risk management strategy - NHS Bradford and Airedale by okyestao


 Manager responsible:          Head of Corporate Services
 Responsible committee:        Audit and Governance Committee
 Version:                      1
 Record Type:                  Strategy and Policy
 Keywords:                     risk, assurance framework, health and safety, key performance
                               indicators, KPI
 Authors:                      Kathryn Stirk, Corporate and Clinical Risk Manager
                               Glenda Webster, Interim Corporate and Clinical Risk Manager
                               NHS Airedale, Bradford & Leeds
 Target Audience:              All staff employed by and clinical leaders within Bradford
                               Districts Clinical Commissioning Group
 Approved:                     Audit and Governance Committee Date :
                               CCG Governing Body Date :
 Date issued
 Review Date:

 If you are using a printed copy of this document please be aware that it may not
                               be the latest version.

CCG Risk Management Strategy          Page 1 of 18
V1 September 2012

Section     Topic                                                        Page

    1       Introduction                                                  4

    2       Aims                                                          4

    3       Scope                                                         5

    4       Risk management objectives                                    5

    5       Risk management process                                       6

    6       Risk management structure                                     7

    7       Risk management roles and responsibilities                    8

    8       Process for managing risk locally                             10

    9       Identification and management of third party risk             12

   10       Links to other strategies/policies                            12

   11       Training and implementation                                   13

   12       Monitoring compliance and key performance indicators          13


           Bradford Districts Clinical Commissioning Groups Governance
   A                                                                      15

   B       Risk Matrix                                                    16

   C       Action Plan Template                                           17

   D       Risk Identification Diagram                                    18

   E       Equality Impact Assessment                                     19

CCG Risk Management Strategy           Page 2 of 18
V1 September 2012
Consultation Summary

Those listed opposite have
been consulted and
incorporated as required.

CCG Risk Management Strategy   Page 3 of 18
V1 September 2012
1.     Introduction

       Bradford Districts Clinical Commissioning Group recognise that risk management is an
       integral part of good management practice. There is a legal requirement for all
       employers to ensure that assessments of risks to employees, those affected by its
       undertakings and the organisation are carried out, which should be reviewed at regular
       intervals to ensure that they remain accurate and valid.

       The Management of Health and Safety at Work Regulations (1999) require that
       employers should carry out assessments of the risks created by their activities, which
       may affect their employees, or anyone else who might be affected. At its simplest, risk
       management is good management practice.

       Furthermore, the Corporate Manslaughter and Corporate Homicide Act 2007 highlights
       the commitment required of senior management to take reasonable steps to protect
       employees, or anyone else who might be affected where risks are created by their
       operations; the implementation of robust risk management systems is of paramount

       This strategy takes into account both the legislative framework that the organisation is
       bound by, the recent failures in the public and private sector and also recognises the
       collaborative working that is essential within primary care.

       Bradford Districts Clinical Commissioning Group have the responsibility for monitoring
       key information in risk related areas, from all areas of service delivery. The Clinical
       Commissioning Group Governing Body will ensure that systems are in place to inform
       them, via the assurance framework and corporate risk register, of current and emerging

2.     Aims

       The aim of this Strategy is to:

       •   Define and document the organisation’s commitment to risk management, and to
           outline the commissioning process for monitoring and managing risk. All actions
           contain inherent risks.

       •   Support the development and implementation of integrated governance, integrating
           risk management within corporate objectives, strategic intents and organisational

       •   Ensure robust mechanisms for learning and sharing at all levels, ie national/local to
           encourage employee involvement in the risk process, to identify and acknowledge
           good practice.

       •   Improve processes as a consequence of learning lessons from identified risks,
           adverse events and near misses with a focus on service user care and their

       This strategy identifies the management structure, accountabilities and responsibilities in
       relation to risk management. It also details the processes involved and specifies the
       maintenance of the assurance framework, risk registers and associated action plans.

CCG Risk Management Strategy             Page 4 of 18
V1 September 2012
3.     Scope

       This strategy applies to all staff employed by and clinical leaders within Bradford
       Districts Clinical Commissioning Group.

4.     Risk management objectives

       Five key objectives have been developed to ensure that Bradford Districts Clinical
       Commissioning Group achieve their risk management aims. These key objectives are
       set out below.

Objective 1                       Objective 1 will be achieved by:
To develop a risk aware culture   •  Continuously improving risk management training and
throughout Bradford Districts        continuous professional education.
Clinical Commissioning Group,     •  Ensuring mandatory risk management training is available
ensuring that the concepts and       for all staff and identified through the Joint Performance
ideas of risk assessment and         Development Review (JPDR).
risk management are               •  Ensuring that managers are informed and appropriate
embedded into the day to day         action is taken when staff fail to attend mandatory training.
working practices.                •  Reinforcing the need for staff to consider and assess risk
                                     in all daily activities.
                                  •  Making risk management a regular agenda item at the
                                     Clinical Commissioning Group Governing Body meeting
                                     and senior management team meetings
                                  •  Ensuring all strategic and business plans consider risk
Objective 2                         Objective 2 will be achieved by:
To ensure that appropriate        •  Implementing the incident management system and
systems are in place for             organisational corporate risk registers across all areas of
identifying, assessing and           the Clinical Commissioning Group.
controlling key risks.            •  Via mandatory training and communication resources to:
                                     ~ Ensure all staff are aware of and understand the risk
                                         management procedures.
                                     ~ Ensure that all staff are aware of their responsibility for
                                         identifying, assessing and managing risk.
                                  •  Ensuring that lessons learned from incidents, complaints
                                     and claims are shared across the organisation and with
                                     the wider health economy to prevent recurrence.
                                  •  Annual review of key risk systems (e.g. corporate risk
                                     register, incident reporting and central alert system) to
                                     ensure that they are meeting the changing needs of the
Objective 3                       Objective 3 will be achieved by:
To maintain effective             •  Ensuring that the structures and responsibilities set out in
organisational structures for        the policy are effective in practice.
risk management so that a         •  Ensuring that the Clinical Commissioning Group
consistent approach is taken         Governing Body reviews the effectiveness of the structures
across Bradford Districts            and responsibilities to identify any useful improvements.
Clinical Commissioning Group      •  Implementing findings from review of risk management
that reflects best practice.         systems.
                                  •  Ensuring that the risk management strategy is reviewed to
                                     take into account national guidance and best practice.
CCG Risk Management Strategy         Page 5 of 18
V1 September 2012
                                  •  Ensuring that up to date policies are available to staff and
                                     key stakeholders on the intranet, internet and in paper at
                                     each base
Objective 4                       Objective 4 will be achieved by:
To ensure that the Bradford       •  Ensuring corporate risk registers and action plans are kept
Districts Clinical                   up to date through regular reviews by each directorate
Commissioning Group Chief            maintaining effective risk recording and analysis and
Officer is provided with             suitable evidence files.
evidence that risks are being     •  Annual monitoring of the risk systems.
appropriately identified          •  A bi-annual audit of the corporate risk register and
assessed, addressed and              assurance frameworks, presented to the Audit and
monitored by the appropriate         Governance Committee to review the risk management
committee.                           progress on behalf of the Clinical Commissioning Group
                                     Governing Body. The audit findings will be taken into
                                     account when undertaken and when signing the statement
                                     of internal control.
                                  •  Ensuring that amber & red risks are reviewed by the Audit
                                     and Governance Committee and presented to the Clinical
                                     Commissioning Group Governing Body as required.
Objective 5                       Objective 5 will be achieved by:
To ensure good and steady         •  Establishing and monitoring performance indicators
progress in the implementation       covering the risk management process.
of effective risk management      •  Taking corrective actions in light of audit and review
across Bradford Districts            processes.
Clinical Commissioning Group.     •  Taking part in the national benchmarking studies to identify
                                     not only how well Bradford Districts is doing but also what
                                     steps it can take to improve further.

5      The Risk Management Process

       Risk management is a proactive systematic process of risk identification, analysis,
       treatment and evaluation of potential and actual risks. The primary purpose of risk
       management is to enable individuals and the organisation to competently deal with all
       key risks, clinical or non-clinical.

       The risk management process therefore is:

       1.   Identification of risks
       2.   Assessment of the identified risks for potential likelihood and impact
       3.   Elimination of identified risks, or mitigation and management of the identified risks
            that cannot be eliminated
       4.   Implementation of controls, leading to a reduction in the exposure to risk to
            individuals and/or the organisation

       Through the implementation of this strategy and appropriate training, it is anticipated that
       staff will develop a deeper understanding of the breadth of their statutory duties of care
       and the benefits of the appropriate management of risks. This should lead to staff feeling
       confident in identifying potential risks and in reporting incidents and near misses, freely
       participating in audits and peer reviews and having ownership of polices, procedures
       and guidelines. Managers in particular should appreciate the value of their contribution
       to risk management through implementing the risk assessment process within their area.

CCG Risk Management Strategy          Page 6 of 18
V1 September 2012
6.     Risk Management Structure

       All committees of the CCG Governing Body are responsible for monitoring risks for
       which they are assigned as being responsible for on the register; additionally some
       committees have further responsibilities for the management of risk. All committees
       should have terms of reference outlining their accountabilities and responsibilities in
       relation to the management of risk.

       The committees with direct accountability for the management of risk are as follows:

       The Governing Body

       The Governing Body has ultimate responsibility and accountability for risk management
       and for agreeing the annual statement on internal control. It needs to be satisfied that
       appropriate policies and strategies are in place and that systems are functioning

       The Audit and Governance Committee

       The Audit and Governance Committee is accountable to the Governing Body for
       overseeing all risk management issues and ensuring significant risks identified by the
       committee are escalated to the Governing Body.

       In performing that role the committee’s work will predominantly focus upon             the
       framework of risks, controls and related assurances that underpin the delivery of      the
       organisation’s objectives. The Audit and Governance Committee will review              the
       Governing Body Assurance Framework and the red and amber risks held by                 the
       organisation on the corporate risk register.

       The Audit and Governance Committee will be advised by the Quality Advisory
       Committee on matters of clinical risk management.

       In addition, the Audit and Governance Committee has responsibility to:

           •   Review the disclosure statements that flow from the organisation’s assurance
               processes. In particular these cover the Statement of Internal Control included in
               the Annual Report and Accounts.
           •   Ensure the effectiveness of the organisations arrangements for recording,
               dealing with and learning from incidents, complaints and claims in general

       The Quality Advisory Committee has responsibility to:

           •   Oversee the performance monitoring of clinical quality and clinical governance
               and associated third party risks arising in commissioned services.

CCG Risk Management Strategy         Page 7 of 18
V1 September 2012
7.     Risk management roles and responsibilities

       The Chief Officer has overall accountability and responsibility for risk management
       within Bradford Districts Clinical Commissioning Groups. It is the Chief Officer as
       Accountable Officer who, on behalf of the Governing Body, is required to sign the annual
       statement on internal control.

       The Head of Corporate Services is responsible for providing organisational leadership
       for risk management.

       This includes ensuring that all aspects of directorate (finance, quality, CCG development
       and corporate services) risks are brought together within the assurance framework to
       form the Bradford Districts CCG corporate risk register.

       The Head of Corporate Services has lead responsibility for:
           • health and safety arrangements, incorporating fire and security management;
           • is the nominated security management lead as required by NHS Protect,
           • monitoring associated risks (including third party) relating to contracted staff,
             those occupying NHS Bradford Districts Clinical Commissioning Group premises
             and members of the public as required by the Health and Safety at Work Act
             (1974) and supporting secondary legislation.
           • Putting forward recommendations with the objective of continually seeking to
             improve health and safety, by eliminating or minimising risk wherever possible.
           • Reviewing Information Governance arrangements in line with current legislation

       The Head of Corporate Services is the Senior Information Risk Owner (SIRO) and has
       overall ownership of the Clinical Commissioning Groups Information Risk Policy. The
       SIRO will provide written advice to the Chief Officer on the content of the Bradford
       Districts Clinical Commissioning Group Statement of Internal Control in regard to
       information risk.

       West Yorkshire Commissioning Support Unit will provide the day to day operational
       support to enable the Head of Corporate Services to discharge their functions in relation
       to risk management.

       The Chief Finance Officer is the executive lead for financial risk management and is
       responsible for the effectiveness of the CCG’s financial control systems and ensuring
       that the Audit and Governance Committee and internal audit provider understand their
       roles in assuring the effectiveness of the of the CCG’s system of internal control.

       All Directors/Heads of Service are accountable for the management of risk within their
       area of responsibility. This involves putting in place systems to identify and assess risk;
       ensuring risks are included on the corporate risk register and reviewing the corporate
       risk register and assurance framework relating to their directorate (finance, quality, CCG
       development and corporate services) on a monthly basis.

       Each Director/Head of Service is accountable for the assurance provided to the named
       committee overseeing the risk that demonstrates that the risk is being managed correctly
       and monitored to ensure appropriate and timely actions are taken.

       Designated Senior Managers will review and update the assurance framework and risk
       register on a monthly basis. They are responsible for ensuring all areas under their area

CCG Risk Management Strategy         Page 8 of 18
V1 September 2012
       of accountability are contributing to the directorate assurance framework and risk

       All staff are responsible for the day to day management of risks of all types within their
       areas of responsibility and control. They are charged with ensuring that risk
       assessments are undertaken throughout their area of responsibility on a proactive basis
       and that preventative action is carried out where necessary. It is their responsibility to
       ensure that a record is kept locally of risk assessments undertaken for their department;
       that risks are identified and reviewed on a regular basis (or as circumstances change)
       and that the risk identified is reviewed on a monthly basis.

       It is their role to ensure that risks are escalated as required and that adequate assurance
       of the management of risk is provided to the appropriate committee (for risks rated
       medium/amber or above).

       Directors/heads of service should be informed immediately of all high (red) risks, by their
       managers, and are responsible to take immediate action to control the risk.

       Manager’s authority must include the ability to manage risk by having a clear route to
       identify risk, which is the risk matrix (appendix A), then to prioritise the risk treatment as

            •   High risks (red): prompt action required. A director/head of service must be
                informed and he/she will take responsibility for populating the corporate risk
                register and taking the appropriate action.

            •   Medium risks (amber): Senior management attention needed. Within one
                month an action plan must be agreed, with a deadline for completion agreed at a
                committee meeting, for 3-6 months. All risks amber and above must be placed on
                the organisational corporate risk register and actions must be reported to the
                appropriate committee for review.

            •   Low risks (green): can be managed by routine procedures: in some cases this
                may mean action planning, and resource allocation, with a deadline for 6-12

       See Appendix B for a Risk Action Plan template.

       Everyone involved in the CCG has a responsibility to

            •   report incidents/accidents/near misses using the recognised channels
            •   be familiar with the risk management policy and comply with it.
            •   attending training and seeking advice when required

       The Head of Corporate Services is responsible for ensuring a review of the risk
       management processes and promotion, advice and instruction of others on risk
       management processes and the reporting and management of adverse events and near
       misses and will also ensure the appropriate support to directors/heads of service,
       particularly those with specific responsibilities, in developing systems and processes to
       manage risks within the organisation. West Yorkshire Commissioning Support Unit will
       be commissioned to provide this support to the CCG.

8.     Process for managing risk locally

       A)       The Assurance Frameworks and Corporate Risk Register

CCG Risk Management Strategy          Page 9 of 18
V1 September 2012
       The CCG Governing Body assurance framework outlines the strategic objectives of the
       organisation and the risk to those.

       Not all business matters are reflected in the organisations strategic objectives and an
       operational risk register will need to be in place.

       The risk register provides a structure for collating information analysing and prioritising
       risks, and in making decisions about whether or how those risks should be managed.
       The risks should relate back to the strategic objectives of the organisation and in doing
       so provide intelligent information to the risks contained in the assurance frameworks.

       Within the management arrangements there will be clear responsibility for coordinating
       the updating of the assurance framework and risk register. Examples of what may be
       included are:

           •   work place risk assessments
           •   clinical audit reports and reviews
           •   internal audit reports and reviews
           •   adverse incident reports , complaints, claims and PALS contacts
           •   risk assessments of strategic and policy decisions
           •   committee meeting discussions
           •   health and safety issues
           •   performance monitoring

       (See Appendix C for sources of risk)

       The risk register is the tool used to assure the organisation that all risks are being
       effectively managed and escalated accordingly within the organisational structure. The
       assurance framework, risk register and action plans will be reviewed at least monthly.

       All teams have a responsibility to assess their own risks; keep a record of risks and
       associated action plans; escalating in line with the organisations requirements.

       Placing a risk on the corporate risk register

       Risks being placed on the corporate risk register will be formally evaluated following an
       agreed risk assessment process. When placed on the corporate risk register the risk will
       be attached to a strategic in the assurance framework. The appropriate committee and
       responsible senior manager should be named. It is the role of the senior manager to
       provide assurance to the named committee that the risk is being managed correctly and
       monitored to ensure appropriate and timely actions are taken. The committee is
       responsible for ensuring actions are robust, they will improve performance and have not
       impacted on equality. It is important that it is the current risk actually held by the
       organisation at the time of review is recorded on the corporate risk register. This is
       referred to as the residual risk. (See diagram page 12).

       Action planning for risk treatment will include consideration of the costs and benefits of
       different options to support effective decision making, and discussion at the appropriate

       Reports are provided to the appropriate committees for review as follows;

       All red and amber risks held by the organisation are reported from the corporate risk
       register, to the Governing Body.

       The Audit and Governance Committee review all red and amber risks.
CCG Risk Management Strategy         Page 10 of 18
V1 September 2012
       The Quality Advisory Committee review all clinical risks.

       Risk must be considered at each level of the business planning process, from the
       strategic objectives down through teams.

       This process is required to assure the Governing Body that all risks within the
       organisation are being actively managed and monitored and demonstrate that a robust,
       systematic way of managing risk is organisationally embedded, and fulfils the
       requirements of the NHS Litigation Authority and the Health and Safety Executive.

CCG Risk Management Strategy         Page 11 of 18
V1 September 2012
                               Operational process for managing risk

                           Residual risks identified as amber or
                            red to be added to corporate risk

                                  Risk level re-assessed after
                               management to identify residual risk.

                                Risk logged and graded locally and
                                 action plan formed to remove or
                                           reduce risk.

                           Risk identified and assessed using risk
                             assessment e.g. matrix and forms.

9.     Identification and management of third party risks

       Risks relating to third parties are identified from a number of sources including:

           •   Performance management
           •   Serious incidents
           •   Contracting monitoring arrangements.

       Where a significant risk is identified the committee or work stream identifying the risk is
       responsible for entering the risk into the Clinical Commissioning Group’s risk
       management process.

10.    Links to other strategies/policies

       This risk management strategy should be read in conjunction with:

           •   Health and Safety Policy.
           •   Being Open NPSA November 2009
           •   Serious Incident and Never event Performance and Management Policy
           •   Complaints Policy
           •   Managing Incidents Policy

       Note: that these are not all in place and some will be developed through the WY CSU

CCG Risk Management Strategy            Page 12 of 18
V1 September 2012
11.    Training and implementation

       This risk management strategy will be available on the intranet for all staff. Senior
       managers will ensure that all staff are briefed on its contents and on what it means for

       The effective implementation of this strategy will be measured by monitoring of the
       indicators noted in section 12. Where deficiencies are identified, action plans will be
       developed and changes implemented accordingly.

       Process for delivering risk management training

       The Governing Body members training is via bespoke sessions delivered directly at
       development sessions and will cover the key principles of risk management.

       Training for staff will be determined in consultation with the WY CSU who will be
       responsible for provision of training.

12.    Monitoring compliance and Key performance Indicators

       A report will be presented to the Audit and Governance Committee twice per year as a
       minimum demonstrating how this strategy is being implemented and reviewing progress
       with both the corporate risk registers and the action plans. The Audit and Governance
       Committee will receive this report as part of its existing review of the assurance
       framework and corporate risk register. The Governing Body will review this Strategy and
       progress annually and also whenever procedural, legislative or best practice changes

       The Chief Officer is responsible for ensuring this Strategy is reviewed in accordance with
       the above statement. This task may be delegated to an appropriate director or senior

CCG Risk Management Strategy        Page 13 of 18
V1 September 2012
Key performance indicators

                     Target                                                   KPI

Monitor compliance with NHSLA risk                     Where monitoring identifies deficiencies, ensure
management policies, used as best practice             that action plans are developed and changes
guidance (objective 5).                                implemented accordingly (objective 5)

Implementation of strategy: organisation’s
managers trained on risk management process
                                                       Risk management training for managers at 80%
and their responsibilities for risk management
(objectives 1 and 2)

Embedding a safety culture within Bradford
Districts Clinical Commissioning Groups
through :
                                                     Audit of database to demonstrate:
Pro-active risk management:
                                                     Assurance framework and corporate risk register
Regular review and update of the corporate risk
                                                     reviewed monthly in each directorate (objective
register in line with risk process. (objectives 2, 3
and 4)
                                                       Action plans developed for high level (red) risks
Where risks are identified, action plans are
                                                       (objective 4).
developed and changes implemented
accordingly (objective 2, 3 and 4).

Re-active risk Management:
                                                       Increase in number of risks on register as a result
Risks identified as a result of incidents are
                                                       of incidents. (objective 4).
represented on corporate risk register.

CCG Risk Management Strategy           Page 14 of 18
V1 September 2012
    Risk Matrix                                                                                                              Appendix A

Qualitative Measures of Consequence
  Consequence4                 1.    Insignificant          2.   Minor           3.     Moderate          4.    Major             5.    Catastrophic

                          £1k - £10k                   Up to £50k           Up to £250k             Up to £1M                Over £1M
                                                       Some minor
                                                                            Many minor injuries/
                                                       injuries/                                    Some major
                          Minor bruises/                                    ill-health –                                     Multiple
                                                       ill-health -                                 injuries/ ill-health -
                          discomfort/                                       temporarily                                      injuries/infections
Harm                                                   minor.                                       permanently
                          affects wellbeing.                                incapacitating.                                  Unexpected Death
                                                       <3 days                                      incapacitating
                                                                            RIDDOR reportable.
                                                       One week                                     Up to 6 months
                          One day Service                                   One month Service                                6 months to 1 year
                                                       Service                                      Service
Disruption                disruption/1 or 2 staff                           disruption/5-10 staff                            Service disruption/21-
                                                       disruption/<5                                disruption/11-20
                          absent.                                           absent.                                          50 staff absent.
                                                       staff absent.                                staff absent.
                                                       Replacement of
                          Replacement of                                    Minor out-of-court      Civil action – no
Litigation                                             property and                                                          Criminal prosecution.
                          property.                                         settlement.             defence.
                                                       Slight property
                          Minor property               damage/              Moderate property       Severe property          Loss of whole
Damage                    damage/ no                   impacts on           damage/impacts on       damage/impacts on        department/impacts on
                          environmental impacts.       internal             local environment.      local environment.       regional environment.
                                                                                                                             Damage to Health
                                                                            Damage to Service       Damage to Trust
                                                       Damage to                                                             Authority reputation/
                                                                            reputation/local        reputation/local
                          Damage to individual’s       team reputation.                                                      national media
                                                                            media coverage on       media coverage <3
                          reputation.                  Temporary loss                                                        coverage <3 days.
Reputation/                                                                 day. Loss of            days. Irrecoverable
                          Minor breach of              of information.                                                       Prosecution under Data
Confidentiality/Data                                                        information/            loss of vital
                          confidentiality.             Minor complaint                                                       Protection legislation.
Loss                                                                        records. Some           records/information.
                          Minor complaint              resolved by                                                           Complaints resolved by
                                                                            complaints resolved     Complaints
                          resolved within team.        local                                                                 Ombudsman or
                                                                            by Senior               resolved by Chief
                                                       management.                                                           Healthcare
                                                                            management.             Officer.
                                                       Noticeable           Significant effect on   Patient care
                          No significant effect on
Clinical care                                          effect on quality    quality of care         significantly            Patient care impossible
                          quality of care provided
                                                       of care provided     provided                impaired
                                                       Internal             Repeated failure to                              National Performance
                                                                                                    Performance not
Performance                                            Standards not        meet internal                                    not achievable
                                                       achievable           standards                                        (Continuous)
                                                       Breach of
                          Audit non-
                                                       procedure/           Improvement                                      Government
Enforcing action          conformance/advice                                                        Prohibition Notice.
                                                       Directive from       Notice.                                          Investigation.
                          from enforcers.

Qualitative Measures of Likelihood

 LEVEL                    DESCRIPTOR                 DESCRIPTION
             1                 Rare                  The event may occur only in exceptional circumstances
             2                Unlikely               The event could occur at some time
             3                Possible               The event should occur at some time.
             4                 Likely                The event will probably occur in most circumstances.
             5             Almost Certain            The event is expected to occur.

Qualitative Risk Grading Matrix; Level of Risk = Consequences x Likelihood
  5. Almost Certain                            5                    10                     15                    20                     25
  4. Likely                                    4                    8                      12                    16                     20
  3. Possible                                  3                    6                      9                     12                     15
  2. Unlikely                                  2                    4                      6                     8                      10
  1. Rare                                      1                    2                      3                     4                      5
  Impact                               1. Negligible             2. Minor             3. Moderate              4. Major        5. Catastrophic

    CCG Risk Management Strategy                           Page 15 of 18
    V1 September 2012
Corporate Risk Register Action Plan Template                                                            Appendix B


Responsible Senior Manager:                                          Directorate:

Unique Identifier:                                                   Date Placed on register:

Subject:                                                             Risk description:

                                                                     Current Residual Risk
Initial Risk Rating:

                                                                     Assurance to Committee
Anticipated Risk Rating Post Action:
                                                                     & date:

                          Recommendation /Action       Anticipated                        Responsible
Action No.                                                              Action Status                    Due Date    Comments
                                Required                Outcome                             Person

CCG Risk Management Strategy           Page 16 of 18
V1 September 2012
                                                                                                                  Appendix C

                                                                           RISK IDENTIFICATION
           REACTIVE                                                                                                                PROACTIVE
                                                        Incident Reporting                Priorities
                                                                                                        Staff & Patient Surveys

                                                    Claims                                Assessments                     KPIs/
                        Blowing                                                                               Media
                                  Internal Audits

     INTERNAL                                                                                                                                INTERNAL
                                                                           RISK REGISTER
     EXTERNAL              NPSA/NHSE/                                                                                                        EXTERNAL
                              MHRA                                                                               Mandatory/Statutory
                           SABS Notices                                                                          Targets/Legislation

                 Commission                                   National                                                              Consultation
                                                             Initiatives                                                                with
                                                                                             NHSLA               DoH                Stakeholders
                                                                                            Guidance           Guidance
              NHSLA; HSE
                Reports                 World Class
                                                                             HM         Benchmarking       NPSA
                                                                           Coroner                        Guidance
                                         Fitness for
       REACTIVE                                                                                                                    PROACTIVE
CCG Risk Management Strategy            Page 17 of 18
V1 September 2012
Equality impact assessment                                                        Appendix D

                                                       Yes/No            Comments
1.    Does the policy/guidance affect one               NO      The risk management strategy
      group less or more favourably than                        is the process by which all risk
      another on the basis of:                                  is managed.
                                                                It is noted in the policy that
                                                                action plans to mitigate risks
                                                                should improve performance
                                                                and not discriminate.
      • Race                                            No
      • Ethnic origins (including gypsies and           No
      • Nationality                                     No
      • Gender                                          No
      • Culture                                         No
      • Religion or belief                              No
      • Sexual orientation including lesbian,           No
         gay and bisexual people
      • Age                                             No
      • Disability - learning disabilities, physical    No
         disability, sensory impairment        and
         mental health problems
2.    Is there any evidence that some groups            No
      are affected differently?
3.    If you have identified potential                  No
      discrimination, are any exceptions
      valid, legal and/or justifiable?
4.    Is the impact of the policy/guidance              No
      likely to be negative?
5.    If so can the impact be avoided?                  N/A
6.    What alternatives are there to achieving          N/A
      the policy/guidance without the impact?
7.    Can we reduce the impact by taking                N/A
      different action?

 If you have identified a potential discriminatory impact of this procedural document, please
 refer it to [insert name of appropriate person], together with any suggestions as to the action
 required to avoid/reduce this impact.
 For advice in respect of answering the above questions, please contact:

CCG Risk Management Strategy          Page 18 of 18
V1 September 2012

To top