Docstoc

Risk Management Policy - March 2011

Document Sample
Risk Management Policy - March 2011 Powered By Docstoc
					            COMMUNITY HEALTH & SOCIAL CARE SERVICES:

              RISK MANAGEMENT POLICY AND PROCEDURE
Version number:                  1

Date issued:                     March 2011

Review Date                      2 years

Expiry Date: 9 months
                      December 2013
after review date

Author: Name, title & Sarah Leggett, Head of Governance, Risk and Assurance
contact details       Tel: 01225 831866; sarah.leggett@banes-pct.nhs.uk

Lead Divisional Director         Julie Sharma, Divisional Director (Business Development)

Applicable to (shade appropriate box)                           Target audience

Community Health Health                         Yes      No     All staff
& Social Care staff Social Care                 Yes      No     All staff

Service           Health                        Yes      No     Refer to risk management policy for
Improvement     &                                               the    Service   Improvement     &
Performance Team Social Care                    Yes      No     Performance Team

IMPLEMENTATION PLAN - Key points for implementation
Cascade by managers. Key points for implementation:
    •   ensure all managers and staff are aware the policy and their responsibilities
    •   managers to ensure there is an open culture within their teams to enable staff to
        identify and communicate risks
    •   managers to identify a suitable local forum for the discussion of risk management
        issues within their team(s)/service(s);
    •   managers to ensure all staff attend risk the requirements of this Policy



This document can only be considered valid when viewed via the Council and PCT’s websites. If this
document in hard copy or saved to another location you are responsible for checking that the version number
on your copy matches that of the one on-line. The document applies equally to full and part time employees,
bank and agency staff.

The failure to comply/adhere to this document may be investigated in line with the Disciplinary Policy
and may result in disciplinary action, up to and including dismissal.




Title   Community Health & Social Car Services’ Risk Management Policy
Version No: 1    Issued: March 2011           Expiry Date: December 2013    Page: Page 1 of 20
CONSULTATION PROCESS

Key individuals involved in developing this document (main authors)

Name                       Designation
Sarah Leggett              Head of Governance, Assurance and Risk

Circulated to the following individuals for consultation

Name of Individual & designation                                                        Date approved
Managing Director and Divisional Directors via PEF consultation                         February 2011
Lindsey Kimber & Gary Derrick, Health and Safety Advisors                               15th February 2011

Circulated to the following group(s) for consultation prior to ratification

Name of Group                                                                           Date approved
Professional Executive Forum (PEF)                                                      February 2011

Details of approval by Lead Director

Director               Designation                                                     Date approved
Julie Sharma           Divisional Director (Business Development)                      February 2011

Circulated to the following Committee(s) for approval

Name of Committee(s)                                                                   Date ratified
Community Health and Social Care Committee (Provider Board)                            2nd March 2011

VERSION CONTROL


Version    Updated       Updated
No         By            On            Summary of changes from previous version
                                       The Risk Management Strategy has now been separated
                                       into separate strategy and policy documents. This Policy
                                       has been totally rewritten for Community Health and Social
           Sarah         February      Care Services though its content is based on the previous
   1                     2011
           Leggett                     Risk Management Strategy.

                                       Because significant changes have been made to this
                                       document it must be read as a new document.




 Title   Community Health & Social Car Services’ Risk Management Policy
 Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 2 of 20
Section    Subject                                                                                Page
           Consultation process and version control … … … … … … … … … … … …                        2
           Contents … … … … … … … … … … ... … … … … … … … … … … … …                                3
  1        Risk Management … … … … … … … … … … ... … … … … … … … … …                               4
  2        Definitions … … … … … … … … … … ... … … … … … … … … … … … …                             4
  3        Risk Appetite … … … … … … … … … … ... … … … … … … … … … …                               4
  4        Risk and Governance Framework … … … … … … … … … … ... … … … …                           5
           4.1     Committees and Groups … … … … … … … … … … ... … … … …                           5
           4.2     Individuals with specific responsibility for risk … … … … … … … …               6
           4.3     Staff … … … … … … … … … … ... … … … … … … … … … … …                             6
           4.4     Risk specialists … … … … … … … … … … ... … … … … … … … …                        7
  5        Risk Identification … … … … … … … … … … ... … … … … … … … … …                           7
  6        Risk Assessment … … … … … … … … … … ... … … … … … … … … …                               8
           6.1     What is a risk assessment? … … … … … … … … … … ... … … …                        8
           6.2     Five Steps to Risk Assessment … … … … … … … … … … ... … …                       8
           6.3     Recording the Risk Assessment … … … … … … … … … … ... … …                       8
           6.4     Evaluation and ranking of risks (risk scoring) … … … … … … … …                  8
           6.5     Risk Treatment … … … … … … … … … … ... … … … … … … … …                          9
           6.6     Communication of Risk with Third Parties … … … … … … … … …                     10
           6.7     Risk Review … … … … … … … … … … ... … … … … … … … … …                          10
  7        Risk Registers and the Management of Risk … … … … … … … … … … …                        10
           7.1     Risk Registers (Corporate and Directorate) … … … … … … … … …                   10
           7.2     Authority for the Management of Risk … … … … … … … … … … ...                   11
           7.3     Risk Escalation … … … … … … … … … … ... … … … … … … … …                        11
  8        Risk Reporting … … … … … … … … … … ... … … … … … … … … … …                             11
           8.1     Table 1: Risk Reporting Matrix … … … … … … … … … … ... … …                     11
           8.2     Reporting to Other Board and Committees … … … … … … … … …                      12
  9        Training … … … … … … … … … … ... … … … … … … … … … … … …                               12
  10       Monitoring the Effectiveness of Risk Management Policy … … … … … …                     12
  11       Links to Procedural Documents … … … … … … … … … … ... … … … …                          13
  12       References … … … … … … … … … … ... … … … … … … … … … … …                               13
           APPENDICES
  A        Summary of Risk Management Process … … … … … … … … … … ... …                           14
  B        Risk Advisors for Specialist Subjects … … … … … … … … … … ... … … …                    15
  C        Risk Assessment Template … … … … … … … … … … ... … … … … … …                           16
  D        Risk Scoring Matrix … … … … … … … … … … ... … … … … … … … … …                          18
  D        Risk Register Template … … … … … … … … … … ... … … … … … … …                           20



  Title   Community Health & Social Car Services’ Risk Management Policy
  Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 3 of 20
 1.   RISK MANAGEMENT
      Risk management is the term applied to the use of a logical and systematic method of
      identifying, analysing, evaluating, controlling, monitoring and communicating risks
      associated with any activity, process or function necessary to the achievement of the
      Organisation’s objectives. It can also be described as a method of minimising loss and
      maximising opportunity. Risk management is a continuous process which, if embedded
      and used to its full potential will influence behaviour and develop an organisational culture
      within which risks are recognised and addressed.

      Community Health and Social Care Services has a statutory responsibility to
      patients/service users, the public and its staff to ensure that it has effective processes,
      policies and people in place to deliver its objectives and to control any risks that it may
      face in achieving these objectives1.

      This Policy articulates how the Community Health and Social Care Services Partnership
      manages risk. It should be read in conjunction with the Health and Wellbeing
      Partnership’s Risk Management Strategy. The Policy’s aim is to promote a consistent
      and systematic approach to the identification and management of risk throughout
      Community Health and Social Care Services (hereafter known as the Organisation). A
      flowchart summarising the Organisation’s risk management process is provided in
      Appendix A.

 2.   DEFINITIONS
      Risk management - is the assessment, analysis and management of risks. It is simply
      recognising which events (hazards) may lead to harm in the future and minimising their
      likelihood (how often?) and consequences (how bad?)

      Risk Appetite (acceptable level of risk) – refers to the level of risk the Organisation is
      prepared to accept/tolerate after internal control is exercised. If the risk score is higher
      than the risk appetite, further action should be taken to reduce the likelihood and/or
      impact of the risk occurring. If this is not possible, contingency plans should be put in
      place.

      Corporate Risk is defined as the level of risk where potential exposure is such that
      visibility, monitoring, and, potentially, intervention is required at a Provider Board level.
      The Organisation has defined a corporate risk as any risk with a score of 15 or more.
      Corporate risks are reported monthly to the Provider Board.

      Residual risk (lowest possible risk level) is the actual or anticipated level of risk
      remaining once all identified controls have been put in place and are working effectively.

3.    RISK APPETITE
      The aim of the Risk Management Policy is not to remove all risk but to recognise that
      some level of risk will always exist and that these risks must be managed. It is recognised
      that taking risks in a controlled manner is fundamental to innovation and developing a
      positive culture. Risk appetite is the amount of exposure to risk the Organisation is
      prepared to accept or tolerate should the exposure become a reality.

      Community Health and Social Care Services will provide safe & effective care to patients
      by identifying all risks relevant to the Organisation and to take the appropriate action to
      address them. This will typically be to either eliminate the risk entirely, or to reduce it to
      an acceptable level.

      1
       Health and Safety at Work etc Act 1974; Management of Health and Safety at Work Regulations
      1999, (amended 2003)
      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 4 of 20
      Exposure to risk refers to the expected likelihood and consequence of risk occurring after
      the actions put in place become effective.
      The Organisation’s risk appetite can be expressed as a boundary, above which it will not
      tolerate the level of risk and further actions must be taken. It must be understood that in
      an organisation delivering a clinical service this boundary is not absolute.
      The Organisation has deemed that any risk with a score of 15 or more has to be made
      visible to the Provider Board. This will be achieved by the Provider Board receiving a
      monthly risk register report containing details of all the corporate risks.
      Major risks with a score of 10-12 will be presented to the Board bi-monthly or sooner at
      the discretion of the Divisional Director.
      Although the Organisation is content that risks with a score of 9 or less are managed at
      directorate level for governance and assurance purposes these will also be included in
      the risk register report presented to the Provider Board in line with the frequency
      identified in Section 8.1.
4.    RISK AND GOVERNANCE FRAMEWORK
      Risk management is seen as an integral part of management and professional/clinical
      practice. Every individual within the Organisation is therefore responsible for identifying
      and managing risk.
      The PCT Board has delegated responsibility for the management of risk associated with
      the delivery of care to the Community Health and Social Care Services Committee
      (Provider Board). The following section summarises the responsibilities of committees,
      individuals and risk specialists in relation to risk within Community Health and Social Care
      Services.
      Table 1: Risk Management and Governance Structure

                                                                  PCT
                                                                  Board


                       Audit &
                      Assurance
                      Committee


                                                    Community Health and Social Care
                                                              Committee
                                                          (Provider Board)


                                Professional Executive                                        Governance
                                        Forum                                                   Forum
                                        (PEF)


4.1   Committees and Groups
      4.1.1   Community Health and Social Care Services Committee (Provider Board)
               a committee of the PCT Board; the Committee is responsible for ensuring that
               within Community Health and Social Care Services there are effective systems
               for identifying and managing all risk including clinical, financial and organisational
               risk.
               the Committee has established a risk management structure to help deliver its
               responsibility for implementing risk management systems within the Service and
               has delegated responsibility for specific areas of risk management to the following
               groups:
      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 5 of 20
      4.1.2   Governance Forum
               to ensure that controls are in place and operating efficiently and effectively to
               deliver the principal objectives of the Organisation; to review that processes are in
               place to manage identified risks, minimising the exposure of the Organisation to
               corporate, financial and clinical risks.

      4.1.3   Professional Executive Forum (PEF)

               one of the Forum’s roles is to review exception reports on service related issues
               that cannot be resolved/ funded locally and to make recommendations to the
               Provider Board

4.2   Individuals with Specific Responsibility in Relation to Risk
      The following members of staff have specific responsibilities and accountability for risk, as
      part of their existing roles:
      4.2.1    Managing Director: has overall accountability to the PCT and Partnership
               Boards for risk management within Community Health and Social Care Services.
               Operationally, the Managing Director has delegated responsibility for
               implementation of risk management as outlined below.

      4.2.2    Divisional Director (Business Development): has delegated authority for corporate
               governance, risk and assurance within Community Health and Social Care
               Services

      4.2.3    Divisional Director (Finance and Resources): has delegated authority for financial
               governance and all associated financial risks within Community Health and Social
               Care Services

      4.2.4    Divisional Director (Quality, Children’s Services and Professional Leadership):
               has delegated authority for clinical governance and clinical risk within Community
               Health and Social Care Services

      4.2.5    All Divisional Directors: have delegated authority for the management of strategic
               and operational risks within their own portfolios including the development,
               maintenance and monitoring of local/service risk registers.

      4.2.6    Senior Managers/Heads of Service: are responsible for ensuring compliance with
               the CQC Regulations and overall risk management systems as laid down in the
               Risk Management Policy and supporting procedures. In addition they are required
               to:
               • identify a suitable local forum for the discussion of risk management issues;
               • develop and implement work-plans to ensure risks are identified and treated;
               • ensure local/service risk registers are maintained and reviewed to ensure
                   timely and systematic risk management and communication of risk; and
               • ensure escalation of risks from local/service to directorate and corporate level,
                   in line with the requirements of this Policy (see Section 8.1).

4.3   All Employees including contractors and staff employed through an agency and
      working within Community Health and Social Care Services
      Staff at all levels of the Organisation are required to actively identify, assess, report and
      contribute to the control and management of risk, to promote and adhere to safe working
      practices and to ensure that the service provided by Community Health and Social Care
      Services has safety and quality as paramount requirements. All staff are responsible for
      complying with the requirements of the Risk Management Policy and to assist the risk
      management process by:

      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 6 of 20
          •     Completing an on-line adverse event report form every time a clinical or non-
                clinical adverse event/incident or potential adverse event/incident occurs;
          •     Identifying and communicating concerns/risks through their line management
                structure in order that these can be fully assessed and actions taken, as
                appropriate to reduce the risk
          •     Attending mandatory and statutory training;
          •     Following all procedural documents i.e. policies, procedures etc

4.4   Risk Specialists
      4.4.1 Head of Governance, Risk and Assurance: is responsible for developing and
            overseeing the governance, risk and assurance processes across the Organisation
            and acting as a central reference point for all risk management issues.

      The contact details for the Head of Governance, Risk and Assurance and the risk
      advisors for other specialist subjects are provided in Appendix B.

5.    RISK IDENTIFICATION

      Within the Community Health and Social Care Services risks can be identified through a
      variety of proactive and reactive internal and external indicators. Examples of the
      potential indicators of risk are shown in the following diagram:

      Community Health and Social Care Services: Identification of Risks

                                                      Risk Identification


                                                 REACTIVE             PROACTIVE
                         Internal inspections
                                Audit
                                                                            Risk                        Organisational
                                                                        Assessments                      Objectives

                Complaints
              Adverse events
                 Claims                                                                               Consultation with
                                                                                                 patients/service users, staff


        Internal                                                                                                         Internal
                                                            Risk
                                                        Identification
        External                                                                                Benchmarking             External



                 CQC,                                                                                       Mandatory/
                NHSLA,                                                  National                         Statutory Targets
               HSE reports                                              Enquiry
                                                                        Reports
                                                                                                  Commissioners of services
                     National
                    Initiatives             MHRA                    Health and Social
                                            NPSA                        Care Act
                                            NICE                      Regulations


                                                REACTIVE             PROACTIVE




      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013     Page: Page 7 of 20
6.    RISK ASSESSMENT
6.1   What is a risk assessment?
      A risk assessment seeks to answer four simple questions:
                                                                                                 Do nothing; review
                                                                                                  occasionally to
                                                                                 NO               ensure position
                                       How
                                                                                                 remains the same
                                       bad?
                                                              Is there a
           What                                                need for
          can go                                               action?                              Identify and
          wrong?                                                                               implement actions to
                                      How                                                       reduce the harm or
                                                                                 YES
                                     often?                                                   likelihood of recurring



6.2   Five Steps to Risk Assessment

      STEP 1                       Identify the hazards (what can go wrong?)


      STEP 2                       Decide who might be harmed and how (what can go wrong? Who
                                   is exposed to the hazard?)
                          REVIEW




      STEP 3                       Evaluate the risks (how bad? how often?) and decide on the
                                   precautions (is there a need for further action?)

      STEP 4                       Record your findings, proposed action and identify who will lead on
                                   what action. Record the date of implementation

      STEP 5                       Review your assessment and update if necessary

      Additional guidance on the principles of risk assessments can be found the NPSA’s
      booklet Healthcare Risk Assessment Made Easy (March 2007) which is available on-line
      www.nrls.npsa.nhs.uk/resources/?EntryId45=59825 or from the Health and Safety
      Advisors.
6.3   Recording the Risk Assessment
      The risk assessment template provided in Appendix C identifies the information which
      should be included in a risk assessment. The template should be used when completing
      a formal risk assessment. Although teams are expected to complete their own risk
      assessments assistance can be obtained from the Head of Governance, Risk and
      Assurance and the Health and Safety Advisors. For guidance on how to score and
      manage risks please refer to the following sections.
6.4   Evaluation and ranking of risks (risk scoring)
      The Organisation uses a standard 5x5 risk scoring matrix for assessing the likelihood and
      severity of the risk (Appendix D). Risk scores are not intended to be precise
      mathematical measures of risk, but are a useful tool to help in the prioritisation of control
      measures for the treatment of risk.

      The scoring system allows the levels of risk to be easily identified and therefore
      prioritised. However, giving priority purely to high scoring risks may result in lower scoring
      and easy to manage risks, not being addressed. It may be that low scoring risks can be
      eliminated or reduced fairly easily, whilst higher scoring risks may be almost impossible to
      reduce, for example, staffing shortages due to recruitment difficulties. These risks should

      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 8 of 20
      be clearly documented in the Risk Register so that they can be acknowledged and
      monitored to prevent them escalating to an unacceptable level.
      The Organisation advises teams to use the following guidance when determining the
      timeframe for implementing actions to manage identified risks2:
      Low risk (green)             - quick, easy measures implemented immediately and further
                                     action planned for when resources permit
      Moderate risk (yellow) - actions implemented as soon as possible but no later than a
                               year
      High Risk (orange)           - actions implemented as soon as possible and no later than 6
                                     months
      Extreme risk (red)           - requires urgent action; the Provider Board is made aware and
                                      immediate corrective action is implemented.
6.5   Risk Treatment

      Risk treatment describes the part of risk assessment process when decisions are made
      about how to treat risks that have been previously identified and prioritised. The options
      for risk treatment, often referred to as the 4 T’s, include:

      Treat          Take direct action to reduce the level of risk to an acceptable level. Current
                     ‘ongoing’ controls / actions to be continually monitored and actions planned
                     to be implemented. Actions recorded in risk registers must be ‘SMART’
                     (specific, measurable, agreed, realistic & timed out). This will require defined
                     actions to be allocated to individuals, implementation dates agreed and
                     implementation status to be monitored.

      Tolerate       Decision taken not to implement any additional controls / actions as
                     assessment of potential additional controls indicates that cost of control will
                     exceed benefits of risk reduction. When deciding on this management
                     strategy care will need to be taken to ensure consequences of the defined
                     risk are fully considered, e.g. potential breach of legislation, reputational loss.
                     Current ’ongoing’ controls / actions (established ‘routine’ controls) will need
                     to be monitored. The decision to “tolerate” a risk with a score of 6-9 must be
                     made by the Director of the Service; for risks scoring 10 or above this
                     decision will be taken by the Provider Board.

      Transfer       It may be that the risk can be transferred to another organisation by way of a
                     contractual agreement (for instance the private sector) or shared with partner
                     organisations. In some instances, a risk may be insurable either totally or in
                     part (e.g. legal liability, property, motor vehicle). However, it must be
                     remembered that responsibility for statutory functions cannot be fully
                     transferred and the reputational implications of risks need to be managed.

      Terminate The risk may be so serious that adding controls or modifications do not
                     reduce the risk to an acceptable level. At this stage withdrawal from the
                     activity should be considered.
      Early consideration must be given to the cost/benefit of the course of action to be adopted
      to manage the risk. To implement a solution which brings with it a level of cost which
      outweighs or is disproportionate to the benefits of the reduction in the level of risk is
      clearly a poor use of resources.
      The cost/benefit analysis applied during the risk management process assists the
      decision making process. Decision makers need to be satisfied that the risks and
      opportunities related to proposals are fully considered. It is therefore important that all

      2
          NPSA Healthcare Risk Assessment Made Easy (March 2007)

      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 9 of 20
      those involved in the decision making process have consciously analysed proposals
      submitted.
      In addition to the decision maker obtaining a level of assurance that the proposal and the
      implementation of recommendations has been subject to a robust risk assessment, it is
      also an important principle of good governance that decisions taken can be subjected to
      effective scrutiny (Accountability).
      Decision makers can be held accountable for decisions both internally and externally
      (Inspectorates, members of the public and press via Freedom of Information requests).
      They will want to see that the decision and the information used to make the decision is
      documented and accessible, i.e. the decision is 'informed' and 'transparent' and also to
      ensure that the treatment of a risk does not in itself generate another risk.
6.6   Communication of Risk with Third Parties
      If an organisational risk is identified which is shared with, or wholly relates to another
      organisation the risk must be shared with that organisation. Advice on the appropriate
      method of communicating and sharing the risk must be sought from the service Director.
      The third party must not be named in the Register and the risk must not be entered onto
      the Register without the knowledge of the third party organisation.

6.7   Risk Review
      All parts of the Organisation will, on a regular basis, review their identified risks and the
      controls put in place to manage those risks. The frequency of review for risk, dependant
      on their risk score, is outlined in Table 1 (Section 8)

7.    RISK REGISTERS AND THE MANAGEMENT OF RISK
7.1   Risk Registers
      A risk register can be described as “a log of all the risks that may threaten the success of
      the Organisation in achieving its declared aims and objectives”.
      The Register operates at both directorate and corporate levels and they are dynamic
      living documents which are populated through the risk assessment process. They provide
      a structure for collating information about risks that helps both in the analysis of risks and
      in decisions about whether or how those risks should be managed. (See Appendix E for
      a copy of the Organisation’s Risk Register template).
      The management and reporting of corporate and directorate risks registers will be
      undertaken as detailed as follows, and summarised in Table 1 (Section 8)
      7.1.1   Corporate Register
      The Corporate register will record all of the risks from the Directorate registers with a
      score of 10 and above. The risks will be reviewed, updated and reported to the Provider
      Board in line with the reporting schedule as outlined in Table 1 (Section 8). Until the
      Directorate Registers are established the Provider Board will continue to receive the full
      risk register at their business meetings. Once established and assessed as working
      effectively the Provider Board will receive risks from the directorate registers as outlined
      in the reporting schedule.
      7.1.2   Directorate Registers
      Each Directorate within Community Health and Social Care Services will develop and
      maintain a risk register to record operational and strategic risks relating to the services
      delivered within the Directorate. The Register must be reviewed regularly and updated to
      ensure that it accurately reflects the risks of the Directorate. The Register must be
      reviewed in line with the timescales set out in Section 8.1

      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 10 of 20
      Once the Directorate register has been established and assessed by the Head of
      Governance Risk and Assurance to be working effectively the reporting of directorate
      risks will follow the reporting schedule outlined in Table 1, Section 8.
7.2   Authority for the Management of Risk
      All managers have the delegated authority to manage any level of risk locally within the
      resources available to them. This will include putting controls in place as a result of risks
      identified from risk identification processes such as risk assessment, complaints, adverse
      events and claims. Where the manager does not have resources to adequately control or
      manage the risk the advice of their line manager or Director must be sought and
      appropriate arrangements put in place to manage the risk.
      If the identified risk affects the whole organisation rather than just the local area the
      manager must notify their director who will decide on whether local or corporate action
      should be taken to manage the risk. In this case the Head of Governance, Risk and
      Assurance should be notified to enable the risk to be added to the Corporate Register.
      In line with the risk reporting schedule it should be noted that all risks scoring 10 or more
      must be reported to the Provider Board where the decision may be taken that the risk
      should be managed corporately.

7.3   Risk Escalation
      There will be some risks that cannot be dealt within the Directorate. These risks must be
      escalated to the appropriate divisional director either as soon as it is clear that the risk
      cannot be controlled locally or when a risk score has increased to 10 or above. In these
      instances the Director must inform the Head of Governance, Risk and Assurance in order
      that the risk can be added to the Corporate Register if appropriate.

8.    RISK REPORTING
8.1   Risk Reporting Matrix (Table 1): The table outlines how risks will be managed and
      communicated according to the level of risk and their risk score. The full risk register will
      be presented to the Governance Forum quarterly:

        RISK                                                                Reporting to          Risk       Authority
                     RISK
       LEVEL                    RISK LEVEL DESCRIPTION                       Provider           review:     to manage
                    SCORE                                                     Board            Frequency       risk
                                Unacceptable level of risk exposure
                                that requires immediate corrective
                                action; to be monitored by Provider                                         As agreed
      Extreme        20-25      Board. Members to be notified                    Monthly         Weekly     by Provider
                                within 1 week or sooner if deemed                                              Board
                                necessary by the Senior Leadership
                                Team
                                Unacceptable level of risk exposure
                                                                                                            As agreed
                                that requires measures to be put in
                       15                                                        Monthly        Monthly     by Provider
                                place to reduce exposure; to be
                                                                                                               Board
                                monitored by the Provider Board
        Major                   Unacceptable level of risk exposure
                                that requires measures to be put in                                         As agreed
                                place to reduce exposure and                                                    by
                     10-12                                                   Bi-monthly         Monthly
                                monitoring by the Divisional                                                Divisional
                                Director; to be reported to Provider                                         Director
                                Board
                                Acceptable level of risk exposure
                                                                                                            Manager of
      Moderate        4-9       subject to regular active monitoring             6 monthly      Quarterly
                                                                                                             service
                                measures by senior managers
                                Acceptable level of risk subject to
       Minor or                                                                                             Manager of
      Negligible
                      1-3       regular passive monitoring                       Annually       6 monthly
                                                                                                             service
                                measures at management level
      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013     Page: Page 11 of 20
8.2   Reporting to Other Board and Committees

      For governance and assurance purposes whilst Community Health and Social Care
      Services is part of the Health and Wellbeing Partnership it is required to share information
      on its risks within the Partnership. The following table outlines how the information is
      currently shared, and the frequency of reporting:

      Committee                                              Frequency Method

      Health and Well-being Partnership Board                Bi-monthly          included in Performance Report

                                                                                 Receipt of Provider Board
      PCT Board                                              Quarterly
                                                                                 Committee Minutes

      Audit & Assurance Committee                            Quarterly           Copy of Risk Register

9.    TRAINING

      The risk-related training courses for all staff including Directors and Non-Executive
      Directors are outlined in the Organisation’s training matrix which can be found in the
      Integrated Health and Social Care Training Programme. In addition the Provider Board
      members also receive updates on risk awareness as part of their bi-monthly Provider
      Board seminars.

10.   MONITORING THE EFFECTIVENESS OF POLICY IMPLEMENTATION

      The following are the Organisation’s key performance indicators relating to risk
      management. All risk registers will be monitored against the following measures:

      MEASURE                                         INDICATOR

                                                      the total number of current risks in each register
                                                      reported according to the reporting schedule
      Number of Risks:
                                                      (Table 1 section 8) – as an indicator of the level of
                                                      activity used only.

      Number and percentage of risks                  This is an indication of the quality of the
      with overdue review dates                       directorate’s management of risk

                                                      This is an indicator of how effective the directorate
      Average age of risks on register
                                                      is in resolving risk issues

                                                      Similar to above, this indicator ensures that any
      Oldest risk
                                                      risk open for more than 6 months is highlighted

                                                      This indicator shows the spread of risks across the
      Risk profile (red, amber, yellow,
                                                      directorate ranging from extreme (red) to minor/
      green)
                                                      negligible (green)

                                                      This indicator shows the level of average risk
                                                      within the Directorate. In general terms this should
      Average risk score
                                                      reduce over time to indicate successful
                                                      management of risk




      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013     Page: Page 12 of 20
11.   LINKS TO PROCEDURAL DOCUMENTS
      Adverse Event Policy and reporting procedure
      Annual Business Plan
      Assurance Framework
      Claims Management Policy
      Clinical Audit Policy
      Complaints Policy
      Health and Safety Policies
      Infection Control Policy and procedures
      Patient and Public Involvement Strategy
      PCT Strategic Framework
      Research and Development Policy
      Standing Orders and Standing Financial Instructions


12.   REFERENCES

      Health and Safety at Work etc Act 1974
      Section 2 – Duties of employers to employees
      Section 3 – Duties of employers to persons other than employees

      Management of Health and Safety at Work Regulations 2003
      Regulation 3 – requirement to risk assess

      NHSLA Risk Management Standards for Acute Trusts Primary Care Trusts and
      Independent Sector Providers of NHS Care 2010/11

      Australian Standard - Risk Management - AS/NZS 4360:1999

      NPSA Healthcare Risk Assessment Made Easy (March 2007)

      Useful Websites

      National Health Service Litigation Authority – Risk Management Standards 2011/12:
      www.nhsla.com

      National Patient Safety Agency: www.npsa.nhs.uk

      Health and Safety Executive:




      Title   Community Health & Social Car Services’ Risk Management Policy
      Version No: 1    Issued: March 2011           Expiry Date: December 2013   Page: Page 13 of 20
                                                                                                  APPENDIX A


                          SUMMARY OF RISK MANAGEMENT PROCESS

                                               Risk identified, actions agreed,
                                               assessment form completed
                                               enter onto departmental risk
                                               register
                                               Escalate to Director if appropriate



                                               Can risk be managed within the
                                               department?

                                               Does the department have the
                                               skills, resources and ability to
                                               make the necessary changes?



                        YES                           NOT SURE                                     NO



                                                     Seek advice e.g.                    Present risk
                                                                                         assessment and
                  Implement risk                      Service manager                    action plan to
                    action plan                       Divisional Director                service manager
                                                      Specialist risk                    or Director
                                                     advisors



               Update risk
               assessment and
               risk register in line
               with reporting                                                            Can the risk be
                                                                           YES           managed by the
               schedule
                                                                                         service?


                                                      NOT SURE                                     NO
               If risk not
               completely
               removed keep                    Service manager or                        Divisional Director
               under review and                Director seeks advice e.g.                presents the risk to
               repeat cycle as                                                           PEF to agree
               necessary                       Head of Governance                        systems and
                                               Specialist risk advisor                   processes for the
                                               Senior Leadership Team                    management of
                                               PEF                                       the risk




Title   Community Health & Social Car Services’ Risk Management Policy
Version No: 1    Issued: March 2011           Expiry Date: December 2013    Page: Page 14 of 20
                                                                                                                                                             APPENDIX B
                                                            RISK ADVISORS FOR SPECIALIST SUBJECTS
Risk Area                              Specialist               Job Title                                                 Tel No       e-mail address
Asbestos                               *David Brain             Head of Estates                                        01225 831804    David.brain@banes-pct.nhs.uk
Claims                                 Sheila Gardner           Asst Director, Financial Accounting & Claims Manager   01225 831876    sheila.gardner@banes-pct.nhs.uk
Counter Fraud                          Hugh Webb                Local Counter Fraud Specialist                         0791 954 2473   hugh.webb@banes-pct.nhs.uk
Decontamination                        Mark Campbell            Decontamination specialist                             01225 831539    mark.campbell@banes-pct.nhs.uk
Emergency Planning                     Louise Cadle             Interim Resilience Manager                             01225 831427    louise.cadle@banes-pct.nhs.uk
Falls                                  Mandy Miles              Clara Cross manager & Falls Lead                       01225 831518    mandy.miles@banes-pct.nhs.uk
Fire                                   David Kimpton            Head of Facilities                                     01225 831777    David.kimpton@banes-pct.nhs.uk
Governance                             Sarah Leggett            Head of Governance, Risk and Assurance                 01225 831866    sarah.leggett@banes-pct.nhs.uk
                                       Gary Derrick &                                                                                  gary.derrick@banes-pct.nhs.uk
Health & Safety                                                 Health and Safety Advisors                             01225 831877
                                       Lindsey Kimber                                                                                  lindsey.kimber@banes-pct.nhs.uk
Infection Prevention & Control         Denise Meyers            Infection Prevention & Control Nurse                   01225 831758    denise.meyers@banes-pct.nhs.uk
Information Governance                 Glyn Young               Information Governance Manager                         01225 831763    glyn.young@banes-pct.nhs.uk
Legionella                             *David Brain             Head of Estates                                        01225 831804    David.brain@banes-pct.nhs.uk
                                       Gary Derrick &                                                                                  gary.derrick@banes-pct.nhs.uk
Manual Handling                                                 Health and Safety Advisors                             01225 831877
                                       Lindsey Kimber                                                                                  lindsey.kimber@banes-pct.nhs.uk
Medicines                              Joel Hirst               Assoc. Director - Medicines Management                 01225 831859    joel.hirst@banes-pct.nhs.uk
Pressure Ulcers/Tissue viability       Helen Harris             Tissue Viability Nurse Specialist                      07894 598 252   helen.harris@banes-pct.nhs.uk
Risk Management                        Sarah Leggett            Head of Governance, Risk and Assurance                 01225 831866    sarah.leggett@banes-pct.nhs.uk
Safeguarding Adults                    Sue Tabberer             Safeguarding Adults & MCA Coordinator                  0754 542 3430   sue.tabberer@banes-pct.nhs.uk
Safeguarding Children                  Jill Chart               Named Nurse for Safeguarding Children                  07515 191912    jill.chart@banes-pct.nhs.uk
Security                               Roger Ringham            Local Security Management Specialist                   077 666 02691   roger.ringham@nhs.net
VTE (Venous thromboembolism)           Lisa Cronan              Professional Lead for Nursing                          01225 831732    lisa.cronan@banes-pct.nhs.uk

Waste Management                       David Kimpton            Head of Facilities                                     01225 831777    David.kimpton@banes-pct.nhs.uk

* contact for details of risk specialist

Title   Community Health and Social Care Services’ Risk Management Policy
Version No: 1    Issued:                     Expiry Date:                   Page 15 of 20
                                                           Appendix C




                     RISK ASSESSMENT TEMPLATE (complete all sections)

1. Risk Assessment subject:

  Assessment Documented by:                                                       Date Documented:
2. Background:




3. Description of Risk:




4. Control measures already in place to manage risk:




5. Risk score with current control measures (see scoring matrix in Risk Management Policy)

                                                                    Risk Score
Severity                  x    Likelihood                    =
                                                                        of

6. Details of additional control measures and action plan to manage risk:




7. Anticipated resource implications (details and cost)                                              £

7.1

7.2

7.2


      Title   Community Health and Social Care Services’ Risk Management Policy
      Version No: 1    Issued:                     Expiry Date:                   Page 16 of 20
8. Funding Identified?                       Yes                         No                 Not applicable

Identified source of Funding:

9. Anticipated risk score following implementation of additional control measures:

                                                                      Risk Score
Severity                x    Likelihood                        =
                                                                          of

10. Management Responsibility and Monitoring Arrangements

                                                                Start Date for Action
Lead Director
                                                                Plan
                                                                Monitoring Lead (e.g.
Identified Lead                                                 committee or group,
For Actions:                                                    manager, etc)

11. RISK REGISTER: Date entered onto Risk Register: …………/…………../20….

12. MONITORING




                                                                                                                   Likelihood
                                                                                                        Severity




                                                                                                                                Score
                                                                                                                                 Risk
Date of
             Current position
Review




    Title   Community Health and Social Care Services’ Risk Management Policy
    Version No: 1    Issued:                     Expiry Date:                   Page 17 of 20
                                                                                                                   APPENDIX D
                                            RISK SCORING MATRIX
                                SEVERITY – identifies the level of potential harm

                                Severity categories when injury is/may be involved
 SEVERITY
  SCORE                   1                        2                            3                              4                         5
                  No Harm or
 Descriptor                                    Minor                      Moderate                           Major               Catastrophic
                  Near Miss
                                          Minor temporary           Moderate harm / injury or           Major harm /
                  No harm or near
   Injury              miss
                                            harm / injury           illness, requiring medical        excessive injuries            Any death
                                          requiring first aid                treatment                   (RIDDOR)

                                         Severity Categories not involving injury
 SEVERITY
  SCORE                   1                        2                            3                              4                         5
                   No Harm or
                                               Minor                      Moderate                           Major               Catastrophic
                   Near Miss
                   Insignificant cost
                       increase /
                                         < 5% over budget /                                         10 – 25% over budget        > 25% over budget/
                        schedule                                     5 –10% over budget /
Objectives /                             schedule slippage.                                          / schedule slippage.       schedule slippage.
                   slippage. Barely                                   schedule slippage.
 Projects                                Minor reduction in                                              Doesn’t meet               Doesn’t meet
                       noticeable                                 Reduction in scope or quality
                                           quality / scope                                          secondary objectives         primary objectives
                  reduction in scope
                        or quality
                    Unsatisfactory          Unsatisfactory                                                                            Totally
                                                                                                          Serious
  Patient         patient experience         patient care          Mismanagement of patient                                       unsatisfactory
                                                                                                     mismanagement of
Experience        not directly related      experience –                    care                                                patient outcome or
                                                                                                        patient care
                    to patient care       readily resolvable                                                                        experience
                                          Justified complaint         Below excess claim.             Claim above excess
Complaints /       Locally resolved                                                                                             Multiple claims or
                                         peripheral to clinical   Justified complaint involving     level. Multiple justified
  Claims              complaint                                                                                                 single major claim
                                                  care              lack of appropriate care              complaints

  Service /
                  Loss / interruption    Loss / interruption >                                      Loss / interruption > 1     Permanent loss of
  Business            > 1 hour                 8 hours
                                                                   Loss / interruption > 1 day
                                                                                                             week               service or facility
Interruption
                                                                                                                                Non delivery of key
                    Short term low                                Late delivery of key objective     Uncertain delivery of
                                            On-going low                                                                        objective / service
                     staffing level                               / service due to lack of staff.   key objective / service
Staffing and                                 staffing level                                                                     due to lack of key
                      temporarily                                     Minor error due to poor        due to lack of staff.
Competence                                 reduces service                                                                      staff. Critical error
                   reduces service                                  training. Ongoing unsafe         Serious error due to
                                                quality                                                                         due to insufficient
                   quality (< 1day)                                        staffing level               poor training
                                                                                                                                      training
                                           Loss > 0.1% of                                                                        Loss of > 1% of
 Financial            Small loss
                                              budget
                                                                    Loss > 0.25% of budget          Loss > 0.5% of budget
                                                                                                                                     budget
                        Minor                                                                       Enforcement Action.
                                         Recommendations          Reduced rating. Challenging
                  recommendations                                                                    Low rating. Critical       Prosecution. Zero
Inspection /                                given. Non-             recommendations Non-
                     minor non-                                                                      report. Major non-          rating. Severely
   Audit                                  compliance with            compliance with core
                   compliance with                                                                  compliance with core           critical report
                                             standards                    standards
                      standard                                                                           standards

  Adverse                                Local media – short        Local Media – long term.                                    National Media > 3
                                                                                                      National Media < 3
 Publicity /           Rumours            term. Minor effect        Significant effect on staff
                                                                                                            days
                                                                                                                                days. MP concern
 Reputation                                 on staff morale                  morale                                             (question in house)



    LIKELIHOOD – identifies the potential likelihood that the harm identified will occur

 Likelihood
                           1                       2                            3                              4                         5
   score
                      Unlikely                  Low                       Moderate                           High                    Certain
                                                                                                                                 Event is expected
                  Event could occur      Event may occur at                                          Event will occur in
Descriptor of                                                     Event should occur at some                                      to occur in most
                   but improbable /      some time but rare                                         most circumstances -
 likelihood                                                           time - fairly likely                                      circumstances - no
                        doubtful         / exceptional                                                likely / probable
                                                                                                                                       doubt



       Title   Community Health and Social Care Services’ Risk Management Policy
       Version No: 1    Issued:                     Expiry Date:                             Page 18 of 20
TO CALCULATE RISK SCORE: multiply severity score by likelihood score
i.e. severity (4) x likelihood (3) = risk score of 12

                                                                    LIKELIHOOD

                                      Unlikely         Low         Moderate             High              Certain
                                         1              2             3                  4                  5
            1   No Harm or
                                          1              2              3                 4                 5
                Near Miss

            2   Minor                     2              4              6                 8                 10
 SEVERITY




            3   Moderate                  3              6              9                12                 15

            4   Major                     4              8             12                16                 20

            5   Catastrophic              5             10             15                20                 25

MANAGEMENT OF RISK

The following table (table 1) outlines how risks will be managed and communicated
according to the level of risk and their risk score:

  RISK                                                                 Reporting to          Risk           Authority
                 RISK
 LEVEL                     RISK LEVEL DESCRIPTION                       Provider           review:         to manage
                SCORE                                                    Board            Frequency           risk
                           Unacceptable level of risk exposure
                           that requires immediate corrective
                           action; to be monitored by Provider                                             As agreed
Extreme          20-25     Board. Members to be notified                    Monthly           Weekly       by Provider
                           within 1 week or sooner if deemed                                                  Board
                           necessary by the Senior Leadership
                           Team
                           Unacceptable level of risk exposure
                                                                                                           As agreed
                           that requires measures to be put in
                  15                                                        Monthly           Monthly      by Provider
                           place to reduce exposure; to be
                                                                                                              Board
                           monitored by the Provider Board
  Major                    Unacceptable level of risk exposure
                           that requires measures to be put in                                             As agreed
                           place to reduce exposure and                                                        by
                 10-12                                                  Bi-monthly            Monthly
                           monitoring by the Divisional                                                    Divisional
                           Director; to be reported to Provider                                             Director
                           Board
                           Acceptable level of risk exposure
                                                                                                           Manager of
Moderate          4-9      subject to regular active monitoring             6 monthly         Quarterly
                                                                                                            service
                           measures by senior managers
                           Acceptable level of risk subject to
 Minor or                                                                                                  Manager of
Negligible
                  1-3      regular passive monitoring                       Annually          6 monthly
                                                                                                            service
                           measures at management level




Title   Community Health and Social Care Services’ Risk Management Policy
Version No: 1    Issued:                     Expiry Date:                     Page 19 of 20
                                                                                                                                                                                                 APPENDIX E

                                                                        RISK REGISTER TEMPLATE

                                                                                               Initial risk                                                         Risk @                            Target
                                                                                                 score                      ACTION REQUIRED                      [insert date]                     residual risk
Risk No




             Date
                                                                                                                                   TO




                                                                                                       Likelihood




                                                                                                                                                                            Likelihood




                                                                                                                                                                                                              Likelihood
           added to          RISK DESCRIPTION                 EXISTING CONTROLS                                                               Current position




                                                                                            Severity




                                                                                                                                                                 Severity




                                                                                                                                                                                                   Severity
                                                                                                                            MITIGATE/LESSEN




                                                                                                                    Score




                                                                                                                                                                                         Score




                                                                                                                                                                                                                           Score
           Register
                                                                                                                                  RISK


                      As a result of ……….. there is a
                      risk that ……………. which may
                      result in ………….

HOW TO COMPLETE THE RISK REGISTER
COLUMN                            EXPLANATION
                      Risk No:    Use a sequential numbering system to identify risks
Date added to Register:           Insert date the risk is added to the register.
                                  To help identify the actual risk always use the following phrase when documenting the risk:
            Risk Description:
                                  As a result of ……….. there is a risk that ……………. which may result in ………….
           Existing controls:     List all the controls that are currently in place to manage the risk
                                  Score the risk, using the risk scoring matrix, to identify the risk score at the point in time it is added to the register taking into account the
            Initial risk score:
                                  existing controls when calculating the risk score
           Action required to     Detail the additional controls/actions required to reduce the level of risk to an acceptable level. It may be decided that the time, effort and cost
                mitigate risk:    of all or some, of these actions is not practicable and
             Current position     Update with progress on the actions identified in previous column
          Risk score @ [date]     Score risk for current position
                                  When adding the risk to the register calculate the risk score you expect to achieve once all the identified actions to mitigate/lessen the risk
          Target residual risk    have been completed.
                                  The Target Residual Risk Score is the lowest risk score possible once all identified controls are in place and working appropriately.




Title   Community Health and Social Care Services’ Risk Management Policy
Version No: 1    Issued:                     Expiry Date:                   Page 20 of 20

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:4/29/2013
language:Unknown
pages:20
tao peng tao peng fuzhou http://
About 1234567