BSO 30/2014

Report of BSO Corporate Risk Workshop,

30th January 2014

1Introduction and background

At the BSO Board meeting in November 2013, it was agreed that Board would set aside time in the New Year to review the Corporate Risk Register in detail.

The Chairman set the context for the workshop – rather than scrutinise current risk scores which are reviewed at least monthly by SMT and quarterly by the Board, the workshop would be used to consider the following 3 aspects of the risks:

  • Scoping the Risk– whether the current description reflects all the risks or whether there are other factors that need to be included;
  • Information Flow –the timing of information, whether the Board receive the correct information and if a sufficient quantity of information is received; and
  • Remedial approach – is the current strategy sufficient to manage the risk?

2The following risks were discussed:

(i) Risk 13:“Risk to Data Centres from unstable hospital power / environment may cause further outages.”

Scoping the Risk - Board members agreed that the mitigations to reduce the risk have beenstrengthened, however issues still exist with the power supply and will continue until a new data centre is established.

Other related risksdiscussed were lack of finances, potential future capacity issues, the environment and whether customer experience had been badly affected.

Information Flow - the Chairman asked members to highlight any gaps in information being received by the Board. One area identified was which systemsare housedineach data centre; the Director of CCP confirmed that this information has been produced as part of the Gartner review.

Board members then discussed whether briefing reports on Gartner should be presented to Board or whether this would be duplication in view of the Board Gartner sub-group.

Action: The Directors of CCP and Finance to prepare an administrative report from the Gartner sub-group for presentation to a forthcoming Board meeting; this paper should focus on the impact of IT systems on patient care and include a progress report with regard to the library and strategic options.

Remedial approach - future actions will include:

  • consideration of a battery back-up for the air conditioning (update to be included in February report)
  • BSO to host a number of regional workshops for Trusts to share learning and knowledge
  • Appointment of a new Data Centre Manager indicates a more pro-active/predictive approach to managing the Data Centres

(ii) Risk 6:“Inability to implement replacement systems for Finance, HR and Procurement in line with agreed plans.”

Scoping the Risk - the scope of the risk is changing slightly with the move from implementation to embedding of the new systems; this may need to be reflected in the risk description in future months. Members discussed the real risk around the failure of Benefits Realisation due to external factors such as the cost of retained functions within the Trusts.

Information Flow - there is a regular correspondence between BSO and DHSPS around Benefits Realisation andBoard will be kept up to date with developments.

Remedial approach - continued correspondence to the Department on a formal structure for Benefits Realisation.

(iii) Risk 14:“BSO will face the risk of legal challenge and/or financial loss under new legislation, the Late Payment of Commercial debt Regulation 2013, which requires 30 day payment of supplier invoices.”

Scoping the Risk - members agreed that the current risk description is sufficient.

Information Flow - information around the payment of invoices includes:

  • SMT receive daily information on outstanding invoices
  • Prompt payment statistics
  • Information from the new Payments function
  • Monthly scorecard report to Board

Remedial approach - members agreed that there are sufficient controls in place. Peter Wilson also informed members of on-going development in warehouse technology.

(iv)Risk12:“A significant project to change Fermanagh addresses will impact on approx.15, 000 addresses in the area which will affect HSC information systems and patient contact. This could result in a patient not receiving a cancer screening invitation.”

Scoping the Risk - the Chief Executive advised that the Likelihood of this risk is decreasing but the impact remains the same. The risk will be kept under review with a similar project due to take place in Newry & Mourne in July 2014.

Information Flow - the acting Director of Operations gave a verbal update to Board in December 2013. A similar update will be provided on progress in Newry & Mourne in July 2014.

Remedial approach - risk will be considered for removal to the service risk register.

(v)Risk 1: “Levels of savings in the overall environment for HSC are so great that BSO service provision to customers is negatively affected and/or we fail to breakeven.”

Scoping the Risk - the Director of Finance informed members that BSO face a very challenging financial position with the risk for 2014-15 that Trusts will expect savings in the service offerings.

Information Flow - members agreed that information is sufficient with monthly financial reports to Board and Latest Best Estimates.

Remedial approach - there is an on-going issue with systems maintenance costs and the Director of Finance was able to reassure members that correspondence from the Permanent Secretary has endorsed BSO approach to date.

(vi)Risk4: “Shared Services may not achieve business case outcomes.”

Scoping the Risk - Members agreed that the primary threat to achieving business case outcomes is the retained function being implemented by Trusts. Other potential risks could come from failure to meet performance targets.

Information Flow - SMT agreed to consider Performance measures and bring a paper to Board in the next quarter outlining requirements.

Remedial approach - The following actions were agreed:

  • SMT to populate the Controls & Assurances columns to reflect performance measures
  • Board to review the Business Case again in the next few months and consider expected Benefits Realisation
  • SMT to bring a paper on Performance measures to Board in the next quarter
  • Consideration to be given to promoting the benefits of Shared Services to Trusts
  • To consider the periodic distribution of a short Customer Satisfaction Survey to service users.

(vii)Risk 8: “Failure of key ITS Applications & Infrastructure impacting delivery of Critical Services to Customers.”

Scoping the Risk - there was discussion around the element of control BSO can exercise over this risk as without further funding from the commissioner, additional staff cannot be appointed. Members acknowledged that it is a challenge to persuade the commissioner to invest in relevant areas, that this is a wider business issue.

Information Flow - the information currently being provided to Board was deemed sufficient.

Remedial approach: the implementation of the Gartner review and new staffing structures will be taken forward.

(viii)Risk 10: “BSO will face the risk of legal challenge on Major High Value Regional Procurement Contracts.”

Scoping the Risk - the Director of Legal Services highlighted that there is additional risk from challenge to all contracts, with overall numbers likely to increase. There is also a potential political risk if a contract is awarded outside of N. Ireland.

Clarification was also sought around responsibility for the costs of legal challenges with concern expressed that BSO bear all of these. Peter Wilson explained the protocol in place to share costs.

Information Flow - the information currently being provided to Board was deemed sufficient.

Remedial approach - going forward, the growth of Social Care procurement will be monitored and kept under review by the Board.

(viiii)Risk 9: “BSO current skill mix does not meet future business needs.”

Scoping the Risk - generic description is sufficient as it covers several areas which are affected.

Information Flow - the information currently being provided to Board, such as HRCS report and Gartner updates, was deemed sufficient.

Remedial approach - SMT will highlight any specific issues to Board when required.

Action Sheet from BSO Corporate Risk Workshop, 30th January 2014

Action (s) / By Whom / By When
1. / An administrative report from Gartner sub-group to be presented to Board; focus on the impact of IT systems on patient careand include a progress report with regard to the library and strategic options. / DoCCPDoFin / Forthcoming Board meeting
2. / An update on the Newry & Mourne addressing project, due to take place in July 2014, to be presented to Board. / DoOPs / August 2014
3. / SMT to populate the Controls & Assurances columns of Risk 4 to reflect performance measures,and bring a paper on Shared Services Performance measures to Board. / SMT / April–June 2014
4. / BSO Board to review the Shared Services Business Case and consider expected Benefits Realisation. / BSO Board / End April 2014
5. / BSO to consider whether there should be further external risks on the corporate risk report, with current focus on internal risks. / SMT / On-going
6. / Going forward, risks on the Corporate Risk report should be categorised into types. / CRSI / Immediately
7. / The risk descriptions on the Corporate Risk report should include consequences of the risks. / SMT / Immediately
8. / A Board workshop should be held every year to look at the Corporate Risk Report in depth. / BSO Board / Annually
9. / To consider the periodic distribution of a short Customer Satisfaction Survey to service users. / SMT / 2014-15