The Secretary of State has directed that the Chief Executive should be the
Accountable Officer to the Trust. The relevant responsibilities of Accountable
Officers, including their responsibility for the propriety and regularity of the public
finances for which they are answerable, and for the keeping of proper records, are set
out in the Accountable Officers' Memorandum issued by the Department of Health.

To the best of my knowledge and belief, I have properly discharged the
responsibilities set out in my letter of appointment as an accountable officer.

..............................Date.............................................................Chief Executive

The directors are required under the National Health Services Act 1977 to prepare
accounts for each financial year. The Secretary of State, with the approval of the
Treasury, directs that these accounts give a true and fair view of the state of affairs of
the trust and of the income and expenditure of the trust for that period. In preparing
those accounts, the directors are required to:

- apply on a consistent basis accounting policies laid down by the Secretary of State
with the approval of the Treasury

- make judgements and estimates which are reasonable and prudent

- state whether applicable accounting standards have been followed, subject to any
material departures disclosed and explained in the accounts.

The directors are responsible for keeping proper accounting records which disclose
with reasonable accuracy at any time the financial position of the trust and to enable
them to ensure that the accounts comply with requirement outlined in the above
mentioned direction of the Secretary of State. They are also responsible for
safeguarding the assets of the trust and hence for taking reasonable steps for the
prevention and detection of fraud and other irregularities.

The directors confirm to the best of their knowledge and belief they have complied
with the above requirements in preparing the accounts.

By order of the Board

..............................Date.............................................................Chief Executive

..............................Date............................................................Finance Director

       1.         Scope of responsibility

The Board is accountable for internal control. As Accountable Officer, and Chief Executive of this
Board, I have responsibility for maintaining a sound system of internal control that supports the
achievement of the organisation’s policies, aims and objectives. I also have responsibility for
safeguarding the public funds and the organisation’s assets for which I am personally responsible as set
out in the Accountable Officer Memorandum.
As Chief Executive of the Trust I have overall responsibility for the assurance framework, and for
clinical governance and risk management. I delegate specific responsibility to individual executive
directors and these are clearly outlined in the governance strategy.
The Trust has a close working relationship with the Strategic Health Authority and has an agreed
performance reporting framework, which includes regular reports as follows :
      Activity against targets,
      Financial performance,
      Clinical governance and risk management,
      Response to national reviews,
      Progress against the Standards for better health,
      Serious adverse incident reporting.

I also have a responsibility for :
      Ensuring that responsibilities for the management and co-ordination of risk are clear,
      Ensuring that major risk management policies and procedures are ratified through the
         appropriate structures,
      Identifying and allocate the required resources, from within available funds, to implement risk
         management initiatives,
      Ensuring communication with stakeholders on problems of mutual concern.
The Trust’s governance strategy details how these are achieved, and the requirements for consulting
with stakeholders in determining risks and mitigating actions.

       2.         The purpose of the system of internal control

The system of internal control is designed to manage risk to a reasonable level, rather than to eliminate
all risk of failure to achieve policies, aims and objectives ; it can therefore only provide reasonable and
not absolute assurance of effectiveness. The system of internal control is based on an ongoing process
designed to:

   Identify and prioritise the risks to the achievement of the organisation’s policies, aims, and
   Evaluate the likelihood of those risks being realised and the impact should they be realised, and to
    manage them efficiently, effectively and economically.

The system of internal control has been in place in the Royal Free Hampstead NHS Trust for the year
ended 31 March 2005 and up to the date of approval of the annual report and accounts.

       3.         Capacity to handle risk
The Royal Free Hampstead NHS Trust has a clear and communicated risk management strategy in
place, which has been endorsed by the board. The trust executive is responsible for reviewing and
reporting to the board all significant risks, which are fed into it by the various specialist reporting
groups into the risk management committee, informing the governance committee and the trust board.
These groups form part of the core management process. This arrangement was enhanced during the
year by the consolidation of risk under one executive director, the establishment of a risk and safety
department with the appointment of four senior staff to support directorates in risk management
The director of nursing is the executive director with lead responsibility for risk management, with the
director of operations being responsible for health and safety, and the director of finance for financial
As part of the embedding of the risk management strategy, focussed and cascaded training is delivered
to managers, risk co-ordinators, and to other staff across the trust, both at induction to the trust, and
also as part of their ongoing development. The level of training is dependent on their level of delegated
The main clinical, and non clinical risk management function is the responsibility of the director of
nursing. There are a range of policies in place in place to describe the roles and responsibilities of staff
in identifying and managing clinical and non clinical risk, and these policies set out clear lines of
responsibility and accountability. All relevant policies are available on the intranet. Each division has a
risk lead or a clinical governance co-ordinator, who attends both the risk management, and health and
safety committees. They are supported by both the risk and safety department, and the occupational
health unit. Utilising the comprehensive risk management software, reports of moderate and serious
risks are monitored at an individual level , with trend data also being produced. Changes in practise,
both at a local and on a trust wide basis, are presented at the groups and are cascaded down to
departments by the attendees. Risk managers supporting directorates also provide and communicate
this at divisional business meetings, service groups, specialty care groups, and operational management
The trust has joined the national reporting and learning system as required by the National Patient
Safety Agency, and is also part of the newly formed London Risk Forum. As well as sharing incidents
with other organisations via this process, it also responds to the patient safety alerts through the Safety
Alert Broadcast System and ensures that good practise identified through these alerts is implemented.
The use of comprehensive risk management software to handle complaints, litigation, adverse
incidents, and contacts with the PALS service and child protection incidents enables us to analyse risks
across the risk identification mechanisms. Comprehensive reports are created for the divisions and to
the governance committee to the trust board. All adverse incidents and complaints are graded for
severity and investigated, with action plans being developed to reduce the risk of recurrence. The
learning from these incidents is disseminated widely and is used to inform trust priorities. The trust
board routinely monitors action plans.

       4.         The risk and control framework
The trust has a risk management strategy in place, which sets out the key responsibilities and
accountabilities for managing risk within the Organisation.
The trust has established systems that allow existing and potential risks to be identified and eliminated
or reduced. This involves grading using the core risk severity matrix and analysis of the risks and
benefits of the available solutions. Risks are identified through the recommendations, comments, and
guidelines from external bodies (e.g. HSE, HC, CNST, MHRA, NPSA) and internally mainly through
incident forms, complaints, risk assessments, audits, PALS information, benchmarking, and claims.
The trust is also signed up to the National reporting and Learning System as defined by the National
Patient safety Agency, and has a robust system lead by the Head of Medical Electronics for
disseminating and implementing risk alerts as cascaded via the Safety Alert Broadcast System (SABS).
In addition to the current trust governance structure, local area risk co-ordinators exist to ensure that
local risks are dealt with in a timely manner. These individuals are responsible for the initial analysis
of the risks and it’s severity grading and ensuring the appropriate level of investigation is carried out.
They are also the key points of dissemination of risks, changes in practise, and best practise within their
local areas, ensuring that both lessons are shared with other areas and that changes in practise are
monitored and fed back to staff.
Directorates are also supported by the central risk and safety department where dedicated risk
managers facilitate investigations, monitoring and communication of risks to ensure that information
from local risk registers, where relevant, are placed on the strategic risk register.
Risk is assessed by the board and at all levels throughout the Organisation. This top down, bottom up
approach ensures that both strategic and operational risks are addressed within the trust. The board, via
the assurance framework, receives assurances on the effectiveness of risk control. All directorates hold
a local risk register, and reporting of current and changing risk is incorporated into the corporate risk
register where appropriate (e.g. significant risk impact) and the core management reporting committees
of the Organisation. Local risks are monitored via the service and divisional management structure,
where as strategic risks are monitored via the governance committee of the trust board.
The risk registers are completed through the findings of risk assessments, information from complaints,
litigation, adverse incidents, audit, internal management reviews, and reports from external bodies.
The corporate risk register is submitted to the trust board three times per year, and is used to set
priorities for the investment of resources. The risk management and governance committee advises the
trust board on any significant omissions in controls and assurances, and these are addressed as part of
the trust objectives.
Each year the trust board agrees it’s key objectives, and risks are assessed against these. The board is
also notified of the workings of the assurance framework, and of any changes to that process. Currently
the board seeks assurance via :
      Approval of key objectives and assessment of associated risks,
      Update on compliance with the risk management strategy and subsequent reporting through
          the various committees,
      Other sources of assurance are provided by internal audit, the Audit Commission, Healthcare
          Commission, RPST, CNST, staff survey results, clinical audit, ect.
The trust has an established assurance framework, which sets out the principle risks to the delivery of
the core business. The risk register identifies whether adequate controls and assurances are in place and
whether action plans are necessary to mitigate the risk. The executive director with the delegated
responsibility and accountability for managing and monitoring each individual risk is clearly identified.
The assurance framework includes risks to the delivery of activity, clinical risks, financial risks, risk to
reputation, and risk to the estate and infrastructure.
The current omissions in internal control identified from the current assurance framework are reported
below. None of these is considered a significant risk to the Organisation.
       Unreliable vacancy data impacting on the ability to recruit and retain staff.
       Lack of assessment of sickness absence to accident reporting/agency costs.
       Lack of monitoring of action plans from internal/external audit recommendations
       Lack of current trust safety advisor/competent person per legislation.

The assurance framework action plan however, demonstrates that these four risks are currently being
addressed or are now adequately controlled as follows :
     An HR specialist and key area staff with responsibility for recruitment and retention actively
        monitor data, including exit interviews.
     The psychological well being policy addressed the shortfall in sickness absence monitoring,
        with managers being trained in it’s implementation.
     Audit reports will feed into the risk and safety department for monitoring.
     He trust complies with the legislation for a competent person as a MIOSH qualified divisional
        risk manager has taken on the role.

The risk management strategy is circulated to a wide range of external stakeholders and the assurance
framework is submitted to the Strategic Health Authority. Patients and relatives are involved in the
review of serious adverse incidents and serious complaints and in the development of action plans to
reduce the risk of recurrence. All level risks are reported to a number of other external bodies such as
NPSA via the National Reporting and Learning System, Medicines and Healthcare Products
Regulatory Body, Serious Hazards of Transfusion, and Health and Safety Executive. Risks are also
shared with other London Trusts via the London Risk Forum.

       5.         Review of effectiveness

As Accountable Officer, I have responsibility for reviewing the effectiveness of the system of internal
control. My review is informed in a number of ways. The head of internal audit provides me with an
opinion on the overall arrangements for gaining assurance through the Assurance Framework and on
the controls reviewed as part of the internal audit work. Executive managers within the organisation
who have responsibility for the development and maintenance of the system of internal control provide
me with assurance. The Assurance Framework itself provides me with evidence that the effectiveness
of controls that manage the risks to the organisation achieving its principal objectives have been
reviewed. The external and internal reporting bodies already outlined, all of which are communicated
to the board on a regular basis, also inform my review.

I am aware of the implications of the result of a review of the effectiveness of the system of internal
control by the Audit and Governance Committee. A plan to both address weaknesses and ensure
continuous improvement of the system is in place.

The governance committee has examined the overall risk profile of the trust, and reported to the trust
executive, as well as monitoring how the risk management strategy is being embedded into the culture
of the trust. Relevant committees focus on key risks in their own areas.

The review is also informed by assurance from the Healthcare Commission, clinical audit, CNST, and
the risk pooling scheme for trusts. Other external assurances include :
       Benchmarked clinical outcome data from various national registries.
       Healthcare Commission reviews.
       Reports from the Royal Colleges
       Clinical pathology accreditation
       Audit Commission reports.
       Investors in people

The trust has a committee structure with clear lines of reporting and accountability, and this has been
reviewed by the trust board and by senior managers. External assurance on this is provided by the risk
pooling scheme for trusts. The assurance framework is submitted to the trust board, and they receive
regular reports on performance management, governance, financial management, together with reports
from both internal and external reviews.

The trust board reviews the risk register and assurance framework and has identified the most
significant risks where it believes that the trust should take action to improve controls and assurances
during 2005-06. The risks identified as priorities for action areas follows :
      The trust is facing significant HR and financial changes, including ‘Agenda for Change’ and
          the preparation for ‘Payment by Results’. The trust has identified appropriate controls in
          order that these initiatives are implemented in a secure manner.
      The trust has had an underlying financial deficit for several years and the deficit reported in
          the 2004-05 accounts is consistent with that long standing position rather than representing a
          sudden deterioration. In previous years it has been possible to use ‘one off’ measures to
          reduce the deficit presented within the accounts. The trust has the support of the local health
          community in addressing the underlying position, with the two main local Primary Care
          Trusts providing additional financial support , and the North Central London Strategic
          Health Authority providing assistance during 2005-06. Their support is consistent with the
          shared understanding of the potential of ‘Payment by Results’, which indicates that the key
          driver of the existing deficit, the gap between the income and cost associated with local acute
          activity, should be tackled by this change in payment responsibilities.

 Two externally commissioned reviews have highlighted the need for a service review, and a financial
 element of one review provided positive assurance on financial processes and systems. The trust is
 currently examining the potential of two main categories of activity, improving it’s clinical efficiency,
 and assessing the breadth of it’s portfolio of services in order to identify the planned contribution of
 each towards financial recovery during the next three years. ie.
      To create a more safe and fire resistant environment by progressing the fire scheme
      To improve the timeliness and completeness of clinical coding.
      To establish a medical equipment library in order to more effectively manage the safety of
          the trust’s equipment.

 Trust action plans have been developed and are currently being implemented to address each of these
 areas to improve control and assurances in relation to these risks, and the trust board, and trust
 executive will monitor progress against the action plans.
The audit committee has reviewed the overall framework for internal control, and has recommended
this statement to the board.

Chief Executive

To top