; Risk Management Strategy3rd_revision v4 0
Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Risk Management Strategy3rd_revision v4 0


  • pg 1
									          RISK MANAGEMENT
                      Date:       August 2009

Last review date:      31st March 2009

Next Formal Review     31st March 2010

Implementation Date    May 2005

Author:                Dr S Clark, NHS Fife Executive Lead for Risk

Approval Record                          Date
Strategic Management Team                22 June 2009
Fife NHS Board                           25 August 2009
Table of Contents

1          Introduction                                                  3
2          Purpose                                                       3
3          Philosophy                                                    4
4          Roles, Responsibilities and Risk Management Structures        5
5          Emergency Planning                                            10
6          Business Continuity Management                                10
7          Arrangements for working with Partner Organisations           11
8          Setting the Risk Management Agenda                            12
9          Risk Management Strategic Objectives                          12
10         Risk Management Approach                                      13
11         Learning and Development                                      13
12         Communication with Key Stakeholders                           14
13         Strategy Dissemination                                        14
14         Monitoring and Evaluation                                     14
15         Further Reading                                               15
           Appendix A Glossary of terms                                  16
           Appendix B Risk Management Structure                          18
           Appendix C NHS Fife Executive Lead Responsibilities           20
           Appendix D NHS Fife Generic Risk Assessment Tool & Escalation 21
           Appendix E NHS Fife Key Performance Indicators                24

Risk Management Strategy 3rd       V4.0             14/08/09
Revision                           Page 2 of 26
Directorate of Clinical Delivery
                                   RISK MANAGEMENT STRATEGY

1.1       Risk can be defined as “the chance of something happening that will impact on
          the organisation’s ability to achieve its objectives”. The NHS in common with
          other complex organisations faces a range of risks affecting the achievement of
          its objectives. Improving health and the provision of healthcare is an inherently
          risky business and the nature of the NHS means that some risks may never be
          totally eliminated.

1.2       Risks must not be seen merely as threats, but also as potential opportunities for
          success and innovation. They must, however, be properly managed. If not, they
          have the potential to cause harm to patients, staff and others and may affect the
          reputation and assets of the organisation.

1.3       Risk Management. comprises a framework and process that enable an
          organization to manage uncertainty in a systemic, effective, efficient and
          systematic way from strategic, programme, project and operational perspectives,
          as well as supporting continual improvement/ Risk management applies at all
          levels of an organization and to all activities (BSI,2008). Appendix A contains
          a glossary of terms commonly used in risk management.

1.4       NHS Fife will ensure its risk management systems eliminate risk, where
          reasonably practicable or reduce this to a tolerable level. Where risks cannot be
          eliminated, NHS Fife will put in place contingency plans to reduce their impact.
          Such systems will build upon existing good practice and be integral to all our
          decision making, planning, performance reporting and delivery processes.

1.5       A key component in the effective management of risk in NHS Fife is the Datix IT
          Risk Management System. This is the repository for all NHS Fife incidents,
          claims, complaints and risk data. Datix is a tool to enable us to manage all
          aspects of risk within set timescales, to prioritise actions and monitor
          performance; it can also be interrogated to produce reports which can be used to
          inform and ultimately assist the organisation to reduce risk and improve patient
          and staff safety.

1.6       NHS Fife is committed to the management of risk in order to:

      •   Monitor continuously and seek to improve the reliability, quality and delivery of
          care provided in partnership with patients, carers, staff, partner organisations and
          the public.

      •   Provide a safe environment for the benefit of patients, carers, staff and the public
          by reducing and, where possible, eliminating the risk of loss or harm.

      •   Protect its assets and reputation.

Risk Management Strategy 3rd       V4.0                       14/08/09
Revision                           Page 3 of 26
Directorate of Clinical Delivery
2.0       PURPOSE

         The purpose of this Strategy is to:

          •         Affirm NHS Fife’s commitment to manage risk

          •         Outline the Board’s vision and set the direction for NHS Fife’s risk
                    management activities

          •         Identify key responsibilities in relation to risk management

          •         Describe the remits and relationships of Risk Management Groups

          •         Communicate the Board’s intentions to staff, patients, carers, partner
                    organisations and the public

          •         Ensure clear and systematic reporting mechanisms are in place to assure
                    the Board and population of Fife of the standard of services provided

          The strategy is an integral part of NHS Fife’s approach to continuous quality
          improvement and is intended to assist the organisation to achieve its objectives
          and deliver the Local Delivery Plan.

          It will continue to be developed as part of the Board’s determination to achieve
          better care for patients and conditions for staff, visitors and others and will evolve
          in response to new initiatives and lessons learned. A key driver which has
          influenced the development of this strategy and objectives is the Scottish Patient
          Safety Programme.

3.0       PHILOSOPHY

3.1       Awareness of and responsibility for risk issues must be linked explicitly to key
          objectives, in order to build a sustainable risk management culture. There must
          be delegated responsibility for risks at every level of objectives in the
          organisation. This is the major support to embedding risk management into the
          organisation and its culture, with risk management seen as an intrinsic part of the
          way the organisation works (MOR 2005).

3.2       The organisation will be pro-active in its approach to the management of risk
          and will, by building its capability, endeavour to identify, eliminate, wherever
          possible, and respond appropriately to identified risks.

Risk Management Strategy 3rd        V4.0                          14/08/09
Revision                            Page 4 of 26
Directorate of Clinical Delivery
3.3       To this end, the following components are critical:

      •   Effective leadership to support a risk management culture that promotes safety,
          learning and improvement.

      •   Good governance arrangements.

      •   Explicit strategic objectives.

      •   Appropriate resource allocation.

      •   Integrated planning arrangements.

      •   Alignment with other relevant strategies and work streams.

      •   Targeted risk management education and training.

      •   Processes to facilitate the systematic recording, reporting and analysis of
          incidents and ' near misses'to enable organizational learning and minimise the
          risk of recurrence.

      •   Meaningful involvement and participation of all - staff, patients, the public and
          partners in the management of risk.

      •   Maintenance of a dynamic risk register.


          The Risk Management Strategy is designed to support effective management of
          risk. The organisational structure is shown at Appendix B. The intention is to
          embed risk management arrangements into all services and to devolve
          responsibility for the management of risk to CHPs, the Operational Division and
          the Corporate Directorates within a supportive environment.

          Within these arrangements, the NHS Fife Executive Leads have delegated
          responsibility for their respective functions from the Chief Executive as detailed in
          Appendix C. Responsibility for the day to day management of risk is devolved
          to the Division/ CHPs / Corporate Directorates. Appendix D provides guidance
          on the assessment and escalation of risks.

4.1       NHS Fife Chief Executive

          The Chief Executive, as Accountable Officer, has, on behalf of the Fife NHS
          Board, responsibility for maintaining a system of internal control. This requires

Risk Management Strategy 3rd       V4.0                         14/08/09
Revision                           Page 5 of 26
Directorate of Clinical Delivery
          the organisation to have in place the necessary controls to manage its risk

          The Chief Executive and the Board will require evidence that the Risk
          Management systems and processes are adequate and effective, being regularly
          reviewed and that, where required, developments and improvements are made.
          Six monthly reports to the Board will provide such evidence.

4.2       NHS Fife Executive Lead for Risk Management

          The NHS Fife Executive Lead for Risk Management is the person responsible for
          leading the development and implementation of the risk management systems
          within the organisation.

4.3        Independent Contractors

          NHS Fife aims to ensure that its risk management principles are embedded
          within the work of all our independent contractors. We will work with independent
          contractor professions to clarify their relationship with the systems governing risk
          management in NHS Fife and how the implementation of the strategy will apply
          to their services. The arrangements for each separate profession need to be
          formalised. In the meantime the existing arrangements in place within NHS Fife
          will remain.

          Links with General Practitioners are currently through the GP sub-committee, the
          Primary Care Department, the Medical Director, Primary Care to the Board
          Medical Director.

4.4       Managers

          All managers in NHS Fife have a responsibility to encourage staff to maintain
          general risk awareness, to manage risks appropriately and to escalate these
          when necessary. They must ensure their staff have access to relevant risk
          management education and training.

4.5       All Staff

          The management of risk is the responsibility of all managers and staff in NHS
          Fife. All employees have a personal responsibility to:

          •         Comply with policies and procedures.

          •         Be aware of risks at all times and take reasonable action to identify,
                    eliminate where possible, or control them.

Risk Management Strategy 3rd        V4.0                          14/08/09
Revision                            Page 6 of 26
Directorate of Clinical Delivery
          •         Notify line managers of risks they have identified which cannot be
                    adequately managed.

          •         Report incidents, accidents, errors and ‘near misses’.

          •         Participate in risk management education and training provided to
                    enable them to meet their responsibilities.

4.6       Fife NHS Board

          Fife NHS Board is ultimately responsible for managing risk. The Board has
          corporate responsibility for the management of risk. Each member must be
          aware of their obligations to promote this and protect the public, patients and
          staff from risk within local NHS provision. An annual risk management report and
          6 monthly updates on the risk register will be provided to the Board to provide
          assurance that risk is being adequately and effectively managed.

4.7       The Standing Committees of the Board

          In accordance with the NHS Fife Code of Corporate Governance (2008), the
          Standing Committees of the Board will address each area of risk as appropriate
          and review achievement of their risk management objectives and report as
          necessary to the Audit Committee. The Audit Committee will review the
          effectiveness of the risk management system through receipt of the Strategic
          Management Team (SMT) – (Risk Management) minutes and internal and
          external audit reviews of the risk management system.

          The Committees will provide regular reports to the SMT, on areas of significant
          risk. Any one of the standing committees may request a risk report from the SMT
          regarding a specific risk issue.

          The Committees will ensure that the structures and processes in place are
          sufficient to allow them to be assured on the adequacy and effectiveness of risk
          management arrangements within their sphere of responsibility.


4.7.1 The Strategic Management Group

          The Strategic Management Group (SMT) chaired by the Chief Executive, NHS
          Fife has delegated responsibility for Risk Management and ensures executive
          and corporate integration of the management of risk within the main governance
          areas in NHS Fife.

          It receives annual reports on the management of risks from the CHP General
          Managers, the Chief Executive of the Operational Division, the Director of Public
Risk Management Strategy 3rd       V4.0                          14/08/09
Revision                           Page 7 of 26
Directorate of Clinical Delivery
          Health and where appropriate, Executive Leads (covering the work of the
          Corporate Directorates and Fife wide roles), to provide assurance that adequate
          and effective local arrangements are in place to continually improve the
          management of risk.

          The Group monitors the corporate risk profile by maintaining the corporate risk
          register and dealing with escalated risks. It will highlight any risk management
          issues that it feels should be brought to the attention of other Standing
          Committees and provide assurance through the Chief Executive to the Board,
          that these are being adequately managed. The Group will receive regular
          reports from the Standing Committees on their areas of significant risk. In
          addition, the Standing Committees may request a specific risk report from the
          Strategic Management Team relative to the risks faced by the area they cover.

4.7.2 Core Risk Management Group

          This group is chaired by the Executive Lead for Risk Management. Its purpose is
          to coordinate and facilitate the implementation of the Risk Management Strategy
          and oversee the risk management agenda for NHS Fife. It provides regular
          reports on progress of the Strategy implementation to the SMT.

          The Group’s work is supported by the Risk Management Team which is
          accountable to the NHS Fife Executive Lead for Risk Management. The Team is
          specifically responsible for implementing the Risk Management Strategy and
          providing support and advice to all levels of the organisation in managing risk,
          according to the priorities set by the group.

4.7.3 Risk Reference Group

          This group is chaired by the Risk Manager, NHS Fife. It seeks to raise the profile
          of patient safety and risk management by providing a forum for discussion and
          learning for improvement through sharing of good practice, incidents, near
          misses and other risk related information.

4.7.4 Corporate/Divisional/CHP Risk Management Groups

          Whilst the Chief Executive has overall accountability for risk management, the
          Executive Leads, the Corporate Directorates, CHP and Divisional Management
          Teams, are responsible for leading the co-ordination, integration, oversight and
          support of the risk management agenda.

          They will provide positive assurance to the SMT and the Standing Committees
          that all significant risks are adequately managed and risk management principles
          are embedded across NHS Fife. They will also be responsible for implementing
          local arrangements in accordance with the principles and objectives set out in the
Risk Management Strategy 3rd       V4.0                      14/08/09
Revision                           Page 8 of 26
Directorate of Clinical Delivery
          Executive Leads and members of the CHP and Divisional Management Teams
          have risk management responsibilities defined in their objectives. This will
          include the identification, assessment and analysis of risks and action planning to
          control known risks.

          Executive Leads with responsibility for corporate functions will provide annual
          reports on risk management to the SMT. They will be responsible for identifying,
          prioritising and managing risks within their area of responsibility and for regularly
          reviewing risk registers and incident reports.

4.7.5 Operational Division Risk Management Group

          The Operational Division Risk Management Group oversees the delivery of the
          risk management agenda, including the identification, prioritisation and
          management of risks within the Division and through the Divisional Chief
          Executive, assures the Strategic Management Team on the adequacy and
          effectiveness of its risk management arrangements.

4.7.6 Community Health Partnerships Clinical Governance Groups

          Each Community Health Partnership has established a Clinical Governance
          Group which oversees the delivery of the risk management agenda, including the
          identification, prioritisation and management of risks within the CHP. The CHP
          General Managers provide assurance to the CHP Committee and the SMT on
          the adequacy and effectiveness of the risk management arrangements within
          their organisation.

4.7.7 Public Health

          Internal departmental Public Health governance is overseen by the Public Health
          Risk Management Group.

4.7.8 NHS Fife Resilience Forum

          This forum is chaired by the Operational Division Chief Executive. It is an
          integral part of NHS Fife’s Emergency Planning and Business Continuity
          Management framework and provides support to the NHS Fife Chief Executive
          and the Strategic Management Team in the exercise of their duties in all areas of
          Resilience preparedness. Its purpose is to provide a senior management forum
          to oversee the development, implementation and review of all aspects of NHS
          Fife’s local resilience processes. The Forum reports to the SMT.

Risk Management Strategy 3rd       V4.0                        14/08/09
Revision                           Page 9 of 26
Directorate of Clinical Delivery

5.1       The Lead Emergency Planning Officer co-ordinates the development of all
          necessary emergency contingency plans to ensure preparedness for an effective
          response to a major incident or emergency and to ensure that the organisation
          fully recovers to normal services as quickly as possible. NHS Fife and its
          component parts have detailed major emergency plans (MIP), which are tested
          and reviewed at least on an annual basis. These plans incorporate national
          guidance and procedures to address risks with the potential to affect the
          provision of care and which are recorded on the risk register, services. The
          plans address effective communications with patients, relatives, carers,
          management, emergency services, specialist advisors, Inspectorates, press,
          media and the public.       The SMT has the overall responsibility for the
          management of risks associated with these plans and will receive an annual
          report from the Director of Public Health as the NHS Fife Executive Lead for
          Emergency Planning.


          Business Continuity Management is a holistic management process that
          identifies potential impacts that threaten an organisation and provides a
          framework for building resilience and the capability for an effective response that
          safeguards the interests of its key stakeholders, reputation, brand and value
          creating activities.

          The Business Continuity Programme that has been developed within NHS Fife is
          in accordance with the principles set out in the British Standard BS25999 and
          NHS Resilience and Business Continuity Management Guidance documents.
          The Management Cycle outlined within these documents consists of five phases.
          They are:

          1.   Understanding the Organisation.
          2.   Determining Business Continuity Management Strategies.
          3.   Developing and Implementing a Business Continuity Management Response.
          4.   Exercising, Maintaining and Reviewing Plans.
          5.   Embedding Business Continuity in the Organisation’s Culture.

          Phase 1 has been largely been completed through a system of dedicated
          Business Continuity staff:

          Departmental Business Continuity Co-ordinator (BCC) – This is a single
          requirement for the whole department and is generally a Senior Manager. This
          nominated senior representative will maintain an overview of the business
          continuity work within the department; co-ordinate and liaise with the Service
          Recovery Leaders undertaking the mapping and business impact processes; and
Risk Management Strategy 3rd       V4.0                       14/08/09
Revision                           Page 10 of 26
Directorate of Clinical Delivery
          collate the outcome and liaise with the Business Continuity Manager and

          Departmental Service Recovery Leader(s) (SRL) – Recovery Leaders are
          those staff who manage a number of functional areas, where some or all of the
          functions of the service area are deemed critical or key areas. They will report to
          the Departmental Business Continuity Co-ordinator and be assisted by and work
          closely with the Business Continuity Manager and Administrator to develop viable
          contingency and recovery arrangements.

          Each Business Continuity Co-ordinator will report to their local Clinical
          Governance Group or Risk Management Group. The Business Continuity
          Manager will submit a summary report to the NHS Fife Resilience Forum and to
          the Strategic Management Team and it is proposed with onward reports to the


7.1       As the organisation develops in accordance with national and local initiatives, the
          risks emerging from joint working between NHS care providers, other care
          providers/partners and independent contractors will require joint solutions. “This
          includes both risks arising from the activities of the organisation, and those which
          arise from the external environment such as difficulties in recruiting staff. Each
          local area will have different risks according to their local circumstances.
          However, each partnership should have an effective risk management system in
          place and a register which is jointly and routinely monitored and updated.
          Partner risk control systems should, as far as possible, complement each other
          and each risk should be delegated to specific officers to manage. Partners
          should pay particular attention to key risks such as the effective management of
          financial pressures; delivering on joint outcomes (e.g. delayed discharge targets);
          and information sharing between partners. It is crucial that partners agree risk
          control measures and do not take unilateral decisions which may adversely
          impact on the delivery of joint outcomes” (Governance for Joint Services Audit
          Scotland, 2007).

          NHS Fife commits to minimise any risk by ensuring:

          •         All Departments manage risk in partnership with partner agencies and
          •         An adequate risk management framework is incorporated as part of the
                    governance arrangements for joint management and partnership
          •         Common objectives are agreed with partner agencies, contractors and the
                    voluntary sector.

Risk Management Strategy 3rd       V4.0                       14/08/09
Revision                           Page 11 of 26
Directorate of Clinical Delivery
          •         The Partnership Management Group will provide reports on risk
                    management issues associated with joint working arrangements, to the
                    Health and Social Care Partnership.


8.1        NHS Fife will take account of the standards set by bodies such as NHS Quality
          Improvement Scotland and Audit Scotland as well as locally determined priorities
          and pressures when setting its Risk Management agenda. It will consider risks
          identified within the organisation and externally through horizon scanning and act
          on these according to the level of risk. Progress against objectives will be
          monitored by the SMT and reported in the Risk Management Annual Report.


9.1       The Risk Management objectives for 2009/2010 are to:

          1.        Ensure continued compliance with all relevant statutory requirements.

          2.        Improve performance against the risk management components of the
                    NHS QIS Clinical Governance & Risk Management standards by
                    achieving a score of 4 by February 2010.

          3.        Continue to develop risk registers that:

          •         Link clearly to the corporate objectives and Local Delivery Plan.
          •         Demonstrate improved quality and consistency in structure, specificity,
          •         Are entered in the DATIX risk module.
          •         Are routinely and timeously reviewed in all component parts of the

          4.        Further develop the organisation’s awareness of and sensitivity to new
                    risks through the use of horizon scanning and scenario based exercises.

          5.        Develop further its systems and processes for the management and use
                    of risk related information in order to support quality improvement e.g. the
                    identification of common themes and links between risks, incidents,
                    complaints, claims and SPSP data.

          6.        Embed the practice of setting risk target levels so that greater assurance
                    can be provided on the management of risks and adequacy and
                    effectiveness of management actions.
Risk Management Strategy 3rd        V4.0                         14/08/09
Revision                            Page 12 of 26
Directorate of Clinical Delivery
          7.        Further develop the organisation’s capability to manage risk and improve
                    safety by ensuring the risk management education and training
                    programme meets the needs of staff across the organisation.

          8.        Further develop the use and potential of the Datix Risk Management IT
                    system across Fife.

          9.        Continue to develop NHS Fife’s approach to active patient, public and
                    other stakeholder involvement in managing risk.


          There is a need to ensure a common approach for the management of risk
          across NHS Fife that supports the assurance and business requirements of the

          Risk management is a systematic process of:

          •         Identification.
          •         Analysis and evaluation.
          •         Control.
          •         Review.

          Full details of the risk management system and how the practicalities of risk
          management are approached in NHS Fife are detailed in the Risk Assessment
          and Risk Register Policies.


11.1      Effective risk management depends on all staff having a clear understanding of
          the subject and the contribution they can make to risk control.

          The Knowledge & Skills Framework (KSF) Personal Development Planning
          (PDP) process will support the identification of risk management related learning

11.2      Managers are responsible for ensuring that staff, through their Personal
          Development Plans, are able to participate in appropriate Risk Management
          related learning activities.

11.3      Individual members of staff also have a responsibility, through their Personal
          Development Plans, to identify learning needs and participate in risk
          management training.
Risk Management Strategy 3rd       V4.0                       14/08/09
Revision                           Page 13 of 26
Directorate of Clinical Delivery
11.4      The Risk Management Team will promote the importance of managing risk in a
          number of ways. This includes the provision of information as part of the general
          induction arrangements; in house core training, risk management training
          programmes and input to a number of educational programmes including:
          Operational Division Nursing/Nursing Auxiliary Induction Programme, Education
          Programmes for Medical Trainees and the Leadership and Management Module,
          University of Dundee.


          There are established communication routes for Risk Management information
          including this Strategy, across NHS Fife. These include the SMT, Core Risk
          Management, Risk Reference Groups and local Risk Management Groups.

          Information is cascaded by the NHS Fife Risk Management Team, the Clinical
          Governance Leads for NHS Fife, and the CHP Risk Management Leads using
          existing communication networks.

          Local and national risk management information can be found on the NHS Fife
          website and intranet.

          Involving patients and the public in the management of risk to enhance the
          patient experience is an evolving area of activity and this strategy should be read
          in conjunction with the emerging patient experience strategy for NHS Fife and the
          Patient Focus Public Involvement action plan. Involvement takes many shapes,
          for example, through observations of care, patient stories, SPSP activities, the
          non-executive directors on the CGC and through moves to more fully involve
          patients in the dissemination of learning from adverse events.


13.1      The Strategy will be made available via the Intranet to ensure ease of access.

13.2      Managers will be responsible for communicating this Strategy to all staff, in a
          manner appropriate to their area.


14.1 Key elements of monitoring and review of risk management performance within
     NHS Fife include the NHS Fife Balanced Scorecard and Risk Management Key
     Performance Indicators (KPIs). Monitoring against the KPIs will enable the
     organisation to evaluate the effectiveness of key elements of its risk management
Risk Management Strategy 3rd       V4.0                       14/08/09
Revision                           Page 14 of 26
Directorate of Clinical Delivery

          A variety of other internal and external mechanisms will be used to provide
          evidence of progress towards key objectives and to monitor and review risk
          management arrangements.
          These include:

          •         The use of internal and external audit reports.
          •         The use of external assessment reports from bodies such as NHS QIS,
                    Audit Scotland, Professional Bodies.
          •         Monitoring reports from CHPs / Division/Corporate Directorates which will
                    include the risk management reports presented to the Clinical Governance
                    Committee, the Risk Management Annual Report and CHP Division/
                    Corporate Directorate and corporate level monitoring of risk action plans.
          •         Regular review of the level of risks on the CHP/Division/Corporate
                    Directorates’ risk registers by the relevant group, and Corporate level risks
                    by the SMT.
          •         6 monthly review by the Board of the corporate risks.
          •         6 monthly assessment by the SMT of the risk management key
                    performance indicators identified in Appendix E.
          •         Annual review by the SMT of the Risk Management Strategy and
                    related documents.


15.1      The above represents NHS Fife’s Risk Management Strategy. It is recommended
          that this document be read in conjunction with the following:

          •    Code of Corporate Governance (including Standing Orders and Standing
               Financial Instruction, 2008).
          •    NHS Fife Clinical Governance Strategy 2009.
          •    Organisational policies e.g. Incident Management, Risk Assessment, Risk

Risk Management Strategy 3rd       V4.0                          14/08/09
Revision                           Page 15 of 26
Directorate of Clinical Delivery
                                                                              Appendix A
Glossary of Terms

Adverse Event: Any incident / near miss, event or circumstance arising during NHS
service provision that could have or did lead to unexpected harm, loss or damage.
Assurance: Stakeholder confidence in our service gained from evidence showing that
risk is well managed.
Blame: Undesirable practice of attributing responsibility for an adverse event to an
individual. Blame is undesirable because adverse events are usually due to system
Consequence: Most predictable consequence to the individual or organisation if the
circumstances in question were to occur.
Contingency: Emergency plans/alternative arrangements that intervene should the risk
become apparent.
Eliminate Risk: Do things differently & thus remove the risk where it is feasible to do
FMEA: A failure mode and effects analysis is a procedure for the analysis of potential
failure modes within a system for classification by severity or determination of the effect
of failures on the system identifying actions to mitigate the failures. A crucial step is
anticipating what might go wrong.
Host Organisation: The organisation in which the incident takes place.
Horizon scanning: The systematic examination of potential threats, opportunities and
likely future developments which are at the margins of current thinking and planning. It
may explore novel and unexpected issues as well as persistent problems or trends.
Overall it is intended to improve the robustness of policies and evidence base e.g.
anticipating, identifying and preparing for new or changing risks, developments, trends
or changes in workplaces, including those arising from socio-economic, workplace
trends and so on that could have an impact on ability to deliver on objectives.
Incident: Any event or circumstance arising during NHS Scotland care or service
provision that could have or did lead to unintended or unexpected harm, loss or
Internal Control: Corporate governance arrangements designed to manage the risk of
failure to meet NHS Fife’s objectives.
Likelihood: Probability of an event occurring, wherever possible based upon the
frequency of previous occurrences.
Near Miss: Where no harm, loss or damage is caused but could have resulted in harm,
loss or damage in other circumstances.
Partnership: Way of working where staff at all levels and their representatives are
involved in developing and putting into practice the decisions and policies which affect
their working lives.
Reduce risk: Take action to control the risk either by taking actions which lessen the
likelihood of the risk occurring or the consequences of occurrence.
Risk Management Strategy 3rd       V4.0                    14/08/09
Revision                           Page 16 of 26
Directorate of Clinical Delivery
Risk: The chance of something happening that will impact on the organisation’s ability
to achieve its objectives.
Risk Appetite: The amount of risk that an organisation is prepared to accept, tolerate or
be exposed to at any point in time.
Risk Assessment: An overall process to identify risk and evaluate whether acceptable
or not taking into account new/ best practice.
Risk Control Measure: An action undertaken to minimise risk to an acceptable level
either by reducing the likelihood of an adverse event or the severity of its consequences
or both.
Risk Escalation: The process of delegating upward, ultimately to the Board,
responsibility for the management of a risk deemed to be impractical or not reasonably
practicable to manage locally.
Risk Evaluation: This involves an estimate of the probability of the risk occurring, the
frequency of the risk occurring and the impact or severity if it does.
Risk Level: The classification of a risk expressed as a combination of its likelihood and
severity of consequence.
Risk Management: Incorporates all the activities required to identify and control the
exposure to risk which may have an impact on the achievement of an organisations
Risk Owner: The lead person assigned with responsibility for ensuring that the risk is
adequately controlled and monitored.
Risk Register: A database of risks always changing to reflect the dynamic nature of the
risk and our management of them. Its purpose is to help managers prioritise available
resources to minimise risk to best effect and provide assurances that progress is being
Root Cause Analysis: A systematic investigation technique that looks beyond the
individuals concerned and seeks to understand the underlying causes and the
environmental context in which the incident occurred (NPSA, 2004).
Significant Risk: Broadly, any risk that could adversely affect achievement of NHS
Fife’s objectives or present a large loss. A ‘significant’ risk could be defined as one with
a risk grading of ‘moderate’ (orange) or ‘high’ (red) determined using the Risk Grading
Statement on Internal Control: A statement by the accountable officer within the
published Annual Accounts, required by HDL (2002)11, on the effectiveness of NHS
Fife’s systems of internal control, of which risk management is a key component.
System Failure: The most likely cause of an adverse event. Typically due to a flaw or
flaws in the design or operation of a system of work rather than an individual’s actions
or inaction.
Tolerable Risk: A risk that is allowed to exist so that certain benefits can be gained,
whilst there is an acceptable level of confidence that the risk is under control.
Transfer Risk: The most common form of risk transfer is insurance.

Risk Management Strategy 3rd       V4.0                     14/08/09
Revision                           Page 17 of 26
Directorate of Clinical Delivery
                                                    NHS Fife Structure for Risk Management Appendix B

                                                                     NHS Fife Board

                 Audit Committee

                                                                     Chief Executive                                  ***Service
                           Internal Audit

                          External Audit
                                                                 Strategic Management                                  ‡Clinical
    Independent Assurance

                                                             Responsible for producing,                         Staff Governance
                                                             implementing, resourcing,
                                                             monitoring and reviewing the NHS
                                                             Fife risk management strategy.

                                                             Maintaining Corporate Risk register               †H&S Governance
                                                             and dealing with escalated risks.
                                                             Ensuring governance standards met

                                                                                                                Patient Focus Public
             Risk                  Risk                                                                             Involvement
           Reference            Management
            Group                 Team

                                                                                                                      Finance and

                                                                                                                Remuneration Sub-

                                                                                                                  *Joint Strategy and
                                                                                                                   Resources Group

         Glenrothes &                  Dunfermline and                   Kirkcaldy &                    Operational
        North East Fife                 West Fife CHP                 Levenmouth CHP                     Division
        CHP Committee                    Committee                       Committee                      Committee

                              !"                         #                                                                                         '

    Risk Management Strategy 3rd                     V4.0                                                   14/08/09
    Revision                                         Page 18 of 26                  $              #$
    Directorate of Clinical Delivery
           $                   %             $
                                                                                        ( )
                 &        "
"                 $                                                             #
                                                                                    Appendix C

                                      NHS Fife Executive Leads

(a) Roles included in Job Description

1.     Gavin Brown                 Corporate Governance
                                   Freedom of Information (FOI)

2.     Anne Buchanan               Patient Focus Public Involvement (PFPI)

3.     David Christie              Organisational Development

4.     Dr Stella Clark             eHealth
                                   Research & Development                                          a.
                                   Risk Management                                                 a.

5.     George Cunningham           Mental Health Services (including Child and Adolescent Mental
                                   Health Services)

6.     Medical Director to         Redesign
7.     Jim Leiper                  Decontamination                                                 b.
                                   Estates, Capital Planning & Accommodation                       b.

8.     Susan Manion                Learning Disabilities Service

9.     Dennis O’Keefe              Major Capital Projects                                          b.

10. Chris Bowring                  Financial Governance

11. Dr Edward Coyle                Caldicott Guardian
                                   Health Improvement & Health Protection

12. Rona King                      Staff Governance

13. Andrea Wilson                  Capacity Planning

(b) Fife Wide Coordination and Facilitation Role

1.     Dr Gordon Birnie            Clinical Governance
                                   Control of Infection                                            b.

2.     George Brechin              Performance Measurement
                                   Regional Planning

3.     Anne Buchanan               Child Health Services
Risk Management Strategy 3rd       V4.0                            14/08/09
Revision                           Page 19 of 26
Directorate of Clinical Delivery
                                   Food, Fluid & Nutrition
                                   Patient Information
                                   Spiritual Care

4.     Dr Stella Clark             Community Safety

5.     George Cunningham           Drugs and Alcohol Services
                                   Health & Social Care Partnership
                                   Hepatitis ‘C’

6.     Medical Director to         Cancer Services
       Board                       Information Governance
                                   Strategic Planning

7.     Vicky Irons                 Balance of care

8.     Susan Manion                Community Planning and Housing

9.     Dennis O’Keefe              Travel and Transport

10. Dr Edward Coyle                Health and Homelessness
                                   Regeneration/Sustainable Communities

11. Rona King                      Community Justice

12. John Wilson                    Business Continuity
                                   Older People’s Services

(c) Role Acting on Behalf of NHS Fife Chief Executive

1.    Anne Buchanan                Child Protection

2.    George Cunningham            Vulnerable Adult Protection

3.    Medical Director to          Patient Safety
      Board                        Prescribing and Medicines Management

4.    Dr Edward Coyle              Public Health Incident Management

5. Rona King                Health & Safety
NOTE:       a. indicates post holder reports to Divisional Chief Executive for
            system wide managerial role.
            b. indicates post holder reports to NHS Fife Medical Director for
            system wide managerial role.
            All others report to NHS Fife Chief Executive for system wide
            roles (either on line management or personal basis).

Risk Management Strategy 3rd       V4.0                          14/08/09
Revision                           Page 20 of 26
Directorate of Clinical Delivery
                                                                                                  Appendix D

NHS Fife Generic Risk Assessment Tool

An assessment of the risks attached to a particular practice or activity may be
undertaken using the NHS Fife Generic Risk Assessment Matrix (see Figure 1 below)
by mapping the likelihood (the probability or frequency of a consequence occurring)
(Figure 2) against the consequence (the outcome or impact component Figure 3) to
determine the risk level. This can be used as the basis of identifying acceptable and
unacceptable risk.

          Figure 1: Risk Assessment Matrix


                              Negligible            Minor      Moderate            Major           Extreme

    Almost certain                 LR                MR           HR                   HR             HR
        Likely                     LR                MR           MR                   HR             HR
      Possible                     VLR               LR           MR                   MR             HR
       Unlikely                    VLR               LR           LR                   MR             MR
       Remote                      VLR               VLR          VLR                  LR             LR

          In terms of grading risks, the following grades have been assigned within the matrix.

          Very Low Risk (VLR)
          Low Risk (LR)
          Moderate Risk (MR)
          High Risk (HR)

          Figure 2: Likelihood of Recurrence Ratings

  Descriptor                Remote              Unlikely       Possible            Likely        Almost Certain

Likelihood            Can’t believe          Not expected   May occur         Strong             This is expected
                      this event would       to happen,     occasionally,     possibility that   to occur
                      happen – will          but definite   has happened      this could         frequently / in
                      only happen in         potential      before on         occur – likely     most
                      exceptional            exists –       occasions –       to occur           circumstances –
                      circumstances          unlikely to    reasonable        (quarterly)        more likely to
                      (5-10 years)           occur          chance of                            occur than not
                                             (2-5 years)    occurring                            (daily / weekly /
                                                            (annually)                           monthly)

Risk Management Strategy 3rd               V4.0                             14/08/09
Revision                                   Page 21 of 26
Directorate of Clinical Delivery
Descriptor         Negligible               Minor                    Moderate                    Major                    Extreme
Objectives /       Barely noticeable        Minor reduction in       Reduction in scope or       Significant project      Inability to meet project
Project            reduction in scope /     scope / quality /        quality, project            over-run                 objectives, reputation of
                   quality / schedule       schedule                 objectives or schedule                               the organisation
                                                                                                                          seriously damaged.
Injury             Adverse event            Minor injury or          Agency reportable,          Major injuries/long      Incident leading to
(Physical and      leading to minor         illness, first aid       e.g. Police (violent        term incapacity or       death or major
psychological)     injury not requiring     treatment required       and aggressive acts)        disability (loss of      permanent incapacity.
to patient /       first aid                                         Significant injury          limb) requiring
visitor / staff.                                                     requiring medical           medical treatment
                                                                     treatment and/or            and/or counselling.
Patient            Reduced quality of       Unsatisfactory           Unsatisfactory patient      Unsatisfactory           Unsatisfactory patient
Experience         patient experience /     patient experience /     experience / clinical       patient experience /     experience / clinical
                   clinical outcome not     clinical outcome         outcome, short term         clinical outcome,        outcome, continued
                   directly related to      directly related to      effects – expect            long term effects –      ongoing long term
                   delivery of clinical     care provision –         recovery <1wk               expect recovery -        effects
                   care                     readily resolvable                                   >1wk
Complaints /       Locally resolved         Justified written        Below excess claim.         Claim above excess       Multiple claims or single
Claims             verbal complaint         complaint                Justified complaint         level. Multiple          major claim
                                            peripheral to            involving lack of           justified complaints
                                            clinical care            appropriate care
Service /          Interruption in a        Short term               Some disruption in          Sustained loss of        Permanent loss of core
Business           service which does       disruption to            service with                service which has        service or facility
Interruption       not impact on the        service with minor       unacceptable impact         serious impact on        Disruption to facility
                   delivery of patient      impact on patient        on patient care             delivery of patient      leading to significant
                   care or the ability to   care                     Temporary loss of           care resulting in        “knock on” effect
                   continue to provide                               ability to provide          major contingency
                   service                                           service                     plans being invoked.

Staffing and       Short term low           Ongoing low              Late delivery of key        Uncertain delivery of    Non-delivery of key
Competence         staffing level           staffing level           objective / service due     key objective /          objective / service due
                   temporarily reduces      reduces service          to lack of staff.           service due to lack      to lack of staff.
                   service quality (less    quality                  Moderate error due          of staff.                Loss of key staff.
                   than 1 day)                                       to ineffective training /                            Critical error due to
                                            Minor error due to       implementation of           Major error due to       ineffective training /
                   Short term low           ineffective training /   training                    ineffective training /   implementation of
                   staffing level (>1       implementation of        Ongoing problems            implementation of        training
                   day), where there is     training                 with staffing levels        training
                   no disruption to
                   patient care
Financial          Negligible               Minor                    Significant                 Major organisational     Severe organisational /
(including         organisational /         organisational /         organisational /            / personal financial     personal financial loss
damage / loss /    personal financial       personal financial       personal financial loss     loss                     (£>1m)
fraud)             loss                     loss                     (£100k-250k)                (£250k- 1 million )
                   (£<10k)                  (£10-100k)
Inspection /       Small number of          Recommendations          Challenging                 Enforcement action.      Prosecution.
Audit              recommendations          made which can be        recommendations that
                   which focus on           addressed by low         can be addressed            Low rating               Zero rating
                   minor quality            level of                 with appropriate
                   improvement              management               action plan.                Critical report.         Severely critical report.
                   issues                   action.
Adverse            Rumours, no media        Local media              Local media – long-         National media /         National / International
Publicity /        coverage                 coverage – short         term adverse                adverse publicity,       media / adverse
Reputation                                  term. Some public        publicity.                  less than 3 days.        publicity, more than 3
                   Little effect on staff   embarrassment.                                                                days.
                   morale                   Minor effect on staff    Significant effect on       Public confidence in     MSP / MP concern
                                            morale / public          staff morale and            the organisation         (Questions in
                                            attitudes.               public perception of        undermined               Parliament).
                                                                     the organisation            Use of services          Court Enforcement
                                                                                                 affected                 Public Enquiry

Risk Management Strategy 3rd                 V4.0                                            14/08/09
Revision                                     Page 22 of 26
Directorate of Clinical Delivery

The risk score and rating will determine the level of action required for each identified

   RISK RATING              PRIORITY            RESPONSE          LEVEL OF ACTION

   Green                    Low                 None/ long term   No further action or records
   Very Low                                                       required
                            Low/ Medium         Medium term       Service/Directorate/
   Yellow                                                         Departmental         management
   Low                                                            action required to reduce risk as
                                                                  low as reasonably practicable
                            Medium/ High        Short term        Division/CHP/Corporate
   Amber                                                          Directorate/ Directorate / Service
   Moderate                                                       management action required to
                                                                  reduce risk as low as reasonably
                            High                Immediate         Strategic (Strategic Management
   Red                                                            Team) action / Board level
   High                                                           awareness required

   •      Moderate and High Level Risks which are deemed not reasonably practicable to
          manage at a Service/ Directorate/ Departmental level must be escalated to the
          appropriate Divisional /CHP Clinical Governance/ Risk Management Group/
          Management Team by the appropriate manager for consideration for inclusion on the
          Division/ CHP Risk Register

     •    Moderate and High Level Risks which are deemed not reasonably practicable to
          manage at a Division/CHP/Corporate Directorate Management Team level, must be
          notified to the Strategic Management Team by the appropriate Executive Lead to
          consider for inclusion in the Corporate Risk Register.

     •    Risks and associated action plans must be monitored as appropriate to the risk level.
          Every opportunity must be taken to mitigate the risk.

Risk Management Strategy 3rd           V4.0                         14/08/09
Revision                               Page 23 of 26
Directorate of Clinical Delivery
                                                                                                                     APPENDIX E

                                           NHS FIFE RISK MANAGEMENT KEY PERFORMANCE INDICATORS
Objective                       Measures                         Indicator                            Progress
1. Meet the                     Position on NHS QIS Quality      Progress towards achievement of
requirements of the             Improvement scale                Level 4 (The NHS Board is
risk management                                                  evaluating the implementation of its
components of the                                                risk management across the
NHS QIS Clinical                                                 organisation).
Governance and Risk
Management (CGRM)
2. Maintain a system of         The NHS Fife Accountable Officers and      100% of reports submitted
control by ensuring             Executive Leads will submit a high level
that each CHP and               risk report to SMT on their areas of
Division considers its          responsibility at least once per year.
risks and reports on
the management of
these, not less than
annually, to the
Strategic Management
3. Review the risk              Availability of a range of risk            Following evaluation of demand,
management                      management training opportunities          uptake, and feedback, the Risk
education and training                                                     Management training programme is
programme to ensure                                                        reviewed on a 6 monthly basis
it meets the needs of
staff across the                Positive evaluation of all training        90% satisfaction with training
organisation                    courses                                    delivered

4. Implement the Risk           % of risks on Divisional and CHP risk   90%
Register Policy,                registers which have risks expressed in
ensuring that                   terms of source of the threat and
Divisional and CHP              consequence
risk registers are
routinely reviewed in           % of risks on Divisional and CHP risk      90%
all component parts of          registers that have been reviewed

Risk Management Strategy 3rd Revision                    4.0                                                140809
Directorate of Clinical Delivery                         Page 24 of 26
the organisation                within target timescales                       90%

                                % of risks on Divisional and CHP risk          90%
                                registers which have actions or action
                                plans detailed to manage risks

                                % of risks with inclusion of target dates
                                for actions                                    90%

                                % of risks with completed fields
                                % of risks with target risk level identified
5. Ensure that risk             % of Directorates and Services with risk       80%
   registers are                registers entered in DATIX
   developed for all
   operational units
   e.g. Directorates
   and Services of the
   component parts of
   NHS Fife entered in

6. Continue to develop          % increase in incidents and near        10%
   mechanisms for               misses reported over 6 month period
   sharing and learning         % of major and extreme incidents which 80%
   from incidents and           have had RCA undertaken, logged in
   near misses                  Datix and actions taken within 3 months
                                of incident date

7. Ensure that the level        % of records with all essential fields         80% of sample of 10% of records
   of data quality              completed (Directorate/Service,                for reporting period
   captured in incident         Speciality, Site, Location Exact,
   reports and entered          Category, Sub category, severity,

Risk Management Strategy 3rd Revision                      4.0                                             140809
Directorate of Clinical Delivery                           Page 25 of 26
   onto the Datix               grading, injury sustained
   system is of a
   consistently high
   quality that enables
   effective trend
   analysis and
   accurate reporting
   e.g. for Freedom of

Risk Management Strategy 3rd Revision                   4.0             140809
Directorate of Clinical Delivery                        Page 26 of 26

To top