document title risk management policy… · board assurance framework/ corporate risk register and...

1 Cumbria Northumberland Tyne and Wear NHS Foundation Trust CNTW(O)33- Risk Management Policy V05.5 Oct 19

Document Title Risk Management Policy

Reference Number CNTW(O)33

Lead Officer Lisa Quinn-Director of Commissioning and Quality

Assurance

Author(s) (name and designation)

Lindsay Hamberg Risk Management Lead

Ratified by Business Delivery Group

Date ratified Sep 2017

Implementation Date Sep 2017

Date of full implementation

Sep 2017

Review Date Sep 2020

Version number V05.5

Review and Amendment Log

Version Type of change

Date Description of change

V05.3 Update Nov 2018 Removal of Appendix 5

V05.4 Update Jun 19 Change of Author

V05.5 Review Oct 19 Governance changes

This policy supersedes:

Document Number Title

CNTW(O)33 V05.4 Risk Management Policy


Risk Management Policy

Section Contents Page No.

1 Introduction 1

2 Purpose 1

3 Definition of Terms 1

4 Scope 2

5 Duties, Accountabilities and Responsibility 2

6 Risk Management System 4

7 Risk Appetite 8

8 Assurance 10

9 Clinical Risk 11

10 Risk Registers and Board Assurance Framework 12

11 Risk Monitoring, Reviewing and Auditing. 12

12 Risk Management Training and Support. 12

13 Consultation and Communication with Stakeholders 12

14 Implementation 13

15 Equality & Diversity 13

16 Fair Blame 13

17 Fraud and Corruption 14

18 Monitoring 14

19 Associated documents 14

20 References 14

Standard Appendices – attached to policy

A Equality Analysis Screening Toolkit 15

B Training Checklist and Training Needs Analysis 17

C Audit Monitoring Tool 19

D Policy Notification Record Sheet - click here

Appendices – attached to policy

Appendix No:

Description

1 Definition of Risk terms

2 Risk impact descriptors

3 Risk Escalation process

4 Risk Register Template

https://www.cntw.nhs.uk/about/policies/appendix-d-policy-notification-record-sheet/


Introduction

Cumbria Northumberland, Tyne & Wear NHS Foundation Trust acknowledges that the services it provides and the way it provides these services, carries with it unavoidable and inherent risk. The identification and recognition of these risks together with the proactive management, mitigation and (where possible) elimination of these risks is essential for the efficient and effective delivery of safe and high quality services.

Risk Management is an integral part of the trust’s quality, governance and performance management processes. All staff have a role in considering risk and helping to ensure it does not prevent the delivery of safe and high quality services.

The Board with the support of its committees have a key role in ensuring a robust risk management system is effectively maintained and to lead on a culture whereby risk management is embedded across the Trust through its strategy and plans, setting out its appetite and priorities in respect of the mitigation of risk when delivering a safe high quality service.

In accepting that risk occurs the Trust Board has adopted the following risk management statement;

Cumbria Northumberland, Tyne and Wear NHS Foundation Trust recognises

that its long term sustainability depends upon the delivery of its strategic ambitions and its relationships with its service users, carers, staff, public and partners. As such, Cumbria Northumberland, Tyne and Wear NHS Foundation Trust will not accept risks that materially provide a negative impact on quality.

However CNTW has a greater appetite to take considered risks in terms of their impact on organisational issues. CNTW has a greatest appetite to pursue Commercial gain, partnerships, clinical innovation, Financial/Value for Money and reputational risk in terms of its willingness to take opportunities where positive gains can be anticipated, within the constraints of the regulatory environment.

1. Purpose

The Risk Management Policy has been written to comply with health and safety regulations. The management of health and safety regulations 1999 place an obligation on employers to identify and then control risks before incidents occur, through a suitable and sufficient assessment of the risk. They require employers and self-employed people to assess the risks to staff/patients and any others who may be affected by their work or business.

2. Definitions

Risk Management terminology used throughout this document, can be found in Appendix 1.


3. Scope

This policy is a Trust-wide document and it applies equally to all members of staff, either permanent or temporary and to those working within, or for, the trust under contracted services.

4. Duties, Accountabilities and Responsibility.

All staff in the trust have responsibilities relating to risk management. The key risk management responsibilities are documented below.

Role Responsibility

Chief Executive Officer (CEO) The chief executive as ‘accountable officer’ has overall accountability and responsibility for risk management within the trust, ensuring the implementation of an effective risk management system

Executive Director of Commissioning and Quality Assurance

The Executive Director of Commissioning and Quality Assurance has a responsibility to ensure that the Trust has a robust Risk Management Strategy and policy in place, integrated with the Trust’s Strategic business plan and the Trust’s governance structure. This includes ensuring that there is a robust and effective Board Assurance Framework, Strategy and Policy

Risk Management Lead The Risk Management Lead supports the Executive Director of Commissioning and Quality Assurance in the day to day management of the Trust’s Corporate Risk Register and Board Assurance Framework The Risk Management Lead supports the review, development and embedding of the Risk Management Strategy and policy across the Trust to ensure that there is an effective Risk management System in place

Executive Directors and Locality Group Director

These staff are responsible for the implementation of this policy at corporate and service level including the establishment and continual management of risk registers and project risks registers. They are responsible for managing risk within their Localities and Corporate Directorates


Role Responsibility

All Staff Management of risk is a fundamental duty of all staff. All staff must ensure that identified risks and incidents are reported in order to ensure appropriate actions are taken. These requirements also extend to agency staff

Partner Organisations and Contractors Specific risks identified in the Trust will be shared with any other relevant organisation working in partnership with the Trust

Board Of Directors The board of directors are accountable and responsible for ensuring that the Trust has an effective process for identifying and managing risk of all types. The Board of Directors receive and consider reports from its Sub-Committees as necessary

Sub Committees of the Board Each sub-committee of the board has a role for risks pertaining to their area of focus: • Review the management of the Board assurance framework/ corporate risk register and the groups top risks to ensure that the board of directors receive assurance that effective controls are in place to manage corporate risks. • Report to the board of directors on any significant risk management and assurance issues

Audit Committee The Audit Committee is a sub-committee of the board and Oversees the risk management system, obtaining assurances that there is an effective systems operating across the Trust.

Corporate Decisions Team The Corporate Decisions Team ensure effective implementation of the risk management system and report to board sub committees on any significant matter relating to risk management

CDT Risk Management Sub Group The CDT Risk Management Sub Group is a Sub-committee of the Corporate Decisions Team. Risk Management Sub Group lead on the development of and ensure compliance with the organisation’s risk assessment and management systems and processes and report to CDT.


6 Risk Management System

6.1. Definition The Institute of Risk Management define Risk Management as: “The process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure”

Figure 1 below shows, risk management involves the identification, analysis, evaluation and treatment of risks or more specifically recognises which events may lead to harm and therefore minimising the likelihood (how often) and consequences (how bad) of these risks occurring.

Figure 1 – Risk Management Process.

* establish the context can also be described as establish the facts.

6.2 Identifying Risks

Risks facing the organisation will be identified from a number of sources, for example:

Risk arise out of the delivery of day to day work related tasks or activities

The review of strategic or operational ambitions

As a result of an incident or the outcome of investigations

Following a complaint, claim or patient feedback

As a result of a health and safety inspection/assessment, external review or audit report

National requirements and guidance

*


The identification, assessment, and control of risk is delegated to directors, managers, departments, wards and teams within CNTW, together with the management and data entry onto a paper or electronic risk management system.

6.3. Analysing/Assessing Risks

The purpose of assessing and scoring a risk is to estimate the level of exposure to a particular risk, which will then help to inform where responses to reduce or better manage a risk can be taken. When assessing a risk you will need to:

Identify who is affected and what is the potential impact should the risk occur (i.e., the consequences (how bad) a risk occurring could be)

Estimate the likelihood (how often) of a risk occurring once plans to control or mitigate the impact of a risk have been put in place

Consider whether this is a standalone risk or whether this could combine with other potential risks

Assess and score the exposure to that risk. Guidance on evaluating and scoring can be found in section 6.4 of this policy

Escalate to your direct line manager or designated risk champion for discussion/inclusion on a trust-wide risk register

6.4. Evaluating/Scoring Risk Risks are scored using a risk scoring matrix. The Trust has adopted a 5x5 matrix with the risk scores taking account of the Impact and likelihood of a risk occurring. The scoring of risk is a 3-step process Step 1 – Evaluating the impact or of a risk occurring if no plans exist to control, mitigate or reduce the impact of a risk occurring. The impact (consequence) score has five descriptors

Score

Impact descriptor Impact Description

1

Insignificant Please see appendix 2 for risk impact descriptions.

2

Minor

3

Moderate

4

Major

5

Catastrophic


Step 2 – Evaluating the likelihood (how often) a risk may occur once plans and controls to mitigate (reduce/remove) a risk have been put in place. The table below gives the descriptions of the likelihood or a risk occurring

Score

Likelihood descriptor

Likelihood Description

1

Rare May only occur in exceptional circumstances. 0-9% chance of occurrence.

2

Unlikely Not expected, but could occur infrequently. 10-29% chance of occurrence.

3

Possible May/will occur at some time. 30-59% chance of occurrence.

4

Likely Will probably occur, but not a persistent issue. 60-89% chance of occurrence.

5

Almost Certain Likely to occur on many occasions, a persistent issue. 90-100% chance of occurrence.

Step 3 – To calculate the risk score you must then multiply the impact score with the likelihood score. IMPACT score x LIKELIHOOD score = RISK score

IMPACT

LIKELIHOOD 1. Insignificant 2. Minor 3. Moderate 4. Major 5.Catastrophic

1 – Rare Not expected to occur

1 Very Low

2 Very Low

3 Very Low

4 Very Low

5 Very Low

2 – Unlikely Occurs infrequently

2 Very Low

4 Very Low

6 Low

8 Low

10 Low

3 – Possible Once or twice a year

3 Very Low

6 Low

9 Low

12 Moderate

15 Moderate

4 – Likely Hazard will occur but is not persistent.

4 Very Low

8 Low

12 Moderate

16 Moderate

20 High

5 –Almost Certain Constant threat is custom and practice

5 Very Low

10 Low

15 Moderate

20 High

25 High


By multiplying the Consequence and Likelihood scores together a total risk score will be created. The score will then determine the level of risk as shown below:

Very Low (1 – 5)

Low (6 - 10) Moderate (12 - 16) High (20 - 25) For example:

An impact score of 5 (catastrophic) is multiplied by the likelihood score of 3 (possible) which gives a risk score of 15. This would then be shown as a moderate or amber risk.

Each risk will be assigned 3 risk scores:

1. Initial Risk Score – the score on identification before any

controls/mitigating actions are proposed.

2. Current/Residual Risk Score – The residual risk, the score with controls/actions in place.

3. Target Risk Score – The risk score after improved actions have been achieved and improved controls are added

6.5 Risk Escalation

Cumbria Northumberland, Tyne and Wear NHS Foundation Trust support staff to manage risk at the lowest and most appropriate level in the organisation. Risks should only be escalated when action is required outside the control of the current owner. The Risk escalation and reporting process can be found in appendix 3

6.6 Controls and Mitigation (Action Planning)

When considering the likelihood of a risk occurring, staff need to develop and consider the actions that can be put in place

a. The avoidance of the risk – by not proceeding with an action which can produce the risk

b. The reduction of the likelihood of a risk occurring or should it occur, the reduction of the potential impact of the risk occurring

c. The Transfer of a risk to another party, either in part or in whole


d. The retention of risk, after they have been reduced or transferred, there may be some residual risks which are retained (although plans to control and mitigate these risks will still be required)

e. The removal/elimination of risk. These plans to avoid or reduce risk are more commonly referred to as the risk action plan

7. Risk Appetite

Risk appetite is the level of risk the Trust Board deem acceptable or unacceptable based on the specific risk category and circumstances/situation facing the Trust. This allows the Trust to measure, monitor and adjust, as necessary, the actual risk positions against the agreed risk appetite Using the Good Governance Institute risk appetite matrix the Trust Board has adopted a risk appetite statement which is the amount of risk it is willing to accept in seeking to achieve its Strategic Ambitions. As well as the overall risk appetite statement, separate statements are provided for each risk category

Category Risk Appetite Risk Appetite Score Clinical Innovation CNTW has a MODERATE

risk appetite for Clinical Innovation that does not compromise quality of care

12-16

Commercial CNTW has a HIGH risk appetite for Commercial gain whilst ensuring quality and sustainability for our service users

20-25

Compliance/Regulatory CNTW has a LOW risk 6-10

Risk Appetite Statement Cumbria Northumberland, Tyne and Wear NHS Foundation Trust recognises that its long term sustainability depends upon the delivery of its strategic ambitions and its relationships with its service users, carers, staff, public and partners. As such, Cumbria Northumberland, Tyne and Wear NHS Foundation Trust will not accept risks that materially provide a negative impact on quality. However CNTW has a greater appetite to take considered risks in terms of their impact on organisational issues. CNTW has a greatest appetite to pursue Commercial gain, partnerships, clinical innovation, Financial/Value for Money and reputational risk in terms of its willingness to take opportunities where positive gains can be anticipated, within the constraints of the regulatory environment


Category Risk Appetite Risk Appetite Score appetite for Compliance/Regulatory risk which may compromise the Trust’s compliance with its statutory duties and regulatory requirements

Financial/Value for money

CNTW has a MODERATE risk appetite for financial/VfM which may grow the size of the organisation whilst ensuring we minimising the possibility of financial loss and comply with statutory requirements

12-16

Partnerships CNTW has a HIGH risk appetite for partnerships which may support and benefit the people we serve

20-25

Reputation

CNTW has a MODERATE risk appetite for actions and decisions taken in the interest of ensuring quality and sustainability which may affect the reputation of the organisation

12-16

Quality Effectiveness CNTW has a LOW risk appetite for risk that may compromise the delivery of outcomes for our service users.

6-10

Quality Experience

CNTW has a LOW risk appetite for risks that may affect the experience of our service users

6-10

Quality Safety CNTW has a VERY LOW risk appetite for risks that may compromise safety

1-5

Workforce CNTW has a MODERATE risk appetite for actions and decisions taken in relation to workforce

12-16

Commercial CNTW has a HIGH risk appetite for Commercial gain whilst ensuring quality and sustainability for our service users

20-25


The below table shows risk appetite tolerance scores for each risk appetite. When a risk exceeds a risk appetite tolerance score this will be used as a framework for a risk to be communicated and reported upwards. A suggested target risk is also added to help inform target risk scoring discussions. The target risk is provided as a guide and not an absolute expectation.

APPETITE NONE VERY LOW

LOW MODERATE HIGH

Risk tolerance Score

N/A 1-5 6-10 12-16 20-25

Target risk score

N/A 0 4 9 15

Risk Appetite and the Clinical Locality Groups/Corporate Area

Risk appetite is linked to the Safeguard Risk Management System. The Safeguard system asks the user to choose a risk appetite category when recording a risk. The categories are linked to the risk appetite tolerance scores and where a risk breaches the Trust Risk Appetite the user will see the risk appetite rag rating change to red

The Risk Management Lead will also have planned weekly audits in place to capture any risk appetite breaches that have not been reported/communicated as a control mechanism. All risks which breach the Trust risk appetite will be reported through the Trust Governance Structures to the Board of Directors. This replaces the current system of all risks 15 and above being reported. Risk appetite does not replace the escalation process defined within the risk management policy (see section 6.5). Risks continue to be managed at the lowest and most appropriate level in the organisation and only escalated when action is required outside the control of the current risk owner.

8. Assurance.

A key element of the Trust’s risk management system is providing assurance that we manage risks effectively by ensuring the effectiveness of controls and actions being put in place to mitigate the impact of any risks.

8.1. Assurance Definition

Assurance Definition

Provides Evidence

To: Staff/Management/Directors/Organisation

That: What we are currently doing is making impact on risks.

8.2. Examples of Sources of Assurance.


Below are some examples of sources of Assurance. Most types of assurance will be evidenced (for example meeting minutes, checklists, written reports) whilst some may be more informal (such as evidence of discussions).

9. Clinical Risk

9.1. Clinical Risk Assessment

Clinical risk assessment is a dynamic ongoing process in the provisions and treatment to all service users. It is a multi-disciplinary responsibility and the outcome of risk assessment should be formally documented using minimum approved tool and recording by each organisation. The Trust’s approved tools to record the outcome of clinical risk assessments for adults are listed in the Trust policies CNTW(C) 20 Care Coordination and Care Programme Approach, and CNTW(C) 48 Care Coordination and Care Programme Approach for Children and Young People. The Clinical Risk Strategy can be found at http://nww1.CNTW.nhs.uk/services/?id=7029&p=5548

9.2 Clinical Environment Risk Assessment

The Clinical Environmental Risk Assessment (CERA) process is to identify the significant risk areas, concentrating predominantly on 24 hour in patient settings, with a view to create a trust-wide action plan for remedial work over a 5 year period. The intention being to identify risks that can be eliminated within these clinical settings. Risks that cannot be eliminated are transferred to a Trust risk register and managed with the necessary controls in place.

The CERA process is coordinated by the Safety Team, overseen by the Safer Care Group. Please refer to CNTW(O)20 – Health and Safety Policy - HS-PGN-13

10 Risk Registers

10.1 All Trust Risk Registers

A risk register is a log of risks of all kinds that threaten the delivery of ambitions and the delivery of services. It should be a live document which is populated through the risk assessment and evaluation process. Risk

http://nww1.ntw.nhs.uk/services/?id=7029&p=5548

https://www.cntw.nhs.uk/about/policies/health-safety-policy/

https://www.cntw.nhs.uk/about/policies/health-safety-policy/


Registers operate at all levels in the trust – at local ward, department and service level, major projects and programmes, directorate, Group and Corporate level. Safeguard Risk Management System is the main system used to record risks although paper registers are currently still used in some areas. A risk register template can be found in Appendix 4.

10.2. Corporate Risk Register and Board Assurance Framework

The Corporate Risk Register and Board Assurance Framework are key documents used to record and report the Trust’s key Strategic Ambitions, risks, controls and assurances to the board. The Corporate Risk Register and Board Assurance Framework ensures that the Trust have assurance that risks to the delivery of its Strategic Ambitions are successfully managed. The Corporate Risk Register and Board Assurance Framework takes into account the recommendations from Audit, Executive Leads and board sub-committees as to what should be included, amended or removed. The Framework is updated and approved by the Board of Directors. The Corporate Risk Register and Board Assurance Framework once approved is a public document and can be accessed on CNTW Website via the Board Papers.

11. Monitoring, Reviewing and Auditing

The CDT Risk Management Group continually review and monitor all aspects of the Trust’s risk management system, and play a key role in the standardisation and moderation of risks that are added to the trust-wide risk registers. In accordance with Public Sector Internal Audit Standards, the Head of Internal Audit (HoIA) provides an annual opinion, based upon and limited to the work performed on the overall adequacy and effectiveness of the organisation’s risk management, control and governance processes.

12. Risk Management Training and Support. Risk management training, guidance and advice is provided through the Risk Management Lead. Risk management training is made available for existing staff and new members of staff.

13. Consultation and Communication with Stakeholders

This is an existing policy which has had major changes that relate to operational and/or clinical practice therefore requires a full consultation process. Systems of communication that contribute to minimising risk are in place and include a Trust intranet for staff, customer satisfaction surveys with service users and carers, and regular Council of Governors Meetings. The Risk Management Strategy is available to all stakeholders through the Trust’s website and the Trust reports regularly to NHSI on compliance with the terms of its provider licence. Communication with staff is particularly important and risk management issues can be communicated through line management team briefing, the Chief Executive’s bulletin and the communication of alerts to relevant staff groups via email.


North Locality Care Group

Central Locality Care Group

South Locality Care Group

North Cumbria Locality Care Group

Corporate Decision Team

Business Delivery Group

Safer Care Group

Communications, Finance, IM&T

Commissioning and Quality Assurance

Workforce and Organisational Development

NTW Solutions

Local Negotiating Committee

Medical Directorate

Staff Side

Internal Audit

14. Implementation

Taking into consideration the major implications associated with this Policy review it is considered that a target date of August 2017 is achievable for communications about changes in this Policy, with any specific training being implemented on an ongoing basis. This will be monitored by the Audit Committee through the review process. If at any stage there is an indication that the target date cannot be met, then the author will implement an action plan.

15. Equality and Diversity

In conjunction with the Trust’s Equality and Diversity Officer this policy has undergone an Equality and Diversity Impact Assessment which has taken into account all human rights in relation to disability, ethnicity, age and gender. The Trust undertakes to improve the working experience of staff and to ensure everyone is treated in a fair and consistent manner.

16. Fair Blame

The Trust is committed to developing an open learning culture. It has endorsed the view that, wherever possible, disciplinary action will not be taken against members of staff who report near misses and adverse incidents, although there may be clearly defined occasions where disciplinary action will be taken.

17. Fraud and Corruption

In accordance with the Trust’s policy CNTW(O)23 – Fraud, Bribery and Corruption policy and Response Plan, all suspected cases of fraud and corruption should be reported immediately to the Trust’s Local Counter Fraud Specialist or to the Executive Director of Finance.


18. Monitoring

Monitoring of compliance with this policy will be undertaken on a day to day basis by the Risk Management Lead, discussing any issues with the relevant Directorate/Group and, if necessary, reporting to the Executive Director of Commissioning and Quality Assurance.

19. Associated documents

Risk Management Strategy;

CNTW(C)20 Care Coordination/Care Programme Approach (CPA)

CNTW(C)48 Care Coordination/Care Programme Approach for

Children and Young People.

CNTW(O)01 Development and Management of Procedural

Documents.

All other Trust Policies are also in place to help reduce risks and can be accessed through the following link to the Trust internet site: CNTW - Policies Website.

20. References

Management of Health & Safety Regulations 1999

NHS Litigation Authority Risk Management Standards for Mental Health

and Learning Disability Trusts.

ISO3100 Risk Management Standard.

Baker,Tilly, Board Assurance Framework Toolkit.

NHS Provider Risk Management Guidance 2016.

https://www.cntw.nhs.uk/about/policies/


Appendix A

Equality Analysis Screening Toolkit

Names of Individuals involved in Review

Date of Initial Screening

Review Date Service Area / Locality

Lisa Quinn Natalie Yeowart Christopher Rowlands

June 2017 June 2020 Trust-Wide

Policy to be analysed Is this policy new or existing?

Risk Management Policy V05 Existing

What are the intended outcomes of this work? Include outline of objectives and function aims

To ensure staff have the knowledge and tools to ensure effective risk management processes/systems throughout the Trust.

Who will be affected? e.g. staff, service users, carers, wider public etc

Staff

Protected Characteristics under the Equality Act 2010. The following characteristics have protection under the Act and therefore require further analysis of the potential impact that the policy may have upon them

Disability N/A

Sex N/A

Race N/A

Age N/A

Gender reassignment

(including transgender)

N/A

Sexual orientation. N/A

Religion or belief N/A

Marriage and Civil Partnership

N/A

Pregnancy and maternity

N/A

Carers N/A

Other identified groups N/A


How have you engaged stakeholders in gathering evidence or testing the evidence available?

Through standard policy process procedure

How have you engaged stakeholders in testing the policy or programme proposals?

Through standard policy process procedure

For each engagement activity, please state who was involved, how and when they were engaged, and the key outputs:

Appropriate policy review – author/team

Summary of Analysis Considering the evidence and engagement activity you listed above, please summarise the impact of your work. Consider whether the evidence shows potential for differential impact, if so state whether adverse or positive and for which groups. How you will mitigate any negative impacts. How you will include certain protected groups in services or expand their participation in public life.

Positive Monitor for impact during policy review.

Now consider and detail below how the proposals impact on elimination of discrimination, harassment and victimisation, advance the equality of opportunity and promote good relations between groups. Where there is evidence, address each protected characteristic

Eliminate discrimination, harassment and victimisation

Advance equality of opportunity

Promote good relations between groups

What is the overall impact?

Positive

Addressing the impact on equalities

From the outcome of this Screening, have negative impacts been identified for any protected characteristics as defined by the Equality Act 2010? If yes, has a Full Impact Assessment been recommended? If not, why not? Manager’s signature: Lisa Quinn/Natalie Yeowart Date: June 2017


Appendix B

Communication and Training Check list for policies

Key Questions for the accountable committees designing, reviewing or agreeing a new Trust policy

Is this a new policy with new training requirements or a change to an existing policy?

Existing policy with new training requirements.

If it is a change to an existing policy are there changes to the existing model of training delivery? If yes specify below.

N/A

Are the awareness/training needs required to deliver the changes by law, national or local standards or best practice?

Awareness/training needs required to deliver changes to local standards.

Please specify which staff groups need to undertake this awareness/training. Please be specific. It may well be the case that certain groups will require different levels e.g. staff group A requires awareness and staff group B requires training.

Band 7 and above will require specific training on Safeguard Web risk reporting and risk management awareness training.

All staff below band 7 will require Risk Management awareness training.

Is there a staff group that should be prioritised for this training / awareness?

Band 7 and above.

Please outline how the training will be delivered. Include who will deliver it and by what method.

Local Induction Training Awareness sessions Staff handbook summary for easy reference E-Learning

Please identify a link person who will liaise with the training department to arrange details Administration needs etc.

Natalie Yeowart


Appendix B – continued

Training Needs Analysis

Staff/Professional Group Type of training

Duration of Training

Frequency of Training

Band 7 and above Web risk reporting

E-learning

30mins Once

Band 7 and above Risk Management E-learning

30 mins Once

All staff Risk Awareness Session

1 hour Induction/3 Yearly

Should any advice be required, please contact: - 0191 2456777 (Option 1)


Appendix C Monitoring Tool Statement The Trust is working towards effective clinical governance and governance systems. To demonstrate effective care delivery and compliance, policy authors are required to include how monitoring of this policy is linked to auditable standards/key performance indicators will be undertaken using this framework.

Risk Management Policy - Monitoring Framework

Auditable Standard/Key Performance Indicators

Frequency/Method/Person Responsible

Where results and any Associate Action plan will be reported to implemented and monitored; (this will usually be via the relevant Governance Group).

1. Identified staff groups attend training as outlined in appendix B in accordance with policy requirements.

Monthly via Dashboard managed by individual staff groups/areas and monitored by Risk Management Lead.

CDT Risk Management Sub Group.

2. Risk Management Standards set in policy.

Quarterly quality/compliance checks by Risk Management Lead.

CDT Risk Management Sub Group.

The Author(s) of each policy is required to complete this monitoring template and ensure that these results are taken to the appropriate Quality and Performance Governance Group in line with the frequency set out.

CNTW (O)33

Appendix 1 Definition of Risk Management Terms

Term Definition

Action A response to control or mitigate risk.

Action plan A collection of actions that are specific, measurable, achievable, realistic and targeted.

Assessment A review of evidence leading to the formulation of an opinion.

Assurance Confidence based on sufficient evidence that internal controls are in place, operating effectively and objectives are achieved.

Board Assurance Framework/ Corporate Risk Register (BAF/CRR)

A document setting out the organisations strategic objectives, the risks to achieving them, the controls in place to manage them and the assurance that is available.

Control Action taken to reduce the likelihood and or impact of a risk.

Escalation Referring an issue to the next appropriate management level for resolution, action or attention.

Gaps in control Actions to be put in place to manage risk and achieve objectives.

Frequency A measure of the rate of occurrence of an event.

Impact The result of a threat or opportunity.

Internal audit The team responsible for evaluating and forming an opinion of the robustness of the system of internal control.

Initial risk The score on identification before any controls are added

Likelihood A qualitative measure/description of probability or frequency. Any negative impact, financial or otherwise.

Mitigation Actions taken to reduce the risk or the negative impact of the risk.

Current risk score (residual risk)

The score with controls/actions in place.

Risk appetite An informed decision taken by the Trust Board on the level of risk deemed acceptable.

Risk matrix A grid that cross references impact against likelihood to assist in assessing a risk.

Risk owner The person/group responsible for the management and control of all aspects of individual risks.

Risk rating The total risk score work out by multiplying the impact and likelihood scores on the risk matrix.

Risk register The tool for recording identified risks and monitoring action plans against them.

Risk tolerance The boundaries of risk taking outside that the organisation is not prepared to go beyond

CNTW(O)33

1 Cumbria Northumberland Tyne and Wear NHS Foundation Trust Appendix 2- Risk Impact Scoring Table CNTW(O)33- Risk Management Policy V05.5 Oct 19

Category Clinical Innovation

Commercial Compliance/ Regulatory

Financial/VfM

Partnerships Reputation Quality Effectiveness

Quality Experience

Quality Safety

Workforce

Impact of Risk

1. Acceptable Risk Insignificant

No effect on innovation Extremely likely to create value

No effect on commercial gain or sustainable growth

One off non-compliance with standards. * Insignificant breach of confidentiality/information/IT breach

<£50,000 No effect on partnerships Extremely likely to support and benefit those we serve

Insignificant impact. Within unit, team, dept only

Minimal/low effect on service delivery > 1 Hour

Service User Extremely likely to recommend No effect on Service User Experience

Any Immaterial incident resulting in no harm. (Near Miss)

Staff extremely likely to recommend No effect on staff health and wellbeing

2. Minor

Minor effect on innovation Likely to create value

Minor effect on commercial gain Unlikely to effect sustainable growth

Minor failure to meet standards within the quarter. * Minor breach of confidentiality/information/IT breach

£50,000 - £500,000

Minor effect on partnerships Likely to support and benefit those we serve

Minor impact Local Media coverage

Temporary effect on service delivery >1 Day

Service User Likely to recommend Minor effect on Service User experience

Any unexpected/ unintended incident that could cause minimal harm.

Staff likely to recommend Minor effect on staff health and wellbeing

3. Moderate

Moderate effect on innovation Unlikely to create value

Moderate effect on commercial gain Likely to effect sustainable growth

Non-compliance with standards for 2 consecutive quarters. * Potentially serious breach of confidentiality/ information/IT breach

£500,000 - £1m

Moderate effect on partnerships Likely to have a negative effect on those we support and serve

Moderate impact Regional concern Local Media coverage

Significant effect on service delivery/Late delivery of objectives > 3 Days

Service User neither likely nor unlikely to recommend Negative effect on Service user experience

Any unexpected/ unintended incident that could result in significant but not permanent harm.

Staff neither likely nor unlikely to recommend Negative effect on staff health and wellbeing

4. Major

Significant effect on innovation Highly unlikely to create value

Significant effect on commercial gain Extremely likely to effect sustainable growth

Significant non-compliance with standards for 3 consecutive quarters. * Serious breach of confidentiality/information/IT breach.

£1m - £5m Significant effect on partnerships Extremely likely to have a negative effect on those we support and serve.

Significant impact NHS/NHSE concern National media coverage

Significant effect on service delivery/ uncertain delivery of key objectives >1 week

Service User Unlikely to recommend Significant effect on Service User experience

Any unexpected/ Unintended incident that could result in permanent harm.

Staff unlikely to recommend Significant effect on staff health and wellbeing

5.Catastrophic

Severe effect on innovation Extremely unlikely to create value

Severe effect on commercial gain. Severe effect on sustainable growth

Severe non-compliance with standards leading to enforcement action by regulators. * Catastrophic breach of confidentiality/information/IT Breach.

>£5m

Severe effect on partnerships Extremely likely to have a negative effect on those we support and serve.

Severe impact on reputation Sustained NHS/NHSE Concern National media coverage

Severe effect on service delivery/ non- delivery of key objectives. Permanent loss of service

Patient highly unlikely to recommend Severe effect on Service User experience.

Any unexpected/ Unintended incident that could result in Serious harm/death.

Staff highly unlikely to recommend Severe effect on staff health and wellbeing

Appendix 2 – Risk Impact Scoring Table

2 Cumbria Northumberland, Tyne and Wear NHS Foundation Trust Appendix – Clinical Environmental Risk Assessment – V05.5 Oct 19 CNTW(0)33 – Risk Management Policy

Appendix 3 Risk Escalation Process

3 Cumbria Northumberland, Tyne and Wear NHS Foundation Trust Appendix – Clinical Environmental Risk Assessment – V05.5 Oct 19 CNTW(0)33 – Risk Management Policy

Appendix 4

Risk Register Template

Name of Locality/Ward/Dept/Corporate Directorate

Risk: Risk Rating:

Impact Likelihood Score Rating

Risk on Identification

0 0 0 Very Low

Residual Risk (with current controls in place):

0 0 0 Very Low Target Risk (after improved controls):

0 0 0 Very Low

Risk Appetite:

Financial/VFM Below

Controls & Mitigation (what are we currently doing about the risk)

Assurances/ Evidence (how do we know we are making an impact)

Gaps in Controls/Gaps in Assurance (actions to take to achieve target risk)

Ref: Lead:

Last Updated/Reviewed:

Comments: