Download - Risk Register Assmt v1
-
Page 1 of 24 Risk Register & Risk Assessment Policy and Procedure
Notice to staff using a paper copy of this guidance The policies and procedures page of Healthnet holds the most recent and approved version of this guidance. Staff must ensure they are using the most recent guidance. Author: Health, Safety & Security Manager Asset Number: 819
Plymouth Community Healthcare CIC
Risk Register & Risk Assessment Procedure
Version No 1
-
Page 2 of 24 Risk Register & Risk Assessment Policy and Procedure
Reader Information and Asset Registration Title Risk Register & Risk Assessment Procedure V1 Information Asset Register Number
819
Rights of Access Public Type of Formal Paper Procedure Category Corporate Format Microsoft Word 2003 and PDF Language English
Subject How to pro-actively manage identified risks locally and when to escalate it. Document Purpose and Description
This document underpins the Risk Management Strategy, describes the responsibilities and procedures associated with the process of risk assessment and promotes dynamic use and maintenance of Risk Management Workbooks enabling formal PCH risk management processes.
Author Assistant Director of Risk and Safety Ratification Date 27th September 2012. Policy Ratification Group. Publication Date 12/11/2012 Review Date and Frequency of Review
Review at least two-yearly
Disposal Date The Policy Ratification Group will retain an e-signed copy for the database in accordance with the Retention and Disposal Schedule; all previous copies will be destroyed.
Job Title of Person Responsible for Review
Health, Safety & Security Manager
Target Audience All Plymouth Community Healthcare staff
Circulation List
Electronic: Via Plymouth Healthnet Written: Upon request to the Policy Ratification Secretary on 01752 435104 Please note if this document is needed in other formats or languages please ask the document author to arrange this
Consultation Process
Consultation was undertaken with members of the Health, Safety & Security and Operational Risk Management Committees from the following areas: Central & North East Locality City / Corporate Locality Plym / Plymstock Locality South West Locality South East Locality North West Locality Childrens & Families Services Workforce Development Estates and Facilities JCCN
Equality Analysis Checklist completed
References/Source
NHSLA Risk Management Standards for 2012-13 (for non-NHS Providers of NHS Care) Health and Safety at Work Act 1974 Management of Health and Safety at Work Regulations 1999 Workplace (Health, Safety and Welfare) Regulations 1992 Manual Handling Operations Regulations 1992
-
Page 3 of 24 Risk Register & Risk Assessment Policy and Procedure
Control of Substances Hazardous to Health Regulations 1999 (COSHH) Personal Protective Equipment (PPE) Regulations 1992 Health and Safety (Display Screen Equipment) Regulations 1992 Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1985 (RIDDOR)
Supersedes Document New document
Author Contact Details
By post: Mount Gould Local Care Centre 200 Mount Gould Road Plymouth Devon PL4 7PY Tel: 0845 155 8085 Fax: 01752 272522 (LCC Reception)
Publisher (for externally produced information):
N/A
Document Review History
Version Number
Details i.e. updated
or full review
Date Originator of Change Description of
and reason for change(s)
V1 New document July 2012 Risk Management Advisor
Formal PCH procedure to support statutory requirements, strategy, health and safety policies, and in-house training provision.
-
Page 4 of 24 Risk Register & Risk Assessment Policy and Procedure
Contents of Risk Register and Risk Assessment Procedure Page
1 Introduction 5
2 Purpose 6
3 Definitions 7
4 Risk Register & Risk Assessor Responsibilities 8
5 Formal Risk Management Process 10
5.1 Risk Register & Risk Assessor Training 10
5.2 Risk Management Workbook 11
5.3 Risk Register 11
5.4 Risk Assessments 11
5.5 Resources 12
5.6 Support for Risk Assessors 12
6 Central Monitoring of Risk Registers 13
7 Escalation of Risk 13
8 Training Implications 13
9 Monitoring Effectiveness 13
10 Associated Documentation 14
Appendix A Risk Scoring Matrix 15
Appendix B Escalation of Risk Flow Chart 20
Appendix C Example and Blank Risk Assessment Template 21
Appendix D Quick Risk Assessment Reference Guide 23
-
Page 5 of 24 Risk Register & Risk Assessment Policy and Procedure
Risk Register & Risk Assessment Policy and Procedure 1 Introduction 1.1 This policy is part of a suite of policies that enables the delivery of Plymouth
Community Healthcares (hereafter referred to as PCH) Risk Management Strategy. It describes the responsibilities and procedures associated with the process of risk assessment and the development and maintenance of risk registers in PCH.
1.2 Proper risk assessment can help all NHS organisations, teams and individuals set
their priorities and improve decision-making to reach an optimal balance of risk, benefit and cost. Risks can be described as clinical, environmental, financial, political or affecting public perception and reputation (NPSA, 2006).
1.3 Risk assessment is a risk management and clinical governance tool which the
organisation uses to: a) Gather facts about various activities and services and their associated
hazards and risks; b) Assist in the identification of risks that are a threat to the achievement of
strategic objectives; c) Highlight the need to eliminate or manage identified hazards and risks, in
order to protect the safety and well-being of staff, patients, visitors and the organisation as a whole;
d) Take corrective actions when new risks are identified or existing risks are not adequately controlled;
e) Assess the likelihood and consequence of risks causing harm or damage; f) Gauge the consequence of non-compliance; g) Consider the consequences of not meeting key objectives. 1.4 PCH is committed to a process of proactive risk assessment and management
within current services and activities. The organisation will use risk assessment as part of Corporate, local business and project planning, in the establishment, restructuring or redesigning of services and in the development of Risk Registers.
1.5 A risk register is a management tool that provides an organisation with information
on its risk profile and is a repository for risk information across all areas of activity. This repository is at the heart of the internal control system and contains details of the risks that threaten PCHs success in achieving its stated aims and objectives.
1.6 PCH will face a number of risks which will potentially affect achievement of its aims
and objectives; these include: a) Corporate risks ~ operating within powers, fulfilling responsibilities,
accountability to public; b) Risks to Reputation ~ quality of services, communication, patient experience c) External risks ~ political, environmental, social, environmental, meteorological
-
Page 6 of 24 Risk Register & Risk Assessment Policy and Procedure
d) Clinical risks ~ associated with service standards, competencies, complications, equipment, medicines, staffing, patient information;
e) Health and safety risks ~ ensuring the well being of staff and patients whilst
providing or using services; f) Business Risks ~ associated with managing the affairs of the organisation,
human resources, information & IT, financial and internal management, achieving objectives;
g) Risks to Assets ~ security, protection, optimum use, maintenance,
replacement 1.7 In PCH, the Risk Registers are populated through the organisations risk
assessment and evaluation process. This process enables risks to be quantified and ranked. It provides a structure for collecting information about risks that will assist both in the analysis of risk, and in decisions about whether or how these risks must be controlled, managed and monitored.
1.8 Risk Registers can also support decision making on how resources should be
allocated. Ideally, all decisions such as changes in policy, procedures or practices, service developments, enterprises such as new projects and all associated resource commitments should result in reductions to the organisations highest priority risks. At all levels, proposals to make changes or commit resources must include reference to the effect this may have on the risk profile of the organisation.
1.9 In PCH, risk assessments must be recorded in Risk Registers which are located in
Risk Management Workbooks found locally on the Groups:\ network drive. 2 Purpose 2 In addition to supporting the Risk Management Strategy and Health & Safety
Policy, the purpose of this document is to ensure that PCH has a general assessment process which:
a) Defines a risk assessment, risk register and other associated terms
commonly used; b) Clarifies who is responsible throughout the process from identification to
resolution; c) Specifies how they will be considered, prioritised and managed within PCH; d) Is simple to use; e) Provides consistent scores when used by staff from a variety of roles and
professions; f) Is capable of assessing a wide range of risks.
-
Page 7 of 24 Risk Register & Risk Assessment Policy and Procedure
3 Definitions 3.1 Hazard is anything with the potential to cause harm, loss or damage. Hazards
can be broken down into Biological, Chemical, Physical, Ergonomic, Psychosocial, Financial and Clinical.
3.2 Risk the chance of suffering harm caused by a hazard, loss or damage or the
possibility that PCH will not achieve one or more of its objectives. 3.3 Risk Assessment is consideration of what may cause harm to people or PCH
functions and whether or not precautions to prevent harm or loss are possible. 3.4 Corporate Risk Register a documented and prioritised log of the overall
assessment of a range of risks faced by the organisation. 3.5 Local Risk Register an Excel worksheet in the Risk Management Workbook
used by services / units / wards / departments at local level that require addressing, and detail remedial actions arising from the risk assessment process in their areas effectively realising an action plan.
3.5 Risk Management Workbook an Excel document located on the
Groups:\network drive; one for every service / unit / ward / department. The Risk Management Workbook (RMW) incorporates the Risk Register wherein all risk assessments are undertaken, scored and formulated into dynamic local Action Status Reports notifying managers of remedial actions, and current status of risk assessments (i.e. due or overdue).
3.6 Escalation of Risk the route through which risks, unable to be resolved at local
level, may be escalated for Board level ownership into the Corporate Risk Register.
3.7 Reasonably Practicable this is a balance of cost or possible negative impact of
implementing controls against the level of risk. 3.8 Safe System of Work is a formal and approved procedure with safe working
methods stated that employees must follow in order to control or eliminate work. 3.9 Risk Issues/Types are problems that face PCH (i.e. clinical, health and safety,
business, etc). 3.10 Risk Management is the pro-active (i.e. internal and external audits, risk
assessments, self-assessment of risk, central alert system (CAS), etc) and reactive management (incidents, complaints, litigation, external and internal audits, etc) of uncertainty that may impact upon PCH to deliver its services in a safe and appropriate way
3.11 Local for the purposes of this policy, local refers to activities undertaken at
services / units / wards / departments level. 3.12 Competent in terms of risk assessors, the member of staff should possess
sufficient skill and knowledge in relation to the service and activities in which they are engaged, including IT capabilities (i.e. Excel).
-
Page 8 of 24 Risk Register & Risk Assessment Policy and Procedure
4 Risk Register & Risk Assessor Responsibilities 4.1 Corporate Responsibility - the Corporate Risk Register is reviewed by the
Executive Team and the Board, on a quarterly basis. Executive Directors consider the content and grading of corporate risks on a quarterly basis.
4.2 All Locality Managers shall: a) attend the requisite Managers Core Mandatory Risk Management Training
followed by Risk Register & Risk Assessor Training for Managers sessions, and subsequent two-yearly refresher training;
b) ensure each manager has read and understand the Risk Management
Strategy and associated health and safety policies; c) through locality management meetings, ensure Risk Register information is
reviewed on a quarterly basis so that they remain effective; d) ensure identified risks recorded on Risk Registers are appropriately reviewed
to reflect learning outcomes from incident / complaint / legal investigations. 4.3 All PCH Managers shall: a) attend the requisite Managers Core Mandatory Risk Management Training
followed by Risk Register & Risk Assessor Training for Managers sessions, with regular support being offered by the Risk Management Team where it is deemed necessary;
b) must familiarise themselves with this policy and procedure, which should be
read in conjunction with the Risk Management Strategy and health and safety policies;
c) ensure they understand the risk process and how risk registers are used to
identify, record and address risk issues; d) use risk assessment to pro-actively manage risk issues within their area of
responsibility, and ensure that sufficient and suitable controls are implemented that are proportionate to the level of risk;
e) ensure significant high risks identified are escalated immediately (see
Escalation of Risk section) if a control measure is not possible or the required actions are outside their remit of responsibility;
f) co-operate in communicating information from their own local Risk Registers
to their staff, managers or Corporate Risk Register; g) ensure new risks or changes to existing risk assessments are recorded in the
Risk Register, monitoring remedial actions to eliminate, reduce or control risks until the issue is resolved;
h) involve staff in the review and completion of risk assessments and the Risk
Register;
-
Page 9 of 24 Risk Register & Risk Assessment Policy and Procedure
i) depending on the size of their service / unit / ward / department, appoint at
least one other capable member of staff to be trained as a Risk Assessor in order to support them in their role; this role to be included in the appointed member of staffs job description and is additional to their substantive role and provided with appropriate time to undertake their Risk Assessor duties;
j) complete the Care Quality Commission (CQC) column (yellow) assuring their
Risk Assessors that risk assessments inputted by them have been duly reviewed;
k) ensure that their staff are aware of the process and content of the Risk
Register. 4.4 Appointed Risk Assessors shall: a) attend Health and Safety Risk Assessor Training with subsequent regular
refresher training / support deemed as required; b) support their manager by bringing to their attention local operational risk
issues that they have either identified or had brought to their attention by other staff members, recording such risks onto their local Risk Register and discussing appropriate remedial actions, owners and deadlines;
c) liaise with their risk assessor colleagues / managers to annually complete a
set of self-audits and any resulting risk assessment, as per training; 4.5 Risk Management Team: a) will provide all risk management training, including Risk Register and Risk
Assessor training in order to facilitate undertaking of risk assessments at local level;
b) provide appropriate advice, support and extra 1:1 tuition to staff as required; c) centrally manage all Risk Management Workbooks to ensure health and
safety compliance by all services / units / wards / departments; d) provide exception reports to the Risk Management Committee for areas of
service demonstrating non-compliance. 4.6 All PCH employees are responsible for ensuring they understand the process of
and findings of risk assessments, and follow the controls and identified actions outlined in the Risk Register and risk assessments. They must make managers aware of any risks to patient safety, health and safety or other risk issues.
4.7 Staff Health & Wellbeing should be consulted on risk assessment issues where
they may be an impact on the health of staff.
-
Page 10 of 24 Risk Register & Risk Assessment Policy and Procedure
5 Formal Risk Management Process 5.1 Risk Register & Risk Assessor Training 5.1.1 Only competent persons can carry out risk assessments. By definition, this is
someone with relevant knowledge, training and experience of the hazards and risk associated with the processes to be assessed.
5.1.2 All staff will have access to risk management and health and safety information,
instruction and training, including how to effectively use the Risk Management Workbook; the level and nature of the training will vary according to local need.
5.1.3 PCHs Executive Team will collate the annual training needs of the Board, such as
risk management training incorporating Risk Registers and Risk Assessor Training delivered at the appropriate level.
5.1.4 Locality / Deputy Locality Managers and all local managers will receive Risk
Register & Risk Assessor Training for Managers, and to attend refresher sessions on a two-yearly basis; course dates are available from the Professional Training & Development Department.
5.1.5 Local managers are to nominate at least one member of staff from each of their
teams to attend Health & Safety Risk Assessor Training, and to attend refresher sessions on a two-yearly basis; course dates are available from the Professional Training & Development Department.
5.1.6 Training programmes will consist of the legal requirements behind the need for risk
assessments, the methodology for assessing and recording risks, an introduction to the Risk Management Workbook, and live undertaking of practical risk assessments in line with local health and safety self-audits.
5.1.7 Risk management and incident reporting are introduced in the corporate induction
training. 5.1.8 A record of any training and any names of attendees / non-attendees will be
recorded and passed to the Professional Development & Training Department for recording on the Electronic Staff Record (ESR); managers will be contacted for following up any non-attendees.
5.2 Risk Management Workbook 5.2.1 Only staff who have attended Risk Register and Risk Assessor training have
access to their local Risk Register, which is an Excel workbook located on the Groups:\ network drive (i.e. G:\District Nurse_C&NE). Either the Locality Manager or their deputy will also have access to the Risk Management Workbooks (RMW) within the remit of their responsibility, provided they too have received, or are scheduled to receive, Risk Register and Risk Assessor training.
-
Page 11 of 24 Risk Register & Risk Assessment Policy and Procedure
5.2.2 Risk Management Workbooks (RMW) are made up of a number of worksheets: a) Risk Register b) Self Audits (Health and Safety issues i.e. clinical waste, infection prevention
and control, display screen equipment, manual handling, etc) c) Equipment Register (a log of all equipment held locally, which will
automatically populate a MEMS worksheet) d) Quarterly Fire Checklists e) Fire Risk Assessment f) Workplace Assessment g) Action Status Report 5.3 Risk Register 5.3.1 A Risk Register is a log of all risk
assessments that have identified issues that may threaten the service / unit / ward / department from effective service provision thus, collectively, impacting upon PCHs business objectives.
5.3.2 Risk Registers (within RMWs) must be
used to record risk assessments, detailing identified risks and how they are being controlled.
5.3.3 There are two levels of Risk Register within PCH; local and corporate. There are
Risk Registers set up on the Groups:\ network drive for all PCH services/teams managed locally, however, there is only one Corporate Risk Register managed by the Risk Management Team on behalf of the Board.
5.4 Risk Assessments 5.4.1 A risk assessment seeks to answer four simple questions:
Risk Register
Health and Safety
Workforce Planning
Staff Development / Competence
Business Interruption
Business Objectives /
Projects
Finance including claims
Quality / Complaints /
Audit
Adverse Publicity /
Reputation
What can go
wrong?
How bad?
How often?
Is there a need for action?
Do nothing; review occasionally to ensure
position remains the same.
Identify and implement actions to reduce the harm or
likelihood of recurring.
No
Yes
-
Page 12 of 24 Risk Register & Risk Assessment Policy and Procedure
5.4.2 A suitable and sufficient risk assessment can be undertaken by following the five steps, in brief, from the HSEs guidance 5 Steps to Risk Assessment:
Step 1 Identification of hazards and associated risks (i.e. use of syringe and
potential for inoculation injury or severe staffing shortages impacting on patient care and service delivery)
Step 2 Decide who or what might be affected and how (injury, loss or damage). Step 3 Evaluate the risks and decide whether the existing control measures /
precautions in place are adequate or whether more should be done. A risk-scoring matrix is available to assist with the evaluation of the severity and likelihood of the risk. Treat the risk (i.e. decide what additional remedial action can be taken); this could range from to eliminating, reducing or controlling the risk, to accepting the risk if it is minimal.
Step 4 Record your findings in and communicate the risk and controls measures
to those who need to know (i.e. all people who could be affected). Step 5 Review the assessment looking at the effect of the risk and any actions
taken. 5.4.3 Further information is also available from Healthcare Risk Assessment Made Easy
published by the National Patients Safety Agency (NPSA). 5.4.5 PCH utilises the NPSA Risk Scoring Matrix (Appendix A) with minor amendment to
restrict the risk gradings to low, medium and high risk, the use of which within Step 3 (see above) is discussed in detail during training of Risk Assessors. Further information can also be found in NPSAs publication: A risk matrix for risk managers.
5.4.6 Risk assessments should be retained whilst they remain current, and for six years
following the date of their review. 5.5 Resources 5.5.1 No additional resources have been identified as a result of approval of this Policy
and Procedure, however, it is likely that issues will arise which will require resources when establishing effective controls that need to be put in place to manage risks. As such issues arise a full review will be undertaken and resources may be identified as part of the remedial action planning process.
5.6 Support for Risk Assessors 5.6.1 Once trained, every Risk Assessor irrespective of grade or role will also have
access to the Risk Management Workbook Manual; a detailed pictorial guide to support learning from training sessions, covering all topics as detailed in 5.2.2 above.
-
Page 13 of 24 Risk Register & Risk Assessment Policy and Procedure
5.6.2 All trained Risk Assessors have access to the Risk Workbook Manual, available on the Groups:\ network drive. This manual is a detailed and pictorial tool to further support Risk Assessors navigate their way around the Risk Management Workbook, including the Risk Register and risk assessments.
5.6.3 In addition to the manual, verbal risk management advice, information and support
are freely available from the Risk Management Team, together with additional 1:1 tuition for trained Risk Assessors upon request.
6 Central Monitoring of Risk Registers 6.1 All Risk Registers (within RMWs) are on the Groups:\ network driving allowing
central monitoring of Risk Registers and statutory health and safety compliance (i.e. completion of self-audits on RMWs) by the Risk Management Team.
6.2 The Risk Management Team will undertake exception reporting to the Risk
Management Committee of statutory non-compliance and risks recorded as high, in order to identify whether advice, support and extra 1:1 tuition is required to reduce the risk to a more appropriate level (i.e. perhaps risk has been scored too high, or more remedial actions are required, or whether risk is unable to be managed with local resources).
7 Escalation of Risks (Appendix B for Escalation of Risk Flow Chart) 7.1 Trained Risk Assessors undertake risk assessments locally. Risks that need
further controls are entered onto their local Risk Register, which is regularly reviewed and maintained through team meetings (using print outs of the Action Status Reports). Risks requiring action outside the remit of the local service / unit / ward / department should be referred to the Risk Management Team, following discussion with the relevant Locality / Deputy Locality Manager.
7.2 The Risk Management Team will determine whether it can offer appropriate advice
and support and may refer it on to the Risk Management Committee (a sub-group of the Board) for wider consultation and, if not, will forward it to the Executive Team to discuss whether or not to place it upon the Corporate Risk Register.
8 Training Implications (Please refer to 5.1 above)
9 Monitoring Effectiveness 9.1 Locality / Deputy Locality Managers and their managers are responsible for
regularly reviewing local Risk Registers within all areas of their remit. 9.2 Risk Management Team 9.2.1 The commercial insurers of PCH are keenly interested in the risk management
process for the organisation and, in particular, statutory compliance. Therefore, Risk Registers have been created and placed on the Groups:\ network drive to enable regular effective monitoring of local risk issues by the Risk Management Team.
-
Page 14 of 24 Risk Register & Risk Assessment Policy and Procedure
9.2.2 Compliance will also be monitored by internal auditors and external agencies (i.e.
CQC, HSE, etc) as part of periodic reviews / inspections. 9.2.3 With effect from October 2012, exception reporting on a quarterly basis will
commence to the Risk Management Committee, as a standing agenda item. 9.2.4 The Health, Safety & Security Committee will receive assurances on a quarterly
basis that the Risk Register is effectively implemented and managed locally. 9.2.5 The Safety & Quality Committee, on behalf of the Board, will review the Corporate
Risk Register on a quarterly basis. 10 Associated Documentation Risk Management Strategy Information Governance Strategy *Health and safety policies Clinical policies Workforce Development policies and guidance
-
Page 15 of 24 Risk Register & Risk Assessment Policy and Procedure
Appendix A PCHs RISK SCORING MATRIX Plymouth Community Healthcare CIC has chosen to continue using the NPSA risk matrix as its standard method of grading risk. Levels of Consequence
Choose the most appropriate domain for the identified risk from the left hand side of the table Then work along the columns in same row to assess the severity of the risk on the scale of 1 to 5 to determine the consequence score, which is the number given at the top of the column.
Consequence score (severity levels) and examples of descriptors
1 2 3 4 5 Domains Negligible Minor Moderate Major Catastrophic Impact on the safety of patients, staff or public (physical / psycho-logical harm)
Minimal injury requiring no/minimal intervention or treatment. No time off work
Minor injury or illness, requiring minor intervention Requiring time off work for >7 days Increase in length of hospital stay by 1-3 days
Moderate injury requiring professional intervention Requiring time off work for 7-14 days Increase in length of hospital stay by 7-15 days RIDDOR/agency reportable incident An event which impacts on a small number of patients
Major injury leading to long-term incapacity/disability Requiring time off work for >14 days Increase in length of hospital stay by >15 days Mismanage-ment of patient care with long-term effects
Incident leading to death Multiple permanent injuries or irreversible health effects An event which impacts on a large number of patients
Quality / complaints / audit
Peripheral element of treatment or service suboptimal Informal complaint / inquiry
Overall treatment or service suboptimal Formal complaint (stage 1) Local resolution Single failure to meet internal standards Minor implications for patient safety if unresolved Reduced performance rating if unresolved
Treatment or service has significantly reduced effectiveness Formal complaint (stage 2) complaint Local resolution (with potential to go to independent review) Repeated failure to meet internal standards Major patient safety implications if findings are not acted on
Non-compliance with national standards with significant risk to patients if unresolved Multiple complaints/ independent review Low performance rating Critical report
Totally unacceptable level or quality of treatment / service Gross failure of patient safety if findings not acted on Inquest/ombudsman inquiry Gross failure to meet national standards
-
Page 16 of 24 Risk Register & Risk Assessment Policy and Procedure
Human resources / organisa-tional develop-ment / staffing / compe-tence
Short-term low staffing level that temporarily reduces service quality (< 1 day)
Low staffing level that reduces the service quality
Late delivery of key objective/ service due to lack of staff Unsafe staffing level or competence (>1 day) Low staff morale Poor staff attendance for mandatory / key training
Uncertain delivery of key objective / service due to lack of staff Unsafe staffing level or competence (>5 days) Loss of key staff Very low staff morale No staff attending mandatory / key training
Non-delivery of key objective / service due to lack of staff Ongoing unsafe staffing levels or competence Loss of several key staff No staff attending mandatory training / key training on an ongoing basis
Statutory duty / inspections
No or minimal impact or breech of guidance / statutory duty
Breech of statutory legislation Reduced performance rating if unresolved
Single breech in statutory duty Challenging external recommendations / improvement notice
Enforcement action Multiple breeches in statutory duty Improvement notices Low performance rating Critical report
Multiple breeches in statutory duty Prosecution Complete systems change required Zero performance rating Severely critical report
Adverse publicity / reputation
Rumours
Potential for public concern
Local media coverage short-term reduction in public confidence Elements of public expectation not being met
Local media coverage long-term reduction in public confidence
National media coverage with 3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence
-
Page 17 of 24 Risk Register & Risk Assessment Policy and Procedure
Business objectives / projects
Insignificant cost increase / schedule slippage
25 per cent over project budget Schedule slippage Key objectives not met
Finance including claims
Small loss Risk of claim remote
Loss of 0.10.25 per cent of budget Claim less than 10,000
Loss of 0.250.5 per cent of budget Claim(s) between 10,000 and 100,000
Uncertain delivery of key objective/Loss of 0.51.0 per cent of budget Claim(s) between 100,000 and 1 million Purchasers failing to pay on time
Non-delivery of key objective/ Loss of >1 per cent of budget Failure to meet specification/ slippage Loss of contract / payment by results Claim(s) >1 million
Service / business interruption Environ-mental impact
Loss / interruption of >1 hour Minimal or no impact on the environment
Loss/interruption of >8 hours Minor impact on environment
Loss/interruption of >1 day Moderate impact on environment
Loss / interruption of >1 week Major impact on environment
Permanent loss of service or facility Catastrophic impact on environment
-
Page 18 of 24 Risk Register & Risk Assessment Policy and Procedure
Likelihood score (L)
What is the likelihood of the consequence occurring?
The frequency-based score is appropriate in most circumstances and is easier to identify. It should be used whenever it is possible to identify a frequency.
Likelihood score 1 2 3 4 5
Descriptor Rare Unlikely Possible Likely Almost certain Frequency How often might it/does it happen
This will probably never happen/recur
Do not expect it to happen/recur but it is possible it may do so
Might happen or recur occasionally
Will probably happen/recur but it is not a persisting issue
Will undoubtedly happen/recur, possibly frequently
Risk scoring = Consequence x Likelihood (C x L)
Likelihood Likelihood score 1 2 3 4 5
Rare Unlikely Possible Likely Almost certain 5 Catastrophic 5 10 15 20 25
4 Major 4 8 12 16 20 3 Moderate 3 6 9 12 15
2 Minor 2 4 6 8 10 1 Negligible 1 2 3 4 5
For grading risk, the scores obtained from the risk matrix are assigned grades as follows: 1 4 Low risk 5 12 Medium risk 15 - 25 High risk
-
Page 19 of 24 Risk Register & Risk Assessment Policy and Procedure
Authority of Managers With Regard to Managing Risk:
KEY:
Low risk Low risks are deemed as acceptable risks to Plymouth Community Healthcare, and require no immediate action but must be monitored regularly by the service and reviewed annually or when circumstances change. Managers are encouraged to take action on low risks particularly when these risks can be easily minimised be eliminated. These risks will be actioned locally within the service and entered as a local risk on the Risk Register within the Risk Management Workbook.
Medium risk Medium Risk - not acceptable unless a consensual decision is taken by a senior manager and team. Similarly not acceptable for a clinical risk unless a consensual decision is taken by a senior manager and senior clinician and team. Where appropriate the service should consider the risks and an agreed remedial action plan. These risks will be actioned locally and entered as a local risk on the Risk Register. The service will monitor the application of the action plan and review the risk grading and, if required, adjust. Risks that cannot be reduced locally should be notified in the first instance to the Locality Manager who may, after consideration, take the issue to the Risk Management Team. The risk will be evaluated and, if appropriate, entered onto the Corporate Risk Register. All risks should have developed and implemented appropriate remedial action plans. The Locality Manager will monitor the application of any such action plans and, if required, reduce the risk grading.
High risk High Risk - not acceptable unless the Board makes a consensual decision. These risks will be entered on the Corporate Risk Register. Appropriate actions may be developed and implemented. The Risk Management Team will monitor the application of any such remedial action plans and review and, if required, reduce the risk grading. The Corporate Risk Register will go to Plymouth Community Healthcares Board for discussion every three months or more frequently if needed.
-
Page 20 of 24 Risk Register & Risk Assessment Policy and Procedure
Appendix B
New Risk Identified at Service/Unit//Ward/Department
No
Risk to be reviewed by Manager
Can risk be managed locally?
Manager monitors Local Risk Register as part of
normal governance arrangements along with
feedback on reported incidents.
Risk Management Team review assessment of risk
The Executive Team discuss risk and agree if it should go on the Corporate Risk Register. PCH Board will monitor the Corporate Risk Register quarterly. If a commissioning risk it
will be forwarded to the Commissioners accordingly.
Review at PCH Board
Yes
Escalate risk to Locality Manager
Risk Management Team forwards risk to the Executive Team of
PCH Board.
Can risk be managed with assistance from Risk
Management Team?
Yes
No
Manage risk
Intervention by Risk Management Team
Risk accepted by Plymouth Community Healthcare CIC
Intervention / Control
Record risk assessment on Risk Register (incorporated within the Excel based Risk Management Workbook)
No
Can risk be managed locally?
Yes
-
Page 21 of 24 Risk Register & Risk Assessment Policy and Procedure
Appendix C
Date Hazard & Associated Risks CQC Outcome Controls in Place Hyperlink Likeli-hood
Conse-quence
Risk Score
[i.e. 3 Jul date will automatically format)
V1 - Document Management - lack of document organisation within shared folder will result in: a) Duplication and confusion, especially if documents are not version- controlled; b) Additional occupational stress for staff trying to locate documents c) Mis-understanding/communication when relaying information to staff / patients d) Potential for clinical negligence, complaints, adverse publicity possibly leading to lack of public confidence, downward turn in business and subsequent threat to service provision undertaken by [name of risk assessor]
Outcome 1: Respecting and involving people who use services
1) Team members have access to a shared folder on the Groups:./ drive
Likely - 4
Moderate - 3
12 Medium
REMEDIAL ACTIONS
1st Remedial Action Owner Due Date Date Completed 2nd Remedial Action Owner Due Date Date Completed
Discuss proposed changes re document organisation to team members, with a flow chart, if required
Team Manager [state their name]
[i.e. 3 Jul date will automatic
ally format)
[i.e. 3 Jul date will
automatically format)
Identify MOS to review current arrangements and agree new arrangements with team.
MOS [state their
name]
[i.e. 3 Jul date will
automatically format)
[i.e. 3 Jul date will
automatically format)
Tip: Alt+Enter allows user to create more lines in an Excel cell.
-
Page 22 of 24 Risk Register & Risk Assessment Policy and Procedure
Blank template Risk Assessment from Excel Risk Register in Risk Management Workbook
Date Hazard & Associated Risks CQC Outcome Controls in Place Hyperlink Likeli-hood
Conse-quence
Risk Score
REMEDIAL ACTIONS
1st Remedial Action Owner Due Date Date Comp 2nd Remedial Action Owner Due Date Date Comp
-
Page 23 of 24 Risk Register & Risk Assessment Policy and Procedure
Appendix D Quick Risk Assessment Reference Guide
For ease of reference, and in support of training provided by the Risk Management Team, the guide below is a summary of actions required. This does not negate the need for those involved in the process to be aware of and follow the detail of this procedure. The purpose of a risk assessment is to identify risks associated with legal, moral and financial duties in relation to your service activities, removing them where possible, or otherwise adopting all the control measures and precautions that are reasonable and practical in the circumstances. 1) Identify the risk - risks may be identified through a variety of mechanisms from: Walking around your workplace and looking afresh at what could reasonably be
expected to cause harm (i.e. change in practice / new equipment / relocation) Business / Service Delivery Plans / Eligibility Criteria Incident Forms / Serious Incidents Complaints / Litigation Health & Safety Risk Self-Audits / Workplace Inspections External Assessment / Audit including: Care Quality Commission, Environmental
Health, Internal Audit, Audit Commission National Confidential Enquiries, National Service Frameworks, Recommendations
from other external high level enquiries and reports NB: Dont forget to consider who could be at risk of harm / what could be at risk of loss or
damage. 2) Assess the Risk - once a risk has been identified a risk assessment should be
completed directly onto the Risk Register, incorporated within the Risk Management Workbook, the risk evaluated and scored in accordance with the risk scoring matrix (Appendix A), the outcome of which will identify whether more needs to be done to reduce or control the risk accordingly. Record appropriate remedial actions where they have been identified as being required to further reduce the risk of the harm / loss / damage being realised, giving each remedial action an owner and a deadline to be completed this becomes the Action Plan. When considering remedial actions, ask yourself:
Can I remove the risk/hazard altogether? If not, what controls need to be in place, so that likelihood (chance) of the risk
occurring will be eliminated or reduced as far as is reasonably practicable and / or the consequence reduced, should the risk be realized?
What assurance will I be able to get as to whether the controls are working? What the predicted (residual) risk rating is likely to be once all the controls are in
place? 3) Monitoring / Reviewing the Risk - all risks recorded on local Risk Registers
(incorporated within the Risk Management Workbook) will require regular monitoring by the service / unit / ward / team manager and communicated to your staff. In addition to this local monitoring, quarterly monitoring and exception reporting will be undertaken by the Risk Management Team to the Operational Risk Management Committee.
-
Page 24 of 24 Risk Register & Risk Assessment Policy and Procedure
All policies are required to be electronically signed by the Lead Director (the policy will not be accepted onto Healthnet until the e-signature is received). The proof of signature for all policies is stored in the policies database.
The Lead Director approves this document and any attached appendices. Signed:
Title: Deputy Chief Executive/Director of Governance
Date: