hertfordshire community nhs trust · quality - we strive for excellence and effectiveness at all...
TRANSCRIPT
Risk Management Strategy 2017-2022, V.4 Page 1
Hertfordshire Community NHS Trust
Risk Management Strategy
(2017 to 2022)
Risk Management Strategy 2017-2022, V.4 Page 2
Version Control:
Edition: 4
Version: 4 – Annual review
Ratified by: Hertfordshire Community NHS Trust Board TBC
Date ratified: December Strategy and Resources Committee (SRC) 2017 and January Board 2018
Name & Designation of authors:
T Westley : Assistant Director Risk & Quality Assurance
Name of responsible committee:
Hertfordshire Community NHS Trust Board
Date issued for implementation:
February 2018
Review date: 2 years from date issued or earlier at discretion of the Executive Director or Author
Target audience: All Hertfordshire Community Trust (HCT) staff
Document History
Version Date Summary of Changes Authors Distribution
V2 Sept 2017
Amended to HCT Trust Strategy Template
T Westley
HCT Chair, (Board Risk Lead). Executive Team
HGC
V2 Sept 2017
Revised SWOT T Westley
V2 Sept 2017
Revised Risk Appetite T Westley
V2 Sept 2017
KPI revised to support assurance of milestone achievement
T Westley
V2 Sept 2017
Revised Benefit realisation T Westley
V2 Oct Revised Milestones T Westley
V3 Nov 2017
Revised in relation to SMT comments Updated working with key stakeholders, where are we now, assumptions and interdependencies
T Westley
HCT Chair, (Board Risk Lead). Executive Team
HGC
V4 Jan 2018 Board request for revised structure chart
T Westley Board
RISK MANAGEMENT STRATEGY 2017 TO 2022 CONTENTS
Risk Management Strategy 2017-2022, V.4 Page 3
CONTENTS
1.0 EXECUTIVE SUMMARY ................................................................................................. 4
2.0 ORGANISATIONAL VISION AND VALUES .................................................................... 6
3.0 WHERE ARE WE NOW? ................................................................................................ 7
4.0 STRATEGIC CONTEXT ................................................................................................ 11
5.0 SWOT ANALYSIS ......................................................................................................... 12
6.0 VISION FOR RISK MANAGEMENT STRATEGY – WHERE DO WE WANT TO GO? .. 14
7.0 HOW WILL WE KNOW WE HAVE DELIVERED THE VISION AND THE STRATEGY’S OBJECTIVES? ......................................................................................................................... 15
8.0 STRATEGY – HOW WILL WE DELIVER THE VISION? ............................................... 17
9.0 FINANCIAL IMPLICATIONS OF DELIVERING THE STRATEGY ................................. 18
10.0 QUALITY IMPLICATIONS OF DELIVERING THE STRATEGY ..................................... 19
11.0 WORKING WITH KEY STAKEHOLDERS ..................................................................... 20
12.0 WORKFORCE AND ORGANISATIONAL DEVELOPMENT .......................................... 21
13.0 BENEFITS REALISATION ............................................................................................ 23
14.0 RISK / ISSUES and MITIGATIONS ............................................................................... 24
15.0 ASSUMPTIONS, INTER/DEPENDENCIES, CONSTRAINTS ....................................... 26
APPENDIX A - GLOSSARY OF TERMS AND ABBREVIATIONS ............................................ 27
APPENDIX B – RISK APPETITE .............................................................................................. 28
APPENDIX C – ACHIEVEMENT OF THE STRATEGY’S OBJECTIVES .................................. 30
APPENDIX D – COMMITTEE STRUCTURE ............................................................................ 35
APPENDIX E – RISK REPORTING FRAMEWORK.................................................................. 38
RISK MANAGEMENT STRATEGY 2017 TO 2022
Risk Management Strategy 2017-2022, V.4 Page 4
1.0 EXECUTIVE SUMMARY
1.1 This Risk Management Strategy sets out HCT’s vision and approach to Enterprise Risk
Management (herein known as RM) over the next five years.
1.2 High level summary of the Risk Management strategy : The Trust expects all staff to subscribe to its vision, values and strategic objectives to which this strategy relates. This strategy is therefore integral to the work of all the Trust’s Directorates/Business Units and supports the delivery of Trust strategic objectives. It sets out why effective enterprise risk management is important for HCT at this time, and describes both the current and aspirational status of risk management The Risk Management Strategy aims to support delivery of HCT strategic Objectives. A Glossary of Terms to support this document can be found in Appendix A. Hertfordshire Community NHS Trust (HCT – the Trust) is committed to ensuring all services are provided to a high quality. The Board of Directors recognise that successful risk management must be forward thinking, must be the responsibility of all, must be comprehensive and coordinated, and that proactive and continuous identification and management of risk is essential to the delivery of high value healthcare. Further the Trust recognises that risk management is integral to all elements of Trust business and should be embedded in the Trust’s philosophy, practices and business at all levels throughout the organisation enabling a sustainable organisation fit to deliver current and future business activities.
1.3 Summary of main elements The Trust acknowledges that there is progress to be made in order that risk management becomes an instinctive part of the everyday working practice of staff and not a bureaucratic process, and that staff feel fully empowered in managing risk. The key milestones in 2017 – 2022 to achieving our vision are outlined in Chapter 7 and Appendix C. Risk management will fully support the delivery of HCT’s strategic objectives. The key outcomes for patients, staff and stakeholders, which will continue to be demonstrated as a result of this strategy, are: Patients, carers and their families will be confident that they will:
receive excellent patient-centred care in an environment that promotes their safety, well-being and satisfaction as well as that of visitors and staff
receive care in an organisation which promotes a culture of creativity and innovation, in which risks are identified, understood and proactively managed.
Every member of staff will:
be involved in, and take responsibility for, the identification, management and minimisation of negative / harmful risks in their day to day work
be involved in, and take responsibility for the identification, management, and realisation of opportunistic risks within the Trust risk appetite in their day to day work
escalate risks without delay, including incidents and feedback with potential or actual serious impact
be competent to consistently describe and measure the impact and consequence of risks and the outcomes of effective risk management
Risk Management Strategy 2017-2022, V.4 Page 5
make informed management decisions based on risk HCT will demonstrate increased risk maturity through:
sharing identified risks and their management in an open and transparent way
be seen to continuously learn from and review the efficiency of its risk management.
be recognised for best practice in relation to risk management Therefore the Board will be confident in their systems of internal control and be provided with assurance on the effectiveness of systems in place throughout all levels of the Trust to ensure risks are being managed and mitigated. Risk management reports will be provided to the Board and linked to reviews of the risk management strategy.
1.4 Summary of main objectives are as follows:
Become a high performance, quality and risk managed organisation through an embedded risk management culture
Build individual and organisation risk management capability through an engaged and trained workforce
Establish integrated electronic risk management systems to support business function
1.5 The vision of the Risk Management strategy is set out below:
“HCT has an embedded positive risk management culture enabling self-managed teams and attainment of strategic objectives“
1.6 The goals are: Embedded Risk Management Strategy
Exemplar governance arrangements in place articulating delivery of the Trust’s strategic objectives
Exemplar risk policies and operational procedures to support and enable decision making for effective safe clinical care, improved patient experience and sustained effective financial management
An annual training programme
Embedded consistent risk reporting
Electronic risk register deployment providing a practical tool which enables effective prioritisation and decision making by identifying priorities for action and revealing operational areas for improvement
Integrated electronic risk management reporting, supporting integrated business planning
1.7 It will be delivered through:
Repeated review of governance arrangements, including management information
annual review and agreement of risk appetite
a dedicated Risk Management plan
learning from collated risk data and sharing across the Trust
delivery of an effective training programme supporting organisation sustainability
Delivery of the strategy is set out in the expected milestones (Appendix B) which will be monitored by the Audit Committee and annually by the Board.
Risk Management Strategy 2017-2022, V.4 Page 6
2.0 ORGANISATIONAL VISION AND VALUES
2.1 HCT’s vision is:
“to maintain and improve the health and wellbeing of the people of Hertfordshire and other areas of the Trust”
2.2 To achieve this vision HCT has agreed the following five clear objectives:
1. We will support the people we serve to manage their own health and wellbeing
2. We will improve clinical outcomes and enhance patient safety
3. We will support the substantial expansion of community services through the delivery of excellent core services for adults and children and the development of ambulatory services
4. We will use resources efficiently to enhance our ability to improve services
5. We will develop the organisational capacity to deliver our vision and objectives
2.3 Underpinning HCT’s strategy are Five Core Values:
Care - We put patients at the heart of everything we do.
Respect - We always respect patient privacy and confidentiality
Quality - We strive for excellence and effectiveness at all times. D
Confidence - We do what we say we will do
Improve - We will improve through continuous learning and innovation.
2.4 The Trust is committed to delivering ‘High Value Healthcare’ which we define as having four components:
Excellent clinical outcomes
An outstanding patient experience
Consistent and improving patient safety
Highly efficient and cost effective
RISK MANAGEMENT STRATEGY 2017 TO 2022 STRATEGIC CONTEXT
Risk Management Strategy 2017-2022, V.4 Page 7
3.0 WHERE ARE WE NOW?
3.1 The Trust is committed to a unified approach to risk management and has integrated
safety and incident reporting systems. The Trust has developed a governance system of internal control (SIC) which ensures that the strands of governance such as financial, clinical, operational and research are brought together in a coherent way.
Key Features Effective Enterprise Risk Management
Governance
Robust Risk Management underpins all decisions and business
planning to deliver strategic objectives
Risk Appetite
Organisational approach towards risk
Each risk is assessed to determine if within the risk Trust appetite
of acceptable risk (as per risk score and type of risk)
Risk
Identification
Context and impact on Trust strategic objectives is considered
Type of risk – Clinical, Organisational/Strategic, Financial, Reputational, Health & Safety, Information, Environmental
“cause” of the risk, its predicted “effect” and impact
potential “adverse / opportunistic consequence”
Risk
Assessment
Description of the risk including type, effect and adverse
consequences
Evaluation/quantification of potential financial and non-financial
impact – as per risk matrix scores (1-5) of likelihood and
consequence
Management approval of risk assessment including efficacy of
controls and assurances, risk score against Trust risk appetite,
Efficacious
Controls and
Assurances
Sources of internal and external assurances (audits/reviews) and
controls (reports to committees/Trust Board) identifies a
developing awareness and use of controls assurance
assurances.
Risk
Mitigation(s)
Decisions and actions to address the “cause” of the risk by
improving existing controls and assurances resulting in a
reduction the consequence and/or likelihood to within an
acceptable / manageable risk appetite level.
Risk Management Strategy 2017-2022, V.4 Page 8
The Trust undertakes regular revision of its risk appetite and aligns this within the Risk Management Policy and process. Appendix B outlines the risk appetite initial position and future aspirations.
The Trust is committed to an integrated governance approach to risk management which is achieved by a structure that functions to support a coordinated approach to governance and risk management. The Trust’s system of internal control is underpinned by the governance committee structure (Appendix D).
The key committees with responsibility for receiving assurances on risk management and the delivery of this strategy are the Trust Board and three of its sub-committees; Audit Committee, Healthcare Governance Committee, Strategy and Resources Committee and the Executive Team. All committees, sub–committees, groups and forums have responsibility to identify and escalate risks to the parent committee and thus to Board via the Assurance and Escalation Framework.
This is further supported by the Trust’s commitment of compliance with the registration requirements of the Care Quality Commission. It is based upon a re–iterative internal risk management process and a live risk reporting framework showing movement between service and Board (Appendix E). The Board Assurance Framework (BAF) assesses the principle risks to achieving the Trust corporate objectives. This framework enables identification of risks to achieve the organisation’s strategic objectives; to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically, identifying gaps in control and gaps in assurance which require action and monitoring.
3.2 HCT has adopted the IRM iterative approach to risk management; this ensures that risks are identified and managed by staff with the appropriate level of knowledge and responsibility for the specific risk faced. This includes the authority to identify and implement appropriate actions. This approach allows the escalation of risk through service, business unit and corporate structures when the likelihood changes or significant risk have been identified
Executive Directors have the responsibility to manage risks on the BAF and risks on the HLRR (current score 15 and above) in particular where the risk extends across a
Risk Management Strategy 2017-2022, V.4 Page 9
corporate directorate and is not limited to a business unit or service within that directorate. Assistant/ Deputy Directors have the responsibility to manage risks on the HLRR (current score 15 and above) where the risk is limited to their area of responsibility within the business unit or corporate directorate and risks on their business unit/corporate directorate risk register (current score less than 15) where the risk extends across the business unit or corporate directorate and is not limited to a service. Line Managers have the responsibility to manage risks on the business unit/corporate directorate risk register where the current risk score is less than 15 and where the risk is limited to their area of responsibility.
What does this mean for people who use our services? HCT will put patients first. The patient will feel HCT undertakes a risk managed approach to provide innovative programmes of care which are aimed at maintaining and improving the health and well-being of people for whom HCT are commissioned to provide services, therefore delivering risk managed high value healthcare. This supports HCT’s belief to deliver the right care at the right time to the right person. It ensures staff are trained to assess and manage healthcare for those people who use our services
3.3 A revised Risk Management Strategy was signed by the Board in November 2014 and
supports the Risk Management Framework. This has undergone a further revision in March 2015 to a Trust template and has enabled a review of the current strengths, weaknesses, opportunities and threats to be considered. In addition the strategy milestones have been articulated into the objectives found in Appendix C.
3.4 To date the Risk Management Implementation Plan has identified an improved
understanding of RM at Executive, GM and middle management (service lead) level. However turnover and organisational change determines improvement in consistency of application.
3.5 An approved Board Assurance Framework which is aligned to the Trust corporate
objectives and records the strategic risks, which are detailed in the electronic risk register.
3.6 The Risk Management policy in place since 2015 has been refreshed in line with the
revised strategy. The policy describes HCT’s approach to risk management, including process, roles and responsibilities. The Chief Executive has overall responsibility for the Trust risk management processes.
3.7 Capability development of the RM Team has been initiated in line with milestones to
enabling business continuity and resilience. 3.8 The RM Framework includes an Escalation Framework underpinning operational
application and RM decision-making. This has supported the intention for “I AM Responsible” for RM to be operationalized and is being monitored by the Executive Team.
3.9 Deployment of the electronic Risk Register has been undertaken and is being supported
with a frontline Risk Management programme: “Delivering Safer Care” and preliminary use of risk surgeries to support operational understanding. This will support consistency
Risk Management Strategy 2017-2022, V.4 Page 10
in application of the risk management process throughout all decision-making, clinical and non-clinical. The Risk Register also supports both business planning process and integrated business working and performance management of the strategic objectives.
3.10 Risk management principles are embedded in HCT’s approach to project risk
management of change whilst being sufficiently balanced to allow for the development of innovative practice and are monitored and reviewed through the PMO and QIA process which has been revised in Q2 of 2017/18.
Risk Management Strategy 2017-2022, V.4 Page 11
4.0 STRATEGIC CONTEXT
4.1 The national, local and regional drivers which influence the Risk Management Strategy include: National Drivers
Operating Framework
Commissioning Intentions
National reports, Francis Report, Savile Report
Regulatory requirements i.e. CQC, GDPR, H&S Regulations Regional and Local Drivers
Demographic growth projections – Office for National Statistics (ONS)
Non-demographic growth projections
HCT planned Service Developments
All HCT strategies
HCT Delivery Plan
4.2 The main elements impacting upon HCT’s Risk Management Strategy are outlined in the national drivers above and the local drivers below: Local Drivers
Commissioning intentions - changing to block contracts, impact of Health & Social Care partner commissioning, changes in HBLIT contractual arrangements, STP and ACO/ ACS developments all need consideration as part of the implementation plan.
CQUIN delivery
Quality Priority delivery
RISK MANAGEMENT STRATEGY 2217 TO 2022 SWOT
Risk Management Strategy 2017-2022, V.4 Page 12
5.0 SWOT ANALYSIS
5.1 HCT has revised its SWOT analysis in Q3 of 2017/18. Key elements are outlined below.
Table 6 SWOT
Strengths to Build On Weaknesses to Address
Board open to discussion & review
Quality Impact Assessment process linked to all PID, service developments and CIP decisions
Open culture
Learning and Development
Risk architecture (including Key Milestones, Developed risk escalation framework to and from board/service, risk policy, agreed risk appetite)
Live risk registers
Business Unit Performance Reviews encompass risk
Risk appetite evaluation (annual)
Good CQC registration
Infancy of Horizon scanning impacting upon across all strategies
Business Information Support developing in house
Risk Culture in infancy – inconsistent application
Limited learning from trends and near misses
Limited specialist risk skill set available
Risk aggregation requires development
QIR (Quality Impact Reviews) of PID and CIP decisions limited
Opportunities to Maximise Threats to Mitigate
Positive partner arrangements within Herts
Developing partner arrangement’s across STP programme
ACO/ ACS Development
Government Policy
Political Interest
Market bids, supporting income generation and reputation for High Value Health Care
Well managed risk optimises opportunities
External RM delivery
Government Policy
Commissioners unwilling to adopt innovation/ enhanced practice
Loss of Market bids
Political Interest
External RM delivery
Changes in commissioning intentions
Notice to tender services
5.2 Building on Strengths The Trust risk management framework encompasses:
A risk management strategy from providing the overall strategic aims to enable the Trust to achieve its overall vision
A risk management policy which describes HCT’s approach to risk management, including process, roles and responsibilities. The Chief Executive has overall responsibility for the Trust risk management processes
A ‘live’ risk register held on an electronic management system, which includes current historical risk assessments and record of current risk status and is linked to analysis of complaints and incident reporting
Risk Management Strategy 2017-2022, V.4 Page 13
An approved Board Assurance Framework which is aligned to the Trust
corporate objectives and records the strategic risks, which are detailed in
the electronic risk register
Risk management principles which are embedded in HCT’s approach to
project risk management of change whilst being sufficiently balanced to
allow for the development of innovative practice
Risk management principles which are embedded within t h e business
planning process requiring c o r p o r a t e directorates and business units
to identify and record risks linked to the integrated HCT strategies and
annual planning process.
5.3 Addressing Weaknesses
Developing specialist risk skill is being addressed through internal and external development programmes leading to a mixture of external RM qualification achievement and experiential outcomes within the RM Team. Whist bringing initial additional financial impact upon the service, it provides capability to the organisation and long-term support for consistency in approach including consistency of support to frontline staff. The organisational risk culture continues to develop, there remains and improved yet inconsistent application of RM tools. The in-house educational support and development of RM through achievement of external qualification will further develop the in-house RM education programme and reduce the inconsistency. The impact of horizon scanning across all strategies and scoping of new technology to support this work is to be further has been considered for further potential financial implications. Project Initiation Documents and Quality Impact Assessments are reviewed in year and will continue to be monitored to ensure due governance applied. Risk appetite is refreshed annually in light of business opportunities and threats. This is reviewed and signed off at Board. Further development of risk aggregation tools will support the risk appetite review. Further integration between risk management and Trust Business Information Platform will be undertaken to ensure exemplar governance arrangements are supported by robust Business Information.
RISK MANAGEMENT STRATEGY 2017 TO 2022 DELIVERING THE VISION
Risk Management Strategy 2017-2022, V.4 Page 14
6.0 VISION FOR RISK MANAGEMENT STRATEGY – WHERE DO WE WANT TO GO?
6.1 The HCT Risk Management vision has been determined so that it:
Reflects the key drivers and strategic context outlined in Sections 3 and 4
Supports HCT deliver its Vision and Strategic Objectives
Builds on strengths and maximising opportunities from the SWOT
Addresses weaknesses and mitigating threats from the SWOT
6.2 The vision for the Risk Management strategy is to:
“Embed a positive risk management culture enabling self-managed teams and
attainment of strategic objectives Risk Management Strategy Key Objectives – over five years
6.3 The Risk Management vision will be delivered through the achievement of three key objectives:
I. Become a high performance, risk managed organisation through an embedded risk management culture
II. Build individual and organisation risk management capability through an engaged trained workforce
III. Establish integrated electronic risk management systems to support business function
Key Initiatives
6.4 HCT’s Risk Management Strategy is structured under four key Initiatives. These are:
I. Board evaluation
II. Training programme
III. Scoping horizon scanning (automated)
IV. Integrating the electronic RM system into the HCT Business Information Platform
Risk Management Strategy 2017-2022, V.4 Page 15
7.0 HOW WILL WE KNOW WE HAVE DELIVERED THE VISION AND THE STRATEGY’S OBJECTIVES?
7.1 The Trust will have achieved the RM Strategy’s vision and objectives through the
achievement of a number of goals.
7.2 The next section outlines the projects / implementation plan to deliver the goals. The Goals and targets which will demonstrate HCT has achieved its Vision and objectives are outlined below. Appendix C includes a more detailed table including all SMART targets and milestones. Objective 1 - Become a high performance, risk managed organisation through an embedded risk management culture
Goal Description How Success will be
measured - KPIs When
Achieved
1 Embedded Risk Management Strategy
Risk strategy reviewed Risk strategy refreshed in line with revised SWOT
Q3 2017/8
2 Exemplar governance arrangements
Board agreement of risk appetite Risk Appetite informs annual review of KPIs Quality Impact assessment monitored and quality impact reviews completed BU plans have QIA with risks managed via Risk Register BAF signed off at the Trust Board
Annual Annual Quarterly Monthly Monthly
3 Exemplar risk policies and operational procedures
Revision of Risk Management Policy Assurance and Escalation Framework revised
In line with strategy review
4 Operational RM Escalation applied
Develop risk operational summit agreements in line with management information reports
Q4 2017
5 Trust Strategic Objectives are met
All Trust strategies demonstrate milestones achievement, with escalation or risks to achievement received in respective Board sub-committee
Annual
Risk Management Strategy 2017-2022, V.4 Page 16
Objective 2 - Build individual and organisational risk management capability through an engaged trained workforce
Goal Description How Success will be
measured - KPIs When
Achieved
1 An annual training programme
Delivering Safer Care agreed with Learning & Development Service managers able to identify, analyse, mitigate and management risks effectively Consistent risk scoring and evaluation of risk management in BUPR Continued delivery of risk surgeries to support staff understanding Develop risk management capability within the Risk Team through external qualification/ experiential learning
Annually Q4 Monthly through BUPR Monthly through BUPR Q1 2016 Q4 2018 Q4 2019
2 Embedded consistent risk reporting
Supported via risk surgeries all service leads self-activate monthly risk reporting Provide additional individual coaching as part of induction process
From Q4 2017 From Q4 2017
Objective 3 - Integrated electronic risk management system
Goal Description How Success will be
measured - KPIs When
Achieved
1 Electronic risk register deployment
Review Datix capability and retain licence Revised Datix modules to support IG management
Annually January Q1 2015
2 Integrated electronic RM reporting
Internal integration with HCT Business & Information Platform Routine service reporting undertaken by GMs
Q1 2018 Q4 2019
RISK MANAGEMENT STRATEGY 2017 TO 2022 FINANCIAL IMPLICATIONS
Risk Management Strategy 2017-2022, V.4 Page 17
8.0 STRATEGY – HOW WILL WE DELIVER THE VISION?
8.1 The Risk Management Strategy will be achieved through the delivery of a number of
key projects which are outlined and linked to the objectives laid out in Appendix B
8.2 Risk assessment is a repeated process and all risks are periodically reviewed and reassessed in view of contextual changes. Reassessment is undertaken proactively at intervals proportionate to the risk magnitude and risk appetite as well as reactively in response to anticipated or known changes. Risk appetite is explored for strategic and operational risks throughout the BAF, High Level Risk Register (HLRR) and Business Unit or Corporate Directorate risk registers and evidence considered before deciding if residual risks are acceptable or not.
All strategic risks are reviewed by the Executive Team who will confirm their management through the content of the BAF in preparation for presentation to the Board for their consideration.
All high level risks (risk score 15 - 25) are reviewed by the Executive Team who take responsibility and confirm management through the content of the HLRR in preparation for presentation to the Board for their consideration.
All lower level risks (risk score less than 15) are reviewed by the General Manager, Deputy Director or Director (risk owner) who confirm their management through the content of the Business Unit/Corporate Directorate risk registers.
8.3 Risks which are not considered acceptable (outside the Trust risk appetite) will be
managed through strategic and operational change or transferred out (e.g. by contracting out) leaving acceptable (and opportunity) risks. Such risks are managed and mitigated through the Trust’s risk management processes and retained risks are recorded and reviewed through the Trust’s risk registers.
8.4 In accordance with the Risk Escalation framework when monitoring the acceptable
risks, the Board, its subcommittees and the Executive Team will consider:
existing controls to determine whether the risk score is appropriate
whether identified additional controls are suitable and sufficient to mitigate the risk within appropriate timescales
whether there are links between identified risks, which point to broader corporate issues
whether identified risks represent risks to the Trust’s strategic aims and should therefore be escalated to the Board Assurance Framework (BAF)
8.5 Committee observations and required actions will be communicated to the parent
committee reporting to the Board via the Chair’s report. These will be considered by the committee under the standing agenda item of “Reflection and issues for escalation” and be focused towards assurance, escalation, integration (interdisciplinary work recommended) or the commissioning of additional actions / monitoring by a junior committee.
8.6 In summary HCT’s delivery plan and associated strategies will have specific elements within to ensure exemplar risk management is sustained throughout their implementation, with clear leaders identified as outlined in section 12.
RISK MANAGEMENT STRATEGY 2017 TO 2022 FINANCIAL IMPLICATIONS
Risk Management Strategy 2017-2022, V.4 Page 18
9.0 FINANCIAL IMPLICATIONS OF DELIVERING THE STRATEGY
9.1 The delivery of the strategy is subject the mitigation of the following financial implications.
9.2 Electronic License agreements: Significant time has been placed upon training in relation to a specific electronic risk management system. This system is web based and incurs an annual license fee, prone to fluctuation dependent upon modules used within the system
9.3 Furthermore the backup system required for historical legal data requires service support currently contracted out to a third provider. Maintenance of ICT support to manage the Electronic Risk Management system in place is reliant upon contracts with the third provider as noted above; this includes software upgrade to ensure fully functioning electronic systems. Thus the work aligned to this strategy has been integrated into the IT strategy work plan. This requires contract negotiation and associated financial penalties for non-delivery or contract amendments.
9.4 Organisational capability and sustainability requires external risk management training and qualification for identified RM staff. This incurs training costs for the whole 5 year plan which are subject to annual review and require placing in RM budget.
9.5 Scoping of future automated horizon scanning tools in year 2 and 3 will also bring additional cost not currently held within the budget or within the IT strategy implementation plan. Developments of an internal business platform may negate this potential additional cost.
9.6 Changes to the claims programme from April 2015 will also affect financial reward/payment incurred through litigation and will continue to be monitored and reviewed annually. Effective application of RM objectives will help mitigate future litigation claims.
RISK MANAGEMENT STRATEGY 2017TO 2022 QUALITY IMPLICATIONS
Risk Management Strategy 2017-2022, V.4 Page 19
10.0 QUALITY IMPLICATIONS OF DELIVERING THE STRATEGY
10.1 Full delivery of the strategy embedding an exemplar risk management culture will demonstrate a reduction in litigation claims, reduction in harm to patients and staff, increasing growth in contracting and an increased ability of self-managed teams.
10.2 Quality contract arrangements will be achieved supporting the Trust strategic objectives and specifically positive patient outcomes, improved patient experience and achievement of the financial long term delivery plan.
10.3 Additional contractual awards are achieved in recognition of an embedded effective risk management culture enabling sustainability as a quality care provider.
RISK MANAGEMENT STRATEGY 2017TO 2022 WORKING WITH STAKEHOLDERS
Risk Management Strategy 2017-2022, V.4 Page 20
11.0 WORKING WITH KEY STAKEHOLDERS
11.1 HCT undertook to communicate and engage with relevant stakeholders throughout
the formation of the 2014 is strategy. There has been internal involvement of staff in the revision this strategy, with a partnership approach to support safe effective service delivery helping to mitigate negative risk and maximise opportunities to support the Trust objectives.
RISK MANAGEMENT STRATEGY 2017TO 2022 WORKFORCE & ORGANISATIONAL DEVELOPMENT
Risk Management Strategy 2017-2022, V.4 Page 21
12.0 WORKFORCE AND ORGANISATIONAL DEVELOPMENT
The delivery of this strategy is dependent not only on the responsibility delegated to key committees and their integrated reporting structure but also through the responsibilities held within key roles in the Trust. More detail on the roles and responsibilities to service level are outlined in the Risk Management Policy.
12.1 Chief Executive of HCT The Chief Executive Officer is the Accountable Officer for the Trust and has overall accountability and responsibility for the operational implementation of this strategy, development of the Annual Governance Statement and for ensuring that Executives and Non-Executive members of the Trust Board access annual training and education for risk management in healthcare.
12.2 Director of Quality & Governance/Chief Nurse
The Director of Quality & Governance/Chief Nurse has delegated overall responsibility from the Chief Executive Officer and is the Executive Lead Director for ensuring that all risk and assurance processes are devised, implemented and embedded throughout the organisation and reports to the Chief Executive and Executive Team any significant issues arising from the implementation of this strategy including evidence of non-compliance or lack of effectiveness arising from the monitoring process so that remedial action can be undertaken.
As Chief Nurse the Director of Quality & Governance has responsibility for seeking assurances on the management of risks related to professional practice of nurses and allied health professionals in the Trust, liaising with the Trust’s lead Allied Health Professional (AHP) and professional bodies as required.
12.3 Medical Director
The Medical Director has responsibility with the Director of Quality & Governance/Chief Nurse for clinical risk management and clinical governance, and is jointly responsible with the Director of Finance for information governance. The Medical Director is the Caldicott Guardian, and facilitates medical and dental staff compliance with all safety and risk management procedures and seeks assurances on the management of risks related to their professional practice and revalidation, liaising with professional bodies as required.
12.4 Director of Finance
The Director of Finance has responsibility for ensuring that the Trust operates within financial constraints and balances competing financial demands and coordinates the internal audit programme for the Trust. The Director of Finance is the SIRO (Senior Information Risk Owner) for the Trust with delegated responsibility for information governance risk management.
12.5 Company Secretary
The Company Secretary is responsible for maintaining the BAF on behalf of the Board and the Executive Team and ensuring that it is presented to the Board and Audit Committee at the agreed intervals.
Risk Management Strategy 2017-2022, V.4 Page 22
12.6 Executive Directors and Executive Team
The Executive Directors are accountable to the Chief Executive for all areas of risk and assurance in respect of their areas of remit. As such, in addition to being collectively responsible as an Executive Team, they are also individually accountable to the CEO, the Audit Committee and the Board. This includes taking responsibility for risks populating the BAF and ensuring within their directorates the appropriate and timely populating, and reporting of effective management including escalation of risks within risk registers. Executive Directors are responsible for directing the implementation of the risk strategy and associated policies and ensuring that risk management arrangements are embedded within their areas of responsibility.
12.7 Assistant Director of Risk and Quality Assurance
The Assistant Director Risk and Quality Assurance is accountable to the Director of Quality & Governance and Chief Nurse, and has delegated responsibility for the implementation of risk management and clinical assurance processes across the Trust working through the Risk & Assurance Team and with the Directors, Deputy Directors, General Managers and Service/Locality Managers in the Trust. The Assistant Director Risk and Quality Assurance is responsible for maintaining progress against the milestones outlined in the risk management strategy, and for ensuring the HLRR is maintained on behalf of the Board and the Executive Team and analysing the CQC Quality & Risk Profile for the Trust and ensuring they are presented to the Board and Audit Committee at the agreed intervals.
12.8 Non-Executive Directors
The Board chair is the designated Non-Executive link for the Risk Strategy. All Non-Executive Directors have been consulted in the development of the strategy. All have responsibility to provide appropriate objective challenge and to seek assurance of effective implementation.
12.9 All Staff
All staff have a responsibility to be familiar and comply with the Trust’s risk management policies and processes, and to identify, assess and report risks, and to mitigate risks over which they have control in their daily work and to cooperate with their line managers in respect of the line manager’s responsibilities. This includes using the Assurance and Escalation Framework to raise concerns. They are also responsible for undertaking training identified by their line manager and to report known breaches of compliance with the risk management policies whether by others or by themselves.
RISK MANAGEMENT STRATEGY 2017 TO 2022 BENEFITS REALISATION
Risk Management Strategy 2017-2022, V.4 Page 23
13.0 BENEFITS REALISATION
13.1 The key intended benefits the strategy will achieve are:
Staff feel well supported and have the resilience to adapt and deliver what is required of them.
Services are well led and staff are confident acting as leaders whatever their role.
Self- managed teams demonstrate safe, clinically effective, efficient service delivery.
The Trust delivers the milestones within all strategies
The Trust has resilience and strengthened adaptability through the embedded pro-active risk management culture.
RISK MANAGEMENT STRATEGY 2017 TO 2022 RISKS / ISSUES AND MITIGATIONS
Risk Management Strategy 2017-2022, V.4 Page 24
14.0 RISK / ISSUES and MITIGATIONS
14.1 The main risks to successfully achieving the objectives of this strategy include:
Failure to engage and retain all stakeholders from service to Board in this iterative framework.
Ineffective Horizon scanning, including automated models therefore missing opportunities or threats to future HCT business and thus under minding compromising the vision to embed an exemplar risk management culture
Limited capability within the RM during external development.
Limited ability to scope and acquire additional automated electronic platforms to support the process, including formation and agreement of the annual risk appetite as future business is developed.
14.2 Responsibility for managing these risks remains with the Executive Team with major
risks escalated to the Trust Board. 14.3 These risks will be monitored within the overall Risk Management regime established
within HCT. As such high risks issues are reported to the Board on a bi-monthly basis. 14.4 Risk is scored via a 5 by 5 matrix which assesses the potential impact of a risk
occurring and its likelihood of occurring.
14.5 Whilst not exclusive, mitigating actions generally reduce the likelihood of a risk occurring.
14.6 Risks are defined using the following structure: There is a risk that:
X” Cause may lead to
“Y” Effect resulting in
“Z” Adverse Consequence
It is a model based on work by the International Risk Management (IRM) Organisation and the National Learning and Reporting System (NRLS).
There is a Risk that…
“X (Cause) may lead to Y (effect) resulting in Z (adverse consequence)”
C L Score CxL
Mitigating Actions
1
2
3
Risk Management Strategy 2017-2022, V.4 Page 25
Risk scoring = Consequence (C) x Likelihood (L)
Likelihood (L) 1 2 3 4 5
Rare Unlikely Possible Likely
Almost Certain
5 Catastrophic 5 10 15 20 25
4 Major 4 8 12 16 20
3 Moderate 3 6 9 12 15
2 Minor 2 4 6 8 10
1 Negligible 1 2 3 4 5
14.7 Risk will have mitigation actions to address gaps in either controls or assurance of
efficacy of those controls. This will be monitored through the risk escalation framework at all levels of the organisation from service to Board as the strategy is fully realised.
RISK MANAGEMENT STRATEGY 2017 TO 2022
Risk Management Strategy 2017-2022, V.4 Page 26
15.0 ASSUMPTIONS, INTER/DEPENDENCIES, CONSTRAINTS
15.1 The Risk management strategy is a supporting strategy of HCT and has therefore
utilised the following inputs to shape and drive the organisational needs that the strategy needs to serve:
a. Operational Delivery Plan
b. Long Term Financial Model
c. Market Strategy
d. Health and Wellbeing Strategy
e. Workforce & Organisational Development Strategy
f. Partnership Strategy
g. Risk Management Strategy
h. Estates Strategy 15.2 Implementation of the strategy depends on having sufficient capacity within the Quality
and Governance corporate directorate to lead the range of developments set out and provide the necessary level of support to the organisation.
15.3 Progress in implementing the strategy will be monitored through the Executive team
and will be reviewed on a regular basis through the Audit Committee (Trust Board sub-committee). Regular progress updates will also be taken to the Trust Board as part of the Director of Quality and Governance report and via the Trust Annual Report.
RISK MANAGEMENT STRATEGY 2017 TO 2022
Risk Management Strategy 2017-2022, V.4 Page 27
APPENDIX A GLOSSARY OF TERMS AND ABBREVIATIONS
Abbreviations bespoke or specific to this strategy Abbr Definition
HBLIT Supports IT risk management software
NRLS National reporting and Learning System
RM Enterprise risk management – A management culture that works across and through the whole business of the organisation
Other Common / High level Abbreviations within HCT Abbr Definition Abbr Definition
ADO Assistant Director of Operations IPA Integrated Point of Access
ACO Accountable Care Organisation LTC Long Term Conditions
ACS Accountable Care System LTFM Long Term Financial Model
CCG Clinical Commissioning Groups Monitor Independent Regulator of Foundation Trusts
COPD Chronic Obstructive Pulmonary Disease MDT Multidisciplinary Team
CQC Care Quality Commission NHSI NHS Improvement
D2A Discharge to Assess NHSR NHS Resolution
DH Department of Health NHSE NHS England (National Commissioning Board)
EDS Equality Delivery System NMET Non-Medical Education & Training
EIS Early Implementation Sites OD Organisational Development
EWTD European Working Time Directive ONS Office of National Statistics
GP General Practice / General Practitioner OT Occupational Therapy
GDPR General Data Protection Regulations QIPP Quality Innovation Productivity Prevention
HCC Hertfordshire County Council RR Rapid Response
HCP Healthy Child Programme SaLT Speech and Language Therapy
HCT Hertfordshire Community NHS Trust SIP (Hertfordshire’s) System Integrated Plan
HF Home First SPOC/A Single Point of Contact / Access
HWBS Health and Well Being Strategy SWOT Strengths Weaknesses Opportunities Threats
IM&T Information Management & Technology VW Virtual Ward
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 28
APPENDIX B – RISK APPETITE
HCT Risk Appetite by Risk Domain aligned with matrix adopted from Good Governance Institute Domain Definition Level
2017/18 Appetite
17/18 Aspirational
Level 2020/2021
Aspirational
Appetite 2020/2021
Financial Prepared to invest for return and minimise the possibility of financial loss by managing the risks to a tolerable level. Value and benefits considered (not just cheapest price). Resources allocated in order to capitalise on opportunities. – Expansion new business within Hertfordshire
3 Open
High
5 Mature
Significant
Compliance / Regulatory
Limited tolerance for ‘placing HCT out of step with expected standards’. Want to be reasonably sure we would win any challenge.
2 Cautious
Moderate 5 Mature Significant
Innovation / Quality Outcomes
Innovation pursued – desire to ‘break the mould’ and challenge current working practices. New technologies viewed as a key enabler of operational delivery. High levels of devolved authority – management by trust rather than tight control.
4 Seek
Significant
4 Seek
Significant
Reputation
Tolerance for risk taking limited to those events where there is little chance of any significant repercussion for the organisation should there be a failure. Mitigations in place for any undue interest.
2 Cautious
Moderate
4 Seek
Significant
Key to level 0 Avoid Avoidance of risk and uncertainty is a key organisational objective Appetite: None
1 Minimal As little as reasonably possible(ALARP) - Preference for ultra-safe delivery options that have a low degree of inherent risk and only for limited reward potential
Low
2 Cautious Preference for safe delivery options that have a low degree of inherent risk and may only have limited potential for reward
Moderate
3 Open Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and Value for Money)
High
4 Seek Eager to be innovative and to choose options offering potentially higher business rewards (despite greater inherent risk)
Significant
5 Mature Confident in setting high levels of risk appetite because controls, forward scanning and responsiveness systems are robust
Significant
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 29
HCT Risk Appetite by Strategic Objective aligned with matrix adopted from Good Governance Institute
Objective Definition Level 2017/18
Appetite 2017/18
Aspirational level
2019/2021
Aspirational Appetite
2019/2021
We will support the people we serve to manage their own health and wellbeing
Preference for safe delivery options that have a low degree of inherent risk and may only have limited potential for reward. for
2
Cautious
Moderate
3 Open
High
We will improve clinical outcomes and enhance patient safety
(as little as reasonably possible) Preference for ultra-safe delivery options that have a low degree of inherent risk and only for limited reward potential
1 Minimal
Low
1 Minimal
Low
We will support the substantial expansion of community services through the delivery of excellent core services for adults and children and the development of ambulatory services
Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and Value for Money; VfM) – within Hertfordshire
3 Open
High
4 Seek
Significant
Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and Value for Money; VfM) – outside Hertfordshire
2
Cautious
Moderate
3 Open
High
We will use resources efficiently to enhance our ability to improve services
Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and VfM)
3 Open
High
5 Mature
Significant
We will develop the organisational capacity to deliver our vision and objectives
Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and VfM)
3 Open
High
5 Mature
Significant
0 Avoid Avoidance of risk and uncertainty is a key organisational objective Appetite: None
1 Minimal As little as reasonably possible(ALARP) - Preference for ultra-safe delivery options that have a low degree of inherent risk and only for limited reward potential
Low
2 Cautious Preference for safe delivery options that have a low degree of inherent risk and may only have limited potential for reward
Moderate
3 Open Willing to consider all potential delivery options and choose while also providing an acceptable level of reward (and Value for Money)
High
4 Seek Eager to be innovative and to choose options offering potentially higher business rewards (despite greater inherent risk)
Significant
5 Mature Confident in setting high levels of risk appetite because controls, forward scanning and responsiveness systems are robust
Significant
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 30
APPENDIX C – ACHIEVEMENT OF THE STRATEGY OBJECTIVES
Objective 1 Become a high performance, risk managed organisation through an embedded risk management culture
Goal
Link to
Trust SO
SMART Target / KPI
Measure Base line
Y4 17/18
Y5 18/19
Y6 19/20
Y7 20/21
Y8 21/22 Target
1
Embedded Risk Management Strategy
1,2,3,4
A Risk strategy reviewed
Board Agreed Nov 2014 Agreed Annually agreed
Annually agreed
Annually agreed
Annually agreed
1,2,3,4
B
Risk strategy refreshed in line with revised SWOT
Board Agreed May 2015 Annually agreed
Annually agreed
Annually agreed
Annually agreed
Annually agreed
1,2,3,4 C
Risk Strategy Implementation plan refreshed
Executive Agreed
Sept 2017 Audit
Committee Report
Audit Committee
Report
Audit Committee
Report
Audit Committee
Report
Audit Committee
Report
1,2,3,4 D
Trust strategic Milestones achieved
Board subcommittee agree
April 2017 Annually agreed
Annually agreed
Annually agreed
Annually agreed
Annually agreed
2 Exemplar governance arrangements
ALL A
Board agreement of risk appetite
Minutes at Board
Agreed Jan 2017
Jan 2017 Annually agreed
Annually agreed
Annually agreed
Annually agreed
4
B Risk Appetite informs annual review of KPIs
IPBR agreed Board
Agreed IBPR
metrics March 2014
Annually agreed
Annually agreed
Annually agreed
Annually agreed
Annually agreed
1,2,34
C Quality Impact assessment revised
Healthcare Governance minutes
Revised QIA
process 2017
Agreed revised
QIA process
Q3
Annually agreed
Annually agreed
Annually agreed
Annually agreed
1,2,3 D BU plans have BUPR and PMO in Agreed Monthly Monthly Monthly Monthly
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 31
,4 QIA with risks managed via Risk Register
PMO place reported to Exec
via BUPR
Q4
1,2,3,4 E
BAF signed off at the Trust Board
Board minutes
Monthly Monthly Monthly Monthly Monthly Monthly
3
Exemplar risk policies and operational procedures
1,2,3,4
A
Revision of Risk Management Policy
Executive Team agreed
Revised current policy
Revised Dec 2017
Annual review
Annual Review
Annual Review
Annual review
3,4
B
Assurance and Escalation Framework revised
Executive Team agreed
Risk Escalation process in
place
Escalation process agreed
Nov 2017
Annual review
Annual Review
Annual Review
Annual review
3,4 C
Annual review of all policies and SOP
Healthcare Governance Agreed
Annual Plan
approved April 2017
Annual review
Annual Review
Annual Review
Annual review
3,4
D Timely Risk Summit activated
Executive Team agreed
Risk Escalation process in
place reports via
BUPR
Escalation process agreed
Nov 2017
Monthly Monthly Monthly Monthly
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 32
Objective 2: Build individual and organisational risk management capability through an engaged trained workforce
Goal
Link to
Trust SO
SMART Target / KPI
Measure Base line
Y4 17/18
Y5 18/19
Y6 19/20
Y7 20/21
Y8 21/22 Target
1 An annual training programme
2,3
A
Delivering Safer Care agreed with Learning & Development
Agreed in L&D annual programme
Q4 annually
Annual Annual Annual Annual Annual
1,2,3,4
B
Service managers able to identify, analyse, mitigate and management risks effectively
I AM Responsible demonstrated via Datix and BUPR
Monthly Monthly Monthly Monthly Monthly Monthly
4
C
Consistent risk scoring and evaluation of risk management in BUPR
Datix and BUPR reports
Monthly Monthly Monthly Monthly Monthly Monthly
1,2,3,4
D
Development of risk surgeries to support staff understanding
Surgery cycle developed
Q4 Quarterly Quarterly Quarterly Quarterly Quarterly
4
E
Develop risk management capability within the
Confirmed achievement of IRM qualification
DDQ IRM certified Develop Internal
DDQ IRM Dip module 4
RM and RC IRM certified
DDQ IRM Dip module 5
DDQ IRM Dip
module 6
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 33
Risk Team through external qualification
SOP
2
Embedded consistent risk reporting
1,2,3,4
A
Supported via surgeries service leads activate monthly risk reporting
Service level Risk Registers
One operational Business
Unit
One operational
Business Unit
All operational Business
Units
All operational Business Units and Corporate
All operational Business Units and Corporate
All operational Business Units and Corporate
1,2,3,4
B
Provide additional individual coaching as part of induction process
Improved consistency in risk scoring and documented risk management
Risk registers
run by RM team
Risk registers run by one operational
Business Unit and Quality Directorate
(some inconsistency)
All operational Business
Units report inconsistency
at BUPR
All operational Business Units and Corporate
75% consistent
All operational Business Units and Corporate
90% consistent
All operational Business Units and Corporate
90% consistent
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 34
Objective 3: Integrated electronic risk management system
Goal
Link to
Trust SO
SMART Target / KPI Measure Base line
Y4 17/18
Y5 18/19
Y6 19/20
Y7 20/21
Y8 21/22
Target
1 Electronic risk register deployment
4
A Review Datix capability and retain licence
Licence obtained
Licence obtained
Revised Datix
upgrade with roll out to all operational teams
Annual maintena
nce
Annual maintena
nce
Annual maintenan
ce
Annual maintena
nce
4 B
Revised Datix modules to support IG and new GDPR management
Single electronic RM system
Module baseline
Q1 Monthly Monthly Monthly Monthly Monthly
2 Integrated electronic RM reporting
4
A Internal integration with HCT Business & Information Platform
Effective quality reporting
Quality schedule
and BUPR
Agreed by Q1
Monthly Monthly Monthly Monthly
1,2,3,4
B Routine service reporting undertaken by GMs
Effective quality report (I AM Responsible demonstrated)
Agreed by Q4
Quarterly at BUPR
Quarterly at BUPR
Quarterly at BUPR
Quarterly at BUPR
Quarterly at BUPR
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 35
APPENDIX D – COMMITTEE STRUCTURE
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 36
The Board has collective responsibility for overseeing all aspects of risk management throughout HCT and seeking assurances (positive or negative) that this strategy is effectively implemented, monitored and complied with.
The Board is the designated committee for this strategy and is responsible for reviewing the Trust’s risk management performance against achievement of its strategic objectives. This includes receiving assurances from the Chief Executive and Executive Directors and Board Committees that mitigation is in place through controls and actions, and for setting the risk management strategy and delivery plan, determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives (risk appetite) and allocating resources as required. It has delegated the functions of risk governance to key governance committees, each of which has a responsibility to provide assurance to the Board in respect of the risks that fall within their specific remit. The Board receives a copy of the Board Assurance Framework (BAF) and High Level Risk Register (HLRR) quarterly.
The Trust Board and its sub-committees are committed to risk management and will:
where appropriate, demonstrate personal involvement and support for risk management
approve, review and monitor key strategies, policies and associated training for risk management on a regular basis
ensure that there is a structure and training in place for effective risk management within the Trust
manage and monitor risk identified in the BAF and HLRR that may prevent the Trust from achieving its objectives
identify and manage risks raised by appropriate directors and receive assurance that mitigation is in place
be involved in external assessments of risk management.
Audit Committee
The Audit Committee has delegated responsibility on behalf of the Board to seek satisfactory assurances that the Trust is meeting its statutory internal and external requirements to remain a safe effective business through embedded and effective risk management systems and processes with appropriate support from internal/external audit. It has primary responsibility for all aspects of financial risk and retains an overview of governance risks including clinical risks.
The Audit Committee is responsible for seeking assurances that the strategic and high level risks are being controlled and managed effectively and advising the Board on the adequacy of risk management arrangements throughout the Trust. It reviews the BAF and HLRR (and de-escalated high level risks) at every meeting and receives a paper outlining links between them, and progress and issues for review. It receives a summary of the CQC Quality & Risk Profile for the Trust each quarter and undertakes a review of the (draft) Annual Governance Statement each year.
Healthcare Governance Committee
The Healthcare Governance Committee has overall responsibility for ensuring effective risk management for patient safety, patient experience, infection prevention and control, safeguarding, clinical audit and clinical effectiveness and will bring to the attention of the Audit Committee and the Board risks that may affect patient safety
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 37
and/or failure to meet the Care Quality Commission Fundamental Standards of Quality and Safety.
The Healthcare Governance Committee is responsible for considering and reviewing clinical risks and ensuring that high operational or strategic risks are reported to the Executive Committee for consideration to populate the Board Assurance Framework and through this to the Audit Committee. It receives the High Level Risk Register in line with its business cycle with a summary paper outlining progress and issues for review.
Strategy and Resources Committee
The Strategy and Resources Committee has overall responsibility for ensuring the Trust cooperates within financial constraints and manages risks related to investment and business development and will ensure systems are in place to this effect.
The Strategy and Resources Committee is responsible for considering and reviewing finance and business risks and ensuring that high operational or strategic risks are reported to the Executive Committee for consideration to populate the Board Assurance Framework and through this to the Audit Committee.
Executive Team
The Executive Team has collective responsibility for ensuring that:
effective systems, processes and resources are in place for the implementation of the risk management related policies and for their compliance
arrangements are in place for receiving and reporting (positive or negative) assurances through to the Trust Board or any relevant committee or sub-committee of the Board as delegated, as to the effectiveness of and compliance with risk management related policies and this strategy.
The Executive Team is responsible for all aspects of managing risk, including
reviewing the Board Assurance Framework (BAF) and High Level Risk Register (HLRR) every month
confirming their validity and considering escalation/de-escalation and linking between the BAF and HLRR
ensuring steps are taken to mitigate the risks and reduce them to an acceptable level
approving all risk management related policies collating the annual training needs of the Board.
Other sub-committees of Healthcare Governance Committee and sub-groups of the Executive Team have delegated responsibility for overseeing all areas of risk management within their specific area/s of remit as defined in their terms of reference These committees have their remit and responsibilities related to risk embedded in their respective terms of reference.
RISK MANAGEMENT STRATEGY 2017 TO 2022 APPENDICES
Risk Management Strategy 2017-2022, V.4 Page 38
APPENDIX E – RISK REPORTING FRAMEWORK