RISK MANAGEMENT STRATEGY
2016 - 2018
Version / 2Name of responsible (ratifying) committee / Risk Assurance Committee
Date ratified / 19 May 2016
Document Manager (job title) / Head of Risk Management
Date issued / 26 May 2016
Review date / 01 March 2018
Electronic location / Corporate Strategies
Related Procedural Documents / Risk Assessment Policy, Risk Management Policy,
In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document.
For assurance that the most up to date policy is being used, staff should refer to the version held on the intranet
VERSION / DATE RATIFIED / BRIEF SUMMARY OF CHANGES / AUTHOR
1 / 2 June 2015 / Strategy rewritten / Acting Head of Quality, Head Of Risk Management
2 / 19 May 2016 / Strategy updated with clear process for risk escalation
Updated Risk Management team objectives to support delivery of the Strategy
Updated organisational committee structure / Acting Head Of Risk Management
In the case of hard copies of this strategy, the content can only be assured to be accurate on the date of issue marked on the document
For assurance that the most up to date strategy is being used, staff should refer to the version held on the intranet
Table of contents
1. INTRODUCTION 3
2. STATEMENT OF INTENT 3
3. WHOSE RESPONSIBILITY IS RISK MANAGEMENT? 3
4. AIMS AND OBJECTIVES 4
5. EMBED RISK MANAGEMENT AT ALL LEVELS OF THE ORGANISATION 4
6. CREATE A CULTURE WHICH SUPPORTS RISK MANAGEMENT 5
7. PROVIDE THE TRAINING TO SUPPORT RISK MANAGEMENT 6
8. EMBED THE TRUST’S RISK APPETITE IN DECISION MAKING 7
9. MEASURE THE IMPACT OF IMPLEMENTATION 8
10. ORGANISATIONAL RISK MANAGEMENT STRUCTURE 9
11. EQUALITY IMPACT STATEMENT 9
12. MONITORING COMPLIANCE WITH THE RISK MANAGEMENT STRATEGY 9
13. ASSOCIATED DOCUMENTATION 10
14. REVIEW 11
Appendix A: Organisational Committee Structure 12
Appendix B: Duty of Key Individuals in the Risk Management Framework 13
Appendix C: Assurance Framework / Risk Register protocol flowchart 14
1. INTRODUCTION
An understanding of the risks that face NHS Trusts is crucial to the delivery of healthcare services moving forward. The business of healthcare is by its nature, a high-risk activity and the process of risk management is an essential control mechanism. Effective risk management processes are central to providing Portsmouth Hospitals Trust (the Trust) Board with assurance on the framework for clinical quality and corporate governance.
The Trust Board recognises that complete risk control and/or avoidance is impossible, but the risks can be minimised by making sound judgments from a range of fully identified options.
The Trust’s aim, therefore, is to promote a risk awareness culture in which all risks are identified, assessed, understood and proactively managed. This will promote a way of working that ensures risk management is embedded in the culture of the organisation and becomes an integral part of the Trust’s objectives, plans, practices and management systems.
2. STATEMENT OF INTENT
The Trust Board is committed to leading the organisation forward to deliver a high quality, sustainable service achieving excellent results. Thereby ensuring the organisation delivers the best patient-centred care possible, in the hospital of choice whilst making the very best use of public funds.
The Board recognises that to achieve these goals, there is a need for robust systems and processes to support continuous improvement, enabling staff to integrate risk management into their daily activities wherever possible and support better decision making through a good understanding of risks and their likely impact.
This can only be achieved through an ‘open and just’ culture where risk management is everyone’s business and where risks, accidents, mistakes and ‘near misses’ are identified promptly and acted upon in a positive and constructive way. Staff are, therefore, encouraged and supported to share best practice in a way that creates a culture of learning and a drive to reduce future risk: a cornerstone of building safer, effective, and efficient care for the future.
This Risk Management Strategy is underpinned by a suite of policies guiding staff on the day to day delivery of effective risk management processes. These linked policies are listed in section 9.
An Annual Risk Management Plan will be developed by the Head of Risk Management, and will be agreed and monitored by the Risk Assurance Committee. The Annual Plan will include objectives to address key risk issues in order to ensure continuity and progression in the Trust’s strategic direction for risk management.
3. WHOSE RESPONSIBILITY IS RISK MANAGEMENT?
The success of the risk management programme is dependent on the defined and demonstrated support and leadership offered by the Trust Board as a whole.
However, the day-to-day management of risk is the responsibility of everyone in our organisation at every level, and the identification and management of risks requires the active engagement and involvement of staff at all levels. Our staff are best placed to understand the risks relevant to their areas of work and must be enabled to manage these risks, within a structured risk management framework.
4. AIMS AND OBJECTIVES
The aim of this strategy is to strengthen the existing risk management framework, embedding risk management at a local level and ensuring appropriate escalation of the risks through the organisation to the Board. In addition, greater local level ownership of risk, enhanced clarity regarding roles and responsibilities for risk management and strengthened governance arrangements to support the current framework. The strategy is supported with an implementation plan, with objectives to support the achievement of the aims as outlined below. Both the strategy and implementation plan will be monitored by the Risk Assurance Committee.
The key objectives of the Risk Management Strategy are to:
· Embed risk management at all levels of the organisation.
· Create a culture which supports risk management.
· Provide the tools to support risk management.
· Provide the training to support risk management.
· Embed the Trust’s risk appetite in decision making.
· Measure the impact of implementation.
5. EMBED RISK MANAGEMENT AT ALL LEVELS OF THE ORGANISATION
One of the key aims of this strategy is to ensure greater local ownership of risks. To achieve this, we will continue to strengthen risk registers at Clinical Service Centre (CSC) and specialty level supported by clear criteria and timeframes for escalation of risks. Increasing transparency of the CSC risk registers will support this and will be achieved by utilising the risk register module within the updated DatixWeb incident reporting system. This will allow for ease of transference of risk and link to incidents related to specific identified risks.
To support this greater local ownership of risks, the roles and responsibilities for the risk identification, assessment, management and monitoring will be clarified and to ensure clear escalation of risks between the different levels of the organisation, from ‘ward to board’. The following procedure will continue to be embedded to ensure appropriate escalation of risk.
5.1 Interface Between Trust Risk Register and Board Assurance Framework (BAF)
All red risks (15+) on the Trust Risk Register must be linked to the BAF. The BAF enhances the information in the Trust Risk Register by detailing through assurance how well the highest risks to the delivery of strategic objectives are being controlled and mitigated to satisfy both internal and external requirements. In turn it will inform the Board where the delivery of principal objectives are at risk due to a gap in control and/or assurance.
The Trust Risk Register and the BAF work together to provide a flow of information regarding achievement of and threats to strategic objectives. The highest scoring operational risks on the Trust Risk Register will be associated with and help to inform the strategic risks on the BAF either individually or collectively (where risks from the Trust risk register are grouped into an overarching strategic risk on the BAF), this is evidenced through cross referencing between the 2 documents.
In turn each BAF risk is clearly cross referenced to the Trusts strategic objectives and Trust Risk Register referenced to the BAF, thus allowing a clear mapping of objectives, risks, controls, and assurance across all 3 documents.
The Director of Corporate Affairs coordinates this process with the risk owners for the BAF and the Risk Management team for the Trust Risk Register on behalf of the Risk Assurance Committee and Trust Board.
5.2 Management of Risk Registers and Escalation of Risk
All specialties are required to maintain a risk register of identified risks; these can be proactive or reactive risks pertinent to the service or area. Speciality risk registers are reviewed regularly by the CSC governance committee where high level risks can be agreed for inclusion on the CSC risk register.
The purpose of the Risk Assurance Committee (RAC) is to promote effective risk management to establish and maintain a Trust Risk Register and review the BAF to ensure all risks are captured and are referenced between the two documents. This enables the Board to monitor the arrangements in place to achieve a satisfactory level of internal control, safety and quality.
In accordance with the terms of reference; the Risk Assurance Committee will review CSC risk registers on a 6 monthly basis and consider all risks identified at a score of 15 or above (unacceptable risks) for inclusion on the Trust Risk Register, if not already identified on the document. The committee can recommend inclusion on the BAF should the risk be deemed sufficiently high level to affect delivery of the Trust Strategic Aims.
Similarly if a risk has been mitigated to a level where it is deemed appropriate for the CSC to continue management at that level, the Risk Assurance Committee will recommend removal of that risk from the Trust Risk Register.
Any risk that has been identified by a CSC outside of their scheduled reporting timescale can be brought to the attention of the Risk Assurance Committee as a separate agenda item for consideration for inclusion on the Trust Risk Register.
The Risk Assurance Committee ensures that all risks on the Trust Risk Register and Board Assurance Framework (BAF) have an identified operational lead responsible for updating the risk information as appropriate, and a responsible committee identified to ensure that the risk is monitored in the appropriate forum.
Appendix B identifies the responsibilities of key individuals in the risk management framework.
In order to ensure that the framework is effective, we will continue to monitor the strengthened role and membership of the Risk Assurance Committee (RAC) so that it challenges the management of risk at Clinical Service Centre (CSC) and corporate function level, aggregates risks across those areas and escalates Trust Board accordingly. RAC will monitor compliance with the Risk Management Strategy and associated policies by reviewing risks at CSC and corporate function level, but also scrutinising the arrangements for risk management at the lower level and holding CSCs to account for the effectiveness of their specialty arrangements.
Embed risk management at all levels of the organisation /Action / Lead / Deadline /
CSC Risk Registers available on the risk management intranet page – ensure these are current and up to date through spot audits until process embedded.
Ensure all CSC risk registers are migrated to the new Datix risk register module. / Acting Head of Risk Management
Acting Head of Risk Management / Completed
December 2016
Transference of the Corporate Risk Register and BAF to Datix to allow for a system for aggregation and escalation between specialty and CSC risk registers. / Acting Head of Risk Management / September 2016
Implement the complete Datix functionality upgrade, deliver the project plan and engage CSCs with process changes to continue to enhance reporting of risk. / Risk Analyst/Datix Manager / July 2016
Support CSC Governance Leads to embed the new processes for review of reported Safety Learning Events / Risk Analyst/Datix Manager/Risk Management Team / June 2016
Revise the Risk Management Strategy in line with internal audit recommendations. / Acting Head of Risk Management / May 2016
Align central risk management team responsibilities to further support CSCs. / Acting Head of Risk Management / December 2016
6. CREATE A CULTURE WHICH SUPPORTS RISK MANAGEMENT
A key component of an effective and mature risk management framework is having a culture of knowledge and understanding of risk management and leadership. This means that roles and responsibilities need to be clearly defined so that risk management is ‘owned’ by appropriate members of staff and that staff are encouraged to be more risk aware by promoting openness and supporting them to manage risks locally where possible. It also means visible and effective leadership from the Board in ensuring effective systems and processes for the management and escalation of risks.
The Trust has board level leadership for risk management and a clear committee structure that supports the aggregation and escalation of risk through the Risk Assurance Committee, now a Trust Board sub committee. We have already identified and strengthened the leadership within that framework by adding Non-Executive level input and challenge into RAC, in addition to the existing clinical representation and Executive leadership. We will strengthen the role of RAC in providing the Board assurance as to the effectiveness of the framework of controls and assurances, by continuing to develop the ‘deep dive’ methodology to understand risks on the Corporate Risk Register and Board Assurance Framework (BAF). A flowchart outlining the protocol for management of risk can be found in appendix C.
As well as structure, a mature risk management framework requires risk management to be at the heart of board level discussion. To enhance the maturity of existing conversations at board level, one of the aims of this strategy is to create a clear link between assurance, risk management, corporate governance and regulation. Using the agreed risk appetite matrix, the Board can set out a framework within which all risk should be considered, linking objectives, business planning and risk appetite. This will also help to develop an approach that engenders risk forecasting.