shown below in table 3. A formal programme to refresh the strategic risks with the executives at SMT is now underway as described previously.

Table 3 – Development of controls etc.

Information related to: / Number of risks with information in place / Percentage completed (Nov 2010)
Jan 2010 / May 2010 / July
2010 / Sept
2010 / Nov 2010
Controls / 8 / 13 / 14 / 13 / 14* / 87.5%
Gaps in Controls / 8 / 13 / 14 / 14 / 14* / 87.5%
Actions / 5 / 10 / 12 / 13 / 13* / 81%
Assurance sources / 4 / 16 / 16 / 16 / 16 / 100%

*One of these risks is being discussed at SMT and the SBAR paper indicates Controls and gaps etc have been identified, will be entered onto system.

5. Sector/Directorate/Service Operational Risks

The development of risk registers at Sector/Directorate/Service level continues to progress and there are now risks in the Datix system for all Sectors. This is reported to the Risk Management Group and the data related to Very High and High risks has also been used at OMT.

Table 4 below shows the number of Sector level risks on the system together with Directorate/Service level risks; this is compared with the overall risks on the system in May 2010 and shows that there has been a significant increase.

We expect the numbers of risks to continue to increase until the Sectors/Directorates/Services are comfortable with their risk processes. Thereafter management of the risks would aim to balance out and start to reduce the number and/or grade of risks.

Table 4– Open Operational Risks on Datix

Sector / May 2010 / July 2010 / Aug 2010 / November 2010 / Change since May
Sector Level / Service/Dept / Total
Acute Sector / 84 / 107 / 126 / 15 / 133 / 148 / +64
Corporate Services* / 26 / 41 / 44 / 0 / 53 / 53 / +27
Aberdeenshire / 23 / 21 / 21 / 15 / 7 / 22 / -1
Aberdeen City CHP / 3 / 21 / 22 / 5 / 23 / 28 / +25
Facilities / 0 / 74 / 74 / 16 / 58 / 74 / +74
Moray CHSCP / 1 / 19 / 19 / 22 / 0 / 22 / +21
Mental Health Services / 8 / 8 / 8 / 16 / 0 / 16 / +8
Totals: / 145 / 291 / 314 / 74 / 274 / 363 / 218

*Some but not all corporate services are on the system

Stakeholder Involvement

• Main stakeholders are mainly Directors and General Managers however risk is integral to all staff functions within the organisation.
• Staff are involved with workshops, risk meetings, use of risk management within daily work and also via communication such as safety alerts and incident reporting.

Impact Assessment

• Not appropriate

Resource implications

• The support for Risk Registers at a strategic and operational level is from the Clinical Governance and Risk Management unit. In the main this is from both the Datix Support team (Datix training, reporting and administration) and the Risk Management Advisors (RMA), led by the Head of Unit. RMA staffing has reduced due to temporary and permanent changes and this means there is a current substantially reduced service. Staff are being moved around within the unit and contingency plans are being put into place and supporting the Risk Register work is seen as a priority. The CGRM unit is currently undergoing a review and is about to implement a new model associated with the Quality Strategy.
• The embedding of risk requires all services to commit to this core management function. The approach of embedding should mean that this does not require additional resource.

Key Risks

• The risk is that NHS Grampian does not continue to implement the use of risk registers to support the risk management process and that risk management is not embedded within our daily practice.
• Gaps are being filled such as the Board, SMT and OMT receiving risk reports and considering a single risk. The Performance and Risk meetings held between the COO and the General Managers is also helping to mitigate the risks. There is still an overall gap in terms of threading risk discussions and thus the accountability for risks within management meetings and discussions. The maintenance of the risk registers still has the potential to stagnate. This is being mitigated by workshops, RMA support and by a quality control element within Datix

Conclusion

Considerable progress has been achieved with risk management processes, including the development of risk registers in Datix over the last year. This now allows reporting on risks at a Strategic and Operational level as evidenced in this and other papers. All the integrated aspects of risk management will assist in achieving an improvement risk management process however this still requires close monitoring.

Recommendation

• The Board should be reassured by the progress made within the last year but should continue to seek assurance on the improvement progress for risk management and in particular risk registers.

Background papers/supporting information

• None

Executive Lead:Elinor Smith, Director of Nursing and Quality

Authors:Helen Robbins, Head of CGRM supporting Quality

Janet Seaton, Technical Services Manager, Datix

23 November 2010

1