business services organisation (bso) - board corporate risk and assurance report 2013 … ·...

1

BSO 2013

19th December 2013

Board

Corporate Risk and Assurance Report 2013-14

1. Purpose of this report

The purpose of this report is to record changes to the Corporate Risk Report

2013-14, made between October and December 2013, and to outline progress

made to date on risk actions.

SMT, at its meeting on 6th November 2013, reviewed the report to ensure

proportionate risk actions have been outlined

2 Changes to the Corporate Risks

New Risks

No new risks have been added to the register.

Revised Risks– the following risks were updated and amended between

October and December 2013 – 1, 3, 4, 5, 6, 7, 11, 12 and 13. Changes are

highlighted in red.

Risk no 5 has been amended to reflect the risk that the transition process from

Trust provided HR and Financial services to Shared Services Centres could

break down.

2

Risk No 7– ‘In advance of BSTP and related system modification, older more

manually intensive systems fail to meet their objectives’ has been revised to refer

specifically to the FPS Replacement System as the BSTP systems are now live.

Risk no 12 – changes to this risk are as follows:

(i) ‘Absence of Formal Accountability Framework for Clinical Screening

Services inc Bowel Screening’ has been archived as an Accountability

Framework is in place.

(ii) Part (a) ‘Impact of Fermanagh District Council Rural Addressing Project’ –

risk description has been revised to reflect difficulties being experienced in

the roll out of the project.

Risks Removed

BSO Growth Strategy is negatively impacted if policy/legislation remains

unchanged’ has been removed from the Corporate Risk Register however it will

continue to be monitored on the CRSI Service Risk Register.

‘Qualification of BSO Accounts in 2012/13 due to extension of Warehouse

Contracts’ has been removed from the Corporate Risk Register as the accounts

are signed off and an unqualified opinion has been issued.

With the removal of several risks, the remainder have been renumbered to reflect

the changes.

3 Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = No Change / Risk Increasing / = Risk Decreasing Assurance Legend: I for Internal Assurance / E for External Assurance

Corporate Objective No 1 To Improve Customer Experience

Report on Board Action Plan

Risk Description Current Risk Score

Controls Assurances Action By Whom Start – End

Dates

Comment

L I S Rate

1. Levels of savings in the overall environment for HSC are so great that BSO service provision to customers are negatively affected and/or we fail to breakeven. Risk Owner(s) DoF CX / Dirs

3 4 12 High

Budgetary Process Breakeven Budget with specified savings programme

Budgetary Monitoring (I) SMT Accountability to CX (I) External Audit - Report to those charged with Governance (E) Budgetary Control process (I) Directorate Service Team Meetings (I) Financial Accountability Reviews with Directors (I) Financial Management Standard (I) & (E) Risk Reporting & Review (I) CX Review of Dirs Objectives (I) Dept Accountability Review (E) MIPB Assessment

SMT to agree approach to DHSSPS budgeting targets on 6.02.13

Ongoing

High level budgeting assumptions for BSO for forthcoming financial year received from DHSSPS 23.01.13 Service offering issued to clients April 2013. Zero based budget approved by BSO July 2013. We await DHSSPS guidance on 2014/15 savings requirement.

2. Inability to prove quality, productivity and VFM, and show that we are competitive and addressing customer expectations. Risk Owner(s) DoCCP Dirs

2 4 8 High

Existing Processes to measure Quality Standards. SLA’S KPI’s Framework /Scorecard Monthly report to Customers Internal Audit programme Audit Control Process

Accredited Bodies - ISO/Lexcel (E) Monthly Reports to Customers (I) Scorecard monitoring SLA Monitoring (I) Financial Management Standard (I) & (E) Customer Survey (E) SMT Meetings (I) GAC Audit Control Review (I) Dept Accountability Review (E) MIPB Assessment

Further participation of BSO Services for 2012/13

DoCCP

Autumn 2013

IA, Pensions and CFPS benchmarking exercises completed. Benchmarking timetable to be approved by SMT.

Develop Customer Service Training Programme

DoCCP

March 2014

25 Training Sessions have been delivered. Positive response received from participants and customers. Further sessions for FPS, PaLS and DLS to be planned over next 6 months.


Corporate Objective No 2 To Grow and Develop




Dates

Comment

L I S Rate

3. Lack of Resources to deliver the Outcomes for Finance, HR, Procurement and FPS Business Systems Replacement.

Risk Owner Dir of BSTP Dept SRO

3 4 12 High

Following completion of Procurement in October 2012 the updated OBC for FPL and HRPTS systems was approved by DHSSPS and DFP. Revised governance arrangements in place. CXs members of Programme Board and HR & Finance Directors members of Implementation Board. Money released for both systems. Resources identified for FPS systems within HSC ICT budget and OBC approved by DFP. FPS governance transferred to HSC ICT programme.

Dept Accountability Review quarterly (E). Programme Board Reporting monthly (I) Implementation Board monitoring monthly. Technical groups established and meet weekly. Updated OBC for HRPTS & FPL to be submitted and approved before contract signature.

Programme Director to work with SRO & Capital Branch to ensure that reserved monies are released as required. Programme and Project budgets to be developed for 2014 and approved at BSTP board meeting 8

th April 2013.

FPL go lives completed in all HSC organisations. Performance and stability satisfactory. ATP4 scheduled for October 2013. Gateway 4 (HRPTS) and Gateway 0 (BSTP) recommends a stream of work on benefits should be established.

Dir of BSTP

June 2014

BSTP has reduced allocations to Trusts. This is in line with BSTP systems budget allocation for systems deployment. Programme have received conditional approval of addendum OBC from DFP Supply and DHSSPS which will cover the capital costs, however addition of revenue costs remain unaddressed. Programme Accountant is in post. Robust financial reporting process with monthly updates to programme board. . BSTP benefits workstream established. Benefits profiles updated. Benefits workshop commenced with Trusts and BSO.






Dates

Comment

L I S Rate

4. Shared Services may not achieve business case outcomes. Risk Owner Dir of BSTP Dept SRO Dir Ops Dir of Finance (for charging/funding model)

3 4 12 High

Feasibility Study (2007) on Shared Services Programme Board Project Structure Dept Review Strategic Outline Case (2009/10) – DFP/Dept Assurance

Project Board (I) Programme Board Reporting (I) DFP/Dept OCB Reviewed (E) SS SS Quality Assurance Group (E) Dept Accountability Review (E) MIPB Assessment Engagement with Senior HSC Officers re design of Shared Services. Public consultation closed end Feb. Ministerial decision announced on 14 May 2012.

Revised OBC resubmitted to DFP November 2012 – awaiting approval.

Project Plan revisited in light of new dates for accommodation & systems go-live. SMT reviewing the implementation plan & progress on a fortnightly basis.

Dir of BSTP

Apr – Feb 14

Current

Accommodation timescales slipped due to OBC approval timescales. OBC has received DHSSPS approval and been submitted to DFP. Interim accommodation proposed for all sites if required. Full re-plan presented to BSTP Programme Board on 2

nd September 2013 and

approval received. Lack of availability of central team resources for Shared Services implementation continues. SMT have revisited Shared Services’ budget. Revenue costs for training and double manning submitted to DHSSPS in addendum to OBC. Funding stream not yet established. Charging & funding model for 2013/14 discussed with SRO on 2

nd August 2013. Funding

gap of £2.6m has been communicated to all Trusts/HSC organisations. FPL and HRPTS annual system service costs/source


of revenue funding for 2013/14 discussed at DoF meeting on 8

th November

2013.






Dates

Comment

L I S Rate

5. Inability to implement new Shared Service for Payroll, Payments, Income, Selection & Recruitment in line with Departmental timetable and customer expectations. Risk of disruption to services during period of transition.

3 4 12 High

BSTP Governance reporting processes. BSO Shared Services Project oversight by BSO SMT. Project operated using Prince methodology. - Working

Group/Project Boards in place with all

Strategic adviser appointed to assist BSO SMT. BSTP Programme Board reporting. PMO & reporting established bi-weekly. BSTP Implementation Group – regular reporting and review of progress.

Project Plan revisited in light of new dates for accommodation & systems go-live. Central administration, resources and structures to be agreed. BSO Project Team to be established for bringing each Shared Services Centre into operation. Phased roll-out of shared services dependent on systems roll-out and stabilisation.

Dir of Ops

December 2014

Full re-plan presented to BSTP Programme Board on 2

nd September 2013 and

approval received. Transfer of staffing from central team progressing. 4 staff transferring from FPL to BST on 1

st October 2013.

Joint Working Groups established with key Trusts for early waves of transfer. FPL team addressing workarounds and final areas of functionality not yet delivered by ABS (including line level matching and self-billing). HRPTS issues remain with eRec & MSS/ESS deployment which affects Payroll & Recruitment Shared Services Plan. - Workforce transition plan

to maximise level of experienced staff for each centre


Risk Owner Dir of Ops/Dept SRO

organisations to deal with cut over activities

- SSIG & RIB monitoring

- Training plan to maximise competency in systems & procedures

- Recruitment activity to ensure correct staffing levels

- Trusts considering Assurance Audit post ‘go live’






Dates

Comment

L I S Rate

6. Inability to implement replacement systems for Finance, HR and Procurement in line with agreed plan. Risk Owner Dir of BSTP

4 4 16 High

Fully resourced HRPTS and FPL teams in place. Weekly Status Reporting system in place for HLC AXON an AXON contractors. Integrated regional Implementation Board established with members drawn from all key stakeholder groups. Programme Risk Register and Report regular reviewed by Programme Board. Programme have received conditional approval of addendum OBC from DFP Supply and DHSSPS.

Quarterly Dept Accountability Review (E) Monthly Programme Board review Implementation Board monitoring resource plans monthly FPL, HRPTS and Integrated technical groups in place Self-Assessment Gateway Review (I) Gateway Review (E) CX Review of Dirs Objectives (I)

Implementation in line with FPL corrective plan which was accepted 30

th

April by RIB and approved on 13

th May

by BSTP. HRPTS re-plan activities and contractual discussion still ongoing. Relationship with AXON stabilised. Careful management of PaLS capacity required where staff are also engaged in the management of the contracts recovery plan.

June 2014 HRPTS project working to revised project plan. Voice Picking went live on 30

th September 2013.

E recruitment – delay to e-recruitment go-live. Paper to be presented to HRD forum on 12th December to agree the way forward. Then to be presented to HRPTS Project Board. ESS/MSS – Current Trust IT infrastructure may not allow full roll out of ESS & MSS. This will impact on release of staff to Shared Services. Work is progressing on channel approach and underlying principles supporting deployment. An


overarching deployment paper was presented on the 4

th December detailing how

we propose to widen ESS/MSS access across all Trusts. E-rostering issues regarding Trust bank staff and moving them on to Allocate system (Interim solution Payroll staff will complete this work). A short paper detailing this approach was presented by the Rostering working group to BSTP Programme Board on 4

th December 2013.


Corporate Objective No 3 To Recognise and Embed Excellence & Innovation




Dates

Comment

L I S Rate

7. In advance of FPS Replacement System, older more manually intensive systems fail to meet their objectives and BSO fails to realise financial savings from termination of Fujitsu contract. Risk Owner Dir of Ops

2 4 8 High

Primary Contracts Policies & Procedures FPS Project Gateway Reviews

- Internal Audit (I) - External Audit (E) - SMT Review of

ICT Programme (I) - Systems Risk

Assessment (I)

Acting Director of Ops will adopt SRO role for this project Director of CCP/SRO to meet on a regular basis Brief progress report monthly to SMT

Dir of Ops

July to October

2014






Dates

Comment

L I S Rate

8. Failure of key ITS Applications & Infrastructure impacting delivery of Critical Services to Customers Risk Owner Dir of CCP

3 4 12 High

Security Procedures Business Continuity Plan Change Control Process Testing and planning associated with significant change.

Internal Audit (E) External Audit (E) SMT Review of ICT Programme (I) Systems Risk Assessment (I)

Further develop and test Business Continuity Plan. Implement actions associated with change control contained within Back Up Audit. Additional assurances

Dir CCP March 2014

Dir of Finance/ Dir CCP

Action underway to improve BCP. Gartner Project underway and reporting to BSO Board sub-committee. Upgraded software but physical risk to data centres persists. Storage Business Case approved and implementation underway. HP have allocated a project manager and identified 3

rd party

specialist resource for TSM component of work. Initial meeting arranged for w/c 16

th

September 2013 to


plan and schedule required phases of the project.






Dates

Comment

L I S Rate

9. BSO current skill mix does not meet future business needs. Risk Owner Dir of HRCS Dirs

3 2 6 Low

Job Description/ Personal Specification Staff Survey Review PaLS Skills gaps.

Outcome of HSC Staff Survey (E) Customer Surveys (E) SMT/Board Review of Surveys (I) Staff Appraisal - PDPs (I) CX Review of Dirs Objectives (I) A Sub-group has been established to consider a range of issues in PaLS including workforce issues. Business Case skills.

Revised Workforce Strategy to be delivered. Further work to identify recruitment issues. Workforce Planning ongoing in a number of Directorates.

DoHRCS Apr – Mar 14

December 2013

Discussions underway with Directors in respect of strategic work plans for the next 3 years. A number of specific skills areas to be addressed. ITS-SAP skills training. Consideration to be given to business case development. Workforce plan for PaLS in final stage to be concluded October 2013.


Corporate Objective No 4 To Ensure Good Governance



Controls Assurances Action

By Whom Start – End

Dates

Comment

L I S Rate 10. BSO will face the risk of legal challenge on Major High Value Regional Procurement Contracts Risk Owner Dir of OPS

3 3 9 Medium

Procurement Process: Policies & Procedures Qualified Procurement Personnel Service Risk Register/ Risk Action Plans

COPE Accreditation / ISO 9000 (E) CAS Self-Assessment - Purchasing & Supply Management Standard (I) SLA Monitoring - Pals Exec Team / Operational Meetings (I) Service Risk Reporting & Review (I)

Develop collaborative programme of work (Pals/Legal) to review contracts OJEU awards published as required. Regular reporting and information sharing of cases.

DirOps/ CLA

In place for High Risk tenders

Additional procurement solicitor commenced. Additional training events ongoing on legal and policy issues. Regional Procurement Board agenda item for each meeting.







Dates

Comment

L I S Rate 11. Fail to implement robust information governance process Risk Owner Dir of HRCS Dirs

2 3 6 Medium

Policy & Procedures Information Governance / Records Mgt CA Standard Audit Control Risk Register/ Action Plans New IGMG sub-group established to review the new standard and compare with the current standard.

CAS Assessment - Records Management /ICT/Governance (I) & (E) Information Governance Group Report (I) Service Risk Reporting & Review (I) GAC Audit Control Review (I) other CA Standards Assessment (I) & (E) Mid-Year Assurance Statement / GS (I) GAC Report (I) CX Review of Dirs Objectives (I) New draft Information Management Controls Assurance Standard has been issued by DHSSPS who have asked HSC organisations for comments. Audit planned for Autumn 2013 (I) Regular progress reports to SMT/Board regarding action plans (I)

Ensure regular update on Data Protection and refresher training is available. - Frequency of

IGMG meetings increased

DoHRCS Apr -Mar 14

DoHRCS Apr -Mar 14

Project Plan in process of implementation. A range of IG policies renewed and agreed at August, September & October 2013 Board meetings.


(a) Transfer of

information as a conduit organisation (especially medical files relevant to FPS & Legal)

(a) Guidance to be sought from ICO on how to manage sensitive medical information in transit

(a) BSO to

communicate with Info Owners to advise that all medical files to be checked before forwarding to BSO.

BSO to carry out periodic checks of files in transit.







Dates

Comment

L I S Rate 12. A significant project to change Fermanagh addresses will impact on approx 15,000 addresses in the area which will affect HSC information systems and patient contact. This could result in a patient not receiving a cancer screening invitation.

Risk Owner Dir of Ops

2 5 10 High

- FPS Staff recording changes to GP practice addresses in order that they can be reviewed when postcodes are issued by Post Office end March 2013

- Links developed with other Government Agencies

- Link established with Fermanagh District Council

- HSC Group established and action plan developed

Permanent Secretary has written to Fermanagh District Council; AD FPS has spoken to the Council who have offered assistance with future actions to resolve outstanding issues.

BSO will arrange to meet Land & Property Services and Fermanagh District Council with a view to resolving issues relating to this project. HSCB and PHA will be included.

AD/Senior Staff FPS

March 2014

These practices inputted addresses will automatically update BSO Central Register. LES suspended due to FDC failure to update their ‘what’s my address’ website and practices subsequent inability to access correct addresses.

19





Dates

Comment

L I S Rate

13. Risk to Data Centres from unstable hospital power / environment may cause further outages. Risk Owner Dir of CCP Risk Added: 12.12.12

4 5 20 Extreme

Security procedures Business Continuity Plan.

Agree an SLA with Belfast Trust Written notification of outage to & request for report submitted by Dir CCP to DoF & Estates, BHSCT Outline Business Case for new Data Centre Following incident on 25 July

BSO

have implemented a number of actions including 24/7 physical monitoring.

Head of Infrastructure

and Architecture

May 2013

To approval date

An SLA has been agreed for support of the regional data centre. A meeting was held 30.05.13 with BHSCT and assurance reported to June Board meeting. Long-term Business case for future data centre arrangements has been submitted to DHSSPS. Department has issued approval to proceed to FBC & governance arrangements are being set up. The third party copy OBC has been approved by DHSSPS and Procurement of solution underway. The equipment has been delivered & now in implementation phase.

20

Meeting held with BHSCT Director of Finance & Estates 1.08.13 and a number of actions agreed to be implemented by BHSCT Estates Dept. Review of all other elements of SLA to be carried out.

Progress is reported three times a week by AD IT. Surge Protectors have been installed and are operational. This Annual Review is underway. Test of automatic notification from Aircon units to ITS staff and engineers was conducted successfully by HSCB staff. System coped with a major Transmission electrical issue on 25

th

November 2013 with no loss of service.

21





Dates

Comment

L I S Rate

14. BSO will face the risk of legal challenge and/or financial loss under new legislation, the Late Payment of Commercial Debt Regulation 2013, which requires 30 day payment of supplier invoices. Risk Owner All Directors Risk Added: 12.06.13

4 3 12 Medium

Policies & Procedures; Service Risk Register - Risk Action Plan;

SMT monitoring; Risk reporting & review; Corporate Scorecard

SMT oversight of actions to reduce invoice backlog. Review of existing payment procedures.

Directors March 2014

Teams continue to address. Backlog in scanning identified and recovery plan / monitoring established. Daily progress reports to Directors/SMT and unapproved invoices being highlighted to relevant signatories.

22

BSO Corporate Risk Score Matrix

Total Impact

Catastrophic

5 12 13

Major 4 2,7 1,3,4,5,8 6

Moderate 3

11 10 14

Minor 2

9

Insignificant 1

1 2 3 4 5

Rare Unlikely Possible Likely Almost Certain

LIKELIHOOD

*Risk Classification / Numbers

LOW

1 Risk

MEDIUM

3 Risks

HIGH

9 Risks

EXTREME

1 Risks

*in accordance with AS/NZS 4360:2004 guidance

23

Appendix A Archive Report of risks removed from Corporate Register 2013-2014

Corporate Objective

Risk Description Risk Score Comment

L I S Rate

2 Removed October 2013 7. BSO Growth Strategy is negatively impacted if policy/legislation remains unchanged.

5 2 10 Medium

The date for the legislation to be laid has been put back to September 2013 but this will have no impact on the timescale for enactment, which remains at 2014/15.

3 Removed November 2013 7. In advance of BSTP and related system modification, older more manually intensive systems fail to meet their objectives.

2 4 8 High

Replaced with a risk pertaining specifically to FPS.

4 Removed June 2013 15. Failure to meet the 30 day target for pharmaceutical payment by April 2013.

2 3 6 Medium

Contingency paper agreed at April Implementation Board. This risk will continue to be monitored via the FPS Service Risk Report.

4 Removed September 2013 16. Lack of system stability / Trust confidence is impacting on future FPL roll out and therefore BSO reputation. This is being caused by significant problems with certain data related elements of the new FPL systems. These are impacting on accuracy of BSO stock balance & stock issues to trusts (& therefore BSO stock trading account) or service levels for BSO logistics.

2 4 8 High

BSO PaLS has initiated an SLA reinstatement plan aimed at returning service levels to normal (98%). This plan is currently in operation and average levels are achieving 98%.

4 Removed September 2013 17. HRPTS – the lack of a Staff in Post report and fully functioning interface increases the risk of inaccuracies in payroll expenditure and creates a risk to the ability of BSO and BSO customers to manage their monthly financial position and reduces the level of control and formal checks on the accuracy of payroll.

4 3 12 Medium

Interface operated with manual intervention in Month 4.

4 Removed October 2013 13. Absence of Formal Accountability Framework for Clinical Screening Services inc Bowel Screening.

2 5 10 High

A formal Accountability Framework is in place.

4 Removed October 2013 14. Qualification of BSO Accounts in 2012/13 due to extension of Warehouse Contracts.

1 5 5 High

Accounts are signed off and an unqualified opinion has been issued.

24

Appendix B

Archive Report of Completed Risk Actions 2013-14

Corporate Objective

Risk No / Description Actions Completed

1 1. Levels of savings in the overall environment for HSC are so great that BSO service provision to customers are negatively affected and/or we fail to breakeven.

2. 2. Inability to prove quality, productivity and VFM and show that we are competitive and addressing customer expectations.

DHSSPS due to advise of 2013/14 target at Mid-Year Acc. Review 26.11.12. Department have agreed efficiency savings for 2013-14: BSO will target 0.5% cash and 2.5% productivity. Service offering is complete and SLA meetings are almost complete. Internal Audit, Pensions and CFPS have concluded their Benchmarking Exercises. ITS and Pals due to complete in 2012/13. Update paper due to be presented to SMT in May 2013 to provide the results of the IA, Pensions & CFPS benchmarking exercises, and to seek approval for a benchmarking timetable for 2013-14.

2 3. 3. Lack of resources to deliver the Outcomes for Finance, HR, Procurement and FPS Business Systems Replacement.

Programme Board have identified levels of ITS resources. BSO ITS and Trust ICT resources requirements have been identified and monies released. This has been updated to reflect current budget pressures and revised budget circulated to Trusts. Concerns exist around the resource availability to deliver FPL ATP 3a/b however new resource plan developed and will be closely monitored. Carry out a critical review of resources required from the FPL project & ABS to ensure a successful deployment of the FPL solution for ATP 3. 4 new FPL staff appointed. Programme currently working with DHSSPS to update systems OBC and secure additional funding to complete FPL and HRPTS implementation plans. Programme has identified money required for further rollout; HRPTS support may be extended; selected resources will be rolled forward. FPL live in SEHSCT & NIAS. SHSCT & NHSCT go live in September 2013. FPL corrective action plan approved on 13 May

25

4. 4. Shared services may not achieve business case outcomes.

5. 5. Inability to implement new Shared Service for Payroll, Payments, Income, Selection & Recruitment in line with Ministerial timetable and customer expectations.

2013 which addressed performance and stability issues. HRPTS project working to revised project plan. BSTP implementation resource plans developed and aligned with HRPTS and FPL implementation plans. To award contract for FPS contract. FPS tender closed & preferred bidder selected. FBC approved April 2013. Contract awarded to Kainos and implementation commenced May 2013. BSO to address with SRO how the Gateway recommendation should be handled. Transition plan in place from existing structures to shared services. Risk to be escalated as a shared risk to sponsor branch through accountability arrangements. Re-plan proposed and submitted to SSIG and BSO SMT w/c 18.02.13. This removes dependency on final accommodation but recognises the importance of system stability for Shared Services implementation. Full re-plan submitted to BSO SMT 17/04/13 based on interim accommodation and assumed systems suitability and roll-out dates. Meetings held with SRO and DHSSPS Business Case Unit in April & May 2013 to progress remaining queries. Full re-plan presented to SMT 24/7/13 and to SSIG 29/7/13 which forms the ‘working assumption’ plan for the project at this time. There is a continued difficulty with achieving approval of the business case. Concern over the accommodation was expressed in a letter to DHSSPS. Meetings held with DoFs and DoHRs to enable full re-plan to be developed. Project re-plan proposal being developed which removes the dependence on final accommodation, but recognises criticality of systems stability. Scanning operation established and operating for BSO, BHSCT and WHSCT. Operating at significantly reduced levels due to FPL problems.

26

6. Inability to implement replacement systems for

Finance, HR and Procurement in line with agreed timeframe.

Carry out a critical review of Stability of the FPL solution before agreeing to continue into ATP3 on the existing timeline. Planned Stability testing for FPL to be completed in March 2013. Re-plan proposed and submitted to SSIG and BSO SMT w/c 18.02.13. Meetings held with DoFs and DoHRs to enable full re-plan to be developed. New FPL and HRPTS project roll outs agreed by RIB 28

th May 2013. Programme Board to ratify.

Meetings held with SRO and DHSSPS Business Case Unit in April & May 2013 to progress remaining queries. Interim accommodation proposed for all sites if required. The stability of the solution, particularly in relation to PaLS and Accounts Payable is causing concern and is a potential risk to the roll out of ATP. The work to secure appropriate interfacing of HRPTS to FPL is a critical dependency. Agreement to proceed with systems admin team recruitment secured from SMT. Head of Business Services Team appointed. Joint Team being established through agency and outsource processes. SHSCT in place WHSCT in place NHSCT – 1 meeting held BHSCT not yet in place. BSTP contract awarded November 2011. Progressing according to individual projects timescale. FPL system went live in BSO 15

th

October 2012 with RPA 2 organisations due to go live on the same system 5

th November 2012.

HCL Axon has identified a slippage to original timescale and requested a realignment to the timeline. New deployment plan produced. Realigned plan approved by Board – extended timeframe. HRPTS System went live 17.12.12 for core BSO HR, Payroll & Travel staff only. Significant additional pressure on senior staff Jan/Feb to undertake FIFO corrective exercise; this is now complete although further follow-on action is

27

Risk Removed October 2013 BSO Growth Strategy is negatively impacted if policy/legislation remains unchanged.

required. Reintroduction of voice picking scheduled for 13/14

th

August 2013 – change request approved by SRO. Continued inability to deliver a stable supply of core products. E recruitment - Go-live on hold due to absence of printing functionality in ERec for questionnaires (part of application form). Reviewed at mid-year accountability meeting on 26

th

November 2012. BSO advised that DHSSPS on schedule to introduce a Bill into the Assembly before Summer Recess 2013. Proposed legislation will regularise the current position and confirm provision of services to HSC sector and NIFRS. Legislation due to go before the Assembly before Summer Recess 2013, with the likely timescale for enactment 2014- 2015.

3 7. In advance of BSTP and related system modification, older more manually intensive systems fail to meet their objectives

Lessons Learnt from Incident in the Parity Pharmacy System Report to be implemented. Change Control initiated and system improvement implemented. Head of FPS Information documenting old systems. Documentation of secondary systems related to payments (as recommended in 2010/11 Internal Audit report) completed July 2012. The 2011/12 IA of Dental & Ophthalmic noted that a data flow exercise for all operational systems was completed & risk assessments carried out. External review of data centres-Gartner appointed. Report completed and recommendations to be taken forward. Gartner Project underway and reporting to BSO Board sub-committee. Individual project workstreams have been identified and a Project Initiation Document is being developed. Additional supervisory processes have been put in place.

28

8. Failure of key ITS applications & infrastructure

impacting delivery of Critical Services to Customers.

9. BSO current skill mix does not meet future

business needs.

Undertake SAI Investigation. Both SAI Investigations are complete and follow-up actions will be included in the ITS Improvement Plan. Gartner Report produced. A specific project has been commissioned & recommendations will be taken forward by Project Manager. Workstreams have been identified and a draft PID went to November Board. Develop up to date disaster recovery plan for data centres. Draft Disaster Recovery Plan in place. Additional resources to be provided to try to finalise position. Paper on interim Data Centre was presented to BSO Board 25.04.13 and Business Case underway for selected option. Implement additional supervisory processes. Additional supervisory processes have been put in place. Audit complete and reported to GAC. P1 actions complete with the exception of upgrade to TSM software. Develop Workforce Strategy. HR Strategies were approved by the Board in November 2011. Leadership Development Programme. Presented to SMT 2 May 2012 for approval and sign-off of design. Programme commence Oct 2012. PaLS Graduate Trainee Programme 2012/13.

4 10. BSO will face the risk of legal challenge on Major

High Value Regional Procurement Contracts. 11. Fail to implement robust information governance process

A number of legal challenges currently being progressed. Records Management CAS 2011-12 verified as Substantive Consolidate FOI process. Review process underway. Compliance with FOI 20 working day deadline has increased to 100%

29

Impact of Fermanagh District Council Rural addressing

Risk Removed October 2013 12. Absence of formal Accountability Framework for Clinical Screening Services inc Bowel Screening. Risk Removed June 2013 Limitation of BSO Accounts in 2012/13 due to extension of Warehouse Contracts

Data Protection – refresh of training. Mandatory IG training being rolled out across BSO. 88% of eligible staff have completed training to date. Pop-up messages being developed for computer

screens.

New draft Information Management CAS issued for consultation; IGMG group reviewed the standard and submitted comments to DHSSPS. A Project Implementation Outline is currently being finalised following discussion at SMT. AD FPS to write to the CXs HSCB & PHA seeking nominations to a small working group; remit will be to consider how a systematic review of Fermanagh addresses could be taken forward. PHA have written to FDC alerting them to the potential impact on the screening process. ICO has recommended ‘double-enveloping for posting of screening invitations. This posting is out-sourced and a price is being sought from the supplier. FPS considered double-enveloping however concluded that this process would likely increase the risk of correspondence going to the wrong person. FPS have asked all third-party suppliers to mark correspondence ‘Confidential-to be opened by addressee only.’ Independent External Review to be undertaken. PHA have agreed, in principle, to the increase in Call/Recall Budget to enable improved resources and management arrangements. IA report for 2011-12 provided ‘substantive’ assessment of controls in this area. Continuing liaison with NHS supply chain to explore feasibility of resourcing warehouse items. Limited use of NHSSC contracts being pursued. STAs brought forward for authorisation. Contracts re-tendered and awarded. Internal Audit report finalised and the Department’s

30

Risk Removed June 2013 Failure to meet the 30 day target for pharmaceutical payment by April 2013. 13. Risk to Data Centres from unstable hospital power / environment may cause further outages.

External Audit report also complete. Board sub-committee has met. CCNs in relation to dual submission of prescriptions and introduction of a multiple dispensing code have been implemented by HP and FPS. Service review in FPS to commence November 2012 APP Business case approved by HSCB February 2013. In the absence of a project manager, the project is being managed by senior BSO and HSCB officers. Business Case approved by BSO SMT in November 2012. Successful implementation of Dual submission by all contractors from Nov 2012. FPS to handle dual submission by contractors & test processes from Nov 2012 and be able to make two payments from March 2013. 30 day payment achieved in Dec 12. New processes introduced end Jan 13 being monitored for achievement without overtime. Monitor dual submission monthly. Required levels of submission being attained by contractors as required. Restoring the uninterruptible power supply environment over the 10 & 11

th November 2012.

A meeting is being held with BHSCT end April to discuss the further outage linked to unmonitored air conditioning units occurred on 18/19 January 2013. Further remedial Data Centre technical check scheduled for 9/10

th February 2013.

Business Plan is being developed with NICS to scope possibilities of a N.I. public sector data centre arrangement. Short-term interim business case submitted (ongoing). BSO is in discussion with sponsorship branch. Paper on interim Data Centre was presented to BSO Board 25.04.13 and Business Case underway for selected option. Short-term interim business case being prepared for a third location to store a data copy of the existing data centres.

31

Risk Removed September 2013 Lack of system stability / Trust confidence is impacting on future FPL roll out and therefore BSO reputation. This is being caused by significant problems with certain data related elements of the new FPL systems. These are impacting on accuracy of BSO stock balance & stock issues to trusts (& therefore BSO stock trading account) or service levels for BSO logistics. Risk Removed September 2013 HRPTS – the lack of a Staff in Post report and fully functioning interface increases the risk of inaccuracies in payroll expenditure and creates a risk to the ability of BSO and BSO customers to manage their monthly financial position and reduces the level of control and formal checks on the accuracy of payroll.

Specification to be drawn up to allow a condition report to be carried out by an external expert once per annum. BHSCT Estates have engaged specialists to review the environment further. A third copy of data is needed to prevent a possible loss of data in the event of both data centres failing. Work continuing with ABS to establish stock value issues / charging. BSTP Programme Director escalated to ABS Senior Management December 2012. Regular engagement with key stakeholders including HSC DoF and DoHR. BSO DoF met with Trust DoFs 18

th January 2013 and issued letter on

same day. Quantification due to be submitted by ABS to BSTP central team 25

th January 2013 for forwarding to

trust DoFs same day. Stock take completed over Easter. SLA reinstatement in place for Logistics service to restore performance levels. Performance levels for Logistics Service at 93% for w/c 20.05.13. Regular updates to HSC DoFs will continue until SLA level restored to 95%. FPL – Two P1 issues 22

nd April and 13

th May.

Stability had been good in previous month. Monitoring of stability and Infra resolution continues. ABS to clearly document approach taken for BSO approval and subsequent Trust ratification. FPL performance and stability issues - the FPL system is currently operating within its set parameters. System performance is monitored and reported on at the monthly service review meetings between HSCNI & ABS. The BSTP Central Team is working with AXON and the FPL team to resolve these matters. Alternative version of roll-out report developed but this does not allow reconciliation for budget holders however it does allow managers to carry out more regular checks.

business services organisation (bso) - board corporate risk and assurance report 2013 … ·...

Documents