risk management strategy - hct

Risk Management Strategy GR21 0914, V.4 of 19

High Value

Health Care

Risk Management Strategy

(Reference No. GR21 0914)

Version: Version 4, September 2014

Version Superseded: Version 3, March 2012

Ratified by: Hertfordshire Community NHS Trust Board

Date ratified: 11th November 2014

Designation of originator/ author (Lead

Officer):

Tracey Westley, Acting Deputy Director Quality,

Risk & Assurance

Name of responsible committee/ individual: Hertfordshire Community Trust Board/

David Law, Chief Executive Officer

Name of executive lead: Clare Hawkins, Director of Quality &

Governance/Chief Nurse

Date issued: 31st January 2015

Review date: 2 years from date issued or earlier at discretion

of the Executive Lead or Author

Target audience: All Hertfordshire Community Trust (HCT) staff


Contents

Introduction ........................................................................................................................... 3

Purpose ................................................................................................................................ 3

Scope ................................................................................................................................... 4

Vision .................................................................................................................................... 4

Risk Management Strategic Aim ........................................................................................... 4

Framework ............................................................................................................................ 6

Risk Hierarchy ...................................................................................................................... 8

Roles and Responsibilities for Delivery of the Risk Management ......................................... 9

Delivering the Risk Strategy and Achieving the Vision ....................................................... 11

Monitoring Compliance and Effectiveness .......................................................................... 12

Equality Impact Assessment (EIA) ...................................................................................... 12

Reference and Bibliography ................................................................................................ 12

Appendix 1 - Delivering the Risk Vision : Key Milestones .................................................. 14

Appendix 2 - Committee Structure ...................................................................................... 16

Appendix 3 - Risk Register Framework ............................................................................... 19


Introduction

1.1 Hertfordshire Community NHS Trust (HCT – the Trust) is committed to ensuring all services are provided to a high quality. The Board of Directors recognise that successful risk management must be forward thinking, must be the responsibility of all, must be comprehensive and coordinated, and that proactive and continuous identification and management of risk is essential to the delivery of high value healthcare. Further we recognise that risk management is integral to all elements of Trust business and should be embedded in the Trust’s philosophy, practices and business at all levels throughout the organisation.

The Trust expects all staff to subscribe to its vision, values and strategic objectives to which this strategy relates. This strategy is therefore integral to the work of all the Trust’s Directorates/Business Units and supports the delivery of strategic objectives. It sets out why risk management is important for HCT at this time, and describes both the current and aspirational status of risk management.

Delivery of the strategy vision is set out in the expected milestones (Appendix 1) which will be monitored by the Audit Committee and annually by the Board.

1.2 This strategy for risk is supported by the:

Risk Management Policy

Assurance and Escalation Framework

Quality Strategy 1.3 This strategy will be accessible to public and staff through the HCT Intranet or

by the issue of controlled paper copies where appropriate.

Purpose

2.1 The purpose of this risk management strategy is to set out the Trust’s vision and overall consistent approach to identify, analyse, evaluate and control risk across the organisation in order to contribute to the Trust’s overall strategic objectives. This includes the structures and processes which support effective risk management, including the high level committees (Appendix 2) with responsibilities for risk, the duties and authorities of staff, and the mechanisms to review compliance with the strategy. The Board Assurance Framework (BAF) and High Level Risk Register (HLRR), along with other management tools, will be used to ensure that the Board have a comprehensive view of the Trusts risk profile.


Scope

3.1 This policy applies to all staff working for, or on behalf of, the Trust (HCT), with an active lead from the Chief Executive, Executive team, Assistant Directors, General Managers, Heads of Service, Managers and Supervisors to ensure that risk management is a fundamental part of the total approach to the delivery of high quality healthcare. It is intended to cover all potential risks that the Trust may be exposed to.

Vision

4.1 To become a leading light in the provision of innovative programmes of care which maintain and improve the health and wellbeing of the people of Hertfordshire and other areas served by the Trust.

4.2 HCT will demonstrate increased risk maturity, moving along the continuum of awareness, and embedding risk management at all levels throughout the Trust; using effective risk management process to enable self-managed teams and support the attainment of the strategic objectives.

The risk management vision serves the following purpose for HCT:

It is integral to the governance mechanism of the Trust It allows the evaluation of risk in terms of the strategic impact upon the

organisations objectives It enables supported decision making for effective safe clinical care, improved

patient experience and sustained effective financial management It provides a practical tool which enables effective prioritisation and decision

making by identifying priorities for action and revealing operational areas for improvement

Risk Management Strategic Aim

5.1 The Trust aim is to operate in a culture of creativity and innovation, in which risks are identified, understood and proactively managed, and where we continuously learn from and review the efficiency of our risk management. In order to be the best community healthcare provider HCT will have the best practice in relation to risk management which will be based on national evidence and be in context to the local risk management status for HCT. The principal strategic aim of the risk management strategy is:

HCT Board, Executive Directors and all staff to have understanding and ownership of, and commitment to, the control and management of all reasonably foreseeable risks that may arise within the context of the Trust’s activities, ensuring the Trust remains within its risk appetite.


5.2 HCT is committed to achieving excellence in the delivery of patient centred care in an environment that promotes the safety, wellbeing and experience of our patients, staff and visitors, whilst safeguarding the continuity of services, assets and reputation of the Trust; that is “High Value Healthcare”.

5.3 The management of risk is the responsibility of all staff. All staff will be involved in the identification, management and mitigation of risks in their day to day work. The ownership of risk will be evident at all levels of the organisation. Risk management will be all about approach and less about checklists, and moving forward a culture of enabled risk management. All staff will take responsibility to identify (I), analyse (A) and manage (M) risk (I AM responsible) and patient safety will continue to be at the heart of everything we do.

5.4 The Trust acknowledges that there is progress to be made in order that risk management becomes an instinctive part of the everyday working practice of staff and not a bureaucratic process, and that staff feel fully empowered in managing risk. The key milestones in 2014 – 2017 to achieving our vision are outlined in Appendix 1.

Risk management will fully support the delivery of HCT’s strategic objectives. The key outcomes for patients, staff and stakeholders, which will be demonstrated by 2017 as a result of this strategy, are:

Patients, carers and their families will be confident that they will

receive excellent patient-centred care in an environment that promotes their safety, well-being and satisfaction as well as that of visitors and staff

receive care in an organisation which promotes a culture of creativity and innovation, in which risks are identified, understood and proactively managed.

Every member of staff will

be involved in, and take responsibility for, the identification, management and minimisation of negative / harmful risks in their day to day work

be involved in, and take responsibility for the identification, management, and realisation of opportunistic risks within the Trust risk appetite in their day to day work

escalate risks without delay, including incidents and feedback with potential or actual serious impact

be competent to consistently describe and measure the impact and consequence of risks and the outcomes of effective risk management

make informed management decisions based on risk

HCT will demonstrate increased risk maturity through

sharing identified risks and their management in an open and transparent way


be seen to continuously learn from and review the efficiency of its risk management.

be recognised for best practice in relation to risk management

Thus the Board will be confident in their systems on internal control and be provided with assurance on the effectiveness of systems in place throughout all levels of the Trust to ensure risks are being managed and mitigated. Risk management reports will be provided to the Board and linked to review of the risk management strategy.

Framework

6.1 The Trust is committed to a unified approach to risk management and has integrated safety and incident reporting systems. The Trust has developed a governance system of internal control (SIC) which ensures that the strands of governance such as financial, clinical, operational and research are brought together in a coherent way.

Key Features Effective Risk Management

Governance Robust Risk Management underpins all decisions and business

planning to deliver strategic objectives

Risk Appetite

Organisational approach towards risk

Each risk is assessed to determine if within the risk Trust appetite

of acceptable risk (as per risk score and type of risk)

Risk

Identification

Context and impact on Trust strategic objectives is considered

Type of risk – Clinical, Organisational/Strategic, Financial, Reputational, Health & Safety, Information, Environmental

“cause” of the risk, its predicted “effect” and the resultant potential “adverse consequence”

Risk

Assessment

Description of the risk including type, effect and adverse

consequences

Evaluation/quantification of potential financial and non-financial

impact – as per risk matrix scores (1-5) of likelihood and

consequence

Management approval of risk assessment including efficacy of

controls and assurances, risk score against Trust risk appetite,

Efficacious

Controls and

Assurances

Sources of internal and external assurances (audits/reviews) and

controls (reports to committees/Trust Board)

Analysis of current level of controls or assurances

Risk

Mitigation(s)

Decisions and actions to address the “cause” of the risk by

improving existing controls and assurances resulting in a

reduction the consequence and/or likelihood to within an

acceptable / manageable risk appetite level.


Monitoring and

Reporting

Regular monitoring through re-assessment of risk and

effectiveness of the actions on improving controls and assurances

and therefore reducing the overall risk score (to an acceptable

risk appetite level).

Risk Escalation An integral element of robust monitoring and reporting at each

stage to enable timely escalation – includes current and new risks

6.2 The Trust is committed to an integrated governance approach to risk management which is achieved by a structure that functions to support a co-ordinated approach to governance and risk management. The Trust’s system of internal control is underpinned by the governance committee structure (Appendix 2).

6.3 The key committees with responsibility for receiving assurances on risk management and the delivery of this strategy are the Trust Board and four of its sub-committees; Audit Committee, Healthcare Governance Committee, Strategy and Resources Committee and the Executive Team. All committees, sub–committees, groups and forum have responsibility to identify and escalate risks to the parent committee and thus to Board via the Assurance and Escalation Framework.

This is further supported by the Trust’s commitment of compliance with the registration requirements of the Care Quality Commission. It is based upon a re–iterative internal risk management process and a live risk register framework (Appendix 3) showing movement between service and Board. The Board Assurance Framework (BAF) assesses the principle risks to achieving the Trust corporate objectives. This framework enables identification of risks to the achievement of the organisation’s strategic objectives; to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically, identifying gaps in control and gaps in assurance which require action and monitoring.

6.4 The Trust risk management framework encompasses:

A risk management strategy from providing the overall strategic aims to enable the Trust to achieve its overall vision

A risk management policy which describes HCT’s approach to risk management, including process, roles and responsibilities. The Chief Executive has overall responsibility for the Trust risk management processes

A ‘live’ risk register held on an electronic management system, which includes current historical risk assessments and record of current risk status and is linked to analysis of complaints and incident reporting

An approved Board Assurance Framework which is aligned to the Trust corporate objectives and records the strategic risks, which are detailed in the electronic risk register

Risk management principles which are embedded in HCT’s approach to project risk management of change whilst being sufficiently balanced to allow for the development innovative practice


Risk management principles which are embedded within business planning process which require the directorates and business units to identify record risk linked to the integrated HCT strategies and annual planning process.

Risk Hierarchy

7.1 HCT has adopted the IRM iterative approach to risk management; this ensures that risks are identified and managed by staff with the appropriate level of knowledge and responsibility for the specific risk faced. This includes the authority to identify and implement appropriate actions. This approach allows the escalation of risk through service, business unit and directorate structures when the likelihood changes or significant risk have been identified.

IRM 2012

7.2 Executive Directors have the authority to manage risks on the BAF and risks on the HLRR (current score 15 and above) in particular where the risk extends across a directorate and is not limited to a business unit or service within that directorate.

7.3 Assistant Directors have the authority to manage risks on the HLRR (current score 15 and above) where the risk is limited to their area of responsibility within the business unit or directorate and risks on their business unit/directorate risk register (current score less than 15) where the risk extends across the business unit or directorate and is not limited to a service.

7.4 Line Managers have the authority to manage risks on the business unit/directorate risk register where the current risk score is less than 15 and where the risk is limited to their area of responsibility.

What does this mean for people who use our services?

Risk leadership

Dealing with bad news

Accountability Risk resources

Reward

Informed risk decisions

Risk skills Transparency To

ne

at the

top

G

overn

ance

De

cisi

on

s C

om

pet

en

cy


HCT will put patients first. The patient will feel HCT undertakes a risk managed approach to provide innovative programmes of care which are aimed at maintaining and improving the health and well-being of people for whom HCT are commissioned to provide services, therefore delivering risk managed high value healthcare. This supports HCT’s belief to deliver the right care at the right time to the right person. It ensures staff are trained to assess and manage the healthcare for those people who use our services

Roles and Responsibilities for Delivery of the Risk Management

Strategy

8.1 The delivery of this strategy is dependent not only on the responsibility delegated to key committees and their integrated reporting structure but also through the responsibilities held within key roles within the Trust. More detail on the roles and responsibilities to service level are outlined in the Risk Management Policy.

8.2 Chief Executive of HCT

The Chief Executive Officer is the Accountable Officer for the Trust and has overall accountability and responsibility for the operational implementation of this strategy, development of the Annual Governance Statement and for ensuring that Executives and Non-Executive members of the Trust Board access annual training and education for risk management in healthcare.

8.3 Director of Quality & Governance/Chief Nurse

The Director of Quality & Governance/Chief Nurse has delegated overall responsibility from the Chief Executive Officer and is the Executive Lead Director for ensuring that all risk and assurance processes are devised, implemented and embedded throughout the organisation and for reporting to the Chief Executive and Executive Team any significant issues arising from the implementation of this strategy including evidence of non-compliance or lack of effectiveness arising from the monitoring process so that remedial action can be undertaken.

As Chief Nurse the Director of Quality & Governance has responsibility for seeking assurances on the management of risks related to professional practice of nurses and allied health professionals in the Trust, liaising with the Trust’s lead Allied Health Professional (AHP) and professional bodies as required.

8.4 Medical Director

The Medical Director has responsibility with the Director of Quality & Governance/Chief Nurse for clinical risk management and clinical


governance, and is jointly responsible with the Director of Finance for information governance. The Medical Director is the Caldicott Guardian, and facilitates medical and dental staff compliance with all safety and risk management procedures and seeks assurances on the management of risks related to their professional practice and revalidation, liaising with professional bodies as required.

8.5 Director of Finance

The Director of Finance has responsibility for ensuring that the Trust operates within financial constraints and balances competing financial demands and for coordinating the internal audit programme for the Trust. The Director of Finance is the SIRO (Senior Information Risk Owner) for the Trust with delegated responsibility for information governance risk management.

8.6 Company Secretary

The Company Secretary is responsible for maintaining the BAF on behalf of the Board and the Executive Team and ensuring that it is presented to the Board and Audit Committee at the agreed intervals.

8.7 Executive Directors and Executive Team

The Executive Directors are accountable to the Chief Executive for all areas of risk and assurance in respect of their areas of remit. As such, in addition to being collectively accountable as an Executive Team, they are also individually accountable to the CEO, the Audit Committee and the Board. This includes populating the BAF and ensuring within their directorates the appropriate and timely populating and reporting of risk registers.

Executive Directors are responsible for directing the implementation of the risk strategy and associated policies and ensuring that risk management arrangements are embedded within their areas of responsibility.

8.8 Deputy Director of Quality, Risk & Assurance

The Deputy Director of Quality and Assurance is accountable to the Director of Quality & Governance and Chief Nurse, and has delegated responsibility for the implementation of risk management and clinical assurance processes across the Trust working through the Risk & Assurance Team and with the Directors, Deputy Directors, General Managers and Service/Locality Managers in the Trust. The Deputy Director of Quality & Governance is responsible for maintaining progress against the milestones outlined in the risk management strategy, and for ensuring the HLRR is maintained on behalf of the Board and the Executive Team and analysing the CQC Quality & Risk Profile for the Trust and ensuring that they are presented to the Board and Audit Committee at the agreed intervals.


8.9 Non-Executive Directors

The Board chair is the designated Non-Executive link for the Risk Strategy. All Non-Executive Directors have been consulted in the development of the strategy. All have responsibility to provide appropriate objective challenge and to seek assurance of effective implementation.

8.10 All Staff

All staff have a responsibility to be familiar and comply with the Trust’s risk management policies and processes, and to identify, assess and report risks, and to mitigate risks over which they have control in their daily work and to cooperate with their line managers in respect of the line manager’s responsibilities. This includes using the Assurance and Escalation Framework to raise concerns. They are also responsible for undertaking training identified by their line manager and to report known breaches of compliance with the risk management policies whether by others or by themselves.

Delivering the Risk Strategy and Achieving the vision

9.1 Risk assessment is an iterative process and all risks are periodically reviewed and reassessed in view of contextual changes. Reassessment is undertaken proactively at intervals proportionate to the risk magnitude and risk appetite as well as reactively in response to anticipated or known changes (Appendix 3). Risk appetite is explored for strategic and operational risks throughout the BAF, High Level Risk Register (HLRR) and Business Unit or Directorate risk registers and evidence considered for whether residual risks are acceptable or not.

All strategic risks are reviewed by the Executive Team who confirms their management through the content of the BAF in preparation for presentation to the Board for their consideration.

All high level risks (risk score 15 - 25) are reviewed by the Executive Team who confirms their management through the content of the HLRR in preparation for presentation to the Board for their consideration.

All lower level risks (risk score less than 15) are reviewed by the General Manager, Deputy Director or Director (risk owner) who confirm their management through the content of the Business Unit/Directorate risk registers.

9.2 Risks which are not considered acceptable (outside the Trust risk appetite) will be managed out through strategic and operational change or transferred (e.g. by contracting out) leaving acceptable (and opportunity) risks. Such risks are managed and mitigated through the Trust’s risk management processes and retained risks are recorded and reviewed through the Trust’s risk registers.


9.3 In accordance with the Risk Escalation framework when monitoring the acceptable risks, the Board and committees will consider:

existing controls to determine whether the risk score is appropriate whether identified additional controls are suitable and sufficient to mitigate the

risk within appropriate timescales whether there are links between identified risks, which point to broader

corporate issues whether identified risks represent risks to the Trust’s strategic aims and

should therefore be escalated to the Board Assurance Framework (BAF)

9.4 Committee observations and required actions will be communicated to the parent committee reporting to the Board via the Chair’s report. These will be considered by the committee under the standing agenda item of “Reflection and issues for escalation” and be focused towards assurance, escalation, integration (interdisciplinary work recommended) or the commissioning of additional actions / monitoring by a junior committee.

9.5 HCT uses the principles outlined by the NPSA (2007) and the procedures detailed within the Trust’s Risk Management Policy.

Monitoring Compliance and Effectiveness

10.1 The Audit Committee’s scrutiny of risk and governance will provide assurance of delivery against the Quality Governance framework and delivery of the Risk Management Strategy.

10.2 The actions required to implement this strategy are set out in the Risk

Management Action Plan. Progress against the Risk Management Milestones will be reported quarterly to the Executive Team and half yearly Audit Committee and to the Board.

Equality Impact Analyses (EIA)

11.1 The completed EIA form for this policy has been undertaken by the Lead Officer and is available on request

References and Bibliography

There are a number of other strategies/documents that are critical to successful delivery of risk management within HCT. These are:

Quality Strategy 2014/17, incorporating the clinical governance strategy Information Governance Plan NHS and professional codes of conduct Monitor’s Compliance Framework 2012/13


The policies below support the effective delivery of enabled risk management:

Risk Management Policy Assurance and Escalation Framework Incident Policy and Procedure Serious Incident Policy and Procedure Whistle Blowing Policy Legality and Claims Management Policy Education, Training and Development Policy Complaints and Concerns Policy Lessons learnt from Complaints, Litigation, Incidents & PALS Enquires Policy Being Open Policy

Bibliography

Building the Assurance Framework: A Practical Guide for NHS Boards (DH, 2003)

Integrated Governance Handbook (DH, 2006) Risk Management Standards, NHS Litigation Authority (NHSLA) Risk Matrix for Risk Managers, (NPSA, 2008) Audit Committee Handbook (published 2011) Care Quality Commission 2010; Essential Standards of Quality and Safety Good Governance Institute: Risk Appetite for NHS Organisations 2012 Quality Governance Framework (Monitor July 2010) Monitor’s Compliance Framework 2012/13. Monitor Risk Assurance Framework 2013 (Update 2014) Risk Culture (Institute Risk Management 2012) Fundamentals of Risk management Understanding, Evaluating and

Implementing Effective Risk Management (Kogan 2012)

http://www.nrls.npsa.nhs.uk/resources/?EntryId45=59825

http://www.nrls.npsa.nhs.uk/resources/?EntryId45=59825

http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4093992


http://www.nhsla.com/riskmanagement/

http://www.npsa.nhs.uk/nrls/improvingpatientsafety/patient-safety-tools-and-guidance/risk-assessment-guides/risk-matrix-for-risk-managers/


http://www.cqc.org.uk/sites/default/files/media/documents/essential_standards_of_quality_and_safety_march_2010_final_0.pdf

http://good-governance.org.uk/services/risk-appetite.htm

http://www.monitor-nhsft.gov.uk/home/browse-category/guidance-foundation-trusts/mandatory-guidance/compliance-framework-2012/13


Appendix 1 – Delivering the Risk Vision: Key Milestones

Timescale Milestones

April 2014 to March 2015

Governance

arrangements

Assurance & Escalation Framework included in Induction material

Risk Management Strategy (incorporating Risk Escalation and Assurance Framework) signed off by Trust Board HLRR and BAF reviewed monthly by Executive identifying critical issues and mitigating actions. (Complete)

BAF updated monthly and Board approval quarterly

Publication of BAF extract on Trust intranet

Risk Appetite for each type of risk agreed and defined by Board annually

Risk appetite informs Annual review of KPIs

All service managers able to identify, analyse, mitigate and manage risks effectively, “I AM responsible” demonstrated

Consistent risk scoring is applied

Quality Impact Assessment model is revised

Quality Impact review model is revised

Assurance

(re efficacious)

BAF signed off the Trust Board

LTFM downside model re-quantified and signed off by Trust Board

Business Unit Business Plans are quality impact assessed and associated risks assessed, quantified, managed and aligned on the risk register

Monitor &

Reporting (incl.

Outcomes)

Risks from Business Planning assessed and routinely reported in BUPR

Quality Impact Assessments undertaken for all service changes and reported to Executive team

Training &

Development

Senior manager risk awareness refresh guidance cascaded

Refresh coaching of Business Unit managers

Agree annual risk management training plan

Provide Datix risk register module training to all risk owners

Introduce risk surgeries in localities

October 2014 – April 2015

Governance

arrangements Confirmed adaption to Monitor Risk Assessment Framework and

Enforcement Guidance Assessment


Assurance

(re efficacious)

Annual review of RM Strategy signed off by Trust Board

Self / external assessment to demonstrate :

“I AM responsible” embedded in GM/DDs/Service leads daily working practices

Evidence of scrutiny and challenge of risks at Board, sub committees of Board, Executive, and GM/DD/Service leads level of organisation

Consistent examples of effective risk management at service and BUPR level

Improved data quality re accurate (and open) reporting. To include number of incidents and near misses.

Evidence of change in practice arising from learning from Serious Incidents

Information routinely shared across the organisation of types of incidents and actions taken as a result

Evidence shared across organisation re the management of risks associated with business unit plan developments

Datix risk management system informs the ‘Business Intelligence’ platform

Internal review to demonstrate Risk Management is a “core” element of

everyday work

Monitor &

Reporting (incl.

Outcomes)

Effective and transparent consolidation from service to HLRR and BAF is evident

IBPR routinely updated, noting exception reports triangulated with HLRR and BAF

Quality Impact review process developed and implemented reporting outcomes to Executive Team

Training &

Development

80% of staff have completed risk management training aligned to the organisation TNA needs

Learning and training requirements identified with targeted approach to address highest needs

Develop online eLearning risk management training package

Annual review and develop Datix risk register module to meet needs of Trust

April 2015 – September 2015

Assurance

(re efficacious)

External review to demonstrate Risk Management is a “core” element of

everyday work

Nov 2015 - March 2017,

Management I AM responsible – all staff able to identify and escalate risks – clinical

and non-clinical.

Training &

Development Annual risk management training plan is signed off and delivered

March 2017 Routine Internal / external review demonstrate Risk Management is a

“core” element of everyday work


Appendix 2 – Committee Structure

Audit Committee

HCT Board

Remuneration Committee

Patient Safety & Experience Group

Foundation Trust Committee

Information Governance Group

Clinical Effectiveness Forum

Healthcare Governance Committee

Health & Safety Group

Safeguarding Forum

Joint Negotiating Committee

Strategy & Resources Committee

Charitable Funds Committee

Board as Corp orate Trustee

Medicines Management Forum

Executive Team

Clinical Effectiveness Group

External / Multi - Agency Boards: HSAB HSCB

Trust PMO (Projects as tasked)

Estates & Capital Investment Strategy Sub Committee (FD)

Market Strategy (FD)

Workforce & OD Strategy Sub Committee (Dir. of HR & OD)

IM&T Strategy Sub Committee ( FD)

Quality Strategy (Dir. Q&G)

Clinical Services Strategy (Med. Dir.)

Communications & Engagement Strategies (CEO)

Emergen cy Planning & Resilience Group

SMT

Risk Management Strategy (Dir Q&G)

CoG Working Groups (eg Membership, Engagement, and Quality )

Council of Governors

Business Planning

Infection Control Forum

Business Unit Performance Reviews

Medical Devices Forum

Procurement Group

Mortality Review Forum

Serious Incident Panel

Research & Development Forum

Fraud Risk Group

Finance Strategy (FD)

Appointments & Remuneration Committee

FT PMO

(Informal and time limited Working Groups / Project Teams)


Hertfordshire Community NHS Trust Board

The Board has collective responsibility for overseeing all aspects of risk management throughout HCT and seeking assurances (positive or negative) that this strategy is effectively implemented, monitored and complied with.

The Board is the designated committee for this strategy and is responsible for reviewing the Trust’s risk management performance against achievement of its strategic objectives. This includes receiving assurances from the Chief Executive and Executive Directors and Board Committees that mitigation is in place through controls and actions, and for setting the risk management strategy and delivery plan, determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives (risk appetite) and allocating resources as required. It has delegated the functions of risk governance to key governance committees, each of which has a responsibility to provide assurance to the Board in respect of the risks that fall within their specific remit. The Board receives a copy of the Board Assurance Framework (BAF) and High Level Risk Register (HLRR) quarterly.

The Trust Board and its sub-committees are committed to risk management and will:

where appropriate, demonstrate personal involvement and support for risk management

approve, review and monitor key strategies, policies and associated training for risk management on a regular basis

ensure that there is a structure and training in place for effective risk management within the Trust

manage and monitor risk identified in the BAF and HLRR that may prevent the Trust from achieving its objectives

identify and manage risks raised by appropriate directors and receive assurance that mitigation is in place

be involved in external assessments of risk management.

Audit Committee

The Audit Committee has delegated responsibility on behalf of the Board to seek satisfactory assurances that the Trust is meeting its statutory internal and external requirements to remain a safe effective business through embedded and effective risk management systems and processes with appropriate support from internal/external audit. It has primary responsibility for all aspects of financial risk and retains an overview of governance risks including clinical risks.

The Audit Committee is responsible for seeking assurances that the strategic and high level risks are being controlled and managed effectively and advising the Board on the adequacy of risk management arrangements throughout the Trust. It reviews the BAF and HLRR (and de-escalated high level risks) at every meeting and receives a paper outlining links between them, and progress and issues for review. It receives a summary of the CQC Quality & Risk Profile for the Trust each quarter and undertakes a review of the (draft) Annual Governance Statement each year.

Healthcare Governance Committee

The Healthcare Governance Committee has overall responsibility for ensuring effective risk management for patient safety, patient experience, infection prevention


and control, safeguarding, clinical audit and clinical effectiveness and will bring to the attention of the Audit Committee and the Board risks that may affect patient safety and/or failure to meet the Care Quality Commission Essential Standards of Quality and Safety (CQC 2010).

The Healthcare Governance Committee is responsible for considering and reviewing clinical risks and ensuring that high operational or strategic risks are reported to the Executive Committee for consideration to populate the Board Assurance Framework and through this to the Audit Committee. It receives the High Level Risk Register in line with its business cycle with a summary paper outlining progress and issues for review.

Strategy and Resources Committee

The Strategy and Resources Committee has overall responsibility for ensuring the Trust cooperates within financial constraints and manages risks related to investment and business development and will ensure systems are in place to this effect.

The Strategy and Resources Committee is responsible for considering and reviewing finance and business risks and ensuring that high operational or strategic risks are reported to the Executive Committee for consideration to populate the Board Assurance Framework and through this to the Audit Committee.

Executive Team

The Executive Team has collective responsibility for ensuring that:

effective systems, processes and resources are in place for the implementation of the risk management related policies and for their compliance

arrangements are in place for receiving and reporting (positive or negative) assurances through to the Trust Board or any relevant committee or sub-committee of the Board as delegated, as to the effectiveness of and compliance with risk management related policies and this strategy.

The Executive Team is responsible for all aspects of managing risk, including

reviewing the Board Assurance Framework (BAF) and High Level Risk Register (HLRR) every month

confirming their validity and considering escalation/de-escalation and linking between the BAF and HLRR

ensuring steps are taken to mitigate the risks and reduce them to an acceptable level approving all risk management related policies collating the annual training needs of the Board.

Other sub-committees of Healthcare Governance Committee and sub-groups of the Executive Team have delegated responsibility for overseeing all areas of risk management within their specific area/s of remit as defined in their terms of reference These committees have their remit and responsibilities related to risk embedded in their respective terms of reference.


APPENDIX 3 - Risk Register Framework

Reporting

Actions

Health Care Gov. Committee

2/12

HLRR

> = 15 < = 12

Risk evaluated using the RISK matrix

Line Manager

informs the duty

GM/DD of the risk

immediately.

GM/DD confirms the high level risk and records /

escalates to the High level

risk register with an action plan and informs

the Risk Manager for consultation.

When the

risk is

mitigated to

score 12 or

less

Event or Predicted Event

Line manager is informed of

the risk & reviews

Safeguarding IG & Security Health & Safety Risk & Assurance Manager Infection Control

Exec team informed of Escalation to the HLRR

and alignment to the BAF

1/12 reviews by the /GM//DD

Audit Committee

3/12

Line manager

is informed of

the risk at a

service review

Is the risk score? High (15 & above)

or Med, Low,

Negligible (12 or

less)

Senior line manager confirms the risk and

records on the business unit risk register with an action plan and

min. 2/12 reviews

Can the risk be

immediately

controlled?

Risk Closed and Archived

When the action plan is completed and the risk is mitigated to an acceptable level

GM/DD and Risk & Assurance Manager

are informed

BAF

Trust Board

Risk Identified

Yes No

GM/DD refutes risk score

and agrees mitigation

management at service

level

risk management strategy - hct

Documents