business services organisation (bso)€¦ · web viewa full disaster recovery (dr) test was...
TRANSCRIPT
![Page 1: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/1.jpg)
Paper BSO 24/2017
23 March 2017
Board
Corporate Risk and Assurance Report 2016-17
1. Purpose of this report2. The purpose of this report is to record changes to the Corporate Risk &
Assurance Report made between December 2016 and March 2017 and to
outline progress made to date on risk actions.
2 Changes to Corporate Risks
New Risks – The following new risk is proposed by the Director of
Operations.
12. Use of manual interventions and lack of automated reporting functionality
in dental system may lead to inaccurate payments resulting in financial and
reputational implications
Revised Risks – The following risks have been updated and/or re-numbered
with changes shown in red: 1, 2, 3, 5, 6, 7, 8, 10, 11 and 12.
Removed Risks – No risks are proposed for removal
1
![Page 2: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/2.jpg)
Corporate Objective No 1: To Deliver Value for Money Services to our Customers
Report on Board Action PlanRisk Description(Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate1. Levels of savings in the overall environment for HSC are so great that BSO service provision to customers are negatively affected and/or we fail to breakeven.
The Leadership Centre may be particularly affected by a reduced level of client income e.g. HSCB
Risk Owner(s)DoFCX / Dirs
Type of risk:Economic & Financial
4 4 16 Highâ
Budgetary Process Breakeven Budget with specified savings programme
Latest Best Estimates
Service Offering
Meetings held with DHSSPS sponsor branch
Budgetary Monitoring (I) SMT Accountability to CX (I) External Audit - Report to those charged with Governance (E) Budgetary Control process (I) Directorate Service Team Meetings (I) Financial Accountability Reviews with Directors (I) Financial Management Standard (I) & (E) Risk Reporting & Review (I) CX Review of Dirs Objectives (I) Dept Accountability Review (E) MIPB Assessment
.
Develop 2017/18 service offering
DoF/ADFM
March 2017
BSO received a 2016/17 DHSSPSNI allocation letter on 16 March 2016, providing formal confirmation that a 15% cut to the BSO recurrent RRL had been applied, effective from April 2016. 2016/17 budget was approved at Board meeting on 26th May.
Monthly budgetary control process indicates that savings are being delivered in accordance with plans and a break even position is forecast.
At the request of the DoH, BSO have recently submitted scenarios for the 2017/18 financial year reflecting RRL reductions between 2% and 15%.
Work has commenced on the preparation of the 2017/18 service offering, including work to realign SLA charges for the 17/18 year onwards.
2Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 3: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/3.jpg)
Corporate Objective No 1: To Deliver Value for Money Services to our Customers
Report on Board Action PlanRisk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate2. Inability to prove quality, productivityand VFM, and show that we are competitive and addressing customer expectations.
Risk Owner(s)DoCCPDirs
Type of risk: Financial, Customer/Citizen & Partnership Contractual
2 4 8 Highâ
Existing Processes to measure Quality Standards; SLA’S;KPI’s; Framework /Scorecard;Monthly report to Customers;Internal Audit programme;Audit Control Process;Annual Quality report.Benchmarking performance reported to Business Committee
Accredited Bodies - ISO/Lexcel (E) Monthly Reports to Customers (I) Scorecard monitoring SLA Monitoring (I) Financial Management Standard (I) & (E) Customer Survey (E) SMT Meetings (I) GAC Audit Control Review (I) Dept Accountability Review (E) MIPB Assessment
Further participation of BSO Services in Benchmarking programme for 2016-17.
Annual customer surveys
DoCCP
April 2017
March 2017
Further areas are undertaking benchmarking questionnaires and updates will be reported to Business and Development Committee April 2017
2016/17 SLAs have been issued. 17 of 18 have been signed and returned. DoH to be made aware of the position.
Reported to SMT on 18th January 2017. One survey was reopened and results due to be presented to Board end of March together with options for customer satisfaction measurement moving forward.
3Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 4: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/4.jpg)
4Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 5: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/5.jpg)
Corporate Objective No 1: To Deliver Value for Money Services to our Customers
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEnd
Dates
Comment
L I S Rate3. Risk of not achieving the agreed Shared Services business case outcomes for HR and Finance systems leading to financial and reputational damage.
Risk OwnerHead of SS
Type of risk: FinancialReputational
3 4 12 Highâ
Departmental oversight of BSF Fortnightly departmental meetingsMonthly AD forumMonthly Finance AD forumMonthly HR AD forumQuarterly regional orgs customer forumBSTP programme boardSEHSCT migration complete
Departmental oversight of BSFMonitoring of service delivery against KPIs
WHSCT migration
Execute BSF workplan
FPL upgrade
Head of Shared
ServicesMarch 2017
Head of Shared
ServicesMar 18
Head of Shared
ServicesSept 17
WHSCT deployment of eRec was completed March 2016.WHSCT commissioned an audit on migration readiness which has been completed in March 17. Recommendations have been submitted by Internal Audit to contribute to the migration planning. WHSCT have shared a provisional plan for deployment of shared services commencing April 2017.
Upgrade has been delayed by the supplier. Phase 1 is due to be completed June 2017 and Phase 2 by September 2017
5Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 6: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/6.jpg)
Corporate Objective No 1: To Deliver Value for Money Services to our Customers
Report on Board Action PlanRisk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate4. HSC restructuring leads to a reduced level of SLA income from HSCB who are currently our largest customers. If HSCB functions are split across a range of organisations there is a risk to the stability of this income source, and therefore BSO’s ability to effectively deliver the services
Risk Owner(s)SMT
Type of risk: Financial, Customer/Citizen & Partnership Contractual
Risk added:9.12.2015
3 4 12 Highâ
CEx is a member of the HSC Restructuring Programme Board.
Engage as early as possible to identify to which organisation(s) current HSCB services will transfer to.
SLA/ funding realignment to be identified and progressed following clarity on redistribution of services.
DoCCP
March 2018
DoCCPDoF
2017/18- TBC
The CEx is a member of the HSC Restructuring Programme Board. The design phase is ongoing with further public consultation expected Autumn 2016.
Implementation of the programme plan is likely to commence during 2017/18 with completion planned for early 2018/19.
6Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 7: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/7.jpg)
Corporate Objective No 2: To Grow our Services and Customer Base
Report on Board Action PlanRisk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate5. There is a risk that BSO will be unable to implement the Social Care Procurement project resulting in slippage in procurement programme to address the new light-touch regime detailed in regulations 74-77 of the Public Contracts Regulations 2015
Risk OwnerDir of OpsType of risk:Partnership / Contractual;Legislative / regulatory;Risk Added:24/05/2016
3 4 12 High
PRINCE2 Project methodology and project structure in place including project control strategyOversight by Regional Procurement BoardGovernance structureStrategic PlanAccommodation arrangements confirmedTeam recruitment – senior procurement managers are now in post
Updates provided by Project Board Chairman to SMT
Complete works on accommodation
Support Other HSC Organisations including development of SCP manual
March 2017
September 2017
Accommodation arrangements confirmed. Work commenced on accommodation February 2017 and is due to be completed by March 2017. Assurance is being sought on the completion date.
Draft manual to be updated. In absence of mini code or equivalent, we are working to gain common agreement of the best approach to under-threshold social care procurement across 7 organisations. This will be shared with DLS, and once agreed, a manual can be drafted. Date changed from December 2016 to align with need for manual availability of etendersNI.
7Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 8: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/8.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEnd
Date
Comment
L I S Rate6. Benefits of the new FPPS system fail to be realised due to:
(i) Contractors declining to use the web based portal, leading to an inability to reduce staff numbers in accordance with plan
(ii) Required system fixes for defects and/or change controls not being applied, leading to an inability to reduce staff numbers in accordance with plan;
Risk OwnerDir of Ops
3 4 12 Highâ
- Operational & Service Review Group to manage prioritisation and execution of fixes and change controls
- HSCB encouragement of contractors use of portal at project board
- b) Prioritised change list has been presented to ITS and is subject to weekly service review by FPS and ITS - Final Pharmacy Portal Infras delivered to FPS for testing.
FPS Project Board (Benefits Realisation) will monitor the progress and consider means of increasing uptake if necessary-Quarterly report to SMT on use of portal
Reduction of staff in line with benefits realisation plan
FPS has planned training events for Dentists and will use roadshows and other meetings with contractor and their representatives to promote the benefits to contractor of using the portal;
FPS to develop an interim contingency plan to resource system impacts in the event of contractors not
Dir of Ops
June 2017
March 2017
SMT have agreed funding to release staff under VES from February to June 2017. Staff have been informed and FPS and HR have commenced relevant procedures. HSCPS have been notified.
Dental practices are currently registering for portal.
8Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 9: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/9.jpg)
Type of risk:Technological; Performance Management
Risk Added: 17.06.2015
using the portal.
9Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 10: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/10.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate7. Failure of key ITS Applications & Infrastructure impacting delivery of Critical Services to Customers and resulting in reputational damage for BSO and our customers.
Risk OwnerDir of CCP
Type of risk:Technological & Customer / Citizen
3 4 12 Highâ
Security Procedures;Testing of Business Continuity Plan;Change Control Process;Testing and planning associated with significant change.
Engagement of professional report (Gartner).
Actions from Gartner report completed
Internal Audit (E) External Audit (E) SMT Review of ICT Programme (I) Systems Risk Assessment (I)
Additional assurances
Dir of Finance/ Dir
CCP
March 2017
A full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry on operations from the DR site at Boucher Crescent. This was successfully repeated on 19 May 2016. A further desktop DR/BC exercise is planned for later in 2016/2017.
The mobile DR Unit can be connected to the HSC.
Final Gartner actions have been marked as complete. Any further restructuring of ITS will take place in the context of business needs and the wider shared
10Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 11: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/11.jpg)
HCL Axon resolution plan and contingencies in response to a lack of HRPTS service availability
.
Go live of new data centre facilities
Phase 1February 2017
Phase 2March 2017
Phase 3September 2017
August 2016 – March 2019
services project.
A range of options relating to enhanced out of hours cover have been developed and have been costed with finance. As per former CEO direction, these will be discussed further in a potential shared services context. A new draft of paper will be presented to BSO SMT.
Phase 1 is now complete and phase 2 is underway. A meeting with the BSO CEx and HCL Axon will take place March 2017 to provide assurance.
11Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 12: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/12.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls AssurancesAction
By WhomEndDate
Comment
L I S Rate8. Fail to implementrobust information governance process.
Risk OwnerDir of HRCSDirs
Type of risk:Legislative / Regulatory & Performance Management
3 3 9 Mediumâ
Policy & ProceduresInformation Governance / Records MgtCA StandardAudit ControlRisk Register/ Action Plans
A range of IG policies renewed and agreed by Board over 2014/15 and 2015/16.
IGMG to maintain and progress action plan sub-group established to review the new standard and compare with the current standard.
Audits of local record management policies underway as part of IG Improvement Plan (on-going to March 2016).
CAS Assessment - Records Management /ICT/Governance (I) & (E) Information Governance Group Report (I) Service Risk Reporting & Review (I) GAC Audit Control Review (I) other CA Standards Assessment (I) & (E) Mid-Year Assurance Statement / GS (I) GAC Report (I) CX Review of Dirs Objectives (I)
SIRO annual assurance letter to Permanent Secretary
Regular progress reports to SMT/Board regarding action plans (I)IG update to Business Committee on a regular basis.
Ensure regular update on Data Protection and refresher training is available.
Action plan being implemented and evidence gathered on ongoing basis. Regular progress reports to SMT.
DoHRCSApr -Mar
2017
DoHRCSApr -Mar
2017
Action plan update reported to SMT February 2017
12Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 13: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/13.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate
9. Risk to Data Centres from unstable hospital power / environment may cause further outages.
Risk OwnerDir of CCP
Type of risk:Technological, Environmental, Physical & Partnership /Contractual
Risk Added: 12.12.12
4 5 20 Extremeâ
Security proceduresBusiness Continuity Plan.
SIB has appointed a Project Director for the Data Centres.
Surge Protectors have been installed and are operational.
Gartner sub-group to reconvene with revised remit to include strategic direction for transfer of data to 3rd data copy.
Board presentation on project
Gartner technical work streams.
An SLA has been agreed with BHSCT Estates for support of the regional data centre.
Disaster Recovery Plan
Review of all other elements of SLA to be carried out.
Go live of new data
Head of Infrastructure
and Architecture
May 2013To approval
date
August 2016
This Annual Review is underway.
Work with Belfast Trust Estates to implement UPS back-up for the air con units has been cancelled due to inability to acquire space in BCH and RVH sufficient to house required equipment.
Work is completed to transfer 350 Terabytes of data to secure 3rd data copy for retention in Centre House.
Subscription to HP Mobile Data Centre solution has been implemented on a 2 year contract. A full recovery test from third site copy has been completed and a repeat test was successfully carried
13Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 14: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/14.jpg)
centre facilities - Mar 2019 out on 19 May 2016.
Contracts for 2 Tier 3 Data Centres have been signed. The centres were acquired August 2016. The plan for technical set up is agreed and the migration project has commenced. Migration due to be completed mid-2018.
This may be delayed by 9 months or more if Centre House lease is not renewed beyond Nov-17 and resources need to be re-directed to re-location project and premises configuration. An Accommodation Requirement Template is with DoH for consideration by DoF – this indicates a preference to extend lease for short term in light of this risk.
14Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 15: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/15.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous ImprovementReport on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate
10. There is a risk that delays in the recruitment and selection process leads to failure to meet performance targets and significant reputational damage.
Risk OwnerHead of SS
Type of risk:Partnership / Contractual; Customer/Citizen; Performance Management
Risk Added:16.03.2016
4 4 16 High
Recovery team established
Review of processes, systems and organisational structures completed
Task and finish group established to deliver the recovery and stabilisation of recruitment shared services.
Weekly reports of progress against recovery plan to SMT and BSTP programme board.
Reports also sent to BSF AD forum and the regional Directors forum chaired by Michael McBride.
Delivery of full stabilisation plan
HoSSJanuary
2017
Broadly achieved stabilisation in general recruitment.Waiting list recruitment remains a complex and multi-faceted process and reasons for failing to meet performance targets are largely outside of BSO control however BSO continues to influence, support and participate in resolution where possible.
15Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 16: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/16.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate
11. Inability to complete the Guaranteed Minimum Payment reconciliation exercise due to limited resources results in a reputational impact on the BSO
Risk OwnerDir of Ops
Type of risk:Partnership / Contractual; Customer/Citizen;
Risk Added:30.11.2016
3 3 9 Medium
Letter sent to the DoH August 2016 requesting funding.
Issue raised at Ground Clearing meeting Nov 2016.
Initial matching analysis completed
Issue raised at ground clearing
Raised with Pension Board
Outcome of initial scoping work to be reported to SMT
End March 2017
Pending response from Department on funding for a two year period.
16Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 17: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/17.jpg)
Corporate Objective No 3: To Pursue and Deliver Excellence through Continuous Improvement
Report on Board Action PlanRisk Description(Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate12. Use of manual interventions and lack of automated reporting functionality in dental system may lead to inaccurate payments resulting in financial and reputational implications
Risk Owner(s)Dir of Ops
Type of risk:FinancialReputational
4 4 16 Highâ
Consistency checks on payments issued
Monthly reports to Dir of OpsRegular ITS and FPS meetings
Phase 1 of agreed stabilisation plan
Phase 2 of agreed stabilisation plan
.
AD ITS/ AD FPS
March 2017
AD ITS/ AD FPS
June 2017
17Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 18: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/18.jpg)
18Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 19: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/19.jpg)
Corporate Objective No 4: To Enhance the Contribution and Development of our People
Report on Board Action Plan
Risk Description (Include DATE ADDED)
CurrentRisk Score
Controls Assurances Action By WhomEndDate
Comment
L I S Rate13. BSO current skill mix does not meet future business needs.
Risk OwnerDir of HRCSDirs
Type of risk:Managerial / Professional
3 3 9 Mediumâ
Revised Workforce Strategy approved by Board February 2014.
Job Description/Personal SpecificationStaff Survey
Review PaLS Skills gaps.
Staff development / strong commitment to training.
Outcome of HSC Staff Survey (E) Customer Surveys (E) SMT/Board Review of Surveys (I) Staff Appraisal - PDPs (I) CX Review of Dirs Objectives (I)
A Sub-group has been established to consider a range of issues in PaLS including workforce issues.
Business Case skills.
Moving Forward Programme launched.
Re-accreditation of IIP complete
Further work to identify recruitment issues.
Workforce Planning ongoing in a number of Directorates. Scoping the direction of several Service Areas on behalf of DHSSPS.
Profiling with directorates regarding skills requirements is underway. The outcomes will feed into the appraisal and PDP process and drafting the BSO training plan for 2016/17.
DoHRCS
March 2017
Discussions underway with Directors in respect of strategic work plans for the next 3 years.
Workforce Plan for ITS has been completed
Action plans in place for Shared Services alongside Corporate action plan.
PaLS workforce plan has been drafted
19Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 20: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/20.jpg)
BSO Corporate Risk Score Matrix
Total Impact
Catastrophic 59
Major 4 2 3,4,5,6, 7, 1, 10,12
Moderate 3 8, 11,13
Minor 2
Insignificant 11 2 3 4 5
Rare Unlikely Possible LikelyAlmost Certain
LIKELIHOOD
*Risk Classification / NumbersLOW
0MEDIUM 3 Risks
HIGH 9 Risks
EXTREME1 Risks
*in accordance with AS/NZS 4360:2004 guidance
20Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 21: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/21.jpg)
Appendix A
Archive Report of risks removed from Corporate Register 2016-2017
CorporateObjective
Risk Description Risk Score CommentL I S Rate
3. 13. Delays in payroll responding to pension queries may result in fines from the Pensions Regulator. There is also a wider reputational risk associated with delays in the ability to provide estimates.
2 4 8 High Interface has been implemented – risk to be managed through appropriate service risk registers
3. 11. There is a risk that delay in providing information to HSC employees on Choice 2 following introduction of new Pension arrangements
2 3 6 Medium
Information has been provided to HSC employees.
21Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 22: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/22.jpg)
Appendix BArchive Report of Completed Risk Actions 2016-17
CorporateObjective
Risk No / Description Actions Completed
1 1. Levels of savings in the overall environment for HSC are so great that BSO service provision to customers are negatively affected and/or we fail to breakeven.
The Leadership Centre may be particularly affected by a reduced level of client income.
Develop Service Offering
The actions to achieve both these elements of savings have been factored into the BSO Budget for 2015/16 and a balanced budget has been achieved. The BSO 2015/16 budget was approved by Board on 28 May 2015.
Re-submit savings plans to DHSSPS prior to final business plan approval - complete
The Leadership Centre is currently engaging with HSCB to identify the impact of any change in requirements/funding - The Leadership Centre has discussed the income received from the HSCB with the Board SLA Co-coordinator and Chief Executive. Implementation of the programme plan is likely to commence during 2017/18 and as such this action will remain on the service risk register.
Approval of 2016/17 budget – budget was approved May 2016
2. 5. Shared Services may not achieve business case outcomes.
7. There is a risk that BSO will be unable to implement the Social Care Procurement project resulting in slippage in procurement programme to address the new light-touch regime detailed in regulations 74-77 of the Public Contracts Regulations 2015
Meeting with DoF, HoSS and SSRO to discuss 2016/17 plan – complete
Governance structure established and first board meeting heldHigh level strategic plan developedAccommodation arrangements confirmedTeam recruitment – senior procurement managers are now in post
3 6. Benefits of the new FPPS system fail to be realized
10. Fail to implement robust information governance process
12. Risk to data centres from unstable hospital power/environment may cause further outages
FPS to gain commitment from HSCB to continue to encourage contractors to use the portal; - compelte, moved to control
BSO to communicate with Info Owners to advise that all medical files to be checked before forwarding to BSO – completed
Develop action plan – developed and submitted to SMT
Outline Business Case for new Data Centre
22Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance
![Page 23: Business Services Organisation (BSO)€¦ · Web viewA full Disaster Recovery (DR) test was completed in May 2015 based on a scenario of having to evacuate Centre House and carry](https://reader034.vdocuments.net/reader034/viewer/2022050719/5f0d27b77e708231d438f239/html5/thumbnails/23.jpg)
14. There is a risk that delays in the recruitment and selection process leads to failure to meet performance targets and significant reputational damage.
Detailed recovery plan to be presented to SMT – moved to assurance.
Complete review of processes, systems and organisational structures – review completed – move to control
Present review to HR directors forum - complete
23Risk Score Legend: L for Likelihood / I for Impact / S for Score – Risk Trend: = â No Change / ã Risk Increasing / ä= Risk DecreasingAssurance Legend: I for Internal Assurance / E for External Assurance